Slashdot

ddt writes "Raise your glasses of champagne in a toast at midnight. The time(2) system call turns 40 tonight, and is now officially 'over the hill.' It's dutifully keeping track of time for clueful operating systems since January 1, 1970." And speaking of time, if you don't have a *nix system handy, or just want a second opinion, an anonymous reader points out this handy way to check just how far it is after local midnight in Unix time. Updated 10:03 GMT by timothy: The Unix-time-in-a-browser linked has been replaced by a Rick Astley video; you have been warned.

jensend writes "The 1.7 branch of Cygwin, the Unix-like environment for Windows, has reached stable status after about 3 1/2 years of effort. Among many other changes, this release drops support for Windows 9x. Since the NT API and NT-based versions of Windows are more capable and somewhat less of a mismatch with POSIX (for instance, they include a security model), this has allowed for code path simplifications, better performance (particularly noticeable with pipe I/O), better security, and better POSIX compatibility."

swsuehr writes "The Book of Xen: A Practical Guide for the System Administrator provides an excellent resource for learning about Xen virtualization. I frequently need to create test environments for examples that appear in various books and magazine articles (in the interest of full disclosure, I've never written for the publisher of this book). In the days before virtualization that meant finding and piecing together hardware. Like many readers, I've been using virtualization in one form or another for several years, including Xen. This book would've saved hours searching around the web looking for tidbits of information and sifting through what works and doesn't work in setting up Xen environments. The authors have done the sifting for me within the ~250 pages of the book. But far beyond, the authors also convey their experience with Xen using walkthroughs, tips, and recommendations for Xen in the real world." Read on for the rest of Steve's review.

Trailrunner7 writes "A researcher has published an explanation of a new flaw in FreeBSD that allows a remote attacker to take control of a vulnerable machine. The vulnerability could give an attacker root access to the FreeBSD machine, and the FreeBSD developers have published a patch for the flaw early Tuesday. The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list. In a message to FreeBSD users, Colin Percival, the project's security officer, said that because of the severity of the flaw and the fact that exploit code already is available, he felt it was necessary to post the patch as soon as possible, without even publishing a security advisory."

buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"

AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

davecb writes "The ACM has been kind enough to print Paul Stachour's and my 'jack' article about Software Maintenance. Paul first pointed out back in 1984 that we and our managers were being foolish — when we were still running Unix V7 — and if anything it's been getting worse. Turns out maintenance has been a 'solved problem in computer science' since at least then, and we're just beginning to rediscover it."

spongman writes "Microsoft's Senior Vice President, Developer Division, S. Somasegar has announced that Microsoft has acquired Teamprise from Sourcegear, LLC, and will be shipping it as part of the upcoming Visual Studio 2010 release. Teamprise is an Eclipse plugin (and related tools) for connecting to Team Foundation Server, Microsoft's source-control/project-management system. What's most interesting about this is not only that Microsoft has realized that heterogeneous development platforms are important to their developer customers, but the fact that Microsoft themselves will now be developing and shipping products based on those heterogeneous platforms, including 5 versions of Unix."

Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."

gribll writes "October 2009 marked an important milestone in the history of computing. It was exactly 40 years since the first Multics computer system was used at MIT. The interview is with Multics co-developer, MIT Professor and Turing Award winner Fernando J. Corbato. Multics (Multiplexed Information and Computing Service) is regarded as the foundation of modern time-sharing systems. Multics was the catalyst for the development of Unix and has been used as a model of operating system design since its release four decades ago. There is also a picture gallery of Multics history."

pkrumins writes "The ldd utility is more vulnerable than you think. It's frequently used by programmers and system administrators to determine the dynamic library dependencies of executables. Sounds pretty innocent, right? Wrong! It turns out that running ldd on an executable can result in executing arbitrary code. This article details how such executable can be constructed and comes up with a social engineering scenario that may lead to system compromise. I researched this subject thoroughly and found that it's almost completely undocumented."

An anonymous reader writes "Andy Ritger, who leads the NVIDIA UNIX Graphics Team responsible for creating drivers on Linux, FreeBSD and Solaris, has answered many questions at Phoronix about the state of Linux graphics, gaming, and drivers. Ritger shares some interesting facts, such as: the Linux graphics driver download rate is 0.5% that of their Windows driver downloads at NVIDIA.com; how the Nouveau developers are doing an incredible job; creating an AMD-like open-source strategy at NVIDIA would be time intensive and unlikely; and development problems for the Linux platform. Also commented on are new features that may come to their Linux driver within the next twelve months." Like all stories at Phoronix, in common with most other hardware review sites, this one is arbitrarily and maddeningly spread across 8 pages.

Toe, The writes "Today Apple announced several new hardware offerings, including a new Mac mini, their (almost-literally) pint-sized desktop computer. In a bizarre twist, they are now also offering a Mac mini with Mac OS X Server bundled in, along with a two hard drives somehow stuffed into the tiny package. Undoubtedly, many in the IT community will scoff at the thought of calling such a device a 'server.' However, with the robust capabilities of Snow Leopard Server (a true, if highly GUI-fied, UNIX server), it seems likely to find a niche in small businesses and even enthusiasts' homes. The almost completely guided setup process means that people can set up relatively sophisticated services without the assistance of someone who actually knows what they are doing. What the results will be in terms of security, etc. will be... interesting to watch as they develop." El Reg has a good roundup article of the many announcements; the multi-touch Magic Mouse is right up there on the techno-lust-inspiration scale.

An anonymous reader writes "With Sun busy being swallowed up by Oracle, should Linux geeks pay any interest to OpenSolaris? TuxRadar put together a guide to OpenSolaris's most interesting features from a Linux user's perspective, covering how to get started with ZFS and virtualisation alongside more consumer-friendly topics such as hardware and Flash support."

DigDuality writes "Dieter@be over at Arch Linux forums, a release engineer for Arch Linux, got inspired by this post. The idea? To create a browser based on the Unix philosophy: 'Write programs that do one thing and do it well, programs that work well together, programs to handle text streams because that is a universal interface,' among other points. The result? A fast, low-resource browser named Uzbl, based on WebKit, which passes the Acid3 Test with a perfect score. The browser is controlled (by default) by vim-like keybindings, not too dissimilar to vimperator for Firefox. Things like URL changing, loading/saving of bookmarks, saving history, and downloads are handled through external scripts that you write (though the Uzbl software does come with some nice scripts for you to use). It fits great in a tiling window manager and plays extremely well with dmenu. The learning curve is a bit steep, but once you get used to it, it's smooth sailing. Not bad for alpha software. Though built for Arch, it has been reported to work on Ubuntu."

snydeq writes "A federal appeals court has overturned a 2007 decision that Novell owns the Unix code, clearing the way for SCO to pursue a $1 billion copyright infringement case against IBM. In a 54-page decision (PDF), the 10th Circuit Court of Appeals said it was reversing the 2007 summary judgment decision by Judge Dale Kimball of the US District Court for the District of Utah, which found that Novell was the owner of Unix and UnixWare copyrights. SCO CEO Darl McBride called the decision a 'huge validation for SCO.'" The case over who owns Unix will now go to trial in Utah.

angry tapir sends along coverage from Good Gear Guide of a recent Microsoft !0-K SEC filing: "Microsoft for the first time has named Linux distributors Red Hat and Canonical as competitors to its Windows client business in its annual filing to the US Securities and Exchange Commission. The move is an acknowledgment of the first viable competition from Linux to Microsoft's Windows client business, due mainly to the use of Linux on netbooks, which are rising in prominence as alternatives to full-sized notebooks. ... 'Client faces strong competition from well-established companies with differing approaches to the PC market,' Microsoft said in the filing. 'Competing commercial software products, including variants of Unix, are supplied by competitors such as Apple, Canonical, and Red Hat.'"

SeanCier writes "We're a small (two-person) iPhone app developer whose first game has recently been released in the App store. In the process, we've inadvertently stepped in it, bringing up a question of the GPL and free software ethics that I'm hoping the Slashdot community can help us clear up, one way or the other. XPilot, a unique and groundbreaking UNIX-based game from the early/mid nineties, was a classic in its day, but was forgotten and has been dead for years, both in terms of use and development. My college roommate and I were addicted to it at the time, even running game servers and publishing custom maps. As it's fully open source (GPLv2), and the iPhone has well over twice the graphics power of the SGI workstations we'd used in college, we decided it was a moral imperative to port it to our cellphones. In the process, we hoped, we could breathe life back into this forgotten classic (not to mention turning a years-old joke into reality). We did so, and the result was more playable than we'd hoped, despite the physical limitations of the phone. We priced it at $2.99 on the App store (we don't expect it to become the Next Big Thing, but hoped to recoup our costs — such as server charges and Apple's annual $99 developer fee), released the source on our web page, then enthusiastically tracked down every member of the original community we could find to let them know of the hoped-for renaissance. Which is where things got muddy. After it hit the App store, one of the original developers of XPilot told us he feels adamantly that we're betraying the spirit of the GPL by charging for it." Read on for the rest of Sean's question.

christian.einfeldt writes "The LinuxTech.net blog points out that Linux notebooks are currently selling quite well on Amazon's list in Germany. The blog includes screenshots showing the Linux Asus and Aspire notebooks in positions 2 and 4, respectively, on that list. These machines are not netbooks, but full notebooks, albeit on the moderate to low side regarding price and performance. That LinuxTech.net blog was dated 23 July 2009, and the Asus machine is still holding second place more than one day later, while the Acer machine slipped to fifth position, despite the volatile nature of Amazon bestseller lists. While these two data points are just snapshots in time, they are consistent with other data showing that Microsoft itself attributes some of its recent weak earnings to surging sales of low-end notebooks, as well as data showing that the Linux-powered and Unix-powered computers topped Amazon's sales charts in all categories for 2007. If there is to ever be a 'year of desktop (or laptop) Linux', it won't happen all at once, but will creep up in ways similar to what we are seeing now."