swsuehr writes "The Book of Xen: A Practical Guide for the System Administrator provides an excellent resource for learning about Xen virtualization. I frequently need to create test environments for examples that appear in various books and magazine articles (in the interest of full disclosure, I've never written for the publisher of this book). In the days before virtualization that meant finding and piecing together hardware. Like many readers, I've been using virtualization in one form or another for several years, including Xen. This book would've saved hours searching around the web looking for tidbits of information and sifting through what works and doesn't work in setting up Xen environments. The authors have done the sifting for me within the ~250 pages of the book. But far beyond, the authors also convey their experience with Xen using walkthroughs, tips, and recommendations for Xen in the real world." Read on for the rest of Steve's review.

AndGodSed writes "OMG! UBUNTU! Reports the following: 'Malware has been found hidden inside an innocuous 'waterfall' screensaver .deb file made available on popular artwork sharing site Gnome-Look.org. The .deb file installs a script with elevated privileges designed to perform a DDoS attack as well as keep itself updated via downloads. The dodgy screensaver in question has since been removed from gnome-look, and this incident was a very basic, if potentially successful, attempt.'" A similar report at Digitizor.com says that similar malware was also found in a theme called Ninja Black. For those affected, both sites also provide instruction on cleansing your system.

dnaumov writes "FreeNAS, a popular, free NAS solution, is moving away from using FreeBSD as its underlying core OS and switching to Debian Linux. Version 0.8 of FreeNAS as well as all further releases are going to be based on Linux, while the FreeBSD-based 0.7 branch of FreeNAS is going into maintenance-only mode, according to main developer Volker Theile. A discussion about the switch, including comments from the developers, can be found on the FreeNAS SourceForge discussion forum. Some users applaud the change, which promises improved hardware compatibility, while others voice concerns regarding the future of their existing setups and lack of ZFS support in Linux."

Norsefire writes "I am in quite a predicament. I decided a while back to branch out and use a new operating system (currently running Debian). After a bit of searching (trying Gentoo, Gobo and Arch along the way), I decided to use something that isn't Linux. Long story short: I narrowed the choices down to OpenSolaris and FreeBSD, but now I'm stuck. OpenSolaris is commercially backed by Sun, has nice enterprise-y tools in the default install, and best of all, a mature implementation of ZFS. FreeBSD is backed by a foundation, has a minimal default install and a rather new (but recently improved in the 8.0 release) implementation of ZFS, however it offers the Ports Collection (I quite like the performance boost due to compiling from source, no matter how small it might be) and a bigger community than OpenSolaris. That is just a minimal mention of the differences. I would be interested to see what the Slashdot community thinks of these two operating systems."

mpol writes "For years I've been using a home server with Linux, but recently I've been having doubts about the electric bill. I'm not touched by the recession yet, but I would like to cut costs, and going from a 100-Watt system to a 30-Watt system would save me 70 bucks a year. The system doesn't need to do much, just apache, imap, ssh and some nfs, but I do prefer to have a full-fledged system, where I can choose what to install on it. I also don't really care if it's a low-power Via or an ARM processor as long as it's cheap. I'm aiming for $300 or less for a full system, which I could then earn back in about four years through power savings. I've been reading about the Western Digital Mybook World Edition, which has an ARM processor but isn't that easy to install Debian on. A Mac Mini draws about 85 Watts, so that isn't an option either. Something a bit more than turn-key would be fine, but preferably not a complete hack-job. Adding a temporary CR-ROM or DVD-ROM, or a USB disk with an iso to install from would be nice. Any Slashdotters run nice and cheap low-power Linux systems? What can you recommend?"

Reader tail.man points out this press release from Debian which says that the port of the Debian system to the FreeBSD kernel will be given equal footing alongside Debian's several other release ports, starting with the release of Squeeze. Excerpting from this release: "The kFreeBSD architectures for the AMD64/Intel EM64T and i386 processor architectures are now release architectures. Severe bugs on these architectures will be considered release critical the same way as bugs on other architectures like armel or i386 are. If a particular package does not build or work properly on such an architecture this problem is considered release-critical. Debian's main motivation for the inclusion of the FreeBSD kernel into the official release process is the opportunity to offer to its users a broader choice of kernels and also include a kernel that provides features such as jails, the OpenBSD Packet Filter and support for NDIS drivers in the mainline kernel with full support."

griffjon writes "The new hardware release (you can read about the upgrade here) also comes with a dual-boot option. Start rejoicing now; it's not XP or Sugar (the native, education-centric OS) — it's Sugar or Gnome. And of course there are other homebrew distributions like Xtra Ordinary, built off of Debian."

JO_DIE_THE_STAR_F*** writes "Jesse Vincent managed to get Ubuntu 9.04 Jaunty Jackalope running on the Kindle 2. The new functionality was presented in a talk at OSCON 2009."

Uncle Alex writes "My niece just turned one year old and her parents have asked that, instead of the usual gifts, we each contribute something to a time capsule to be opened on her 17th birthday. Multiple members of my family want to contribute digital data — text, video, music files. They came to me (the closest thing to a geek our family has) wondering: what's the best way to save the data to ensure she'll actually be able to see it in 16 years? Software might be out of date, hardware may no longer be used... any suggestions?"

sukotto writes "Ubuntu recently released an unannounced and experimental 'multisearch' extension to Firefox alpha 3, apparently in an effort to improve the default behavior of new tabs and of search. In a response to one of the initial bug reports the maintainers mentioned that the extension's other purposes were 'collecting the usage data' and 'generating revenue.' Since this extension installs by itself and offers no warning about potential privacy violations, quite a few people (myself included) feel pretty unhappy. The only way to opt out is to disable the extension manually via Tools > Add-ons." Most posters to this Ubuntu forum thread are not happy about multisearch.

frenchbedroom writes "The ongoing Debconf 9 meeting in Cáceres, Spain has brought a significant change to Debian's project management. The Debian project will now freeze development in December of every odd year, which means we can expect a new Debian release in the spring of every even year, starting with 'Squeeze' in 2010. Until now, development freezing was decided by the Debian release team. From the announcement: 'The project chose December as a suitable freeze date since spring releases proved successful for the releases of Debian GNU/Linux 4.0 (codenamed "Etch") and Debian GNU/Linux 5.0 ("Lenny"). Time-based freezes will allow the Debian Project to blend the predictability of time based releases with its well established policy of feature based releases. The new freeze policy will provide better predictability of releases for users of the Debian distribution, and also allow Debian developers to do better long-term planning. A two-year release cycle will give more time for disruptive changes, reducing inconveniences caused for users. Having predictable freezes should also reduce overall freeze time.' We previously discussed talks between Canonical and the Debian release team about fixed freeze dates."

An anonymous reader writes "Linux distributions track upstream projects, releasing a particular version with each official release. But how far behind the latest versions do these releases linger? Scott Shawcroft did an interesting new study into this relationship between distributions and upstream projects. Shawcroft says: 'Over the last 10 months I've been working on Linux evolution research. Similar to distrowatch, I track the current versions of packages in a number of distributions and the current upstream version. Based on that data I then graph a number of metrics to understand the relationship between upstream and downstream.' His presentation on the topic scheduled for [this] week's open source convention, OSCON, should provide an interesting insight into that relationship. Currently he is tracking 20 projects including the Linux kernel, Firefox, GCC, OpenSSH and GNOME on Arch, Debian, Fedora, Gentoo, openSUSE, Sabayon, Slackware, and Ubuntu."

suka writes "In a fresh interview with derStandard.at, Ubuntu founder Mark Shuttleworth talks about GNOME 3.0 — its strengths, but also about what he thinks is missing. He also mentions ongoing talks for a common meta-release-cycle with Debian which could delay the next LTS."

christian.einfeldt writes "The Munich decision to move its 14,000 desktops to Free Open Source Software created a big splash back in 2003 as news circulated of the third-largest German city's defection from Microsoft. When it was announced in 2003, the story garnered coverage even in the US, such as an extensive article in USA Today on-line. Currently, about 60% of desktops are using OpenOffice, with the remaining 40% to be completed by the end of 2009. Firefox and Thunderbird are being used in all of the city's desktop machines. Ten percent of desktops are running the LiMux Debian-based distro, and 80% will be running LiMux by 2012 at the latest. Autonomy was generally considered more important than cost savings, although the LiMux initiative is increasing competition in the IT industry in Munich already. The program has succeeded because the city administration has been careful to reach out to all stakeholders, from managers down to simple end users."

twitter writes "There's been a lot of fuss about mono lately. After SCO and MS suing over FAT patents, you would think avoiding anything MS would be a matter of common sense. RMS now steps into the fray to warn against a serious mistake: 'Debian's decision to include Mono in the default installation, for the sake of Tomboy which is an application written in C#, leads the community in a risky direction. It is dangerous to depend on C#, so we need to discourage its use. .... This is not to say that implementing C# is a bad thing. ... [writing and using applications in mono] is taking a gratuitous risk.'" Update: 06/27 20:22 GMT by T : Read on below for one Mono-eschewing attempt at getting the (excellent) Tomboy's functionality, via a similar program called Gnote. Update: 06/27 21:07 GMT by T: On the other side of the coin, reader im_thatoneguy writes "Jo Shields, a Mono Developer, has published an article on 'Why Mono Doesn't Suck,' why it is not a threat to FOSS, why it is desirable to developers and why it should be included in Ubuntu by default."

pallmall1 writes "OS News reports that Debian developer Josselin Mouette got Tomboy accepted as a dependency for gnome in the next release of Debian (codenamed Squeeze). While that may seem like nothing big (except for the 50 MByte size of the Tomboy package), Tomboy requires Mono — meaning that Mono will now be installed by default. Apparently, Debian doesn't have the same concerns over using specifications patented by Microsoft and licensed under undisclosed terms that Red Hat does. Perhaps Debian doesn't believe that Microsoft might do something like Rambus did."

alimo20 writes "Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux. According to ISG lead professor Kenny Patterson, an attacker has a 2^{-18} (that is, one in 262,144) chance of success. Patterson tells that this is more significant than past discoveries because 'This is a design flaw in OpenSSH. The other vulnerabilities have been more about coding errors.' The vulnerability is possible by a man-in-the-middle intercepting blocks of encrypted material as it passes. The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker. Using this information, the attacker can work backwards to figure out the first 4 bytes of data before encryption. 'The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson. ... Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.'"

jamie found a note on debian-administration.org, the first in a promised series on migrating off of SHA-1 in OpenPGP. "Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be 'moving in an orderly fashion toward the theater exits,' deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US govt. federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results). ... So what can you do to help facilitate the move away from SHA-1? I'll outline three steps that current gpg users can do today, and then I'll walk through how to do each one..."

ceswiedler writes "Aurelien Jarno has just uploaded a fork of glibc called eglibc, which is targeted at embedded systems and is source- and binary-compatible with glibc. It has a few nice improvements over glibc, but the primary motivation seems to be that it's a 'more friendly upstream project' than glibc. Glibc's maintainer, Ulrich Drepper, has had a contentious relationship with Debian's project leadership; in 2007 the Debian Project Leader sent an email criticizing Drepper for refusing to fix a bug on glibc on the ARM architecture because in Drepper's words it was 'for the sole benefit of this embedded crap.'"

ruphus13 writes "When Mark Shuttleworth was asked what role WINE will play in Ubuntu's success, he said that Ubuntu cannot simply be a better platform to run Windows apps. From the post, according to Shuttleworth, '[Windows and Linux] both play an important role but fundamentally, the free software ecosystem needs to thrive on its own rules. it is *different* to the proprietary software universe. We need to make a success of our own platform on our own terms. if Linux is just another way to run Windows apps, we can't win. OS/2 tried that ...' The post goes on to say, 'Linux simply isn't Windows (nor is Windows Linux) and to expect fundamentally different approaches (and I'm not just thinking closed versus open) to look, feel, and operate the same way is senseless.'"