LWN: Comments on "Ubuntu "Feisty" Herd 1 released"

Power managers

fergal — Fri, 08 Dec 2006 01:19:30 +0000

It's kinda bizarre that someone could write a GUI powermanager but couldn't figure out how to write a daemon.

I'd file a bug but "everything about your project is wrong" bugs don't tend to go too well.

Power managers

usr — Thu, 07 Dec 2006 09:40:54 +0000

No, unfortunately it works exactly the way you suggest it should not. The
logic is indeed duplicated across the GUI interfaces. The little
crash-prone applet sitting in the system tray is in fact the "daemon"
making the decisions about power management. Power management does not
work when you are not logged in. If more than one user is logged in, who
knows what might happen?

More specifically it works something like this:

Information about system state:
HAL -> DBUS -> Applet

Power management instructions:
Applet -> DBUS -> HAL

There is another power management solution, kpowersave+powersaved, that
originated with SUSE and that works the way you suggest it should. Some
powersave developers were rather offended by the development of the
current power management solution in Ubuntu, specifically Kubuntu. There
are also plenty of comments suggesting to split off a power management
daemon from the GUI.

Ironically, the reason why the architecture is broken today is that the
Ubuntu solution originated as a GNOME hack written by a developer who
didn't know how to write a system daemon. To his credit he acknowledged
that that a separate daemon would have been the right thing, but no-one
stepped forward to write one at the time.

Power managers

tialaramex — Thu, 07 Dec 2006 01:33:04 +0000

I haven't looked at this specific piece, but in general this sort of thing is done using DBUS to send messages between a (probably privileged) system daemon or demand-launched program and the user-friendly, toolkit specific frontend.

That's how the Bluetooth PIN stuff works now, and Network Manager and network service discovery stuff like Avahi, and so it's probably how the power management stuff works these days too. Desktop software decides policy, the system daemons and the kernel implement it.

So the heavy lifting is probably not being duplicated. In fact, most of the really hard work seems to be in the kernel and driver modules anyway. It's much harder to get all those disks, video cards, USB cameras, bluetooth keyboards and so on back how you left them after a few hours without power than to draw an icon of a battery in three different widget toolkits.

Power managers

fergal — Thu, 07 Dec 2006 01:18:46 +0000

So, the gnome power manager now has some features that the kde one already had. Presumably it's also got some that the kde one doesn't have yet. I wonder what the xfce one can do.

Am I correct to think that all of these apps duplicate power saving code/logic all for the sake of their GUI toolkits? Or is there a powerd in the background that these are just configuration frontends for? Can I save power without being logged in or do I have to fire up a power-hungry desktop to save power on the console?

Stack smashing protection included?

scottt — Wed, 06 Dec 2006 18:10:12 +0000

> And many of us consider Fedora to be no more than a technology testbed
> and a beta version of RHEL, rather than a distribution with high quality
> aspirations of its own.

Many would disagree.

Note that Redhat employs the gcc and binutils developers that implemented the -DFORTIFY_SOURCE and PIE features upstream.
Integrating new security features is easier when you invest heavily in its original development.

Stack smashing protection included?

dwa — Wed, 06 Dec 2006 17:58:56 +0000

Perhaps because the article the original poster was commenting on is *about Ubuntu*?

And many people believed that Linux would never amount to anything, but that wasn't true either.

Stack smashing protection included?

jbailey — Wed, 06 Dec 2006 17:56:19 +0000

It was done in the previous release:

https://launchpad.net/distros/ubuntu/+spec/gcc-ssp

Stack smashing protection included?

rfunk — Wed, 06 Dec 2006 17:37:41 +0000

Why single out Ubuntu? No other mainstream Linux distribution, with the
possible exception of Fedora, uses that stuff either.

And many of us consider Fedora to be no more than a technology testbed
and a beta version of RHEL, rather than a distribution with high quality
aspirations of its own.

Stack smashing protection included?

dwheeler — Wed, 06 Dec 2006 15:36:24 +0000

Anyone know if this version of Ubuntu will automatically protect against stack overflows? Buffer overflows are one of the most common and dangerous vulnerabilities, and of them, stack overflows are especially common and easy to exploit. Fedora Core (FC) has had protections against them for a long time, so that many of the vulnerabilities that have been reported are actually much less dangerous in FC. Last I checked, Ubuntu still lacked any such protections, which makes Ubuntu much less secure in my eyes.

In November 2006, gcc-4.1 4.1.1-18ubuntu1 was accepted, and that includes lib32ssp0 (a GCC stack smashing protection library). But having it distributed is completely different from using it. It needs to be turned on by default, and have all (or nearly all) compiled applications using it or some other defensive measure. Anyone know if that's happened?

In my mind this has been a key distinctive between Fedora Core and Ubuntu: Fedora Core has mechanisms that protect against unknown vulnerabilities, and Ubuntu in the past has not. FC's stack-smashing protections, SELinux, and so on have saved people's bacon many times.