oreilly.comSafari Books Online.Conferences.


portupgrade, Railroad Security, Paranoid PHP System Calls, and XP for Open Source Developers

by chromatic
Linux Newsletter for 09/02/2003

Greetings! Yesterday was Labor Day here in the U.S., so instead of laboring to produce the next week of stories and book excerpts for, your editor spent the day laboring to finish installing Gentoo GNU/Linux on his laptop. Consequently, today is Linux Newsletter Day. Let's start here:

Noel Davis warns of several Security Alerts. Programs with potential remote exploits include srcpd (which implements the Simple Railroad Control Protocol, very cool!); ViRobot Linux Server (an antivirus tool); netris (a game); and autorespond (a mail responder). Please take a few moments to check your vendor for updated packages.

Dru Lavigne's latest jaunt through the fine world of FreeBSD explores portupgrade. You can go a long time without even knowing it's there, but once you've seen what a searchable index of your ports can do, you'll never forget it's there.

John Coggeshall's latest PHP Foundations column, Securing System Calls, is a reminder that user input is untrustworthy. Though PHP has a fantastic amount of included functionality, sometimes the simplest solution to a problem is to execute a standard program, such as a zipping program or a legacy binary. Unless you're sufficiently paranoid, it's possible for malicious user input to do things you don't expect—so it behooves you to learn exactly how paranoid you should be.

To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

To change your newsletter subscription options, please visit and click the"Manage My Newsletters" link. For assistance, send email to

One nice feature of open source development is that developers can make lots of mistakes and still, eventually, succeed. Of course, it'd be nicer to avoid some of those mistakes. Your editor's Five Lessons Open Source Developers Should Learn from Extreme Programming explores some of the common mistakes and explains ways to avoid them. Not every practice has a direct match, but you can improve your software and lower your sanity roll with a little discipline.

This week's weblogs feature Andy Lester discussing who speaks for open source advocates; Steve Mallett introducing O'Reilly's developer news site; Jason Deraleu discussing security designs in popular operating systems; and William Grosso complaining about bad MPAA propaganda at the movies.

Finally, your editor would like to thank eagle-eyed (no pun intended) James Burchell for pointing out the correct spelling of blepharitic. We'll stick to simpler words from now on.

Six days until the next newsletter,

Technical Editor
O'Reilly Network and Linux Devcenter Top Five Articles Last Week

  1. Five Lessons Open Source Developers Should Learn from Extreme Programming
    It may be harder to see how Extreme Programming (XP) can apply to open source projects, especially those without a formal customer. But to build a successful open source project, you must solve many of the same problems you'd face with an in-house project. Here chromatic, author ofExtreme Programming Pocket Guide, offers five lessons open source developers can learn from XP.

  2. portupgrade
    One of FreeBSD's biggest benefits is its ports collection. Perhaps the most important ports utility is portupgrade. Dru Lavigne demonstrates how you can get the most out of your ports collection.

  3. Five Habits for Successful Regular Expressions
    For many programmers, writing regular expressions is a black art. They stick to the features they know and hope for the best. Tony Stubblebine, author of Regular Expression Pocket Reference, says programmers can avoid a lot of trial and error by adopting these five habits for regular expression development. The code examples in this article use Perl, PHP, and Python, but the advice Tony espouses is applicable to nearly any regex implementation.

  4. GNOME trouble
    Noel Davis looks at problems in BitKeeper, the GNOME Display Manager, rcpd, ViRobot Linux Server, OpenSLP, eMule, lMule, xMule, netris, and autorespond.

  5. Guido van Rossum Speaks
    Guido van Rossum, creator of Python, recently announced a move from PythonLabs to Elemental Security. Steve Holden caught up with Guido to talk about the move, the future of Python, and computer programming for everybody.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: