oreilly.comSafari Books Online.Conferences.


Apache 2 Exploits, Extending CVS, TFTP, and Palmtop Unix

by chromatic
Linux Newsletter for 06/09/2003

Hi there. This is the Linux newsletter, your guide to ONLamp; itself your guide to the interesting and useful in the world of open source and open source development. That's too long to fit on a masthead, but it makes a nice opening paragraph. Here's what's new this week on

Noel Davis started the week with a Security Alerts column. Apache 2 has denial-of-service vulnerabilitites. Other remote vulnerabilities affect mod_php, CUPS, and the Batalla Naval game. Please check whether your version is affected and upgrade as soon as possible.

Source code management is important. Bug tracking is useful. Put them together and you'll have something more powerful. Luckily, two pre-eminent open source packages make this possible. Jennifer Vesperman, author of Essential CVS, demonstrates how to integrate Bugzilla with CVS, in Running Arbitrary Scripts Under CVS. That's just the tip of the iceberg.

Dru Lavigne continues a march through everything you could possibly do with a FreeBSD box. This week's topic is TFTP, the trivial file transfer protocol. With FTP and especially SCP, why does this matter? Well, TFTP is an easy way to serve hardware images to routers, embedded devices, and very thin clients that boot off of the network...

To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

To change your newsletter subscription options, please visit and click the"Manage My Newsletters" link. For assistance, send email to

Finally, Michael Lucas, Big Scary Daemons columnist, explores just how portable NetBSD really is. You see, he has Palmtop NetBSD running on an HP Jornada. How'd it get there? How'd he cross compile? It's all in the article.

This week's featured OSCON speaker is Tim Maher, leader of the Seattle Perl Users Group, speaking on Perl Certification. Tim won a White Camel award for forming and running SPUG.

Aside from a few online "certification" tests, the Perl community has no officially recognized way to demonstrate competence in the language. For years, the official thought has been "certification doesn't demonstrate anything useful." Yet other languages, especially those widely recognized by managers such as VB and Java, have certification programs.

Has the time come for Perl developers and open source developers in particular to embrace the idea of certification? Can a badge or a signed piece of paper really mark you as competent? Is the idea starting to make sense? The panel will discuss all of these issues.

See you next week, when we'll discuss email anonymity, the sum of all Nethacks, and remote collaboration challenges.

Until then,

Technical Editor
O'Reilly Network and Linux DevCenter Top Five Articles Last Week

  1. Top Five Open Source Packages for System Administrators
    AEleen Frisch, author of the best-selling Essential System Administration, 3rd Edition, offers the final installment in a five-part series on the most useful and widely applicable open source administrative tools. The countdown concludes this week with the number one utility, Cfengine.

  2. Palmtop NetBSD
    "Of course it runs NetBSD." NetBSD's fantastically portable, but that doesn't make it supremely easy to install on oddball hardware like a Dreamcast or a palmtop computer. Michael Lucas demonstrates cross-installation with the HP Jornada 728.

  3. Video Playback and Encoding with MPlayer and MEncode
    No consumer Linux box is complete without the ability to play digital video files. Until recently, this was difficult -- the codecs weren't freely available or distributable. MPlayer seeks to change this. KIVILCIM Hindistan introduces MPlayer and demonstrates some of its features.

  4. Top Five Open Source Packages for System Administrators
    AEleen Frisch, author of the recently released Essential System Administration, 3rd Edition, offers the fourth installment in a five-part series on the most useful and widely applicable open source administrative tools. As the countdown continues this week, we've got number two, Nagios.

  5. Saving Our Bacon: Snort Security Holes and Strategies for Safe Network Monitoring
    Recently, a CERT advisory announced the discovery of two separate buffer-overflow vulnerabilities in Snort, a popular security-monitoring tool used for detecting suspicious network activities. In this article, Bob Byrnes, coauthor of Linux Security Cookbook, reviews the past Snort attacks, as well as the recent (and more serious) buffer overflows. In each case, Bob discusses strategies that system administrators can use to minimize risks.

Return to the list of Linux Newsletters.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: