Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for January 27, 2005Sun makes its move Sometimes it seems that Sun has been talking about releasing the Solaris code for years. Actually, Sun has been talking about releasing Solaris for years; see this LWN article from 1999 on the subject. On January 25, however, the company actually did something about it. The DTrace code from Solaris is available now, and the full Solaris kernel is set to become available sometime in the second quarter of 2005. There is, of course, a hype-filled press release celebrating the event.The release appears to be real. A fully buildable system will be made available under Sun's recently OSI-approved Common Development and Distribution License (CDDL). Sun does not appear to be holding back any core components of the kernel. All of the Solaris 10 features they have been trumpeting - ZFS, DTrace, containers, etc. - will be included. It would seem that Sun is releasing a system that people might actually want to run. The other half of the day's festivities was this announcement that Sun is releasing 1600 software patents for use with CDDL-licensed software:
By giving open source developers free access to Sun(TM) OpenSolaris
related patents under the Common Development and Distribution
License (CDDL), the company is fostering open innovation and
establishing a leadership role in the framework of a patent commons
that will be recognized across the globe.
The announcement is rather short on details - things like which patents are being released, and under which terms. Nowhere does Sun say explicitly that only CDDL-licensed software will be licensed to use those patents, but the early indications are that the company does intend to limit things in that way. An attempt by LWN to get a clarification from Sun on this point was not successful. Sun has repeatedly said that it hopes to build a wider development community around the OpenSolaris release. Once again, however, the details are yet to be filled in. There will apparently be a "community advisory board" with five members, three of whom will be directly chosen by Sun. There is no word on what the patch acceptance process will be. The OpenOffice.org process tends toward being bureaucratic and hard to approach; the OpenSolaris process seems likely to be similar. Sun has tried to fend off claims that this release is a competitive response to Linux, but that is clearly what is going on. The company appears to be trying to set up a parallel free software ecosystem which, it hopes, will be more attractive than Linux. The components of this strategy are becoming clear. For example, Sun has repeatedly gone out of its way to push the claim that Solaris is better than Linux - or anything else, for that matter. The various features of Solaris 10 were hyped yet again at the OpenSolaris teleconference; the company described them, with a straight face, as "rocket science." The message is clear: why bother with Linux, when the best is free too? Then, Sun is stressing its free software credentials. At the teleconference, Sun executives claimed that the company had been doing open source for more than 24 years. Sun is now, they say, the number-one source of free code on the planet. Why bother with those other, johnny-come-lately companies when Sun has been doing this for so long? At the teleconference, the claim was made that HP and Dell have not contributed to Linux - which is clearly untrue. There is also the indemnification issue, needless to say; indemnification was mentioned many times at the teleconference. The patent press release states:
Radically reducing risks associated with using and developing open
source software, Sun is firmly standing behind our products and the
worldwide development community. Armed with access to Solaris OS
platform intellectual property, OpenSolaris developers and
customers alike no longer need patent protection or indemnity from
Sun's and other participants in the OpenSolaris community for use
of Solaris-based technologies under the CDDL and OpenSolaris
community process.
There is an obvious attempt here to position Solaris as a safer sort of free operating system - one with "radically reduced risks." It may be true that OpenSolaris users are less likely to be sued - by Sun itself, at least. The CDDL will also make suits by any other company which uses OpenSolaris unlikely. None of this will help against suits from litigation companies with no software business of their own, however. Speaking of litigation companies, the SCO Group has not yet given its thoughts on the OpenSolaris announcement. Sun executives claimed at the teleconference that the company's Unix licenses allowed it to release the code with no need to consult further with SCO. We asked SCO if it agreed, but got no response. The last piece of the puzzle is the CDDL, which serves to effectively isolate the Solaris and Linux kernels from each other. Solaris will live in its own world; any useful code it contains cannot be copied over to Linux, or to any of the BSD variants. You can play with Sun's nice toys, but you have to stay on Sun's turf. All of this might just work. There are good things in OpenSolaris, and the code will soon be truly free. But it takes more than a code dump to create a development community. Whether Sun can create enough outside interest to inspire a wider group of developers to help out remains to be seen - as will Sun's ability to let go and let that community actually run with the code. Sun will not have gained much if the outside developers end up creating their own OpenSolaris fork.
PostgreSQL 8.0.0 It's been in the works for quite a while, but PostgreSQL 8.0 is finally out the door. To get the full scoop on 8.0, we spoke to Josh Berkus, one of the members of PostgreSQL's steering committee, to learn about PostgreSQL's new features and plans for future development.The PostgreSQL press release highlights a number of new features and improvements, including improved memory usage and I/O improvements. We asked Berkus if the PostgreSQL team had any benchmarks to share with regards to these improvements. Berkus said that the project did not have benchmarks yet, and that the team had been tinkering with performance "right up to the release candidate." Berkus did elaborate on the nature of improvements, however.
The basic idea was to make PostgreSQL a little bit smarter about managing
its own cache and its own memory usage. A lot of that effort was
spearheaded by Jan Wieck, who works for Afilias... their big interest in
improving memory usage was really to flatten out spikes. One of the tests
at the Open Source Development Labs of online transaction processing where
you see that your peak rates of transaction processing is like 4,000 or
4,800 transactions per minute, but then you have these checkpoint spikes
while the system is doing memory synchronization and the like, suddenly
your throughput rate drops by like 1,000 transactions per minute.... from
the perspective of people supporting interactive Web applications, this is
particularly bad because the customer suddenly sees a 30-second lag where
nothing's happening. A lot of the changes were designed to alleviate that
condition.
Berkus noted that the average transaction time for Web applications may not go down a great deal, but that the median transaction time did go down. He also said that several developers working on performance tweaks were pushing for a short development cycle for PostgreSQL 8.1 because they're "not necessarily satisfied that they're done." Berkus also pointed out that they would probably never be done improving performance. Other performance improvements include changes to maintenance routines to avoid saturating disk I/O. Berkus said that some maintenance routines may take longer, but would have less of an impact on system performance while running. The Savepoint feature has changed as well, according to Berkus. Savepoints allow parts of a transaction to be rolled back without failing an entire transaction if part of the procedure fails. Berkus said that savepoints were initially "implemented as nested transactions" but that the syntax for Savepoints is now SQL-compliant. Inevitably, PostgreSQL will be compared to "enterprise" databases like DB2 and Oracle. We asked Berkus how PostgreSQL would compare to products like Oracle and DB2 given the features that were introduced in 8.0. He said that there were "still plenty of high-end features that they have that we don't have yet though each new release of PostgreSQL adds features that make it "adequate or even superior" for new users. One feature that PostgreSQL still needs, said Berkus, is multi-master replication. Right now, there are three separate teams working on two different forms of multi-master replication, which should be ready within "a year or a half, if not sooner." Berkus said that the PostgreSQL project planned to keep replication facilities, such as Mammoth and Slony, as add-ons rather than part of PostgreSQL. The reason, according to Berkus, is that replication "is not a single problem... it's a set of related problems not all of which should be solved by the same software." Another feature in 8.0, which may be of little interest to LWN readers, is the native version of PostgreSQL for Windows. Berkus said that the Windows release looked to be very popular, judging by early downloads of the release. We did ask how the performance of PostgreSQL on Windows compared to performance on Linux or other UNIX-type systems. Berkus said that they didn't know, since most of the PostgreSQL testing is done through the Open Source Development Labs, which means that testing is limited to Linux systems. He did say that he expected that performance on Windows would lag behind Linux, since PostgreSQL is primarily developed on Unix and POSIX systems. What will we see in 8.1? It's too early to tell, but Berkus did mention a few projects that he's aware of that might be in the works. One issue that he mentioned is the idea of per-user quotas for PostgreSQL.
Somebody's revived the issue of per-user quotas. People are interested in
it, but the people who are interested don't seem to have the coding talent
to implement it... you don't know how much space something is taking up
without calling a maintenance procedure, so it's a very hard problem to
solve. It's much harder than implementing user quotas on the filesystem.
If the 8.1 release cycle is a short cycle, Berkus says that "a lot will be deferred to 8.2 because of the requirement for catalog changes in initdb." Berkus told LWN that the changes were necessary to allow PostgreSQL to do in-place upgrades rather than requiring users to migrate data from an older PostgreSQL installation to the new installation.
Currently, the way you upgrade a major version [of PostgreSQL] is to in
install the binaries to a new location, prepare the new location and then
you do a backup of the old database and restore onto the new
platform. There are other ways of making this easier, like using
replication to move the data, but it still amounts to running two
PostgreSQLs at once and moving between those two instances. If you happen
to be running a data warehouse with 300 GB of data, it's quite time
consuming... it's one of the things we have on our plate that nobody wants
to work on.
We asked Berkus why PostgreSQL didn't use a timed release cycle, as opposed to a feature-based release cycle, like the GNOME Project does. Berkus said that "nobody's really raised that as an idea" and said that it would be difficult to do since other projects could release half-implemented features or features that were still a little buggy, but PostgreSQL could not. "For us as an enterprise database system, we can't release anything that could corrupt your data, even a little." Even if PostgreSQL were to move to a timed release cycle, Berkus said it would probably be a yearly release cycle rather than a six-month cycle like GNOME. Current users of PostgreSQL can count on security and data integrity patches for the prior two releases (7.3 and 7.4) until the 8.1 release of PostgreSQL. Berkus added that patches may be released for 7.2 "if the patch can be released to 7.2 without extra effort." He also said that support for older versions of PostgreSQL, including backporting new features, was a role for commercial providers of PostgreSQL and could provide a value-add for vendors to provide to their customers, without making it a "headache for developers." While PostgreSQL may not have all the features of DB2 or Oracle, the database is closing the gap between itself and proprietary "enterprise" database systems. With the 8.0 release, PostgreSQL should be able to find many more adopters in small and large organizations that are looking to replace expensive proprietary systems with an open source solution.
A Grumpy Editor's addendum: evince
Evince is built as a viewer with the ability to add backends for any file format of interest. For PDF files, the supplied backend is based on the xpdf code. The PostScript backend uses ghostscript, and the DVI backend uses a built-in DVI library. Building evince requires the GNOME 2.9 libraries, but is otherwise painless; it dropped right into place on your editor's Fedora Rawhide system.
This application is looking good - especially for a 0.1.1 release. The
rendering of PDF files is fast, and the quality is good. The zoom options
are rational, and it is easy to move around within the document. Printing
Evince offers a search capability which appears to have potential, but which needs a bit of work yet. Hitting "^F" will open a firefox-style "find" bar at the bottom of the screen (search does not appear to be available from the menus). Typing a string will highlight occurrences of that string in the text; see the screenshot for an example. There are "previous" and "next" buttons, but the only thing they do is cause "find previous" or "find next" to be printed; it's nice to know that evince is listening, but that still is probably not quite what the user had in mind. If the string does not appear on the current page, evince will note the next page where the string can be found - but the user must get to that page independently. There are a few other glitches yet. Selecting text with the mouse can be a little unreliable; sometimes what gets pasted is not exactly the text which was selected. There are no thumbnails for PostScript documents. The buttons for paging through the document are labeled "Up" and "Down," which are not the most obvious terms. There is no way to print only part of a document. There is no man page - or other help of any sort. All of the above notwithstanding, evince is a tool which is, even at this early point, competitive with the other free PDF viewers. It is entirely useful now. If development continues at the current pace, evince may well become your editor's viewer of choice in the near future.
Page editor: Jonathan Corbet Security Securely renting out your CPU with Linux One might think that hacking kernels for SuSE would be enough to keep a person busy, but Andrea Arcangeli has more energy than that. So, on the side, he is working on a project called cpushare. Essentially, it is a form of Linux-based worldwide grid network which would enable people to sell their idle CPU cycles to others who are in need of serious crunching power. Most systems sit idle most of the time; they might as well be working for a living instead.Before Linux users will accept outside code on their systems, they will need to be pretty well convinced that said code can be kept under control. Without some pretty fierce security, a grid network could quickly be turned into a serious zombie network, and that would be embarrassing for everybody involved. The long-term plan is to take advantage of "trusted computing" hardware to sandbox the guest code; that hardware will also be able to help prevent the owner of the system from interfering with (or even observing) the buyer's computations and data. For now, however, some other method of ensuring the security of the host systems will have to be devised. Andrea's answer is the seccomp patch. It is, in fact, an exceedingly simple solution to the problem. With this patch in place, the kernel allows a process to make a one-way transition into a "secure computing" mode. A hook is placed in the system call gate which checks for this mode; when secure computing is turned on, an attempt to execute almost any system call will result in the immediate termination of the process. The only exceptions are read(), write(), exit(), and the two forms of sigreturn(). So the cpushare client would execute outside work by setting up some sockets to communicate with the master system, turning on the secure mode, and executing the client code. If all goes well, that code will be able to do nothing beyond pure CPU use and communicating through the sockets given to it. And exiting, of course. The objection that was raised is that this sort of sandboxing can be done from user space with ptrace(). At least, it can if one little patch is applied to ensure that the sandboxed process cannot continue if, somehow, the monitoring process dies first. Andrea acknowledges that the ptrace() solution is workable, but he still prefers the secure computing mode. The reason is simplicity: the seccomp patch is quite small, and it is relatively easy to verify that it does what is needed. The ptrace() code is rather more complex and harder to verify, even before considering the interactions with the user-space monitor. The public discussion was inconclusive, so it is hard to predict whether this patch will eventually be accepted or not.
Security news PHRACK #63 CALL FOR PAPERS The call for papers for Phrack #63 has gone out; no specific deadline is given for submissions. The CFP states that issue #63 will be the final issue of Phrack.
New vulnerabilities AWStats: remote code execution
enscript: arbitrary code execution
ethereal: multiple vulnerabilites
evolution: arbitrary code execution
kdebase: screen saver crash
Konversation: multiple vulnerabilities
libdbi-perl: insecure temporary file
libpam-radius-auth
mpg123: frame header buffer overflow
php4: multiple vulnerabilities
realplayer: integer overflow
sword: missing input sanitizing
vdr: insecure file access
xtrlock: buffer overflow
zhcon: privilege escalation
Updated vulnerabilities a2ps: input validation error
apache: temporary file vulnerability
cdrecord: failure to drop privilege
chbg: buffer overflow
cups: multiple vulnerabilities
cyrus-sasl: remote buffer overflow
dhcp: format string vulnerability
exim: buffer overflows
Foomatic: Arbitrary command execution in foomatic-rip
FreeRADIUS: denial of service
gaim: buffer overflow in MSN protocol
gtk2, gdk-pixbuf: buffer overflows
gettext: Insecure temporary file handling
ghostscript: symlink vulnerabilities
glibc: Information leak with LD_DEBUG
glibc: tempfile vulnerability in catchsegv script
gnome-vfs: backend script vulnerabilities
groff: insecure temporary directory
gtkhtml: malformed messages cause crash
imagemagick: .psd image file decode vulnerability
imlib2: buffer overflows
iptables: missing initialization
kdelibs: unsanitzied input
kerberos5: execution of arbitrary code by authenticated user
kernel: race condition, privilege escalation
kernel: i386 SMP page fault handler privilege escalation
kernel-utils: setuid vulnerability
libgd2: buffer overflows in PNG handling
libpng: multiple vulnerabilities
libtiff: buffer overflow
libxml2: multiple buffer overflows
libxpm4: stack and integer overflows
lvm10: creates insecure temporary directory
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![[Evince screenshot]](/images/ns/grumpy/evince-sm.png)