Security Alerts, Data Hiding, Database Crosstabs, and #Apache Questionsby chromatic
Linux Newsletter for 12/08/2003
Greetings, readers. With 2003 winding down, it's time to review the world of 2003 and prepare for the world of 2004. That means editorial plans and calendars. So far, the plan is to carry on along similar lines. One new feature of 2004 will be an increased focus on open source applications--Linux and the BSDs on the desktop, as it were. As always, your feedback is appreciated.
Here's what's new on ONLamp this week.
First up comes Noel Davis' unfortunately regular Security Alerts column. This week, Noel reports remote vulnerabilities in certain versions of BIND 8, Ethereal, FreeRadius, mod_gzip, Pan, detecttr, EPIC, and libnids. Also, GnuPG ElGamal (type 20) keys appear to be insecure. Please check with your vendor and upgrade as soon as possible.
Dru Lavigne took a break from her soon-to-be-revealed secret project (you'll all like it) to pen another FreeBSD Basics column. As usual, it applies across all sorts of free Unix-workalikes. Hiding Secrets with Steganography explores the world of hidden data. For example, you can hide Grandma's super-secret chocolate chip cookie recipe in her picture. No, not in the frame--in an image file. Curious? Read on.
New author Giuseppe Maxia joins the fray with Generating Database Server-Side Cross Tabulations. That's quite a title, but it pales beside the SQL required to accomplish the goal. The explanation is, fortunately, much simpler. If you're familiar with crosstabs or pivot tables, he explains how to generate the SQL automatically. If you're not familiar with the technique, this is how you can take a result containing one column of gender and another of department and turn department into rows, counting the number of men and women for each department. It's very useful.
In a less brain-hurting sense, Rich Bowen ("Apache Cookbook" coauthor) contributes the first in a series entitled "A Day in the Life of #Apache". This series examines real-world questions that come up on the popular IRC channel, going into the whys and hows of answering these questions. Think of it as "Commonly Asked Questions about Apache" meets "Things the Manual Doesn't Teach You".
To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).
To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to
This week's new weblogs feature Rod Chavez summarizing ApacheCon 2003, Terrie Miller discovering how to recycle a dead printer, and Anton Chuvakin wondering about reporting requirements for cyberterrorism.
That's all for now. Upcoming articles include an open source flight simulator, open source telephony, and the long-promised "Myths Open Source Developers Tell Ourselves."
Same time next week,
ONLamp.com and Linux Devcenter Top Five Articles Last Week
Using and Customizing Knoppix
Several Linux distributions boot directly from CD-ROMs. How many are usable in that state? How many are customizable in that state? Klaus Knopper's Knoppix is perhaps the best known of these distributions. Robert Bernier explains how to use Knoppix and how to customize your own self-booting distribution CD.
Installing Oracle 9iR2 on Red Hat 9
While Oracle's understandably proud of their Linux support, Oracle 9i is unsupported on the latest and greatest Red Hat. That doesn't mean it doesn't work, just that you'll have to do a little tinkering. Roko Roic demonstrates how to install Oracle 91R2 on Red Hat 9.
Every layer of security you can add is one more deterrent for the bad guys. Writing (or choosing) secure code is important, but it's not the only defense. Ivan Ristic, creator of mod_security, explains how this Apache module can turn back potential attacks before they reach your code.
RouteWord: An Interesting Diversion
Graphs--loosely connected, unordered collections of nodes--are highly important to computer science. Visualizing graphs is even more important: think of maps, routes, webs, and any other interconnected relationships. Who says that can't also be fun? O'Reilly author Andrew Odewahn explains how he accidentally created a new type of word puzzle playing around with graph visualization.
BIND DoS Attack
Noel Davis looks at a denial-of-service attack against BIND and problems in KDE, GnuPG, screen, Ethereal, FreeRadius, mod_gzip, Pan, detecttr, OpenCA, EPIC, and libnids.