What's New In Linux | 20010807


Kernel Space Releases


Latest stable kernel is: 2.4.7


The latest prepatch (alpha) version appears to be: 2.4.8-pre4, but there's a guy in the audience with his hand up to tell me different.


The latest FOLK (Functionally Overloaded Linux Kernel) is 2.4.7-folk2.2.1


User Space Releases


Mozilla 0.93. Less bugs, performance improvements. A Galeon version should be out very soon.


Netscape 4.78 is out. Netscape 6.1 will be out very soon.


Ximian releases Mono, a .NET implementation for Linux

www.ximian.com


KDE gets (chroot) ActiveX support.

A small plugin which provides ActiveX support within Konqueror has been created. It can play Shockwave, Quicktime, and other formats. Compare with Codeweavers work. It works well, tho is still experimental and won't be part of KDE main.


Samba 2.2.1 released


Massive (30 - 50%) Speed Increase for Large C++ apps on Intel Linux

Waldo Bastian's document demonstrates that the current g++ implementation generates lots of expensive run-time relocations. This translates into the slow startup of large C++ applications.The attached program "objprelink.c" is designed to reduce the problem. Expect (KDE) startup times 30-50% faster."


"Leon's hack works around the problem by adding a level of indirection - a stub -to each function in a class's virtual table, and changing references to the function to point to the new stub

instead -- thereby eliminating a whole lot of symbol lookups and relocations."

http://www.research.att.com/~leonb/objprelink/


Borland releases Kylix Open Edition, and drops price on other version to around four hundred Aussie dollars

http://www.borland.com.au


All Alan Cox kernels can now be easily packaged with `make rpm'.

http://www.kernel.org


RATS 1.1 (beta). A new beta version of the source code auditing tool RATS has been released, adding the ability to scan both Perl and Python code for vulnerabilities.


KDE 2.2 is scheduled to be released next Monday US time


GNOME 2.0 is coming along nicely, with a 2.0 API freeze, and 1.4.1 beta 1 out.



Postfix 20010228-pl4. It now has more wonderfulness.


Nessus 1.0.8

A plugin based remote security analysis tool for Linux. Seggests solutions to problems, and generates reports in HTML, LaTeX, and text.

http://www.nessus.org



Security Vulnerabilities


Xinetds umask is inherited by start-on-demand processes that expect tighter umasks. Securityfocus: "It has been demonstrated that there is at least one way for an attacker to gain root privileges due to this condition."


Linux kernel IP masquerading vulnerability. Remotely exploitable IP masquerading vulnerability in the Linux kernel. The problem includes the Linux 2.2 ip_masq_irc module and involves situations where certain browser or MUA helper applications can cause firewalls to act as proxies to open inbound connections when they shouldn't. A patch has been provided by the IP MASQ 2.2 maintainer, JuanJo Ciarlante.

http://kernel.org



SSH Communication 3.0.1. problem with Unix SSH server and accounts with passwords of two characters or less - people could log in with any password. Upgrade to 3.0.1. Both people using it instead of OpenSSH should be concerned.

http://www.ssh.com


A bug in Cold Fusion 5.0 is reported to crash the server, dumping a core file that can allow decrypted tags to be seen in clear text.

http://www.macromedia.com


Quake 3: Arena 1.29f/g is reported to have a buffer overflow vulnerability. No word yet on if this exploitable.

http://www.idsoftware.com


Various Squid and Apache and Horde IMP updates


Distributions


Red Hat released 7.2 beta. Will contain 2.4.6 Linux kernel, XFree86 4.1.0, KDE 2.2, GNOME 1.4, and journaling file system support, and included support for both x86 and ia64.

Http://www.redhat.com


CmdrTaco: And I won't even make a snide comment about how I haven't run Red Hat in 2 years!

Ian from Ximian: I guess I won't even make a snide comment about what an asshole Rob is, then...


News - Everything was threatened by stuff beginning with `A'


GAIM is threatened by AOL. But part of trademark law is that it must be enforced, and GAIMs lawyers (paid for by donations and their own altruism)

http://gaim.sourceforge.net


KAIM is threatened by AOL. KAIM became Kinkatta and released version 1.0

http://kinkatta.sourceforge.net


Killustratior was threated by Adobe, and is now known as Kontour.

http://koffice.kde.org


Dimitri Skylarov was threatened by Adobe after writing software which decrypts a small portion of encrypted ebooks to prove tha the various ebook security techniques simply weren;t securitty at all (some of these expensive solutions being marketed as `secure' involved ROT 13 and RSA encryption with a single, constant easily discovered string). Adobe backed down after meeting with the Electronic Frontier Foundation. The US government just release Skylarov on $US5,000 nail and is still intending to prosecute him.

http://www.eff.org


Postfix now has a book. Obscurely called `Postfix' and authored by Richard Blum, The book is pretty comprehensive and covers everything from basic setup through virtual hosting through to MySQL and WebMail type stuff. The author has written books on Sendmail and Qmail before, so he knows his MTAs. Seems like a good book although it apparently has some errors.

http://www.informit.com

http://www.postfix.org


There's an excellent tutorial for OpenLDAP use at Securityfocus.

http://www.securityfocus.com/frames/?focus=linux&content=/focus/linux/articles/openldap.html


The City of Largo California has switched to KDE 2.1.1 as their production systems. 800 users, 400 workstations.

http://dot.kde.org/995949998/


VMWare dropped their prices for VMWare Express to $49.95.

http://www.vmware.com


WebWasher Enterprise Edition for Check Point VPN-1/FireWall-1 Achieves OPSEC-Certification


Frank Willison, editor-in-chief at O'Reilly & Associates, passed away as the result of a massive heart attack on July 30. Frank played a big part in the Perl, Python and Zope books as well as other areas.


Gaming


Loki have a new demo disk, with patches.

Www.lokigames.com


Sunspire Studio's have confirmed that the 1.0 release of TuxRacer will not initially be Open Source. However, a GPL 1.0 will be made available some time after the retail release. They're taken all the necessary steps to change the license, and its still a pretty good game

www.sunspire.com


Urban Terror beta 2.2 is out. Get it. It rocks

Http://www.urbanterror.net




This Isn't Linux So It Doesn't Belong Here


The space robots are here to protect you from the Terrible Secret of Space

http://www.ifilm.com/ifilm/product/film_info/0,3699,2400760,00.html


Steve Balmer resigns as Microsoft CEO and takes new role with World Wrestling Foundation.

http://www.ntk.net/ballmer/dancemonkeyboy.mpg