Linux-Development-Sys Digest #579, Volume #6 Sat, 3 Apr 99 23:13:48 EST
Contents:
Re: Linux Kernel documentationI (Vladimir Stanishev)
Re: Trusted Linux (Warren Young)
Re: Proposal: "Linux 2000 Platform" (Christopher B. Browne)
Re: 3c509B + 2.0.36 + 486/66 = badness (Warren Young)
Re: Trusted Linux (Christopher B. Browne)
Re: Proposal: "Linux 2000 Platform" (Jeremy Crabtree)
linux on PC/104-modules (Holger Blinzinger)
Re: Proposal: "Linux 2000 Platform" (Kendall Bennett)
----------------------------------------------------------------------------
From: Vladimir Stanishev <[EMAIL PROTECTED]>
Subject: Re: Linux Kernel documentationI
Date: Sat, 03 Apr 1999 19:52:38 -0500
Reply-To: [EMAIL PROTECTED]
it's a great book. even if you don't plan to be looking at the source code
too much. the appendix is great and saves
a lot of browsing - it has kernel commands, the proc system, lilo params and
so on. i'd forgotten it has a
cd. i just looked at it, the readme file says it contains the 2.0.27 kernel
source to accompany the book.
also take a look at
http://metalab.unc.edu/linux/LDP/tlk/tlk.html
here is hte intro:
This book is for Linux enthusiasts who want to know how the Linux kernel
works. It is not an
internals manual. Rather it describes the principles and mechanisms that
Linux uses; how and why
the Linux kernel works the way that it does.
---
and it's exactly that. it's really helpful if the kernel internals book has
too many details to swalow.
John McKown wrote:
> I've just received a book from http://www.linuxmall.com
> It is "Linux Kernel Internals, Second Editon"
> published by Addison-Wesley. ISBM 0-201-33143-8
> It comes with a CD-ROM. I have NO idea how good it is. I just received
> it and haven't had a chance to even open it yet. It has chapters on
> the Kernel (including data structures), memory management, inter process
> communication, the file system, device drivers, networking, modules.
> It looks like it may be good. But I can't be sure. It does have a
> preface by Linus, if that counts.
>
> John
>
> On Wed, 31 Mar 1999 22:17:08 +0200, root <[EMAIL PROTECTED]> wrote:
> >I'm a novice about Linux but i'd found it wonderful.
> >I'm an Andersen Consulting's consultant and when i can work on linux I'm
> >very happy.
> >I wrote to this group to ask you about a book (downloadable or not)
> >which can teach me more about
> >the inner workings of the kernel away from the university books (a lot
> >of theory and a few of practice)
> >Thanks in advance
> >
> >write to [EMAIL PROTECTED]
> >
------------------------------
From: Warren Young <[EMAIL PROTECTED]>
Subject: Re: Trusted Linux
Date: Sat, 03 Apr 1999 18:38:23 -0700
Arthur P Snagphart wrote:
>
> A friend mentioned to me that someone was working on a trusted version of
> Linux ~B2 security. Anyone know what the deal is?
I've not heard of it, but it'd have to be a significant departure from
the current versions of Linux. You'd have to replace the filesystem and
all the kernel-level security checking stuff at least.
For example, under a class B[12] system, there is no "root" user with
complete god-like powers. You can _create_ such a user, but the point
is that it's not an intrinsic attribute of user ID 0. So, everywhere
the kernel checks for uid or euid 0, it will have to instead check the
system Access Control Lists to see if the user is allowed to do the
operation.
Is it possible? Yes, but I'd bet that it won't happen any time soon, if
only because it won't be done by The Community. Why? It takes big
money to get something Orange Book certified. Heck, Microsoft hasn't
even re-certified NT 4.0 as C2 yet -- B2 certification costs way more.
It would take someone like Red Hat to push a B2 certification effort
through, and that only considers the final costs, not the costs of
actually building it.
My final criticism of this idea is that most people (myself included)
wouldn't want to use such a fascistic version of Linux, so who would
test it? Again, this problem can only be overcome with more money/time
commitments, and that from fewer people.
Sorry, but it just doesn't look practical. If such a project was once
announced, the reason you haven't heard anything else from them is
because they've probably shelved the idea.
--
= Warren -- http://www.cyberport.com/~tangent/
= ICBM Address: 36.8274040 N, 108.0204086 W, alt. 1714m
= <bits of ice striking hull> "Captain, we're being hailed."
------------------------------
From: [EMAIL PROTECTED] (Christopher B. Browne)
Crossposted-To: alt.os.linux,comp.os.linux.advocacy,comp.os.linux.misc
Subject: Re: Proposal: "Linux 2000 Platform"
Reply-To: [EMAIL PROTECTED]
Date: Sun, 04 Apr 1999 01:39:21 GMT
On 4 Apr 1999 00:40:15 GMT, Jeremy Crabtree <[EMAIL PROTECTED]> posted:
>Christopher B. Browne allegedly wrote:
>>If DISPLAY is set appropriately, it can get at Netscape from
>>anywhere...
>
>Okay...I was really hoping for a way to past from, say,
>tty1 (an actual console, not an XTerm) to someplace in
>X.
Sure thing. If, in the shell on the console, you have DISPLAY set
appropriately, the script will find an existant Netscape instance on
that display, and shove the URL at it.
Set DISPLAY, and it works.
I headed over to a virtual console on godel (e.g. - *NO* X running on
godel), and did the following:
% export DISPLAY=dantzig:0.0
% Netscape http://www.hex.net
The Netscape session presently displaying on dantzig (which happens to
be running remoted from godel, but not connected in any way other than
through environment variables to the virtual console) just jumped to
www.hex.net.
>>>(I use X and multiple text consoles a lot, so being able to send
>>> stuff from a console to X would be incredibly useful)
>>
>>Rumor has it that there's some sort of regex matcher for RXVT that can
>>allow the gentle user to "somehow click" on a URL on screen, have RXVT
>>"macro" determine what portion is URL, and then do something like my
>>script above...
>>
>>I've never beena ble to figure it out.
>
>Again, I was hoping for something that would work on a regular
>console, and paste into X...a pipe dream, I know, but still...
See above. I think I'm doing your "pipe dream," unless I'm misreading
what you're looking for.
>[SNIP, starting chimera and such...]
>
>>>>Not rocket science.
>>>
>>>No...but it still seems to go againt the KISS principle.
>>
>>I disagree. It adds substantial power with a few simple lines of
>>code. It may appear less-than-approachable to the "completely
>>computer naive," but it's certainly not nasty complex stuff.
>
>I'll concede and just agree here.
It adds a *little* complexity, and gains a *lot* of power. For those
whose heads explode with even the slightest bit of complexity, it's
doubtless far too much.
>[SNIP, about ZSH...my Slack install doesn't have ZSH :(...must've missed
> it]
Take a look for it; it's been my favorite shell since, um, consulting
assignment at Cominco in 1994.
Zsh is sort of like the "Gnu Emacs" of shells; it contains pretty much
the wildest features ever implemented in any shell. Not small, but
quite worthwhile.
The way that it interactively does argument expansion is something
that you have to see in order to believe...
It reduces the number of accidental "rm... oops!" instances
considerably; I seldom type in a complete filename, but rather start
typing, and tab- to tab-complete it. No spelling errors there.
Better still, if I want to delete a *bunch* of files based on a regex,
I'll type the expression, press "tab," and watch it expand out to the
complete list of filenames. Supposing the list looks right, it's time
to press enter.
If, instead, 300 unexpected filenames pop up onscreen, this suggests
that Maybe I Did Something Wrong. Since I haven't hit "enter" yet,
the data is still OK...
--
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer <http://www.hex.net/~cbbrowne/lsf.html>
[EMAIL PROTECTED] - "What have you contributed to free software today?..."
------------------------------
From: Warren Young <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.networking
Subject: Re: 3c509B + 2.0.36 + 486/66 = badness
Date: Sat, 03 Apr 1999 18:50:13 -0700
Anthony Shipman wrote:
>
> This is not the usual suite of problems. The driver works, the card
> talks to other machines on the LAN, but when I try to transfer files I
> get a very large Rx error rate on the 3c509B. The source of the
> transfer is a P150 with a PCI card. Typically 1 out of 6 to 1 out of 10
> packets received from the P150 machine result in a frame or overrun
> error. The result is a net throughput of only a few KB/s.
Whose stack is running on the Pentium? If it's a particularly broken
network stack, it might not be handling things like acks, the source
quench mechanism or the TCP window correctly. That'd cause the fast
Pentium to choke the slow 486 because it's ignoring the "help, you're
flooding me!" indications from the 486.
--
= Warren -- http://www.cyberport.com/~tangent/
= ICBM Address: 36.8274040 N, 108.0204086 W, alt. 1714m
= Chain tagline - Stolen 378 times - Add 1 when stolen.
------------------------------
From: [EMAIL PROTECTED] (Christopher B. Browne)
Subject: Re: Trusted Linux
Reply-To: [EMAIL PROTECTED]
Date: Sun, 04 Apr 1999 02:02:57 GMT
On Sat, 03 Apr 1999 18:38:23 -0700, Warren Young
<[EMAIL PROTECTED]> posted:
>Arthur P Snagphart wrote:
>> A friend mentioned to me that someone was working on a trusted version of
>> Linux ~B2 security. Anyone know what the deal is?
>
>I've not heard of it, but it'd have to be a significant departure from
>the current versions of Linux. You'd have to replace the filesystem and
>all the kernel-level security checking stuff at least.
The kernel is just the start, too.
The traditional NSA-certifications involve the *whole system,* from
hardware to the "system is in operation" notion of "operating system."
Thus, you need to make sure that init is "secured," and then head on
up the tool chain. Chances are that NFS won't pass the test; consider
that the only NT configuration that was tested was one that was
floppyless and NICless.
>Is it possible? Yes, but I'd bet that it won't happen any time soon, if
>only because it won't be done by The Community. Why? It takes big
>money to get something Orange Book certified. Heck, Microsoft hasn't
>even re-certified NT 4.0 as C2 yet -- B2 certification costs way more.
>It would take someone like Red Hat to push a B2 certification effort
>through, and that only considers the final costs, not the costs of
>actually building it.
Red Hat? They're not nearly big enough unless the recent SAP
investment dropped a whole pile of money in their laps.
This sort of certification process is one that literally costs
*MILLIONS* in terms of getting large numbers of security-knowledgeable
folks in on the analysis process.
Red Hat isn't going to be able to sell enough copies of "B2 Linux" to
make it worthwhile, *particularly* if the cost drops to $0 the day
after the code is released.
>My final criticism of this idea is that most people (myself included)
>wouldn't want to use such a fascistic version of Linux, so who would
>test it? Again, this problem can only be overcome with more money/time
>commitments, and that from fewer people.
All correct.
There are *three* critical components in an operational B2-secure
system:
a) A B2-certifiable OS, hardware, *and applications.* (PostgreSQL
doesn't cut it; you need Trusted Oracle and the likes...)
b) A B2-knowledgeable system administrator who will keep things
administered with appropriate "fascism."
c) Users that understand and are willing to work in the context of
maintaining B2 security.
Throw a "point and click twits" into the mix, and the cost and effort
of establishing B2-like security goes away. Oops.
Take it up to the rather ludicrous A1, and you essentially need for
every user on the system to understand the complexities of A1
security.
I don't think it's taking it *much* too far to claim that this
basically requires that all A1 users need to be mathematicians with a
decent understanding of set theory and combinatorics.
I didn't say PhD; an undergraduate math understanding would probably
be enough. That still means that many engineers, all "Management
Information Systems" folk, and anybody who was actually scared of
higher math, need not apply...
This is pretty ridiculous, but I'm not sure I'm wrong...
>Sorry, but it just doesn't look practical. If such a project was once
>announced, the reason you haven't heard anything else from them is
>because they've probably shelved the idea.
Rumor has it that 2.3 will start adding in "capabilities," which gives
the ability to construct more secure systems. But that's not yet, and
that certainly does not spell B2.
I think that the "deal" was that someone heard that some UNIXes are
certified at B2 and B3 levels, and figured that it would be cool for
Linux to get the same, without having any actual comprehension of what
the process of certification entails.
--
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer <http://www.hex.net/~cbbrowne/security.html>
[EMAIL PROTECTED] - "What have you contributed to free software today?..."
------------------------------
From: [EMAIL PROTECTED] (Jeremy Crabtree)
Crossposted-To: alt.os.linux,comp.os.linux.advocacy,comp.os.linux.misc
Subject: Re: Proposal: "Linux 2000 Platform"
Date: 4 Apr 1999 02:41:47 GMT
Reply-To: [EMAIL PROTECTED]
Christopher B. Browne allegedly wrote:
>On 4 Apr 1999 00:40:15 GMT, Jeremy Crabtree <[EMAIL PROTECTED]> posted:
>>Christopher B. Browne allegedly wrote:
>>>If DISPLAY is set appropriately, it can get at Netscape from
>>>anywhere...
>>
>>Okay...I was really hoping for a way to past from, say,
>>tty1 (an actual console, not an XTerm) to someplace in
>>X.
>
>Sure thing. If, in the shell on the console, you have DISPLAY set
>appropriately, the script will find an existant Netscape instance on
>that display, and shove the URL at it.
Yeah...but nopt just to Netscape...to ANYTHING.
(YES, I really have needed to do this.)
[SNIP...about setting DISPLAY]
I already knew how to get Netscape to do it...the problem
is being able to take arbitrary bits of text from a
console and send them to an arbitrary App in X. :(
>
>>>>(I use X and multiple text consoles a lot, so being able to send
>>>> stuff from a console to X would be incredibly useful)
>>>
>>>Rumor has it that there's some sort of regex matcher for RXVT that can
>>>allow the gentle user to "somehow click" on a URL on screen, have RXVT
>>>"macro" determine what portion is URL, and then do something like my
>>>script above...
>>>
>>>I've never beena ble to figure it out.
>>
>>Again, I was hoping for something that would work on a regular
>>console, and paste into X...a pipe dream, I know, but still...
>
>See above. I think I'm doing your "pipe dream," unless I'm misreading
>what you're looking for.
You're misreading what I'm looking for.
[SNIP, about complexity]
>>[SNIP, about ZSH...my Slack install doesn't have ZSH :(...must've missed
>> it]
>
>Take a look for it; it's been my favorite shell since, um, consulting
>assignment at Cominco in 1994.
ISTR seeing it in the installable packages, I think I just didn't
install it at the time...I may have a look some time.
>Zsh is sort of like the "Gnu Emacs" of shells;
Okay...so...what would be the TECO of shells? <EVIL GRIN>
>it contains pretty much
>the wildest features ever implemented in any shell. Not small, but
>quite worthwhile.
>
>The way that it interactively does argument expansion is something
>that you have to see in order to believe...
>
>It reduces the number of accidental "rm... oops!" instances
>considerably; I seldom type in a complete filename, but rather start
>typing, and tab- to tab-complete it. No spelling errors there.
I do that with BASH
>Better still, if I want to delete a *bunch* of files based on a regex,
>I'll type the expression, press "tab," and watch it expand out to the
>complete list of filenames. Supposing the list looks right, it's time
>to press enter.
Never tried that with BASH...if I want to kill a bunch of files in BASH
I usually use a for loop.
(I love for loops...great things to have around)
>If, instead, 300 unexpected filenames pop up onscreen, this suggests
>that Maybe I Did Something Wrong. Since I haven't hit "enter" yet,
>the data is still OK...
I use an echo the first time, and then re-run the loop with rm
if, indeed, I got the correct files.
--
"Being myself a remarkably stupid fellow, I have had to unteach myself
the difficulties, and now beg to present to my fellow fools the parts
that are not hard" --Silvanus P. Thompson, from "Calculus Made Easy."
------------------------------
From: Holger Blinzinger <[EMAIL PROTECTED]>
Subject: linux on PC/104-modules
Date: Mon, 29 Mar 1999 13:52:17 +0200
Anyone here who tried installing linux on a PC/104-module?
I'm planning on booting from a flash disk. What do I have to pay
attention to?
What about Kernel-modifications?
------------------------------
From: [EMAIL PROTECTED] (Kendall Bennett)
Crossposted-To: alt.os.linux,comp.os.linux.advocacy,comp.os.linux.misc
Subject: Re: Proposal: "Linux 2000 Platform"
Date: Sat, 3 Apr 1999 18:57:08 -0800
In article <7e349q$s5u$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (Kendall Bennett) wrote:
> > Hi All,
> > Since there will be differences between the different uses for Linux, we
> > should define multiple variations of the Linux 2000 platform. The
> > contents of what make up the variations Linux 2000 platform should be
> > debated and eventually voted on to come up with the final guidelines.
> > Some people may not agree with the final vote, but the important thing is
> > that compromises need to be made for this to be successful. We may also
> > want to define what are 'base components' that must be installed on every
> > system, and components that are optional and may or may not be installed
> > by the user.
>
> this was an april fools joke, right?
No, it was not. Stupid me had my head in the clouds and didn't realise it
was April 1st when I posted it.
> the scary thing is that this is actually occuring,
> the end result of windows programmers that do not understand unix.
> it cracks me up when people make their linux look and behave as much like
> windows as possible, then denounce the very thing they are emulating.
It is responses like this that really piss me off. What do you know about
me and my understanding of Unix? It just so happens that I have been a
Linux/FreeBSD user since way back in the 0.9x days, and have used Unix
system extensively in the past (did lot of graphics research on high end
SGI boxes). I do active development for DOS, Windows, OS/2, Linux, QNX
and BeOS. Hmm. Perhaps I might *know* a thing or two about Unix systems?
What is worse is that what I was proposing has absolutely *nothing* to do
with Windows!!!! Sure, I used the '2000' moniker because in the corporate
world marketing rules, whether you like it or not. Call it something else
if you please, I really don't care. The important thing that I was trying
to get across, something that everyone seems to have completely missed is
that Linux needs:
. Cooperation
. Standardisation
. Uniformity
Those three points are vital for the continued growth of Linux. I am not
talking about this in the sense of 'continuing to challenge Windows'. I
am talking about this in the sense of the growth of Linux itself,
regardless of any other OS'es. I am talking about this in the sense of
making it easier for people to develop cool stuff for Linux as a
platform.
The standard response to my proposal seems to be something along the
lines of 'Hell, you can solve those problems; you are just too lazy!'.
Well a lazy programmer is a good programmer, and if there are ways that
things can be streamlined to cut down on the amount of effort someone
needs to expend to release a product that supports Linux, that is a good
thing right? Surely people realize that is developers spent less time
fucking around trying to make their products compatible with all the
different Linux distributions, they could spend more time concentrating
on developing better products.
It appears to me that many in the Linux community are either just to
vain, or too damn ignorant to realise this. So forget that I ever brought
up the subject...
--
+----------------------------------------------------------------------+
| SciTech Software - Building Truly Plug'n'Play Software! |
+----------------------------------------------------------------------+
| Kendall Bennett | To reply via email, remove nospam from |
| Director of Engineering | the reply to email address. Do NOT send |
| SciTech Software, Inc. | unsolicited commercial email! |
| 505 Wall Street | ftp : ftp.scitechsoft.com |
| Chico, CA 95928, USA | www : http://www.scitechsoft.com |
+----------------------------------------------------------------------+
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.development.system) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Development-System Digest
******************************
