OpenSUSE News/10.2-Release

After lot of work, we proudly announce the availability of openSUSE 10.2, formerly known as SUSE Linux 10.x

It's available for download in x86, x86-64, and PPC versions. See below for download details.

Available in openSUSE 10.2

Redesigned Desktops

This release saw the birth of several redesigns in the new and powerful KDE 3.5.5 and GNOME 2.16.1 desktop environments.

Kickoff Menu

Kickoff is the new usability and productivity-centric KDE Menu designed by openSUSE. It comes as the result of extensive start menu research, examining work-flow, functionality, and simplicity. As a user you now have direct access to your favourite and most used applications, your application and document history, as well as a complete and grouped list of all your applications.

Kickoff is also integrated with Kerry Beagle, a KDE front-end to the Beagle search tool, for quick-and-easy access to applications, documents, chat logs, and much more.

New GNOME Menu "SLAB"

The GNOME desktop also contains the latest innovations from SUSE Linux Enterprise Desktop, including a new, re-structured menu. It was created with a "Design First" methodology. Engineers conducted hundreds of usability tests and shot almost 1500 hours of usability video during the design phase of the project then used those results to create the final desktop designs. The results are reflected in the final version of the desktop: a new graphical user interface, integrated search capabilities and intuitive menu design.

A few more screenshots of KDE and GNOME in openSUSE 10.2 can be seen here.

YaST (Administrator Settings)

YaST Hardware Configuration

This release contains the powerful and constantly-improving YaST control center. YaST is there to ensure that even the most demanding tasks -- such as setting up a HTTP Server, Configuring your Network Card, handling BlueTooth Devices, managing Software, or even configuring your Monitor and Graphics Card -- can be accomplished trivially with an easily-accessible interface, and simple walk-through wizards.

Plug up a printer and it'll be auto-detected and ready for configuration; hook up a bluetooth device and YaST has the relevant applications ready. Whatever piece of hardware you're dealing with, it will likely be very well supported by YaST. For more information on YaST's capabilities and modules, see the wiki entry.

Power Management

Power management in openSUSE 10.2 has seen some major changes. New power management features give you the option to "suspend" your session, saving it to disk or to RAM. Not only does suspend allow you to turn off and restart the system faster, but when you do restart, you are exactly where you were when you stopped.

We now ship the latest KPowersave, as well: a small panel applet which allows you to control all power management functions supported by your system with just a few clicks on the desktop. You can track power consumption and CPU frequency, or choose another power management scheme to match the tasks your system faces. Configure suspend permissions via a call of the YaST Power Management module and send your system into suspend or standby state by just clicking the applet.

New Software Management

YaST Software Patterns

SUSE Linux 10.1 saw some problems with package management, mainly due to the integration of ZMD, the new package management system introduced in that release. For openSUSE 10.2, not only have these issues been resolved, but you are given the option of choosing an entirely different package management suite: the openSUSE Software Management suite, which is completely independent of ZMD.

The openSUSE Software Management pattern is designed to be a lightweight package management system for users who do not require the full ZMD functionality. It comes complete with the full YaST software management front-end, but also has a solid commandline tool, named Zypper. Zypper allows you to quickly install and remove packages, as well as add new services (repositories), without having to leave your terminal. A new KDE applet, opensuseupdater, runs in the System Tray and notifies you when updates are available, allowing you to quickly start YaST Online Update to retrieve them.

All software is now also sorted into Patterns, removing the hassle from tracking down the packages belonging to a particular group. This way you can install an alternative desktop environment, development tools, or try out selections of the latest software with ease.

Desktop Effects

Compiz Cube Effect

Compiz is a window manager taking advantage of the amazing capabilities of OpenGL. This new window manager developed by Novell engineers provides true transparency (even for playing video media), wobbly windows, an amazing desktop cube effect (as displayed in picture), and much, much more.

Both Compiz and Xgl come on the 10.2 CDs ready for installation. openSUSE 10.2 also ships with the latest Xorg 7.2, which allows you to run Compiz and other composite window managers without having to use Xgl, should you wish to.

openSUSE Build Service

openSUSE.org: Build Service Portal

The openSUSE CDs come with thousands of packages, but should you want more there are many more available in the online repository, and there are thousands more packages available in the openSUSE Build Service.

The openSUSE Build Service is an open and complete distribution development platform that provides infrastructure for the development of future openSUSE-based distributions. It provides software developers with a tool to compile, release, and publish their software for the broad user audience, including creation of their own Linux distribution based on openSUSE for various hardware architectures.

Here you can find all of the latest cutting edge technology, with a plethora of different packages, such as always the latest version of Beryl, the composite manager, and much more.

Technical Specifications

• Linux kernel 2.6.18.2, using only SMP kernels
• glibc 2.5
• X.Org 7.2rc2

Product_Highlights also lists the major application changes.

Download Now!

There are multiple methods of downloading.

• Via HTTP / FTP from our mirrors
• Via Metalink
• or via BitTorrent

See the download page for all the necessary links.

Available Images

• 5 CDs -- in x86, x86_64 and PPC and versions. Only CD 1-3 is required for a default GNOME/KDE desktop install (in English, French, Italian, Spanish, German, Brazilian Portuguese, Chinese, Japanese and Czech). CD 4-5 provide extra packages.
• Non-OSS Add On CD -- one BiArch (x86/x86_64), and another PPC version. The Non-OSS Add On CD contains packages with closed source or not OSI-compliant license.
• Language Add On CD -- in x86, x86_64 and PPC and versions. Contains extra language packs for other languages. These are af, ar, az, bg, bn, br, bs, ca, cy, el, eo, et, eu, fa, fy, ga, gl, he, hi, hr, is, kk, ko, lt, lv, mk, mn, ms, nds, nn, pa, ro, ru, rw, se, sk, sl, sr, srLatn, ss, sv, ta, tg, tr, uz, vi.

• 1 DVD -- in x86, x86_64 and PPC and versions. The DVD contains the packages of the 5 CDs and the Non-OSS Add On CD. The retail DVD, being a double-layer, contains more packages.

Once you have downloaded the relevant images, you will want to burn them to a disk.

R600: Finally DX10 Hardware from ATI

Darren Polkowski

Was It Worth The Wait?

Is R600 worth the wait? That is the question that has been on our minds ever since ATI first delayed R600. In November, Nvidia unveiled G80 in the form of GeForce 8800 GTX and GTS models. Three months went by and the only thing we heard out of ATI was that R600 was delayed. As a preemptive strike in February, Nvidia launched its 320 MB version of the 8800 GTS, figuring ATI was ready for its launch. By the end of the month, the world was let down by yet another message telling us R600 would be delayed until May. Last month, Nvidia made its third DX10 offering in the form of GeForce 8600 and 8500 cards. Having struck first, Nvidia has a hat trick with G80, G84 and G86, and it seemed to be game over for AMD/ATI. Today, we finally get to see ATI's counter strike against Nvidia after a six-month-long hiatus.

Before we go any further, I would like to include a preface about what you are going to read. You undoubtedly will read several other Websites looking for more detail or additional benchmark results. Do, though, remain on guard against biases that can taint your opinions. There are a lot of angles as to how information from the companies gets into your hands. We sign agreements so we can have an inside look before launch but some break those agreements. Such is life. The problem with that is the information is not always full or accurate: "Does it have this or that?" "AMD is done for!." "Nvidia will get crushed!" Speculation is fun to read but it needs to be taken with a smidgen of understanding and awareness that all of the information is not on the table. That leaves you having to take one person's opinions at face value... that isn't always a healthy thing to do.

The other side of the story is how companies try to taint the opinions of those writing the stories about their products. To give you both sides, ATI flew over 200 writers and editors to Tunis, Tunisia, for two days and nights of technical briefings and fun. While this, plus a pair of graphics cards, is enough to sway the opinions of some, there are those who remain unbiased. At the same time, a launch would not be a normal one without backlash from Nvidia. A wealth of information hits writers like a broadside of comments and rebuttals. It also never ceases to amaze me how fast a driver can be produced when the competition might have the upper hand in something. So the miracle driver made available to fix known issues and push performance.

That being said, we at Tom's Hardware refuse to cater to companies with their PR and marketing spin teams. We love looking at hardware and explaining our adventures with you. Our soul purpose is to give you as much information and as many resources to help you make up your own mind about a new product or technology.

So, I will warn you about the pages to follow. While I would encourage you to read through the entire article, some of it will get deep. We want to cater to both those interested in what is new and cool, while continuing our tradition of appeasing tech junkies who can't get enough of the details. Without further ado, we give you R600.

PAGE 1 of 26

Next Page

AMD's Athlon X2 BE-2350 processor

The new coolness
by Scott Wasson

AS I WRITE THESE words, I'm comfortably reclined in an overstuffed chair in my living room, laptop perched on my lap, sipping on a homemade cafe latte. Sunlight streams in through a window across the room, and every so often, I can hear the shuffle caused by my oldest child turning the page in the book he's reading. All is well, or so it would seem. But in the background, just above the sound of the air conditioning system forcing air through the vents, I can hear it: the ever-so-slight but unmistakable whir of the fans spinning in my home theater PC, piercing the silence like a faint whisper.

I'm sure you're aghast. Why, you ask, should a computing device be audible in one's living room? Good question. The short answer, in my case, is that our HTPC is based on an Athlon 64 X2 4200+ processor that requires a little more relief than passive cooling or inaudibly low fan speeds will allow.

To help others—especially the children, who will think of them?—in living rooms everywhere avoid this tragic fate, AMD has just introduced a new CPU aimed at home theater PCs, small form factor systems, and small-footprint corporate desktops. Dubbed the Athlon X2 BE-2350, this chip has a confusing new alphanumeric amalgamation attached to its name, and what could be cooler than that? Perhaps a 45W thermal/power rating for the processor. The BE-2350 sips power like a mobile CPU but carries a wallet-friendly price tag of under 100 bucks, which might make it an attractive prospect for your next system build.

Especially if you care about the kids.

If not, your cold, calloused heart may be warmed by the news that our BE-2350 sample also overclocks like a mofo. Read on to see how we used the BE-2350 as a low-power processor and then abused it as a high-power one, to the delight of all involved.

A tale of low-power desktop chips
The story of the Athlon X2 BE-2350 begins with another low-power processor from AMD, a version of the Athlon 64 X2 3800+ with a TDP rating of only 35W, which we reviewed last summer. This processor, known fully as the Athlon 64 X2 3800+ Energy Efficient Small Form Factor, fared well in our power consumption testing, besting anything Intel had to offer at the time and promising good things for builders of quiet PCs everywhere. In fact, at 35 watts, this CPU was essentially the exact same thing as a Turion 64 X2 processor, but ensconced in a desktop-style package and ready to drop into practically any Socket AM2 motherboard. What's not to like?

Well, apparently, not much at all. Big PC makers like Dell and HP liked it so much, they ordered up gobs of these chips, handing AMD the kind of success that leads to problems—supply problems. With only so many 35W CPUs to go around and important markets like the mobile space demanding quite a few chips, the 35W Athlon 64 X2 3800+ never did make it into regular supply channels where folks like you and I could buy them. In fact, to this very day, the X2 3800+ EE SFF remains on AMD's price list with a set of asterisks where the price ought to be—mocking us.

AMD is seeking to remedy this situation with a pair of new low-power desktop processors, the Athlon X2 BE-2300 and BE-2350. Rather than giving them a 35W TDP equivalent to many Turions, AMD has backed off just slightly to 45W. The thinking here is that chips capable of operating at lower voltages that would bring them inside of a 35W TDP can go to the mobile market, while others that can't quite fit into that thermal envelope can still serve well as low-power desktop CPUs. With this arrangement, AMD expects to be able to supply ample quantities of 45W BE-series CPUs to PC makers and other channels, including retail boxed processors.

The BE-2300 and 2350 will have some help fitting into their thermal envelope courtesy of AMD's new 65nm fab process. In fact, these CPUs are essentially the same as the Athlon 64 X2 "Brisbane" 65nm processors we've already reviewed, save that those chips come with a higher 65W TDP. Just like them, these BE-series processors have dual cores with 512K of L2 cache per core and are intended for Socket AM2 motherboards. The BE-2300 is clocked at 1.9GHz, and the BE-2350 at 2.1GHz.

More intriguingly, these CPUs are bargain priced. The BE-2300 lists for $86, and you can add 200MHz for another five bucks with the $91 BE-2350. That's cheaper than any variant of the Core 2 Duo, including the E4300 at around $115, despite the fact that the E4300 has a 65W TDP rating. (For what it's worth, we have included an E4300 in our testing for comparison.)

What's with that funky name?
So all of this sounds pretty good so far, but you're probably wondering: what the heck is up with these names? Athlon X2 BE-2350? Is that a motor oil?

Turns out these products are the first fruits of AMD's new processor naming scheme. The old "true performance initiative" numbers attached to current Athlons and Semprons was getting to be more than a little threadbare in this age of multicore processors and new microarchitectures, so AMD finally decided to scrap it. The new scheme is intended to provide more information about a processor at a glance and to confuse AMD's enemies, bringing it victory on the field of battle.

Pay no attention to the "64" on the cap!

Notable by its omission in the new naming scheme is the "64" after "Athlon." Our review sample CPU came with "Athlon 64 X2" emblazoned across its cap, but we've been told to expect the shipping product to have this extraneous number excised. Now that the whole world has seen the wisdom of adding 64-bit extensions in hardware and continuing to use only 32-bit software, AMD figures its work here is done. Thus the simpler "Athlon X2" series is born. This change lines things up with future product names like "Phenom X4," as well.

The series of letters and numbers after that moniker is not entirely random, either. The first two letters indicate the class and power rating of the CPU, with the "E" in "BE" signifying a sub-65W TDP rating. The four numbers after that are divvied up into groups of one and three. The first digit "reflects major increments in processor attributes," according to AMD, and all 2xxx-series CPUs are presently in the Athlon X2 family. The last three digits are intended to indicate relative performance within a given product family.

At least, I believe they indicate relative performance. Here's what AMD says about it: "Increasing numbers within a class series indicates increments in processor attributes." You figure it out.

Incidentally, if the BE-2300 were named according to AMD's old scheme, I believe it would be considered a low-power version of the Athlon 64 X2 3600+, while the BE-2350 would be a variant of the Athlon 64 X2 4000+.

One obvious advantage of the new naming scheme is that it more closely matches what Intel is now doing, especially the final four digits of the model names. This setup may allow AMD to cozy up next to Pentiums and Core Duos with product numbers that suggest similar or better performance. That may be part of what's happening with the BE-2300 and 2350, whose model numbers are just a tad higher than the recently introduced Pentium E2140 and E2160 dual-core CPUs. We probably won't know how fully AMD will deploy this tactic until it announces more details about its naming scheme or introduces more products that use it. For now, the company intends to retain the "plus" model numbers on its existing products rather than renaming its whole lineup.

Now, on to our test results. We have a full slate of performance results for the BE-2350, but we're going to move through them quickly, since the BE-2350 is a low-end, low-power processor with few true competitors. I'll keep my performance commentary to a minimum. We'll then focus more on our energy efficiency tests and overclocking efforts, since those are worthy of some additional attention.

Previous page | Next page

Powering Down The Client

Strategies For Saving Energy On The Client Side
A traditional, high-level discussion covering power consumption in the data center inevitably focuses on the usual suspects, such as servers. But increasingly, managers are looking toward clients as prime opportunities for saving energy, and there are plenty of methods for knocking down the power they consume.

“The speed of innovation is powering an energy-efficient revolution in the computer industry,” says Leslie Sobon, director of brand management at AMD (www.amd.com). “The advance of energy-efficient computing technologies means enterprises have a number of options to improve energy efficiency throughout the enterprise, helping them to save energy, reduce escalating energy costs, and extend the longevity of their PCs.”

For some enterprises, focusing on saving energy on the client side can require a shift in philosophies, but it’s not necessarily one that ultimately delivers less performance. On the contrary, today’s technologies are built to blend performance with energy conservation, but making the most of that balance needs the right plan.

Put Clients To Sleep

According to Rick Brenner, principal of Chaco Canyon Consulting (www.chacocanyon.com), enterprises can divide the task of saving energy on clients into both short- and long-term goals. For the short term, he recommends configuring machines to revert to sleep mode automatically after an appropriate idle interval. However, he adds that sleep mode doesn’t save as much power as using the off switch.

“Many employees can turn their machines off completely overnight and on weekends,” Brenner says. “If they don’t, the usual reason is the hassle of opening up the right documents and applications to get started the next day. Make this easy for them by writing—or showing them how to write—startup scripts or defining startup applications and documents.”

Brenner says that these off-button strategies can help enterprises save more than 50% of their existing power consumption. This approach also requires managers to ensure that employees who are on vacation, traveling, or are otherwise absent have powered down their machines. Another of Brenner’s short-term recommendations is that enterprises increasingly promote telecommuting, which he says “shifts all processor-related power consumption from the office to the employees’ homes.”

For the long term, he suggests that enterprises downscale their purchases of desktop machines and instead focus on buying notebooks, keyboards, and screens. This method not only conserves energy, he says, but also preserves data in the event of a power failure. This notebook-centric focus can save enterprises about 40% of their existing power consumption, depending on configuration, and entails other benefits.

For example, employees will more likely be enticed to bring work home with them. On the downside, notebooks are far more vulnerable to theft, and PC support staff might require additional training to handle notebooks instead of desktop machines.

Focus On Software

Client technology continues to change, but it’s a safe bet that multicore computing is here to stay for the long haul. However, Cory Isaacson, CEO of Rogue Wave Software (www.roguewave.com), explains that while multicore processing can save power in theory, application software must be able to take advantage of these newer technologies through concurrent processing.

“In general, it’s easier to add additional hardware to solving an application performance problem, but often with fewer results than are desired, and, of course, exacerbating the power consumption cost and adverse environmental impact,” Isaacson says. “By contrast, software optimization can offer dramatic performance improvements while reducing or eliminating the need for expanded power consumption.”

Although Isaacson says that software optimization can require the applied expertise and time of professional developers to accomplish, it can nonetheless be done today with confidence. In fact, he notes that utilizing concurrent computing designs in applications not only can reduce current hardware dependency but can forestall hardware expansion requirements—in turn decreasing power consumption.

Process Development

For an enterprise accustomed to funneling its energy-saving efforts primarily into the server side of the data center, grappling with a client-side energy plan can be a tricky endeavor. Isaacson recommends inspecting software first before automatically assuming that additional hardware is required.

“It takes a good understanding of the application code base to do this, but it’s well worth the investment in the long run. If new hardware is required, developers and IT should look for opportunities at the application software level, as perhaps less hardware can do the job,” Isaacson says.

Naturally, employees are an important piece of the puzzle, and AMD’s Sobon says that companies can convince employees to embrace and stick with energy-saving measures by sending monthly or quarterly consumption or money-saved updates. “If employees are aware of the significant savings that can incur by simply turning off their PC at day’s end, they will more than likely put in the effort to do so,” she says.

However, not all experts agree that employees will buy into these measures. Chaco Canyon’s Brenner says that enforcement that takes the form of exhortations intended to lead to desired results will simply not work, and neither will enforcement in the form of incentives and disincentives.

“Enforcement should take the form of restrictions on infrastructure and equipment,” Brenner says. “Only when the equipment is selected with energy consumption in mind will we make lasting changes in the consumption pattern.”

by Christian Perry

Manipulating FTP Clients Using the PASV Command

Summary This paper discusses a common implementation flaw in the File Transfer Protocol (FTP). Several popular FTP clients are affected including web browsers. Some proof of concept code is presented to demonstrate how the vulnerability can be used to extend existing JavaScript-based port scans. Finally, some consideration is given to other ways in which this flaw could present a security risk to other FTP clients. Credit:

Credit:
The information has been provided by mark.
The original article can be found at: http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf

Detail

Vulnerable FTP Clients:
The following web browsers have been found to respond to malformed PASV responses in the way described above:
* Firefox 1.5.0.9
* Firefox 2.0.0.2
* Opera 9.10
* Konqueror 3.5.5

Several command line FTP clients have also been found to be vulnerable. However as the vendors have not been notified (and the author cannot think of an interesting way of exploiting command line clients), they have been omitted from this paper.

Immune FTP Clients
The following web browsers seem to ignore the IP address returned in PASV responses. They simply connect to the IP address to which the original control connection (21/TCP) was made:
* Microsoft Internet Explorer 7.0.5730.11
* Microsoft Internet Explorer 6.0.3790.0

FTP Client Implementation Flaw
It is possible for malicious FTP servers to cause some popular FTP clients to connect to TCP ports on other hosts. This allows us to extend existing JavaScript-based port scan techniques [spi] in the follow ways:
* Scan ports which modern browsers would not normally connect to [portban]
* Fingerprint services which do not send a banner by timing how long the server takes to terminate the connection
* Perform simple banner grabbing to identify services running on other hosts

Vendor Responses:
No response was provided by either Mozilla or Opera.

KDE responded and discussed both issues. However, they have yet to be convinced of the severity of the FTP PASV Vulnerability. Unfortunately, providing POC to demonstrate banner grabbing was made harder (impossible?) by the crash during the reading of child FTP iframes. KDE have reproduced the crash and produced a patch [konqcrash].