|
|
It is not uncommon to run a Linux system with a kernel that was compiled for another distribution. One reason for doing this is the difficulty in compiling and testing a kernel to make sure it will do what you require. It’s not THAT difficult for someone who knows what they are doing, but if someone else has already done the work then it seems like a waste to re-invent the wheel. Sometimes it’s an issue of a driver that one distribution supports but not another, copying the entire kernel package from another distribution may be easier than compiling a new kernel with the extra driver. Sometimes it’s a kernel bug, if distribution A has fixed the bug and distribution B hasn’t, then it’s often easier to install a kernel package from distribution A when running distribution B.
Another reason for running different distributions with the same kernel is Xen. If you have a Dom0 which hosts instances for different distributions as DomU’s then running the same kernel on all of them can make it easier to manage.
Unfortunately it’s not uncommon for different distributions to have different kernel feature sets. One example I’m currently dealing with is the fact that the Debian/Etch kernel is compiled with CONFIG_AUDITSYSCALL disabled while RHEL and CentOS require it. So if you run a RHEL or CentOS system with a Debian kernel (EG running a Debian Xen server with a RHEL or CentOS DomU) then you see messages such as the following in your logs.
crond[7824]: pam_loginuid(crond:session): set_loginuid failed opening loginuid
The loginuid feature allows login and equivalent programs (which includes xdm and other graphical login programs, cron and every other program that runs a program on behalf of another user) to set the loginuid. This loginuid will be stored by the kernel, inherited across fork() and exec, and not be changed by running setuid or setgid programs. Therefore if you see some strange entries in your audit log indicating an attempted attack you can determine the original login UID of the person responsible.
In terms of security features it’s not a really high priority. But it is really annoying when programs that work on RHEL don’t work properly with a Debian kernel and put many unwanted messages in the log files. For people who have less background knowledge about these things it may be more than annoying, and may even force them to change their deployment plans to make the message go away (not everyone knows which messages can be ignored or where to ask about such things).
The fact that Etch has no user-space support for the auditing features in question (auditing system calls or setting the loginuid) was never a good reason for not enabling this feature (IMHO). Using the auditing system calls was simply a matter of copying the auditctl program from a RHEL, Fedora, or CentOS system (for those who didn’t feel inclined to compile the source). The loginuid required changes to PAM to enable it, but is actually a small part of the auditing layer.
As a general rule minimising the differences between distribution kernels is going to benefit most people. Some people complain about kernel bloat, but there are worse candidates for that accusation and given that it seems impossible to buy a machine with less than 512M of RAM and a 900MHz CPU (the specs of the ASUS EeePC) adding a few extra kernel features seems unlikely to hurt anyone. It is of course always possible to compile your own kernel for the smallest machines.
Finally I am in the process of back-porting SE Linux code and related security features to Etch, and having this already enabled in the kernel would make my work easier. I won’t do a 7 year support cycle for it unless someone pays, but supporting Etch past the release of Lenny with the latest SE Linux features (and the current features working properly) is my aim.
I have just stayed at the Victoria Hotel Melbourne. I booked it through www.WotIf.com and paid ~$110 per night instead of the list price of $186 per night.
The location is great (little Collins St near Swanston St). It’s a short walk from most things that are in the central city area and the nearest tram stop has a tram that goes directly to Melbourne University which will be good for people attending LCA (although it’s close enough that you might want to walk and save a few dollars). The price is pretty good too (you don’t get much cheaper than that in the central city area).
But there are some down-sides. The hotel is old and has an old design. It has small windows and air-conditioners are retro-fitted into the window (as opposed to the modern design of having huge windows and A/C in the ceiling). The air-conditioning is barely adequate and once the hotel walls heat up the room will be warm all night. The window-based air-conditioning also greatly diminishes the possibility of looking out the window, and for people who are tall enough to see over it they will probably find that the bed is too short for them (I stayed in a twin room, maybe a double bed would be longer – of course if I was alone in a double bed then I could probably sleep diagonally).
The room lights are all halogen spotlights, that includes the reading lights over the beds. This is 90’s architectural fashion and not a functional design. If you want to lie on your bed to read a book or watch TV then you will be able to see at least three halogen lights from the corner of your eye. Seeing such a small intense light source in your peripheral vision is really unpleasant.
The pool is about 5M*5M in size and approximately 1.1M deep (it seems deeper than a 1.0M pool I recently swam in but shallower than a 1.2M pool).
In conclusion I think that the Oaks on Market [1] apartments are better value for money, altough Market street is less convenient.
Update: I forgot to mention one last failing. For curtains my room had nothing other than a Venetian blind. As such a blind does not cover the entire window space I was woken by the sun rise. It’s bad enough seeing a sunrise after a hard night coding, I definitely don’t want to see one when I had planned to sleep in. Curtains that properly cover the window is not an expensive feature to add.
Some people have been asking about the weather in Melbourne in late-January in terms of what to wear for Linux.Conf.Au.
It is probably impossible to predict weather for a particular day this far ahead. But predicting a range for the week is not difficult.
I think that you should expect at least one day that is really hot with a peak of 37C or more and reasonable humidity with a possibility of another two days the same or similar. A day with a peak of 42C or more is not unlikely over the course of a week.
You should expect a range of temperatures, one or two days that are reasonably cool with a maximum of 25C would not be unexpected. Some heavy rain in short bursts is a possibility (based on the past few weeks – prior to that there was little rain and it’s possible that there may be some time without rain again), there is probably no need for a rain-coat if you have the option of waiting ~30 mins for the rain to pass before going outside. I expect that if there is any rain at a time when conference delegates are about to go out somewhere then things will be delayed.
I suggest that you wear jeans while on the plane but expect to wear shorts for your entire time in Australia. A t-shirt is a reasonable option but if you plan to be outside much then wear a long-sleeved shirt. As I don’t expect to be doing much work in traditional offices in the near future I’m wearing business shirts when I go outside, long sleeves with a collar is good for protecting against sun-burn and as they are light they keep me cool (t-shirts are tighter and thicker and keep you hot). However when at LCA I will be wearing t-shirts that I designed (which should be well suited to being inside and I don’t plan to do much outside during that week).
A Scott e Vest [1] is a good thing to wear. It has heaps of pockets for your electronic gear, is reasonably light, and can be worn on top of a t-shirt. The Scott company also sells a TEC shirt which is a long-sleeved shirt with plenty of pockets. I’ve had a Scott e Vest for a number of years and I might have to get myself a TEC shirt.
A few days ago I stayed in an apartment at the Oaks on Market [1] hotel which I booked through www.WotIf.com. The WotIf price was $159 per night – the list price was $376 per night. It was possible to get extra beds for $30 each per night if you wanted to get more people in the room.
All rooms are of the Suite / Apartment [2] style. The room was a basic (twin or queen) room, it was quite large and well equipped. The TV in the room was quite large and TFT, it had a range of inputs which seemed to include everything other than VGA and DVI (if I was running a hotel every TV would have VGA or DVI input for laptops).
All the basic kitchen facilities were there, including a microwave oven, a stove, and a toaster. There was even dish-washing liquid!
The hotel pool (indoor and heated) is 25M long and 1.2M deep, there is a spa and a sauna. The pool isn’t cleaned as well as it might be, there was a band-aid stuck on a wall and sand and other stuff on the floor of the pool (including a hair elastic with a rusty clip – it had apparently been in the pool long enough to rust).
The hotel is a short tram ride from the LCA venue, walking to LCA would be possible too (I walked further than that when at Dunedin). I can’t claim that this hotel is better than others, but it would do. Having a pool is a good thing, I recommend that all delegates bring their bathers for pool parties – the weather will probably demand such things.
At the end of the month we are having linux.conf.au (one of the best Linux conferences in the world) in Melbourne. Here is some quick advice for people who are attending:
If you have not yet booked a hotel then www.wotif.com is a good option to try, it’s a hotel booking web site that is aimed at last-minute bookings and offers significant discounts over the list price. A quick search on WotIf reveals that there are currently 5 hotels that are available for $140 per night or less for the time period of LCA. The rate listed is an approximation as the hotel may offer several rates for different types of rooms (it’s usually one of the cheapest options available from the hotel). I believe that some hotels don’t offer their rooms on WotIf until close to the day in question, so some more rooms may become available between now and the start of the conference. However the Australian Open [1] Tennis tournament ends on the 27th of January, if you plan to attend the LCA mini-confs then you will want to arrive on the 27th, so booking a hotel for that night at the last minute would be a risky strategy.
If you want to stay somewhere that is comfortable but not overly expensive then you might want to read my post about hotel apartments [2].
My post about public transport in Melbourne [3] has some information that can save you some money. One possibility to consider is that if you use 10 * 2 hour tickets and don’t completely use them up then you could sell them to locals. I would be happy to buy some partially used tickets for the full value of the unused part on the last day of the conference to save people wasting the unused value.
Note that my documents blog contains posts that will be updated whenever I have more information and the time to write it down (this blog is generally write-once). I will be updating the post about public transport significantly in future.
Are there any active LUGs in Singapore? A friend in Singapore is about to set up his laptop to dual-boot and would like the possibility of getting some direct help if it ends up not booting Windows…
I looked at the Linux.org page listing LUGs in Singapore [1]. There are two entries, one has a site that has not been updated for over a year, the other has no mention of meetings.
Is visiting a nearby country the best option for someone in Singapore who wants to meet other Linux users?
For anyone in a country without an active LUG, it would be good if you could create one. Even if it’s only a bunch of people having a scheduled meeting every month for food/drink. Once you have the meetings arranged other things can happen, random people who need help can bring in laptops to get advice. Also there was one occasion where I gave a lecture about SE Linux (which went for approximately an hour) in a back room at a bar, if you have an audience and a venue then sometimes guest speakers will just show up.
Military.com reports that the UK government will no longer use the term War On Terror [1]. Sir Ken Macdonald (the UK’s chief prosecutor) said that “terrorists” are criminals and need to be responded to in that way. This of course is the only logical and sensible thing to do. Soldiers who are taken prisoner are released when the war ends, if members of al Quaeda are considered to be soldiers then they would have to be treated in the same manner.
The next logical step is to persue criminals who are members of al Quaeda in the same way that other criminals are persued. As far as I am aware there is no country where the majority of murderers are members of al Quaeda. Other suspected murderers have the right to a fair trial and people accused of al Quaeda membership deserve the same.
Another interesting statement is that “The term “Islamic terrorist” will also no longer be used. Officials believe it is unhelpful because it appears to directly link the religion to terrorist atrocities“. Finally they realise that there is a huge number of Muslims who want nothing to do with terrorism and that such people are the best potential source of leads when it comes to tracking down criminals associated with al Quaeda.
Thanks to Bruce Schneier for blogging about this [2]. Bruce’s blog post has some interesting comments, one is “you can’t make “War” on “Terrorism”. “Terrorism” is a tactic, not an enemy. To declare war on Terrorism is about as confused as declaring war on Blitzkrieg” by Carlo Graziani. Carlo also writes “It’s stupid to declare a “war” if you have no idea of when and how the war will end, and no clue about how to bring it to an end. If there is no real prospect for declaring “victory”, the “war” will go on for ever. This is tantamount to saying that insofar as we take the rhetoric of war seriously, we are agreeing to live under what is essentially martial law, in perpetuity. We are stipulating that the sort of emergency measures that a nation might consider taking in time of war — suspension of civil rights for certain suspect groups, suspension of laws limiting government surveillance powers, etc. — may be only a decree or a vote away, forever. There can be no more corrosive climate to liberty than war. If we really allow this idiotic rhetoric to be taken seriously, our polity is doomed.“.
A particularly insightful comment from umacf24 is “How did the early 20th century Anarchists stop? Well, one of the attacks precipitated an unprecedentedly bloody and catastrophic war in which both sides used WMD. Military setbacks caused revolutions in the Russian and German empires which led in turn to most of misery of the rest of that century. Not a happy parallel“.
I’ve been thinking about the comment policy for my blogs. I have started deleting comments when people subscribe to comments and use fake email addresses (I get the bounces and it’s annoying).
Also I am deleting comments that don’t make much sense or which don’t address the topic of a post. Some people seem to search for blog posts marginally related to a topic that they want to vent about.
I’ve had someone request that a comment be removed because it was written by someone with the same name as him (see this post if you want to read the details [1]). I’ve written a short document about unique names on the Internet [2] on my documents blog, hopefully it will be useful for other people who become concerned when they discover that they don’t have a unique name.
My general policy about comments is probably going to be not to delete them unless requested by the author of the comment (if there is a good reason), and otherwise to only delete them for technical reasons or for being wildly off-topic.
One thing that seems missing from most blog ethics documents is a section on comments. When I write my own code of blog ethics I’ll have to write a section about this. Suggestions are welcome.
There are some people who’s blogs I read and often comment on or reference in my own blog posts. Some of them regularly make comments on my posts and reference my posts in their own posts. Of these people some of them I have never met or don’t seem to have conversations with when I meet them.
It’s well known that there are different categories of friend including “pen pal”, “drinking buddy”, and friends in the context of sporting groups. Is “blog friend” a new friend category?
Glen Turner writes about how Internet censorship could hurt science [1].
The ABC has an article about what is planned [2] which includes “Senator Conroy says it will be mandatory for all internet service providers to provide clean feeds, or ISP filtering, to houses and schools“. If Senator Conroy sticks to that plan then section two of Glen’s post (concerning high-speed access to research data) will not be a problem. This is no criticism of Glen for mentioning the issue as some idiot might try to change the plan to filter corporate and university access.
Senator Conroy also earns a Godwin point for “If people equate freedom of speech with watching child pornography, then the Rudd-Labor Government is going to disagree“. There is a good discussion paper by Electronic Frontiers Australia about Labour’s plans in this regard before they won the election [3]. One issue they raise is the small number of sites identified as having child-porn. Imposing filters on an entire country to block the 3,236 web pages identified as prohibited by the Australian Communications and Media Authority is not a sensible solution.
Another issue that EFA raises is the variety of reasons for content getting an R18+ rating (if that is to be a filtering criteria). One notable issue is “Adult themes” which includes “issues such as suicide, crime, corruption, marital problems, emotional trauma, drug and alcohol dependency, death and serious illness, racism, religious issues“. I doubt that there is much agreement between parents as to the relative significance of those “Adult themes” and which ones their children should be protected from. I also expect that a significant number of parents would like to have information about safe sex (including safe gay sex) and safe drug use available in case their children are interested in such things. I hope that the number of parents who disapprove of homosexuality and drug use so strongly that they are willing to risk their children’s lives is quite small (although the response to the cervical cancer vaccine indicates that it’s sadly larger than expected). Glen has some good points about this in the first section of his post.
|
|
