by Zach Brown
Last month I wrote about digsig, a security module that checks the checksum of a binary before executing it to ensure that no compromised code is run on a given system. Apparently, I was a bit more enthusiastic than various kernel developers, notably Alexander Viro and Pavel Machek. It turns out (and the digsig developers agree with this) that digsig is no more than a temporary security tactic, which script kiddies would be able to work around after a fairly short time. Historically, these sorts of temporary measures never have been adopted into the kernel, precisely because they don't provide a robust solution.
With the 2.6.0-test1 kernel released in early November 2003, Linus Torvalds announced a stability freeze, meaning patches would be accepted only if they fixed data corruption, system crashes or some other serious breakage. Even cleanup patches that don't actually change the behavior of the code are being rejected now. According to Linus, the goal is to start the final preparations for the official 2.6.0 release, at which point he has strongly hinted that he immediately will hand maintainership of the 2.6 tree to Andrew Morton. This is a change from 2.4, where he handed maintainership to Marcelo Tosatti only after several releases. There is still no indication of when the 2.7 tree will fork; it could occur at the same time as the hand-off to Andrew, though certainly not before.
Rusty Russell and Tim Hockin together have produced a patch to raise the number of supported groups under Linux to well over 200. In fact, the patch supports thousands of groups, something various folks (like some of Tim's Samba clients) sometimes want. Linus Torvalds felt that some incarnations of their patch were uglier than others, but apparently he's ready to consider support for that many groups, as long as the implementation doesn't make him retch too hard into his hand.
Ian Pratt and others from the University of Cambridge Computer Laboratory Systems Research Group have produced the first stable release of their Xen virtual machine monitor for the x86 architecture and have ported the 2.4.22 kernel to it as a guest OS. Xen is designed to run multiple operating systems simultaneously on a single computer. Once a kernel is ported to Xen, all user binaries apparently will run unchanged; so in theory any Linux distribution would run under Xen, with a drop-in kernel as the only modification. Currently, it's not possible to run Xen recursively, though various twisted kernel hackers have expressed such an interest.
Eli Billauer has created /dev/frandom, a random number generator that is up to 50 times faster than /dev/urandom, under some tests. Although not intended to be random enough for cryptography (but it might one day become so), it nevertheless is good for scientific simulations, stress tests on algorithms and performing data-wipes. In spite of its various good qualities, it probably will have to live as an external patch for quite a while, as several kernel developers like Nick Piggin feel there is no compelling need to do /dev/frandom in kernel space, because it could be done well enough entirely in user space.
Roman Zippel announced in mid-October 2003 an implementation of the iSCSI specification. Although it's not a complete implementation and uses the deprecated /proc filesystem instead of SysFS for its interface, it apparently is already somewhat usable. Roman has promised to continue maintaining it if there is enough interest, but without help he says it may be slow-going.
by David Bandel
I don't think I've seen any project come as fast or as far as this one has in the three years I've been using it. This system offers full double-entry accounting for almost any business in a large number of languages. I'd be hard-pressed to find a better accounting package. Installation is extremely simple. If you have LaTeX installed, you can output PDF files directly or e-mail your bills or statements. The out-of-the-box configuration is based on the Canadian tax system but easily can be adopted to any other system. One of the best features is that the database uses PostgreSQL. If you need a full accounting package for a business, this is it. Requires: Perl, Perl modules DBI, DBD- (DBD-Pg or DBD-Oracle), PostgreSQL or Oracle, Web server capable of running Perl scripts, Web browser and LaTeX (optional).
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide