分类 IT资讯 下的文章

Linux内核当前维护状态

以前GNU/Linux内核都是偶数版本是稳定版,奇数版本是开发版。后来,开发版基本上用得人很少,而且,这让稳定内核版本的发布周期变得很长,稳定版发布后,内核开发人员好多都不太乐意维护老分支,内核架构已经稳定,再加上开发流行快速滚动方式,于是到了2.6.39之后,Linus决定结束这种不堪的开发过程,内核版本就不遵循老的方式了,直接跳到3.0后就开始进入“刷”版本的年代。

今年初,稳定版内核的维护人员Greg KH宣布2.6.32系列分支进入“休眠期”。

八月,Greg KH宣布了稳定分支的当前维护状态

As I'm getting a few questions about this, and I realized that I never sent out an email about this, yes, the 3.4 kernel tree will be the next -longterm kernel that I will be maintaining for at least 2 years.

Currently I'm maintaining the following stable kernel trees for the following amount of time:

3.0 - for at least one more year

3.4 - for at least two years

3.5 - until 3.6.1 is out

从这可以看出来3.1,3.3和3.5都成了“短命鬼”,从某种意义上来说,其实又变成了偶数版是稳定版的状态了,只是这里,基本上偶数版是会在较长时间内被有效维护的版本,奇数版维护周期比较短。

这里没有说明3.2的维护状态,不过,3.2版现在在Debianwheezy版中被有效维护着。

reddit的部署工具开源了

reddit的部署工具开源了:

reddit's code deploy tool is now open source

We deploy our code to the ~170 application servers currently in our infrastructure via SSH and Git.

This may or may not be useful to anyone else but we like to think that there has to be a compelling reason not to open source code, so here it is in all its glory.

https://github.com/reddit/push

最后一句很有趣:“这工具可能对大家都没用,但我们觉得实在想不出什么原因不把这个工具开源......”

MySQL 严重 Bug - 用户登陆漏洞

Security vulnerability in MySQL/MariaDB 在知道用户名的情况下(如root),直接反复重试(大约1/256的机率)即可登入。

受影响的版本:

All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable.
MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not.
MySQL versions from 5.1.63, 5.5.24, 5.6.6 are not.

详情在这里

相关补丁看这里

这个 Bug 在官方编译的版本中没有发现。如果你是下载的源码,然后自己编译的就有可能遇到这个问题。

这个问题和 memcmp() 这个函数的返回值有关系。目前知道的情况来看,gcc 自带的 memcmp 是安全的,BSD libc 的 memcmp 是安全的。Linux glibc sse 优化过的 memcmp 会有这个问题。

应该是把返回值int转换成char,但某些情况下转换结果有一定随机性。

其实数据库不能暴露在外网,这是基本的常识,但很多人没当回事。估计很多公司的库就是这么被拖了。

Oracle vs Google

原始来源:http://www.groklaw.net/article.php?story=20120515120106322

看了挺搞笑,挺欢乐的。

其中

Judge: We heard the testimony of Mr. Bloch. I couldn't have told you the first thing about Java before this problem. I have done, and still do, a significant amount of programming in other languages. I've written blocks of code like rangeCheck a hundred times before. I could do it, you could do it. The idea that someone would copy that when they could do it themselves just as fast, it was an accident. There's no way you could say that was speeding them along to the marketplace. You're one of the best lawyers in America, how could you even make that kind of argument?

Oracle: I want to come back to rangeCheck. Judge: rangeCheck! All it does is make sure the numbers you're inputting are within a range, and gives them some sort of exceptional treatment. That witness, when he said a high school student could do it--

Oracle: I'm not an expert on Java -- this is my second case on Java, but I'm not an expert, and I probably couldn't program that in six months. Let me come back to rangeCheck after I've reminded the Court about the test files.

大意是:

法官Alsup忍不住告诉甲骨文,他本人用其它语言写过很多程序,他写过无数个类似rangeCheck的代码块,人人都能写rangeCheck,Google程序员拷贝9行代码是失误,因为他们自己能写,而拷贝这些代码并不能加速Android推向市场。他反问甲骨文的律师,作为美国最优秀的律师之一,怎么能坚持说rangeCheck很重要?甲骨文律师回答说他不是Java专家。

传说中的9行rangecheck codes来之这里:

http://news.ycombinator.com/item?id=3951480

代码如下:

  private static void rangeCheck(int arrayLen, int fromIndex, int toIndex) {
      if (fromIndex > toIndex)
          throw new IllegalArgumentException("fromIndex(" + fromIndex +
                     ") > toIndex(" + toIndex+")");
      if (fromIndex < 0)
          throw new ArrayIndexOutOfBoundsException(fromIndex);
      if (toIndex > arrayLen)
          throw new ArrayIndexOutOfBoundsException(toIndex);
  }

DNSPod的服务器软件要开源了

吴洪声(@naizhao) 为了带动国内DNS行业发展,改善国内恶劣的DNS服务环境,我们经过讨论后,作出一个艰难的决定:#DNSPod#会在最近一段时间,把一套开发了一年多的DNS服务器软件源代码开源。此套源代码是DNSPod多年运营的结晶,不管是性能上、业务上还是运营上均适合国内的国情,非BIND等软件可比拟。

Google 宣布托管 Linux 内核镜像

刚才看到一条新闻:

Google官方博客宣布它将托管一个git.kernel.org的镜像。Google说,Git版本控制系统在Linux内核及相关工具开发中起着巨大的作用,来自全世界的开发者需要能快速访问git.kernel.org托管的代码库,Google将通过kernel.googlesource.com为git.kernel.org提供公共镜像服务(只读),kernel.googlesource.com的服务器分布在亚洲、美国和欧洲的多个数据中心,世界任何地方的人都能快速访问。

测试了一下,从国内访问的速度的确非常快。比https://github.com/torvalds/linux上的镜像快多了。

非常感谢google对开源所作出的贡献。

此外,要提一下,在国内,网易搜狐和不少高校都免费提供了各类开源产品的镜像,速度非常快。