Apache, Apache + Python, Simple PHP Templates, NetBSD Upgrades, and Linux Videoby chromatic
Linux Newsletter for 04/14/2003
Hello. It's Monday afternoon (from a very -0700 GMT-centric viewpoint) and that means yet another Linux newsletter. For your edification, education, and approval, we present several interesting articles and tidbits.
Intrepid security hound Noel Davis leads the pack this week with another Security Alerts column. Remote exploits to beware of include sendmail, Balsa, libsmtp, and passlogd. As well, Noel looks at Apache 2.0.45, an important upgrade to the popular web server. Go ahead, check your boxes. The newsletter'll stay right here until you're sure you're secure!
A new contributor, KIVILCIM Hindistan (who pointed out that ASCII didn't punctuate the letter
I appropriately and recommended the capitalization scheme) is a big Linux-on-the-desktop fan. An integral task his desktop performs is watching DVDs and other digital video files. In MPlayer and MEncode, KVILCIM introduces an amazing video player and encoding tool that handles just about any video codec you can imagine.
Like many experienced PHP users (and web programmers in general), Daniel Smith is concerned about the proper separation of content and logic. Like many experienced programmers, he's also concerned about reducing the complexity in his life. In PHP and Heredocs Daniel introduces a simple yet effective resource-management scheme for extracting SQL and HTML from your PHP files.
To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).
To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to
BSD author Michael Lucas has been hip deep in exploring NetBSD on palmtop computers, but he's taken a break from his busy schedule to pen Staying Current with NetBSD. Though upgrading source code from CVS is easy, what happens when configuration files change? It's all in here--now you've no excuse not to stay up to date!
Finally, Peter Laurie, coauthor of "Apache: The Definitive Guide, 3rd Edition," takes Python for a test drive in Python and Apache. After an hour of exploring Python, what has he discovered? Remember--this is just a first impression.
In the weeks leading up to OSCON 2003, we're focusing on interesting stories from tutorial and session speakers. This week's speaker is Gunther Birznieks, whose session topic will be on Mixing Open Source and Proprietary Systems: Ironing out Security Wrinkles.
Gunther's thesis is that porting open source software to proprietary platforms can expose unintentional security flaws. For example, consider an Apache on Windows vulnerability from last year. Though it's cheap and easy to create a new process on Unix (
fork() is extremely cheap--especially on Linux), the Windows and Netware process models are very different. As usual,
secure programming means thinking a lot harder about things.
ONLamp.com and Linux DevCenter Top Five Articles Last Week
Cheap IP Takeover
Rob Flickenger offers a scheme for monitoring the health of a server that lets another server take it over if it fails, using ping, bash, and a simple network utility. Just another sample of the hacks you'll find in Rob's hot-selling O'Reilly book, Linux Server Hacks.
Apache Security Update
Noel Davis looks at a security update to Apache; a major problem in sendmail; buffer overflows in Balsa, libsmtp, passlogd, lpr-ppd, and Solaris' dtsession; and problems in NetPBM, Eye of GNOME, the Progress database, and Red Hat Linux 9's vsftpd daemon.
IRIX Binary Compatibility, Part 6
With IRIX threads emulated, it's time to emulate share groups, a building block of parallel processing. Emmanuel Dreyfus digs deep into his bag of reverse engineering tricks to demonstrate how headers, documentation, a debugger, and a lot of luck are helping NetBSD build a binary compatibility layer for IRIX.
File Integrity and Anti-DDoS Utilities
tripwire's not the only file integrity utility. Dru Lavigne explores aide and yafic, tools for making sure your system is clean of intrusion, and introduces utilities to detect DDoS programs.
Staying Current with NetBSD
Open source never stands still. Even the flexible and mature BSDs are continuing to evolve. In this article, Michael Lucas looks at the NetBSD upgrade process, demonstrating the most common steps to stay abreast of the current source code.
Return to the list of Linux Newsletters.
Return to the Linux DevCenter.