An anonymous reader writes "Recently, the Oracle/Sun conglomerate has denied public download access to all service packs for Solaris unless you have a support contract. Now, paying a premium for gold-class service is nothing new in the industry, but withholding critical security updates smacks of extortion. While this pay-for-play model may be de rigueur for enterprise database systems, it is certainly not the norm for OS manufactures. What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements since several of the Solaris cluster packs contain patches to GNU utilities and applications."

Milo_Mindbender writes "I've recently gotten ahold of an old Altos 586 Xenix system (a late '80s Microsoft flavor of Unix) that has one of the first multi-user BBS systems in the US on it, and I want to salvage the historical BBS posts off it. I'm wondering if anyone remembers what format Xenix used on the 10MB (yes MB) IDE hard drive and if it can still be read on a modern Linux system. This system is quite old, has no removable media or ethernet and just barely works. The only other way to get data off is a slow serial port. I've got a controller that should work with the disk, but don't want to tear this old machine apart without some hope that it will work. Anyone know?"

snydeq writes "Peter Wayner provides a developer's comparison of Android and the iPhone and finds Android not only competitive but in fact a better choice than the iPhone for many developers, largely due to its Java foundation. 'While iPhone developers have found that one path to success is playing to our baser instincts (until Apple shuts them down), a number of Android applications are offering practical solutions that unlock the power of a phone that's really a Unix machine you can slip into your pocket,' Wayner writes, pointing out GScript and Remote DB as two powerful tools for developers to make rough but workable custom tools for Android. But the real gem is Java: 'The pure Java foundation of Android will be one of the biggest attractions for many businesses with Java programmers on the staff. Any Java developer familiar with Eclipse should be able to use Google's Android documentation to turn out a very basic application in just a few hours. Not only that, but all of the code from other Java programs will run on your Android phone — although it won't look pretty or run as fast as it does on multicore servers.'"

A couple of weeks ago you posed some questions for Matt Asay, who recently moved into the COO role at Canonical. Click below to read his answers.

donadony writes "Last Monday PC-BSD 8.0 was released. PC-BSD is based on FreeBSD and uses KDE as its default desktop environment. PC-BSD is designed to make BSD much easier for desktop use. The 8.0 release includes support for 3D acceleration with NVIDIA drivers on amd64 and improvements in the USB subsystem. The PC-BSD team has also developed a friendly package manager system with a simple-to-use GUI tool (see the screenshots tour). For a full list of changes, refer to the changelog."

An anonymous reader writes "Red Hat has already been using the Nouveau X.Org driver in Fedora for providing display and 2D support, but with their next release (Fedora 13) they will be making open-source 3D acceleration readily available to those using Nvidia graphics cards. Red Hat has packaged the Nouveau 3D driver in Fedora 13 and what makes it interesting — besides being an open source 3D driver that was written by the community by reverse engineering Nvidia's closed-source driver — is that it's one of the first drivers to use the Gallium3D driver interface. Phoronix has tested out this Gallium3D driver for Nvidia GPUs in a Fedora 13 daily build and found it to run with a variety of OpenGL games, with benchmarks being included that compare it to Nvidia's official driver. The performance is far from being on the same stage as Nvidia's official Unix driver."

viralMeme writes "Microsoft plans to begin phasing out Unix and Linux platform support for its FAST enterprise search products, as of its next release. According to a Thursday blog post from Microsoft Distinguished Engineer Bjørn Olstad, 'We’ve continued to sell, support, and update the Linux and UNIX versions of FAST ESP, and we’ve designed the next wave of FAST products (scheduled for release in the first half of calendar year 2010) to include a cross-platform search core that has been extended to take advantage of web services and support mixed-platform deployment models. With our 2010 products scheduled for release in a few months, we’ve just started to plan for our next wave of products. As a part of that planning process, we have decided that in order to deliver more innovation per release in the future, the 2010 products will be the last to include a search core that runs on Linux and UNIX. Many of our customers run FAST ESP on Linux and UNIX today, and we recognize that our future focus on Windows means change. To ease the transition, we’re investing in interoperability between Windows and other operating systems, reaffirming our commitment to 10 years of support for our non-Windows products, and taking concrete steps to help customers plan for the future.'"

Ian Lamont writes "Suspicions about China slipping eavesdropping technology into computer exports have been around for years. But the recent spying attacks, attributed to China, on Google and other Internet companies have revived the hardware spying concerns. An IT World blogger suggests the gear can't be trusted, noting that it wouldn't be hard to add security holes to the firmware of Chinese-made USB memory sticks, computers, hard drives, and cameras. He also implies that running automatic checks for data of interest in the compromised gear would not be difficult." The blog post mentions Ken Thompson's admission in 1983 that he had put a backdoor into the Unix C compiler; he laid out the details in the 1983 Turing Award lecture, Reflections On Trusting Trust: "The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."

Mass Effect debuted a little over two years ago to almost universal praise, getting high marks for the rich story, endless exploration options, and entertaining gameplay. Despite the game's success, BioWare listened closely to player feedback, promising to revamp the parts of the game that needed improvement while developing the sequel. They didn't hesitate to refine the elements they wanted to keep and do away with the ones they didn't. The result is a familiar, but much more streamlined experience. Rather than being a shooter with a great story added in, Mass Effect 2 a great story that often has you shoot things. Read on for the rest of my thoughts.

With the recent release of Firefox 3.6, Mozilla has also decided to try out a new development model dubbed "Lorentz." A blend of both Agile and more traditional "waterfall" development models, the new methodology aims to deliver new features much more quickly while still maintaining backwards compatibility, security, and overall quality. Only time will tell if this is effective, or just another management fad. "If the new approach sounds familiar, that's because Unix and Linux development has attempted similar kinds of release variations for iterating new features while maintaining backwards compatibility. HP-UX, for example, is currently on its HP-UX 11iv3 release, which receives updates several times a year that add incremental new functionality. The Linux 2.6.x kernel gets new releases approximately every three months, which include new features as well."

Orion Blastar writes "While many Amiga users have moved on to Linux, Mac OS X, and even, gasp shock, Microsoft Windows, some of us don't want to give up so easily. There are two open source projects that are keeping the Amiga legacy alive even if Amiga Inc. seems to be deader than a doornail and not really doing much but selling old Classic Amiga games for new platforms. Like WINE, there was a project to run AmigaOS 3.1 software for Linux and other platforms, but it evolved instead into an open source operating system named Amiga Research OS, or AROS. AROS is best run inside an emulator, and while it is not a modern OS like Linux, it can be downloaded and run inside of Linux (and the downloads section has more). While it is not ready for prime time yet, it is a promising OS that is being ported to many platforms and uses the user friendly Amiga GUI we Amiga users grew up with." Read on for more.

ddt writes "Raise your glasses of champagne in a toast at midnight. The time(2) system call turns 40 tonight, and is now officially 'over the hill.' It's been dutifully keeping track of time for clueful operating systems since January 1, 1970." And speaking of time, if you don't have a *nix system handy, or just want a second opinion, an anonymous reader points out this handy way to check just how far it is after local midnight in Unix time. Updated 10:03 GMT by timothy: The Unix-time-in-a-browser link has been replaced by a Rick Astley video; you have been warned.

jensend writes "The 1.7 branch of Cygwin, the Unix-like environment for Windows, has reached stable status after about 3 1/2 years of effort. Among many other changes, this release drops support for Windows 9x. Since the NT API and NT-based versions of Windows are more capable and somewhat less of a mismatch with POSIX (for instance, they include a security model), this has allowed for code path simplifications, better performance (particularly noticeable with pipe I/O), better security, and better POSIX compatibility."

swsuehr writes "The Book of Xen: A Practical Guide for the System Administrator provides an excellent resource for learning about Xen virtualization. I frequently need to create test environments for examples that appear in various books and magazine articles (in the interest of full disclosure, I've never written for the publisher of this book). In the days before virtualization that meant finding and piecing together hardware. Like many readers, I've been using virtualization in one form or another for several years, including Xen. This book would've saved hours searching around the web looking for tidbits of information and sifting through what works and doesn't work in setting up Xen environments. The authors have done the sifting for me within the ~250 pages of the book. But far beyond, the authors also convey their experience with Xen using walkthroughs, tips, and recommendations for Xen in the real world." Read on for the rest of Steve's review.

Trailrunner7 writes "A researcher has published an explanation of a new flaw in FreeBSD that allows a remote attacker to take control of a vulnerable machine. The vulnerability could give an attacker root access to the FreeBSD machine, and the FreeBSD developers have published a patch for the flaw early Tuesday. The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The researcher, Kingcope, has posted an explanation of the flaw on the Full Disclosure mailing list. In a message to FreeBSD users, Colin Percival, the project's security officer, said that because of the severity of the flaw and the fact that exploit code already is available, he felt it was necessary to post the patch as soon as possible, without even publishing a security advisory."

buchner.johannes writes "I was fed up with the general consensus that Linux is oh-so-secure and has no malware. After a week of work, I finished a package of malware for Unix/Linux. Its whole purpose is to help white-hat hackers point out that a Linux system can be turned into a botnet client by simply downloading BOINC and attaching it to a user account to help scientific projects. The malware does not exploit any security holes, only loose security configurations and mindless execution of unverified downloads. I tested it to be injected by a PHP script (even circumventing safe mode), so that the Web server runs it; I even got a proxy server that injects it into shell scripts and makefiles in tarballs on the fly, and adds onto Windows executables for execution in Wine. If executed by the user, the malware can persist itself in cron, bashrc and other files. The aim of the exercise was to provide a payload so security people can 'pwn' systems to show security holes, without doing harm (such as deleting files or disrupting normal operation). But now I am unsure of whether it is ethically OK to release this toolkit, which, by ripping out the BOINC payload and putting in something really evil, could be turned into proper Linux malware. On the one hand, the way it persists itself in autostart is really nasty, and that is not really a security hole that can be fixed. On the other hand, such a script can be written by anyone else too, and it would be useful to show people why you need SELinux on a server, and why verifying the source of downloads (checksums through trusted channels) is necessary. Technically, it is a nice piece, but should I release it? I don't want to turn the Linux desktop into Windows, hence I'm slightly leaning towards not releasing it. What does your ethics say about releasing such grayware?"

AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

davecb writes "The ACM has been kind enough to print Paul Stachour's and my 'jack' article about Software Maintenance. Paul first pointed out back in 1984 that we and our managers were being foolish — when we were still running Unix V7 — and if anything it's been getting worse. Turns out maintenance has been a 'solved problem in computer science' since at least then, and we're just beginning to rediscover it."

spongman writes "Microsoft's Senior Vice President, Developer Division, S. Somasegar has announced that Microsoft has acquired Teamprise from Sourcegear, LLC, and will be shipping it as part of the upcoming Visual Studio 2010 release. Teamprise is an Eclipse plugin (and related tools) for connecting to Team Foundation Server, Microsoft's source-control/project-management system. What's most interesting about this is not only that Microsoft has realized that heterogeneous development platforms are important to their developer customers, but the fact that Microsoft themselves will now be developing and shipping products based on those heterogeneous platforms, including 5 versions of Unix."