•   Distro Watch
•   Linux Today News Service
•   News for nerds, stuff that matters
•   Read the front page news from Linux Magazine's new web site.
•   The O'Reilly Network ONLamp Articles and Weblogs
•   The O'Reilly Network's Linux DevCenter Articles and Weblogs

Source: LinuxTracker.org

Category: SystemRescue Size: 141.38 MB Status: 28 seeders and 4 leechers Added: 2006-12-21 14:34:44

Source: LinuxTracker.org

Category: Ubuntu Size: 621.22 MB Status: 4 seeders and 1 leechers Added: 2006-12-21 13:29:24

Source: LinuxTracker.org

Category: Kate Size: 1.32 GB Status: 7 seeders and 48 leechers Added: 2006-12-21 13:11:32

Source: LinuxTracker.org

Category: Kate Size: 84.49 MB Status: 5 seeders and 1 leechers Added: 2006-12-21 09:55:10

Source: freespire

The Freespire development team has announced the availability of the third alpha release of Freespire 2.0: "This is the third release of Freespire 2.0 Alpha 3 (Build 1.1.84)." The most interesting feature of the release is the newly added upgrade path from Freespire 1.0. As always, Freespire's alpha .

Source: kate

Kate OS 3.2 has been released: "Kate OS 3.2 is the third edition of the III series. It brings, as usual, many fixes, updates, and novelties the community has been waiting for. It includes a new graphical package management tool, KatePKG, which allows for easy and intuitive installation, .

Source: systemrescue

A new major version of SystemRescueCd, a Gentoo-based live CD with tools for system repair, data recovery and partition editing, has been released. From the changelog: "Updated the kernel to Linux 2.6.18.5 with Reiser4 file system; added X.Org graphical environment with WindowMaker; added GParted 0.3.3 to replace QtParted; .

Source: Linux Today

The hip fellow in the trendy outfit appears on the television screen. 'Hi, I'm a Mac. I am way cool '

Source: Linux Today

In its recent earnings call transcribed by SeekingAlpha, Oracle proudly announced that customers had downloaded 9,000 copies of its Oracle Unbreakable Linux in 30 days. 9,000 copies

Source: Linux Today

If we are patient, and observant, we can sometimes see the small, yet critical, signs of larger things to come. I think I have observed just such events this week events which will not bode well for Novell, Inc

Source: Linux Today

Cavness testified during the second week of a preliminary hearing in Alameda County Superior Court in Oakland for Hans Reiser

Source: Linux Today

One of the aims in the drafting of the third version of the GNU General Public License (GPL) is to internationalize the language to make it easier to translate

Source: Linux Today

The long-awaited Java SE 6 is upon us. This latest version of the Java SE environment brings a number of new features and enhancements

Source: Linux Today

Novell Inc, a provider of networking software and computer consulting services, is in talks with local software companies for acquisitions to bolster its growth, a senior company official said

Source: Linux Today

Female registrations have hit an all time high for Linux.conf.au (LCA) to be held in Sydney next year

Source: Linux Today

Irish Free Software developers Brian Brazil and Paul O'Malley have developed a new distribution, appropriately named gNewSense

Source: Linux Today

BSD and Linux programmers have had a lot of success in creating drivers for new computer hardware in a timely manner, but much of their effort has been without the support of major hardware manufacturers

Source: Linux Today

Now that Ecma has finished that project and adopted the result, there's additional data to examine that sheds some light on that question

Source: Linux Today

The nonprofit Internet Archive announced Wednesday it has received $1 million from the Alfred P. Sloan Foundation to continue its effort to scan public domain works for open online accessibility

Source: Linux Today

Since then, we have continiously been fed point releases which added bits of functionaility and speed improvements, but no major revision has yet seen the light of day. What's going on ?

Source: Linux Today

When Red Hat holds court with financial analysts later today to discuss the company's fiscal third quarter results the conversation is likely to go like this

Source: Linux Today

A plan to educate the children of the world is rapidly materialising into a multi-billion dollar segment of the PC industry

Source: Linux Today

The legendary Jeremy Allison (of Samba fame) has resigned from Novell in protest over the Microsoft-Novell patent agreement, which he calls 'a mistake' which will be 'damaging to Novell's success in the future '

Source: Linux Today

Some 16,000 new certificates for SUSE Linux Enterprise have been activated since the two companies announced their collaboration agreement

Source: Linux Today

Linux file manager ontogeny encapsulates the history of GNU/Linux

Source: Linux Today

It's a great concept--a completely open source set top box running Linux that can be programmed to do whatever you like. Except, it's not that straight forward

Source: Linux Today

Oregon's Portland Community College is one of the largest community colleges in the country, with 90,000 students, five campuses, and a huge network to manage

Source: Linux Today

This tutorial shows how to set up a PXE (short for preboot execution environment) install server with Ubuntu 6.10 (Edgy Eft)

Source: Linux Today

As a language educator and IT aficionado, I am constantly searching for tools that I can use in conjunction with language education

Source: Linux Today

Lazy programming is a technique that lets you delay the evaluation of code until you need the resulting value

Source: Linux Today

Today's security advisories: pam_ldap, imlib2, and Ruby (Gentoo Linux); and mono (Mandriva Linux and Ubuntu).

Source: Linux Today

However, I have a somewhat suprising 10-year celebration announcement: The next edition of the Linux Sound & Music Applications pages (a.k.a. the Linux soundapps site) will be the last under my control

Source: Linux Today

In my blog post a couple weeks ago I suggested non-profits should package up some free software solutions into niche packages and sell them as a fund raiser

Source: Linux Today

Take a quick look around SourceForge.net and you'll see that the open source movement in software development is alive and well

Source: Linux Today

While open source communities are primarily made up of volunteer contributors, company involvement is always welcome

Source: Linux Today

Twas the night before Christmas, when all through the house not a creature was stirring, just my USB mouse

Source: Slashdot: Linux

narramissic writes "According to an article on ITworld, Credit Suisse, Deutsche Bank AG, and AIG Technologies have signed on for Microsoft's technical support for Novell Inc.'s Suse Enterprise Linux. This follows last month's announcement of a deal between Novell and Microsoft that Steve Ballmer described as an effort to 'bridge the divide between open-source and proprietary-source software.' None of the companies cited the price of the support certificates, nor would they say how many they were activating. Even more interesting, Credit Suisse is a brand new customer for Novell."

Source: Slashdot: Linux

walterbyrd writes to alert us to word from groklaw.net that Jeremy Allison has turned in his resignation at Novell. "The legendary Jeremy Allison (of Samba fame) has resigned from Novell in protest over the Microsoft-Novell patent agreement, which he calls 'a mistake' that will be 'damaging to Novell's success in the future.' His main issue with the deal, though, is 'that even if it does not violate the letter of the license, it violates the intent of the GPL license the Samba code is released under, which is to treat all recipients of the code equally.' He leaves the company at the end of this month. He explained why in a message sent to several Novell email lists, and the message included his letter to management."

Source: Linux Magazine Online

Company continues to struggle with the community reaction to Microsoft alliance.

Source: ONLamp.com

I noticed a new feature in an enterprise security package offered by GTB Technologies. This package protects companies from employees or other people on internal networks who send out content marked by the company as sensitive: trade secrets, sales data, customer contact information, and so on.

What makes this package different from most is that it can check content even if it’s encrypted. Essentially, companies can have their security cake and eat it too. They can allow widespread encryption to protect against snoopers inside and outside, while preventing employees from using that encryption to sneak company secrets out port 25 or even something as immediate as IM.

And GTB claims they can do this while adding only 3 milliseconds to each transaction.
The way GTB locks down security is as follows:


All sensitive content is passed through software that takes a series of fingerprints, which are hashes of chunks of content.


The company performs key escrow, requiring employees to use only keys that they store in a company repository for encryption. This is a good practice in any case, because you don’t want corporate material encrypted by a key only one person know.


The employee can use any convenient, existing technology for encrypting content, such as email encryption or a Web server’s SSL. In other words, GTB doesn’t force a company to replace existing technologies in widespread use.


Every outgoing transaction (email, Web pages, FTP, instant messaging) is checked against the fingerprints by a GTB server that sits between the originating system and the corporate firewall. When they encounter encrypted traffic, they contact the server that maintains the certificate and get the server’s key to decrypt the traffic and check the original content. Content that matches the fingerprint is blocked. If an employee uses unapproved encryption, or any other unapproved format, the company can choose to deny transmission.


This summary doesn’t indicate several impressive achievements claimed by GTB’s CEO, Uzi Yair, in a presentation to me. First is the fine granularity of the fingerprinting system, which is a bit reminiscent of the license enforcement services offered by Black Duck software and Palimida. The default chunk size is 512 bytes, so GTB can catch any chunk of information 512 bytes or larger from unstructured content (such as a Word file). The administrator can set the chunk size to any desired number.

Database data can be protected even more finely: each field of each row is fingerprinted. GTB works with any database that provides an ODBC interface.

And all this work is what they say can be done in 3 milliseconds! GTB uses the same technology to scan a network at a rate of 500 MB/minute, and identify sensitive data that may be exposed.

Source: ONLamp.com

A common misconception is that only static languages can have powerful IDEs. Late-binding languages with runtime code evaluation have plenty of IDE support in ActiveState's Komodo 3.5. Michael J. Ross reviews what it offers PHP and Perl developers.

Source: ONLamp.com

Here is the advisory. It states: An attacker can cause source code disclosure using adding %20 (space char) after the uri, for example http://www.server.com/app/Default.aspx%20
To test this, I started xsp (in Ubuntu using Parallels):
$ xsp --root ~/xsproot
xsp
Listening on port: 8080 (non-secure)
Listening on address: 0.0.0.0
Root directory: /home/testbox/xsproot
Hit Return to stop the server.
Next, I put the following file in ~/xsproot and called it default.aspx:


//ASP source code below
//Client should not be able to see the code below,
//but just the output, i.e. Hello World!
Response.Output.Write("Hello World!");
%

I made sure everything is working correctly by requesting default.aspx:

So far, so good.
Next, I requested the same URL, but ending with %20, and Safari displayed a ‘blank’ page:

The reason for this is because Safari got served the entire ASPX file. I was able to view the entire ASPX file by just doing a View - Source:

There you go, a good old source code disclosure. I say “good old” because IIS (and other servers) have had similar vulnerabilities in the past (BID 1084).
I don’t think its necessary for me to go into how source code disclosure can be a huge risk for any organization. The advisory does a good job of summing this up: Using a source code disclosure attack, an attacker can retrieve the source code of server-side file. Obtaining the source code of server-side files grants the attacker deeper knowledge of the logic behind the Web application, how the application handles requests and their parameters, the structure of the database, vulnerabilities in the code and source code comments. Having the source code, and possibly a duplicate application to test on, helps the attacker to prepare an attack on the application.
Update: is also possible retrieve Web.Config file. This file contains sensitive information like credentials.
If you use mono-xsp, please patch immediately. See the advisory for details.

Source: Linux DevCenter

David Nielsen has started a pledge drive to fund nouveau development. (nouveau is a project to produce complete and free open source drivers for NVidia video cards.)

This pledge drive does not have the official support of the nouveau developers, but what a wonderful idea to be able to present them with $10,000 to support their work!

If you would like to use the hardware you’ve already paid for under terms that respect your freedom and choice, consider pledging $10 to this effort. (I’ll discuss the pragmatics and politics of free drivers more in a subsequent weblog soon.)