Mark Dalby

For the security conscious, there is always room for another weapon against attackers. Firewalls, intrusion detection systems, packet sniffers — all are important pieces of the puzzle. So too is Honeyd, the “honeypot daemon.” Honeyd simulates the existence of an array of server and client machines on your network, including typical traffic between them. The phantom machines can be configured to mimic the signature and behavior of real operating systems, which will trick intruders into poking at them — and revealing themselves to your security staff.

Current versions of Honeyd can imitate the appearance of more than 1,000 OSes and their variants, and the profiles used to mimic the targets are gleaned from the Nmap security scanner. That does not make them indistinguishable from reality, but it is as close as you can come; Nmap sets the gold standard for OS detection and fingerprinting. Honeyd’s creators say they have tested the program with a phantom network of 65,536 virtual hosts running on a single machine. You probably won’t need that many unless you run a gigantic enterprise network, but it is nice to know the program has been thoroughly stress-tested.

In practice, Honeyd trips up attackers in two ways. First, it slows them down by vastly increasing the amount of work they must do to correctly identify the real target machines on your network. The Nmap scans and traffic logs will be much larger, and take much longer to sort through. Think of this as akin to the way medieval castles were built with multiple rings of walls, with the gates at different positions around the perimeter. The more you slow down the attacker, the better your chances of catching him or her through your other methods.

Linux 3.0 is official here, but users expecting a swathe of fundamental changes to the kernel will find little to surprise them as the project celebrates its twentieth birthday.

Announced by Linux founder Linus Torvalds – on his Google+ profile, oddly enough – Linux 3.0 was expected to be earlier this month, but the discovery of a small bug in pathname lookups by Hugh Dickins lead to some last-minute changes being required.

While the version number takes a leap, Linux 3.0 isn’t all that new: in reality, it’s little more than 2.6.40 with a revamped numbering scheme. Now, Linux kernels – which form the heart of the GNU/Linux open-source operating system – will be identified with two numbers, rather than three.

The 343 changes made by Microsoft developer K. Y. Srinivasan put him at the top of a list, created by LWN.net, of developers who made the most changes in the current development cycle for Linux 3.0. Along with a number of other “change sets”, Microsoft provided a total of 361 changes, putting it in seventh place on the list of companies and groups that contributed code to the Linux kernel. By comparison, independent developers provided 1,085 change sets to Linux 3.0, while Red Hat provided 1,000 and Intel 839.

The figures were published on Thursday in an LWN.net article which is available exclusively to subscribers until this coming Thursday (21 July); however, bloggers have already commented on the figures. LWN.net has produced similar analyses for all of the recently published kernels, including 2.6.39 and 2.6.38. Author, kernel developer, and LWN.net founder Jonathan Corbet has conducted such surveys in cooperation with the Linux Foundation and published them as studies. In that context, The H pointed out that you have to be careful in interpreting the numbers. One bone of contention is that the analysis also covers changes in the staging area, which contains code that does not fulfil the quality standards of its developers and of kernel developers; a large number of changes are made to produce these required improvements.