SuSE

SUSE Studio 1.0 Released 121

apokryphos writes "Novell has just announced the release of SUSE Studio 1.0 — a user-friendly Web service that allows you to create your customized Linux distribution as a live CD, USB, Xen, or VMware image. Users have control over adding any repositories, packages, and files to the distribution. A new user can do the full creation and customization of the software appliance in roughly ten minutes. It also includes a Flash-based 'test drive' service, which allows you to try out your appliance in a Web browser before downloading it."
Operating Systems

CentOS Administrator Reappears 211

str8edge sends word that Lance Davis, the CentOS project administrator who had mysteriously gone absent, has now returned and is working with the development team to get things back on track. From their announcement: "The CentOS Development team had a routine meeting today with Lance Davis in attendance. During the meeting a majority of issues were resolved immediately and a working agreement was reached with deadlines for remaining unresolved issues. There should be no impact to any CentOS users going forward. The CentOS project is now in control of the CentOS.org and CentOS.info domains and owns all trademarks, materials, and artwork in the CentOS distributions. We look forward to working with Lance to quickly complete all the agreed upon issues. More information will follow soon."
Data Storage

A Short History of Btrfs 241

diegocgteleline.es writes "Valerie Aurora, a Linux file system developer and ex-ZFS designer, has posted an article with great insight on how Btrfs, the file system that will replace Ext4, was created and how it works. Quoting: 'When it comes to file systems, it's hard to tell truth from rumor from vile slander: the code is so complex, the personalities are so exaggerated, and the users are so angry when they lose their data. You can't even settle things with a battle of the benchmarks: file system workloads vary so wildly that you can make a plausible argument for why any benchmark is either totally irrelevant or crucially important. ... we'll take a behind-the-scenes look at the design and development of Btrfs on many levels — technical, political, personal — and trace it from its origins at a workshop to its current position as Linus's root file system.'"
Security

Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards 63

hugmeplz writes "The third annual Pwnie Awards took place last night at Black Hat in Las Vegas, and a full list of the winners has been posted. 'Most Epic Fail' honors went to the notorious Twitter/Google Apps hack from earlier this month that raised all sorts of questions about cloud computing security. Red Hat got skewered with the 'Mass 0wnage' award, also known as the 'Pwnie for Breaking the Internet,' for issuing a version of OpenSSH that left a backdoor open to hackers. The Linux development team earned 'Lamest Vendor Response' recognition for 'continually assuming that all kernel memory corruption bugs are only Denial-of-Service.' Naturally, Microsoft didn't slip past judges' eyes. Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.' On the more positive side, the Pwnie Awards recognized security pros Wei Yongjun, sgrakkyu, Sebastian Kramer and Bernhard Mueller for accomplishments such as discovering bugs and demonstrating exploits. The Pwnie for Best Song went to Doctor Braid for his song Nice Report. Solar Designer snagged the Lifetime Achievement Award, for among other things, being the first to demonstrate heap buffer overflow exploitation, according to the Pwnie Awards Web site."
Printer

Linux-Friendly Label Printer Recomendations? 188

pdkl95 writes "I have been using some small, simple desktop label printers for quite a while now. Unfortunately, it's rapidly becoming clear that my printing needs are for something far more 'industrial strength.' Several of the label printers have failed, and they never really had the management features I wanted. So, does anybody have recommendations on label printers, that can hold up to a quite heavy load? The catch is that I'm printing to them from CUPS under Linux, and it seems like specialty-printers are a windows-centric field."
Operating Systems

CentOS Project Administrator Goes AWOL 492

An anonymous reader writes "Lance Davis, the main project administrator for CentOS, a popular free 'rebuild' of Red Hat's Enterprise Linux, appears to have gone AWOL. In an open letter from his fellow CentOS developers, they describe the precarious situation the project has been put in. There have been attempts to contact him for some time now, as he's the sole administrator for the centos.org domain, the IRC channels, and apparently, CentOS funds. One can only hope that Lance gets in contact with them and gets things sorted out."
Programming

Alan Cox Quits As Linux TTY Maintainer — "I've Had Enough" 909

The Slashdolt writes "After a stern criticism from Linus, the long-time kernel hacker Alan Cox has decided to walk away as the maintainer of the TTY subsystem of the Linux Kernel, stating '...I've had enough. If you think that problem is easy to fix you fix it. Have fun. I've zapped the tty merge queue so anyone with patches for the tty layer can send them to the new maintainer.'" A response to a subsequent post on the list makes it quite clear that he is serious.
Debian

Debian Decides To Adopt Time-Based Release Freezes 79

frenchbedroom writes "The ongoing Debconf 9 meeting in Cáceres, Spain has brought a significant change to Debian's project management. The Debian project will now freeze development in December of every odd year, which means we can expect a new Debian release in the spring of every even year, starting with 'Squeeze' in 2010. Until now, development freezing was decided by the Debian release team. From the announcement: 'The project chose December as a suitable freeze date since spring releases proved successful for the releases of Debian GNU/Linux 4.0 (codenamed "Etch") and Debian GNU/Linux 5.0 ("Lenny"). Time-based freezes will allow the Debian Project to blend the predictability of time based releases with its well established policy of feature based releases. The new freeze policy will provide better predictability of releases for users of the Debian distribution, and also allow Debian developers to do better long-term planning. A two-year release cycle will give more time for disruptive changes, reducing inconveniences caused for users. Having predictable freezes should also reduce overall freeze time.' We previously discussed talks between Canonical and the Debian release team about fixed freeze dates."
Linux Business

Linux Notebooks Selling Well On Amazon Germany 207

christian.einfeldt writes "The LinuxTech.net blog points out that Linux notebooks are currently selling quite well on Amazon's list in Germany. The blog includes screenshots showing the Linux Asus and Aspire notebooks in positions 2 and 4, respectively, on that list. These machines are not netbooks, but full notebooks, albeit on the moderate to low side regarding price and performance. That LinuxTech.net blog was dated 23 July 2009, and the Asus machine is still holding second place more than one day later, while the Acer machine slipped to fifth position, despite the volatile nature of Amazon bestseller lists. While these two data points are just snapshots in time, they are consistent with other data showing that Microsoft itself attributes some of its recent weak earnings to surging sales of low-end notebooks, as well as data showing that the Linux-powered and Unix-powered computers topped Amazon's sales charts in all categories for 2007. If there is to ever be a 'year of desktop (or laptop) Linux', it won't happen all at once, but will creep up in ways similar to what we are seeing now."
Microsoft

Linus Calls Microsoft Hatred "a Disease" 634

Hugh Pickens writes "In the aftermath of Microsoft's recent decision to contribute 20,000 lines of device driver code to the Linux community, Christopher Smart of Linux Magazine talked to Linus Torvalds and asked if the code was something he would be happy to include, even though it's from Microsoft. 'Oh, I'm a big believer in "technology over politics." I don't care who it comes from, as long as there are solid reasons for the code, and as long as we don't have to worry about licensing etc. issues,' says Torvalds. 'I may make jokes about Microsoft at times, but at the same time, I think the Microsoft hatred is a disease. I believe in open development, and that very much involves not just making the source open, but also not shutting other people and companies out.' Smart asked Torvalds if Microsoft was contributing the code to benefit the Linux community or Microsoft. 'I agree that it's driven by selfish reasons, but that's how all open source code gets written! We all "scratch our own itches." It's why I started Linux, it's why I started git, and it's why I am still involved. It's the reason for everybody to end up in open source, to some degree,' says Torvalds. 'So complaining about the fact that Microsoft picked a selfish area to work on is just silly. Of course they picked an area that helps them. That's the point of open source — the ability to make the code better for your particular needs, whoever the "your" in question happens to be.'"
Government

Keeping Up With DoD Security Requirements In Linux? 211

ers81239 writes "I've recently become a Linux administrator within the Department of Defense. I am surprised to find out that the DoD actually publishes extensive guidance on minimum software versions. I guess that isn't so surprising, but the version numbers are. Kernel 2.6.30, ntp 4.2.4p7-RC2, OpenSSL 9.8k and the openssh to match, etc. The surprising part is that these are very fresh versions which are not included in many distributions. We use SUSE Enterprise quite a bit, but even openSUSE factory (their word for unstable) doesn't have these packages. Tarballing on this many systems is a nightmare and even then some things just don't seem to work. I don't have time to track down every possible lib/etc/opt/local/share path that different packages try to use by default. I think that this really highlights the trade-offs of stability and security. I have called Novell to ask about it. When vulnerabilities are found in software, they backport the patches into whatever version of the software they are currently supporting. The problem here is that doesn't give me a guarantee that the backport fixes the problem for which this upgrade is required (My requirements say to install version x or higher). There is also the question of how quickly they are providing the backports. I'm hoping that there are 100s of DoD Linux administrators reading this who can bombard me with solutions. How do you balance security with stability?"
Image

Ubuntu Christian Edition 5.0 Beta Screenshot-sm 39

JimLynch writes "Back in 2006, when I was writing for ExtremeTech, I reviewed a version of Ubuntu with a religious theme: Ubuntu Christian Edition. At one point it seemed as though Ubuntu CE had been discontinued but I was pleased to note today that it has apparently been brought to life again and so I decided to do a full review Ubuntu CE 5.0 for DLR."
GNU is Not Unix

New Coalition To Promote OSS To Feds 99

LinuxScribe writes "Red Hat, Mozilla, Novell, Oracle, and Sun are among the 50-plus member Open Source for America coalition that will be officially announced today by Tim O'Reilly at OSCON. The OSA will be a strong advocate for free and open source software, and plans to boost US Federal government support and adoption of FOSS. From their website: 'The mission of OSA is to educate decision makers in the US Federal government about the advantages of using free and open source software; to encourage the Federal agencies to give equal priority to procuring free and open source software in all of their procurement decisions; and generally provide an effective voice to the US Federal government on behalf of the open source software community, private industry, academia, and other non-profits.'"
Operating Systems

Linux Distributions' Tracking of Upstream Projects Examined 132

An anonymous reader writes "Linux distributions track upstream projects, releasing a particular version with each official release. But how far behind the latest versions do these releases linger? Scott Shawcroft did an interesting new study into this relationship between distributions and upstream projects. Shawcroft says: 'Over the last 10 months I've been working on Linux evolution research. Similar to distrowatch, I track the current versions of packages in a number of distributions and the current upstream version. Based on that data I then graph a number of metrics to understand the relationship between upstream and downstream.' His presentation on the topic scheduled for [this] week's open source convention, OSCON, should provide an interesting insight into that relationship. Currently he is tracking 20 projects including the Linux kernel, Firefox, GCC, OpenSSH and GNOME on Arch, Debian, Fedora, Gentoo, openSUSE, Sabayon, Slackware, and Ubuntu."
Operating Systems

A GNU/Linux Distro Needing Windows To Install? 174

dgun writes "I recently put together a new PC. When I purchased the motherboard, I noticed that it came with an instant-on OS, a small GNU/Linux distro called Splashtop. I assumed that the OS was on a ROM chip on the motherboard. To my great annoyance, when I tried to boot to this OS, a message said that it was not installed. It turns out that motherboard comes with an install disk for this GNU/Linux OS — that you can only run from Windows, to install Splashtop on the hard drive. First of all, doesn't installing it on the hard drive defeat the point of having an instant-on OS? If I wanted to dual-boot a small GNU/Linux OS, there are plenty that I could choose from. Second, if distributing GPL'ed software by means that completely preclude it from being used without Windows is not a violation of the GPL, should it not be?"
Red Hat Software

Red Hat Is Now Part of the S&P 500 128

phantomfive writes "Red Hat has made it onto the S&P 500, an important measure of the stock market. It is replacing CIT, which is expected to go bankrupt after the government refused to bail them out. Red Hat is the first Linux company to make it on to the S&P 500. While this means little directly for the company, it is an indication of the importance Linux is taking on in the world."
Security

New Linux Kernel Flaw Allows Null Pointer Exploits 391

Trailrunner7 writes "A new flaw in the latest release of the Linux kernel gives attackers the ability to exploit NULL pointer dereferences and bypass the protections of SELinux, AppArmor and the Linux Security Module. Brad Spengler discovered the vulnerability and found a reliable way to exploit it, giving him complete control of the remote machine. This is somewhat similar to the magic that Mark Dowd performed last year to exploit Adobe Flash. Threatpost.com reports: 'The vulnerability is in the 2.6.30 release of the Linux kernel, and in a message to the Daily Dave mailing list Spengler said that he was able to exploit the flaw, which at first glance seemed unexploitable. He said that he was able to defeat the protection against exploiting NULL pointer dereferences on systems running SELinux and those running typical Linux implementations.'"
Games

Unusual Physics Engine Game Ported To Linux 117

christian.einfeldt writes "Halloween has come early for Linux-loving gamers in the form of the scary Penumbra game trilogy, which has just recently been ported natively to GNU-Linux by the manufacturer, Frictional Games. The Penumbra games, named Overture, Black Plague and Requiem, are first-person survival horror and physics puzzle games which challenge the player to survive in a mine in Greenland which has been taken over by a monstrous infection/demon/cthulhu-esque thing. The graphics, sounds, and plot are all admirable in a scary sort of way. The protagonist is an ordinary human with no particular powers at all, who fumbles around in the dark mine fighting zombified dogs or fleeing from infected humans. But the game is remarkable for its physics engine — rather than just bump and acquire, the player must use the mouse to physically turn knobs and open doors; and the player can grab and throw pretty much anything in the environment. The physics engine drives objects to fly and fall exactly as one would expect. The porting of a game with such a deft physics engine natively to Linux might be one of the most noteworthy events for GNU-Linux gamers since the World of Goo Linux port."
Linux Business

Embedded Linux Achieves One-Second Boot Time 164

Sam writes "A new goalpost has been set in the race for faster bootup times. MontaVista Software announced (and demonstrated at the Virtual Freescale Technology Forum) a dashboard application going from cold boot to operational in one second flat on their embedded Linux platform. Although this is unlikely to immediately benefit your average Linux user, previous real-time patches have eventually made their way into the main kernel."

Slashdot Top Deals