Enterprise Unix Roundup — Sun's Open Source Pixie Dust – page 2

In Other News

» Red Hat has introduced support for "NX" extensions in x86 hardware to the Linux kernel. The support enables a level of protection against buffer overflow attacks, a commonly exploited vulnerability.

The protection doesn't come without potential cost. Some legacy apps will break when run under Linux kernels with NX protection "turned on." Linus Torvalds cited the ongoing virus nightmare Windows users endure as an argument for flipping the NX bit by default, whether end users suffer some inconvenience or not:

"It sounds like we should just have NX on by default," Linux creator Linus Torvalds wrote in a public post. "I think most people have seen the security disaster that causes most of the e-mails on the net to be spam. So this should be trivial to explain to people when they complain about default [behavior] breaking their strange legacy app."

» Two weeks ago we reported the jousting between Professor Andrew Tanenbaum and Kenneth Brown (who's on a mission to prove Linus Torvalds is a thief). Since then, Brown rebutted Tanenbaum, who returned the favor:

After half an hour of repeatedly answering the question 'Could Linus have written the Linux kernel by himself?' in the affirmative, I was getting a bit irritated. Beginning psychoanalysts often take this for being conflicted. People who know me would probably confirm that I do not suffer fools gladly.

» The "Prettiest Unix Workstation on the Block" should probably go to Apple's new dual 64-bit PowerPC G5 units, unveiled Wednesday. The fastest of the lot is a dual 2.5GHz system that features liquid cooling.

» Red Hat's penetration into government use got a boost from distributor DLT Solutions' blanket $29 million contract with the Defense Information Systems Agency. DLT will offer Red Hat Enterprise Linux AE, ES, and WS software, along with maintenance support, training, and consulting.

Security Roundup

• Mandrake, SUSE, and Red Hat (1, 2) released patches to Squid, the Web caching proxy, to fix a buffer overflow in the software could allow for a remote execution of arbitrary code.
• Apple patched a potentially serious bug in the way OS X opened applications from a URL.
• Mandrake, SUSE, Fedora Legacy, NetBSD, and FreeBSD all patched a vulnerability in CVS that could allow for a buffer overflow that would allow a malicious user to run arbitrary code with the CVS server's privileges.

Tips of the Trade

Sharing an Internet connection makes reining in bandwidth hogs a chronic chore for network admins. It doesn't take much for a single user to suck up inordinate amounts of bandwidth downloading .isos, playing online multiplayer games, mirroring Web sites with wget, running batch uploads with rsync, or even just downloading one e-mail with a big fat attachment.

One way to manage this is with utilities like iproute or rshaper. These tools provide central traffic-shaping management. The downside to using them is that they have a rather steep learning curve and sometimes require a kernel re-compile.

There's a new traffic-shaping kid on the block that operates entirely in userspace: Trickle. Trickle can be run as a daemon or on a per-use basis. Suppose you're going to download the latest Fedora .isos, and you know this will cause woe to the other users on your Internet link. Do this to place a cap on the bandwidth your download uses:

$ trickle -s -d 100 mozilla

The -s runs Trickle in stand-alone mode, instead of as a daemon, and -d limits Mozilla to downloading at 100 KB per second. You can make this permanent by editing Mozilla's launcher. Open your menu editor, find Mozilla's entry, and change it from

mozilla %u

to

trickle -s -d 100 mozilla %u

You'll find Trickle at http://monkey.org/~marius/trickle.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Crossnodes every Wednesday and is the author of the site's popular Scripting Clinic, which deals with Unix/Linux scripting issues.

>> To Main