oreilly.comSafari Books Online.Conferences.


pf Rulesets, C++ Memory Traps, Exult Interviews, Standards, and, uh, a Monkey

by chromatic
Linux Newsletter for 05/12/2003

Good afternoon (or morning, here) and welcome to the Linux newsletter. This week, ONLamp is pleased to bring you a very filling meal of ideas and information, tips and tricks.

Noel Davis started the week with yet another Security Alerts column, cleverly called Monkey Troubles. Remote vulnerabilities affect Portable OpenSSH, Monkey HTTPd, Red Hat's mod_auth_any, pptpd, and rexec on HPUX, as well as certain Cisco equipment. Remember, the network you save may be your own.

With OpenBSD 3.3 escaping into the wild, Jacek Artymiak continues his series on changes to pf. It seems like just yesterday the little packet filter came about, but it's all grown up now. Changes in pf: More on Nat presents a sample NAT ruleset with a DMZ that you can customize for your own network.

Newcomer George Belotsky is just getting started blowing your socks off. Why is that? Well, he's discussing memory management in C++, which has the potential to blow your entire leg off. In part one of a three-part series on C++ memory management, George explains Common C++ Memory Errors and how to avoid them.

To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

To change your newsletter subscription options, please visit and click the"Manage My Newsletters" link. For assistance, send email to

Howard Wen spoke with the Exult developers recently. The Ultima 7 source code is (apparently) lost. Lord British and Origin had a messy breakup. Why has he given Exult his blessing? Find out more in the Exult Developer Interview.

This week also saw the fourth excerpt from the third edition of Practical Unix & Internet Security. This snippet from chapter 16 gives tips on using passwords and on generating random numbers.

Your editor must confess to neglecting to mention the ONLamp survey we're running last week. We've had some amusing results so far.

This week's featured OSCON speaker is Peter Gulutzan, speaking on MySQL and Progress Toward the SQL Standard(s). He's described his talk as "a heads' up for future plans, a necessary background for informed decisions, and just something that's nice to know."

Standards can sometimes be a shibboleth. Consider that the web thrived despite limitations of HTML 1.0 and 2.0 (and, admittedly, despite the limitations of the web browsers of those days). Richard P. Gabriel argued in Worse is Better that practicality and simplicity can trump correctness.

That doesn't mean that standards aren't important—just that sometimes it's more valuable to have an 80 percent solution now than a 100 percent solution much later. Is that the right approach for MySQL? Certainly its many users were willing to make that trade-off. Of course, MySQL continues to add features recommended by the SQL standard.

If you're participating in an open source project, how soon can you release code? How much functionality should you provide before making your work public? Your editor suspects there's no hard and fast rule for judging between complete standards compliance and practical usage. You'll have to decide for yourself what meets your needs.

We'll be back next week to discuss programming language philosophies, more Subversion, DHCP for routed networks, and animation in SDL.

Until then,

Technical Editor
O'Reilly Network and Linux DevCenter Top Five Articles Last Week

  1. Monkey Trouble
    Noel Davis looks at problems in Portable OpenSSH, Portable OpenSSH under AIX, ATM on Linux, Qpopper's poppassd, Monkey HTTPd, Red Hat's mod_auth_any, pptpd, EPIC4, HPUX's rexec, and vulnerabilities in Cisco equipment.

  2. Speeding up Linux Using hdparm
    Instantly double the I/O performance of your disks or, in some cases, show 6 to 10 times your existing throughput!

  3. Unfinished Business: The One Missing Piece
    With all of the work done on Linux in the past few years, there's only one missing piece preventing widespread adoption in the enterprise -- directory services. David HM Spector explores the history and current state of directory services, explaining why it's important to interoperate with Active Directory.

  4. Changes in pf: More on NAT
    OpenBSD's packet filter has really grown up. Since its introduction in OpenBSD 3.0, it has become an advanced tool for networking and security. In the second of four articles, Jacek Artymiak presents a sample NAT and DMZ ruleset that is easily customized.

  5. Configuring a DHCP Server
    In her previous article, Dru Lavigne introduced DHCP and its terminology. This week, she explains how to configure a DHCP for a small and reasonably simple network.

Return to the list of Linux Newsletters.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: