Operating Systems

HardenedBSD Completes Strong ASLR Implementation 65 65

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

Woman Recruited By Google Four Times and Rejected Now Joins Age Discrimination Suit 634 634

dcblogs writes: An Ivy league graduate, with a Ph.D. in geophysics, Cheryl Fillekes, who also specializes in Linux and Unix systems, was contacted by Google recruiters four separate times over a seven year period. In each instance, she did well enough on the phone interviews to get invited to an in-person interview but was rejected every time for a job. She has since joined an age discrimination lawsuit against Google filed about two months ago by another older worker. "The amended lawsuit also alleges that the U.S. Equal Employment Opportunity Commission (EEOC) received 'multiple complaints of age discrimination by Google, and is currently conducting an extensive investigation.'"

100kb of Unusual Code Protecting Nuclear, ATC and United Nations Systems 145 145

An anonymous reader writes: For an ex-academic security company still in the seeding round, startup Abatis has a small but interesting roster of clients, including Lockheed Martin, the Swiss military, the United Nations and customers in the civil nuclear and air traffic control sectors. The company's product, a kernel driver compatible with Windows, Linux and Unix, occupies just 100kb with no dependencies, and reportedly achieves a 100% effectiveness rate against intruders by preventing unauthorized I/O activity. The CEO of Abatis claims, "We can stop zero day malware — the known unknowns and the unknown unknowns." The software requires no use of signature files, white-listing, heuristics or sandboxing, with a separate report from Lockheed Martin confirming very significant potential for energy savings — up to £125,000 per year in a data center with 10,000 servers.
Open Source

Why Was Linux the Kernel That Succeeded? 469 469

jones_supa writes: "One of the most puzzling questions about the history of free and open source software is this: Why did Linux succeed so spectacularly, whereas similar attempts to build a free or open source, Unix-like operating system kernel met with considerably less success?" Christopher Tozzi has rounded up some theories, focusing specifically on kernels, not complete operating systems. These theories take a detailed look at the decentralized development structure, pragmatic approach to things, and the rich developer community, all of which worked in favor of Linux.
GNU is Not Unix

GNU Hurd 0.6 Released 229 229

jrepin writes It has been roughly a year and a half since the last release of the GNU Hurd operating system, so it may be of interest to some readers that GNU Hurd 0.6 has been released along with GNU Mach 1.5 (the microkernel that Hurd runs on) and GNU MIG 1.5 (the Mach Interface Generator, which generates code to handle remote procedure calls). New features include procfs and random translators; cleanups and stylistic fixes, some of which came from static analysis; message dispatching improvements; integer hashing performance improvements; a split of the init server into a startup server and an init program based on System V init; and more.

Book Review: Networking For System Administrators 33 33

Saint Aardvark writes Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. Networking for System Administrators, available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend. Keep reading for the rest of Saint Aardvark's review.
Open Source

Getting Started Developing With OpenStreetMap Data 39 39

Nerval's Lobster writes In 2004, Steve Coast set up OpenStreetMap (OSM) in the U.K. It subsequently spread worldwide, powered by a combination of donations and volunteers willing to do ground surveys with tools such as handheld GPS units, notebooks, and digital cameras. JavaScript libraries and plugins for WordPress, Django and other content-management systems allow users to display their own maps. But how do you actually develop for the platform? Osmcode.org is a good place to start, home to the Osmium library (libosmium). Fetch and build Libosmium; on Linux/Unix systems there are a fair number of dependencies that you'll need as well; these are listed within the links. If you prefer JavaScript or Python, there are bindings for those. As an alternative for Java developers, there's Osmosis, which is a command-line application for processing OSM data.
GNU is Not Unix

GNU Nano Gets New Stable Release 119 119

jones_supa writes: GNU Nano 2.4.0 has been released as the first stable update to this UNIX command line text editor in a number of years. The release codenamed "Lizf" brings a wide variety of changes: full undo system, Vim-compatible file locking, linter support, formatter support, flexible syntax highlighting, and random bugfixes.

Not Quite Dead: SCO Linux Suit Against IBM Stirs In Utah 170 170

An anonymous reader points to a story in the Salt Lake Tribune which says that The nearly defunct Utah company SCO Group Inc. and IBM filed a joint report to the U.S. District Court in Salt Lake City saying that legal issues remain in the case, which was initiated in 2003 with SCO claiming damages of $5 billion against the technology giant, based in Armonk, N.Y. That likely means that U.S. District Judge David Nuffer, who now presides over the dispute, will start moving the lawsuit — largely dormant for about four years while a related suit against Novell Inc. was adjudicated — ahead. What kind of issues? In addition to its claims of IBM misappropriation of code, SCO alleges that IBM executives and lawyers directed the company's Linux programmers to destroy source code on their computers after SCO made its allegations. The company's other remaining claims are that IBM's actions amounted to unfair competition and interference with its contracts and business relations with other companies. IBM has remaining claims against SCO that allege the Utah company violated contracts, copied and distributed IBM code that had been placed in Linux and that SCO created a campaign of "fear, uncertainty and doubt" about IBM's products and services because of the dispute over Unix code.

Mozilla: Following In Sun's Faltering Footsteps? 300 300

snydeq writes: The trajectory of Mozilla, from the trail-blazing technologies to the travails of being left in the dust, may be seen as paralleling that of the now-defunct Unix systems giant Sun. The article claims, "Mozilla has become the modern-day Sun Microsystems: While known for churning out showstopping innovation, its bread-and-butter technology now struggles." It goes on to mention Firefox's waning market share, questions over tooling for the platform, Firefox's absence on mobile devices, developers' lack of standard tools (e.g., 'Gecko-flavored JavaScript'), and relatively slow development of Firefox OS, in comparison with mobile incumbents.
Open Source

Removing Libsystemd0 From a Live-running Debian System 755 755

lkcl writes The introduction of systemd has unilaterally created a polarization of the GNU/Linux community that is remarkably similar to the monopolistic power position wielded by Microsoft in the late 1990s. Choices were stark: use Windows (with SMB/CIFS Services), or use UNIX (with NFS and NIS). Only the introduction of fully-compatible reverse-engineered NT Domains services corrected the situation. Instructions on how to remove systemd include dire warnings that "all dependent packages will be removed", rendering a normal Debian Desktop system flat-out impossible to achieve. It was therefore necessary to demonstrate that it is actually possible to run a Debian Desktop GUI system (albeit an unusual one: fvwm) with libsystemd0 removed. The reason for doing so: it doesn't matter how good systemd is believed to be or in fact actually is: the reason for removing it is, apart from the alarm at how extensive systemd is becoming (including interfering with firewall rules), it's the way that it's been introduced in a blatantly cavalier fashion as a polarized all-or-nothing option, forcing people to consider abandoning the GNU/Linux of their choice and to seriously consider using FreeBSD or any other distro that properly respects the Software Freedom principle of the right to choose what software to run. We aren't all "good at coding", or paid to work on Software Libre: that means that those people who are need to be much more responsible, and to start — finally — to listen to what people are saying. Developing a thick skin is a good way to abdicate responsibility and, as a result, place people into untenable positions.

Nim Programming Language Gaining Traction 520 520

An anonymous reader writes: Nim is a young, statically typed programming language that has been getting more attention recently. See these articles for an introduction: What is special about Nim?, What makes Nim practical? and How I Start: Nim. The language offers a syntax inspired by Python and Pascal, great performance and C interfacing, and powerful metaprogramming capabilities. The author of "Unix in Rust" just abandoned Rust in favor of Nim and some early-adopter companies are starting to use it as well.

Book Review: FreeBSD Mastery: Storage Essentials 75 75

Saint Aardvark writes If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start? You start here, with Michael W. Lucas' latest book, FreeBSD Mastery: Storage Essentials. You've heard his name before; he's written Sudo Mastery (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring. Keep reading for the rest of Saint Aardvark's review.

Interviews: Alexander Stepanov and Daniel E. Rose Answer Your Questions 42 42

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."
Operating Systems

OpenBSD's Kernel Gets W^X Treatment On Amd64 84 84

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

OpenBSD Releases a Portable Version of OpenNTPD 79 79

Noryungi (70322) writes Theo De Raadt roundly criticized NTP due to its recent security advisories, and pointed out that OpenBSD OpenNTPD was not vulnerable. However, it also had not been made portable to other OS in a long time. Brent Cook, also known for his work on the portable version of LibreSSL (OpenBSD cleanup and refactoring of OpenSSL) decided to take the matter in his own hands and released a new portable version of OpenNTPD. Everyone rejoice, compile and report issues!

Book Review: Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress 31 31

MassDosage writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren't even a glint in the eyes of their creators. A lot has changed and there's now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build Your Own Website: A comic guide to HTML, CSS and Wordpress comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone's kettle of fish it's a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to. Read below for The rest of MassDosage's review.

Just-Announced X.Org Security Flaws Affect Code Dating Back To 1987 172 172

An anonymous reader writes Some of the worst X.Org security issues were just publicized in an X.Org security advisory. The vulnerabilities deal with protocol handling issues and led to 12 CVEs published and code dating back to 1987 is affected within X11. Fixes for the X Server are temporarily available via this Git repository.

Debian Forked Over Systemd 647 647

jaromil writes: The so called "Veteran Unix Admin" collective has announced that the fork of Debian will proceed as a result of the recent systemd controversy. The reasons put forward are not just technical; included is a letter of endorsement by Debian Developer Roger Leigh mentioning that "people rely on Debian for their jobs and businesses, their research and their hobbies. It's not a playground for such radical experimentation." The fork is called "Devuan," pronounced "DevOne." The official website has more information.