Re: Interesting Explanation

"Thus, maybe the best fix for this would be to change the compiler so that -fno-delete-null-pointer-checks is on by default, no matter how high the optimization level, if the compiler has reason to believe it is compiling for an environment in which this particular optimization is invalid."

Exactly, and the fix for this was added at the same time as the fix for the main bug, on friday 17th July:

http://lkml.indiana.edu/hypermail/linux/kernel/0907.2/00705.html

So much for the rants of some of the Reg commentards, I especially love this one, posted Saturday 18th July 2009 15:21 GMT nearly a day after the bug was fixed: "The Linux kernel has a known, demonstrably exploitable security problem in the field, and the kernel developers do not wish to fix it. ...No, the reality is that too many Linux zealots including the kernel developers refuse to ever accept they're wrong on anything."

Re: Fixed in 2.6.30.2

"Looks like this has been fixed in 2.6.30.2, according to

http://lkml.indiana.edu/hypermail/linux/kernel/0907.2/00706.html"

So to sum it up we have a vulnerability that appeared in a kernel release not yet (and now never will be) adopted by a single *release* version of a Linux distribution, that a fix was available for 3 days ago (so almost same day as disclosure of the bug?) and that apparently required root privileges to exploit anyway - rendering it redundant.

We then have a torrent of Reg "commentards" writing off Linux as an operating system because OMG it has bugs! It's no better on the recent articles about IE and Windows security holes.

It all has the feel of the Daily Mail about it: a sensationalist article which neglects a couple of small but important facts, and then the predictable stream of knee-jerk reaction comments based on people's prejudices against this or that.

Re:No thanks.

"I'll stick with Ubuntu. Free download direct from their website."

Guess what - if you bother to check their website (www.mandriva.com) you'll find that Mandriva is also a free download. Not having an entrepreneur and his millions behind them Mandriva tries to make a bit of cash from their desktop distro by selling merchandisey things like this (they've also got an 'enterprise' version on a similar pay-for model as RHEL).

The entire distro and all the extended repositories are still availble for free online though if you just want to download it.

It's obvious isn't it?

* Minuscule benefits - DVD quality really is fine for most people

* Excessive price - 25 quid per movie! What fantasy world do these people live in?

* DRM - For the breathtakingly high price you have to deal with painful DRM incompatabilities and brokenness, why not just get the damn movie off Piratebay if you're going to be treated like a copyright infringer anyway?

* Optical disks are fragile, slow to access and relatively bulky to store compared to hard drives and flash drives. Why can't I have digital copies of all my movies on my cheap, fast 300/500/1000/whatever GB hard drive(s)?

* DRM also makes it really painful to make legitimate backup copies of the optical disks that will inevitably break

* Physical disks are inconvenient to buy for each individual movie - why can't I just download them over the net? For all it's illegality The Piratebay et al. has shown us that it would be technically trivial for the movie companies to setup an excellent, no-bullshit video-on-demand service. They won't though purely for political reasons - they really do think they can bribe governments to make corrupt laws to coerce us all into continuing to buy media on overpriced physical formats.

Another reason this is stupid

Cue the flood of people forwarding those stupid 'If you forward this email to X people Microsoft/Bill Gates will give you $10,000"

Medieval 'justice' system

Ah the old accuse-them-3-times and they're guilty system. The French government tried to go through the normal procedures and make an actual law to create this. Unfortunately it conflicted with silly old laws from 1789 or somesuch time about 'innocent until proven guilty' and evidence and due process. Now the British government has found a way around this - avoid legislation and simply create an environment where the flimsy made-up evidence can be used by wealthy people and corporations to threaten ordinary people.

Funny thing is they only sales that will increase because of it are Pirate Bay's new VPN service, at 5 Euros/dollars/whatever a month for peace-of-mind from this kind of bullshit it's destined to be the most popular internet service since, well, the internet itself.

Americans forced to take their own medicine..

..and they aren't liking it are they? The big US corporations named in this article are the same ones that lobby the US govt. to pressure other countries into adopting overly strict Intellectual 'Property' laws. They are also the same companies that use land-grab tactics to amass huge amounts of frivolous patents to stifle competition

On the other hand we finally have a real scientific organisation (not a lawyer-ridden patent troll) which actually does invent things and innovate use the patent system for what it's intended and look what happens!

(disclaimer: I'm an Aussie)

RE: So what?

As someone who administers RHEL servers for a living I can tell you there's one major advantage of Ubuntu, Debian and even Mandriva and openSuse over RHEL/Centos: The availability of packages.

RHEL + the EPEL and Dag repos (which conflict and contain some duplicates when combined) contains only a fraction of the avilable packages that Ubuntu or even my home Mandriva system does (at best 7 or 8000 vs 20-25000 for Ubuntu, Debian and Mandriva)

Re: Blubber

"Too bad so many people just let their package managers take care of their kernel and modules for them... Oh well, it's their loss."

I run an everything-including-kitchen-sink distro (Mandriva 2009.1) and the space on disk of the kernel plus all the modules (Mandriva packages come with all modules built, plus a handful of '3rd party' ones that aren't in the kernel such as ndiswrapper) weighs in at less than 40MB.

And before anyone says 'yeah but having all those modules loaded is bloated' please lookup what a kernel module is - the whole point is it only loads the ones needed for my hardware!

RE: File System Issues?

Because ZFS is under the Common Development and Distribution License (CDDL) and thus can't be included in the Linux kernel. The only ZFS implementation of Linux AFAIK is a user-space FUSE driver.

It'd be possible to write a GPL'ed implementation of ZFS but I think the kernel guys are going their own way with http://en.wikipedia.org/wiki/BTRFS

Illogical

"The right for the BSA to go raid you, you signed when you sign those Microsoft licenses, foolish you. So now they expect you to spend money on man hours to list every piece of software in your business and prove the licenses for those.

Failure to do so and they'll come visit, taking up your valuable time anyway."

So then logically if you have pirated your software the BSA has no legal right to audit you as you've never signed/agreed to the crazy 'EULAs' that come with commercial SW.

second hand market

"The simple fact is that no not everyone is going to buy them, I tend to run my car into the ground so I should be driving it for another 5 years at least, my next motor needs to be about £2500 second hand cause that's all I'll be able to afford."

True but all cars only have a lifetime of 10-15, maximum 20 years. So 10 years or so after the first electric cars have come out you'll find your 2500 quid 2nd hand cars are those electric cars that were new 10 years ago. As long as the govt. doesn't go overboard the national fleet could get replaced like this through natural attrition, no unnecessary scrapping of working cars.

Biased

As usual with these one-sided, highly biased articles this one misses the point. Yes electric cars today suck, and yes they aren't hugely more CO2-efficient than petrol/diesel cars.

But the point is to get our transport system weaned off of oil, a resource which might not run out but will continuously get more expensive and more environmentally destructive as we have to go to much more trouble to extract and refine it (eg. from tar sands). Not to mention the huge political, economic and security problems of our entire economy being dependent on a resource we can only source from a small number of unfriendly and unstable countries.

An infrastructure of electric cars powered by nuclear plants would solve this problem neatly, and take a fair whack off CO2 emissions at the same time. We could then stop wasting oil in ground transport and leave it for where it's really needed (aircraft, plastics manufacturing and the military). Might not be so good for Pike and his backers at BP though...

What is taking up all that space?

Let's compare the installed file size between KDE4's perfectly capable Okular reader and Adobe Reader 8.1.4, both as packaged in Mandriva 2009.1:

rpm -qa --qf "%{NAME} %{SIZE}\n" "*okular*"

okular 2950848

libokularcore1 705360

Okular total size: 3.49MB

rpm -qa --qf "%{NAME} %{SIZE}\n" "acroread*"

acroread-plugins-searchfind 1410770

acroread-plugins-extwin 361026

acroread-plugins-ecmascript 2045666

acroread 74074180

acroread-nppdf 127260

Acroread total size: 74.4MB

So Adobe Reader is around 21 times bigger than a program that's purpose is to just read PDF files. What the hell is Adobe Reader doing then? Either Adobe are horrifically inefficient programmers or there's something else going on.

Missing the point

The real benefits of virtualisation come when you're talking about doing it on a datacentre or business wide scale (the comments above about virtualising exotic configurations or single-server businesses miss the points):

* Reduced cooling, electricity, data centre space, hardware maintenance and hardware purchase costs. This is the number 1 selling point of it and it works since you don't have all your machines running at capacity all the time, so you can combine several physical machines onto one virtualised one and make far more efficient use of resources (eg. with something like Xen which balances CPU load between VMs). Plus a single powerful machine is still more space, electricity and cooling-efficient than several small ones which equal the same capability.

* Easy and flexible deployment of new servers - in most large organisations it can take several days or weeks to purchase, have delivered, rack and install a physical machine. With VMs you can do it in minutes.

* Ability to cheaply give users their own machine with root access - eg. for a developer. If (actually when) they break it it can be easily reset to a snapshotted point or re-created.

There are a lot more I'm sure, so yes there are reasons why companies are going ga-ga for VMs at the moment.

Just crazy

I pay around $100US/year for a dreamhost account to hold my backups. They give full shell access over ssh, including rsync and give you shitloads of space - plenty to backup any website with a simple rsync. Or the admins could have simply rsync'ed the website down to one of their home PCs over their own broadband connections - total cost about 50 quid for a USB external drive to back it up.

Really, a 2nd machine in the same room is not a backup - if it wasn't a cracker it would have been a burst pipe in the datacentre or something similar (stupid stuff like that happens a lot more often that you'd expect).