|
|
Linux and Open Source News for 9th May 2006
|
Distro Watch
|
|
Source: LinuxTracker.org Category: Adamantix Size: 365.58 MB Status: 3 seeders and 2 leechers Added: 2006-05-09 15:30:59
Source: LinuxTracker.org Category: AUSTRUMI Size: 49.53 MB Status: no seeders and no leecher Added: 2006-05-09 08:53:41
Source: LinuxTracker.org Category: RIP Size: 149.16 MB Status: 1 seeders and no leecher Added: 2006-05-09 08:45:27
Source: LinuxTracker.org Category: Puppy Size: 62.02 MB Status: 2 seeders and no leecher Added: 2006-05-09 07:52:16
Source: LinuxTracker.org Category: B2D Size: 680.71 MB Status: 8 seeders and 5 leechers Added: 2006-05-09 05:23:04
Source: LinuxTracker.org Category: gnuLinEx Size: 687.88 MB Status: 1 seeders and 4 leechers Added: 2006-05-09 04:00:25
Source: LinuxTracker.org Category: Scientific Size: 2.33 GB Status: 6 seeders and 1 leechers Added: 2006-05-09 03:57:37
Source: LinuxTracker.org Category: Oralux Size: 495.71 MB Status: 3 seeders and no leecher Added: 2006-05-09 02:35:48
Source: alixe A new version of AliXe "Standard" edition has been released. AliXe is essentially a French edition of the popular SLAX live CD customised for use in French-speaking regions of Canada. The new version is based on the recently released SLAX 5.1.4, inclusive of the Linux kernel 2.6.16, KDE .
Source: austrumi The AUSTRUMI mini live CD has been updated to version 1.2.0 - now with a surprise switch to Enlightenment 17 as its window manager. From the changelog: "Removed OpenBox and added Enlightenment; updated AbiWord, Bash, Firefox, Linphone, nmap, OpenSSH, OpenSSL, SDL, XMail; added d4x - downloader for X; .
|
|
Linux Today News Service
|
|
Source: Linux Today Kevin Carmony has taken the heat from some in the FOSS community for offering non-free software in Linspire, and in particular, for attempting to lure the FOSS community into contributing to Linspire via Freespire
Source: Linux Today An interesting thing is about to happen to home computing--the 'Desktop' that GNU/Linux never seems able to liberate from proprietary Windows may be just about to become irrelevant
Source: Linux Today For years now, I've been hearing about how Intel's Itanium platform was going to be the server-chip to end all other server-chips. It hasn't happened
Source: Linux Today For these tasks students will be assigned a Debian developer acting as their mentor. The coordinator for Debian's participation is Baruch Even
Source: Linux Today Now it's time for the gory details. How can we replace mission-critical services with OSS alternatives ?
Source: Linux Today The decision to forego proprietary software isn't always easy, but those who rise to the challenge can reap the rewards
Source: Linux Today Businesses seem to be champing at the bit to cut costs by using free and open source software, but many fail to budget for the necessary integration and support costs that go along with any software
Source: Linux Today A two-part documentary, 'The Code Breakers,' to be aired on BBC World starting 10 May 2006 examines whether free/open source software (FOSS) might be the bridge ?
Source: Linux Today Linux is found to be much faster than Apple's OS X for statistical computing. And although Linux is 5 to 10 percent faster than Windows XP, both are markedly faster than OS X
Source: Linux Today OpenLogic will pay developers to provide high-level support for scores of open source products, but not everyone is convinced by the idea
Source: Linux Today In a press release authored by, um, himself, Mambo lead developer Martin Brampton announces he is severing all ties with Mambo. And apparently not quietly. Link within.
Source: Linux Today At LinuxTag on Saturday, a meeting of Kubuntu and KDE contributors was held in order to improve the collaboration of both projects
Source: Linux Today None of the prominent desktop applications that can create and save documents in OpenDocument currently work well with screen readers, magnifiers and other assistive technologies
Source: Linux Today Six of the leading open source systems management vendors are to announce that they have created a new consortium to further the adoption of open source systems management software and develop open standards
Source: Linux Today European Commission officials are unhappy that there may soon be two competing ISO document standards, and want industry players to work together
Source: Linux Today NewsForge contacted the number one man on the Linux project, Linus Torvalds, who acknowledged it might be the right time for a 'bug cycle '"
Source: Linux Today K3b, well here comes the main reason for me not being among the best students I started working on K3b in 1998, shortly after I arrived in Freiburg
Source: Linux Today The auto complete feature of the Bourne Again SHell makes bash one of the most loved and newbie-friendly Linux shells
Source: Linux Today BogoSec is a source code metric tool that wraps multiple source code scanners, invokes them on its target code, and produces a final score that approximates the security quality of the code
Source: Linux Today CPU affinity is nothing but a scheduler property that 'bonds' a process to a given set of CPUs on the SMP system
Source: Linux Today Now that I have written so much about Linux kernel, I realize that many people reading those articles do not even know how to compile them
Source: Linux Today Cluster computing is great, so they say. Cobble together a few thousand servers and some Ethernet, grab some freely available software and you can now calculate the meaning of Life the Universe and Everything
Source: Linux Today In this article I will describe how to monitor your server with munin and monit
Source: Linux Today Today's security advisories: cgiirc (Debian GNU/Linux); Nagios, PHP, and Mozilla Thunderbird (Gentoo Linux); and nagios, mysql-dfsg-4.1, and mysql-dfsg (Ubuntu Linux).
Source: Linux Today In planning for this year's show, our group looked at what went well and what could have been done better
Source: Linux Today Bitlbee is a chat system gateway that allows you to connect to several other instant messaging services via a regular IRC client
Source: Linux Today Today, we look at the photo-manager digiKam, the plotting application QtiPlot, the LaTeX-dreamteam Kile and KBibTeX and the upcoming KDE 3.5.3 release
Source: Linux Today An astonishing thing has happened at Sun Microsystems. A company built on high margins from hardware sales is now turning upside down and going soft
Source: Linux Today In this interesting guest column, Doug Roberts, a desktop Linux user for about two years, shares his perspective on switching from Windows to Linux, and what to think about when you decide to take the plunge
|
|
Linux and Open Source News, Reviews and Strategy from eWEEK.com
|
|
Source: eWEEK Linux Novell's aiming straight at Microsoft's Small Business Server customers with its new, low-priced office suite: Novell Open Workgroup Suite. (Linux-Watch)
|
|
The O'Reilly Network ONLamp Articles and Weblogs
|
|
Source: ONLamp.com Note: if you’re not familiar with my writing, I should tell you that it often represents a bizarre stream of consciousness where I hop from stepping stone to stepping stone in a most unpredictable fashion and the other side of the stream bears little resemblance to the original bank. You’ve been warned.
About a year ago, a friend took me to see the film What the Bleep Do We Know. I’m afraid we annoyed many others watching the film because we couldn’t stop laughing at how ludicrous much of it was. For example, the film gave extensive coverage to “Dr.” Emoto insulting water and claiming this makes ice crystals ugly. He’s making a lot of money from books but, curiously, scientists have had trouble replicating his results.
This got me to thinking about the excellent book AI Application Programming by M. Tim Jones. I had been busy reworking his example of evolutionary behavior in synthetic ecosystems and my “animals” were not evolving as expected. After much mucking about in my code, I realized that the “eyes” worked, the “brains” worked, but I had accidentally severed the “nerves” between the eyes and the brain. Much like the audience at the aforementioned awful movie, my creatures could think and could see, but they could’t think about what they saw.
I suppose I could dismiss the other audience members as stupid, but that’s not true. Many of my very intelligent friends have been quite impressed with that movie and this suggests an interesting question. But first, let’s start a fight. Take several artificial intelligence researchers at random, put them in a room without food and water and tell them they can’t come out until they have a conclusive definition of artificial intelligence that they can agree on. After there is only one researcher left alive, all you’ll have left is an unsatisfactory definition and an annoyed researcher.
The problem, and the question I alluded to, is that we can’t define what “artificial” intelligence is until we can define what “intelligence” is. The latter raises annoying questions about consciousness, the “soul”, and other ideas which not only make many squirm, but may ultimately prove to be unanswerable. The computer scientist Jaron Lanier has posed disturbing thought experiments about the nature of intelligence and rejects the idea of machine intelligence. Given that I’m not a computer scientist, though, I take a utilitarian approach. If it looks like a duck, quacks like a duck, duck al’orange is on the menu.
In other words, I’m not as concerned with whether or not I can answer the unanswerable question of intelligence — I’m quite comfortable saying “I don’t know” — so much as I am concerned with taking advantage of the flexibility of AI systems. This flexibility, not surprisingly, is a flexibility we often associate with intelligence.
So your boss comes to you with a problem. You need to project sales for your lemonade stands. As it turns out, for a well-run lemonade stand, sales projections can be very reliable, but only if we understand the variables involved. You do your research and notice two things:
Sales go up on hot days
Sales go down on week days
After a bit of playing around, you come up with the following:
sales = (temp/100) * 500
sales = sales * 1.5 if weekend
For that, it says for 75 degrees (fahrenheit, duh), sales will be 375, except on weekends where sales should be 562.5. Of course, this isn’t exact and you understand there will be some fluctuation, but such projections allow you to predict how much labor you can spend, how much product you will order, and so on.
So you start projecting sales at a second lemonade stand and discover that your sales projection model fails miserably. A bit of research reveals that the first stand is in a park and the second stand is in an air-conditioned lobby. For the second, you decide that the temperature is always 65 degrees, but your system still fails. Now you have regular customers and a different traffic flow. Further, you may have such bad sales in the lobby on the weekend (most offices are closed) that you can’t profitably run the stand. After reanalyzing sales, you discover that people still buy more lemonade on hot days, but there’s still not as much of an impact, so your projection is a simple:
sales = 0
if (”outdoors” == location)
sales = (temp/100) * 500
sales = sales * 1.5 if weekend
else
sales = temp * 1.2 + 600 if weekday
That’s beginning to look ugly, but it works. For a while. (We’ll call this the “brute force” approach). After a bit, you notice sales steadily rising at the lobby but not at the park. Why? Because you have regular customers. So maybe you should consider how long a stand has been open. Further, regular customers often like regular employees, so the longer an employee has worked there, the better they pull in regular customers. You also discover that female employees in the park pull in better sales on hot days than males employees because they’re wearing less clothing (sexist, perhaps, but I’ve seen it happen at the coffee carts I used to run). On top of that, you want to open new locations. How can you possibly factor all of these things in? Code which follows the above approach of hard-coding everything on a “per-location” basis has the advantage of making assumptions explicit but it has the disadvantage of not being flexible or maintainable.
To make matters even worse, there are often hidden correlations which you may not recognize. At the lemonade stand in the lobby, I mentioned that newer employees pull in less revenue than experienced employees. However, this effect is less noticeable for personable female employees. This is sad, but true. The gender of an employee, the length of time they’ve worked and the location they work at can all have subtle interactions which can affect sales. As you have more locations, it’s not reasonable to assume that the programmer can learn all these variables and properly account for how they will interact.
This exposes two problems:
Incomplete information
Unknown relationships
In the real world, however, the more complicated the decision, the more likely it is that these problems will occur. This is the norm, but our programming habits assume otherwise. We get division by zero errors or the program dies when the employee number is not supplied but we know our lemonade stand will make money even if we don’t know what the temperature is for a given day.
That’s where artificial intelligence can step in. One way of dealing with problems like this is to use a neural network. One of the most common types of such networks is a “feed forward, back error propogation” network, often known simply as a backprop network. In such a network, you have “neurons” connected by “synapses”. You feed in all your variables and compare the predicted and actual results. Then you walk backwards through the network and adjust the weights of the synapses to correct for the error. With enough data and training, you can start to get reliable answers (this is tougher than it sounds).
Now consider how intelligent you are. If you know your business well enough, you can often start to make reasonable sales predictions even if you don’t know which employees are working on a given day. You might not know the weather forecast or how many people are going to in the park on a given day but you can still make some sales projection. Unlike the “brute force” approach, you can often make reasonable projections in the absence of data. What’s astonishing about neural networks is that they can do the same thing. Don’t know the temperature? The neural network will still give an answer and if the other variables supplied (such as the date) have a heavy bearing on the results, you can still get a pretty darned good answer.
Neural networks can sometimes seem spooky in their performance. When designed properly, they learn well and they can detect relationships in data that trained observers will often miss. In fact, there is even software which can examine the internal structure of a neural network to help people learn what those relationships are. If you’re trying to predict movie revenue and you don’t know that that G-rated movies play better in small towns, there’s a good chance your network will find that if it has the movie rating, locations, and population information available.
It would be easy to dismiss neural networks as “not being intelligent” and in my gut, I suppose they’re not. However, since I cheerfully questioned the intelligence of my fellow movie-goers at “What the Bleep Do We Know”, I’m not sure I should be so quick to jump to conclusions. The number of neurons in our own brain are many orders of magnitude larger than the largest neural network ever built. What would happen if we could ever design neural nets that large? Perhaps some day in the future a robot with a sufficiently advanced neural network will clap happily at that movie and scowl at me and my friend laughing. I’d probably deserver it.
Source: ONLamp.com Jason McIntosh, who used to work (and play games at lunchtime) with me
at O’Reilly in Cambridge, Massachusetts, just contacted me to show me
the project he’s currently devoting his life to: an open-source
platform for multiplayer interactive games. Named Volity, it has a web
site for
game-players
as well as one for
game developers.
Volity provides libraries in Perl and Python. These aren’t so much for
creating the settings, pieces, rules, or moves of a game (those are
all game-specific, and you do them on your own), but for the wrapping
that makes it possible to sign up players and get them communicating.
With Volity, for instance, gamers can easily search for other gamers
and invite them to games. Volity handles all the messages passed
between gamers, and does so quickly and efficiently, although it’s not
designed for intensive twitch-based gaming (as Jason called it) with
real-time requirements. Gamers can chat while playing. A reputation
system is being developed (personally, I think that will be the
hardest part).
How many people need an open-source platform for game development?
Well, you might realize–as Jason did two and a half years ago–that
there is no other platform that makes it easy to handle multiplayer
interactions to develop what the industry calls casual games. This
term refers to games played by people for a few hours a week instead
of being played as a passion–games for people such as my teenage
daughter when she still had free time in her day and would spend an
hour on Yahoo! playing Othello or Hearts as a break from
homework.
Casual gamers are a much larger population than the hard-core video
gamers (and broader demographically, with older people and more
women), and they’re beginning to get the attention their size deserves
in the game industry.
You might also welcome (as I do) a completely open-source stack for
developing interactive environments, because they might be useful for
other kinds of collaborations besides games.
Volity components and dependencies read like a checklist for the free
software movement:
Volity itself is a set of Perl and Python libraries for
development.
Its chat features are based on Jabber, which gained serious market
acceptance when Google adopted it for its chat system.
Its graphics are SVG-based.
Its user client, Gamut, is written in Java.
Perl or Python along with SVG may be a lot for a budding game developer to learn,
along with the API for Volity, but it’s no more,
really, than anyone who wants to write a graphical application on any
platform would have to learn. And the knowledge you get by learning
them would apply to many other environments and projects in the
future, because everything is standards-based and open source.
|
|
The O'Reilly Network's Linux DevCenter Articles and Weblogs
|
|
Source: Linux DevCenter Anyone who administers boxes which are always-online is familiar with the experience of finding their logs clogged with script-kiddie attempts to brute-force passwords. Despite being pretty unsophisticated, and unlikely to prove a serious security problem (provided you’re enforcing a reasonable password policy), they’re still a nuisance. This article discusses a very good way of limiting connections via iptables, using the ‘recent’ module, so that clients who try to connect too many times in a short space of time are denied access.
I’ve been using this for somewhere between 6 and 12 months, and been very happy with it. However, after a recent upgrade, ssh started to act up on certain machines - all connections, even from machines on the local subnet, were refused. Experimentation revealed that this was due to the iptables ‘recent’ rules.
There’s a discussion of exactly what happens here, and it’s also been reported as a Debian bug (however, I can confirm that it also affects at least RHEL4 on its current kernel). Looking at the files in /proc/net/ipt_recent (which is
where the module keeps track of the relevant data), this is exactly what I was experiencing.
It’s been fixed in 2.6.12 and upwards; unfortunately, the current Debian stable kernel is 2.6.8 (the current RHEL4 is 2.6.9). Solutions: either remove the ‘recent’ rule for the moment and live with the script-kiddies (as mentioned above, you should be enforcing decent password policies…); or use apt-get pinning (on Debian) to upgrade your kernel; or be prepared to reboot every 25 days…
|
|
The O'Reilly Network's Security DevCenter Articles and Weblogs
|
|
Source: Security DevCenter Wireless LANs have evolved into more affordable and logistically acceptable alternatives to wired LANs. But to take advantage of their benefits, your company's wireless network needs to be properly secured. This article covers the types of attacks wireless networks encounter, preventive measures to reduce the chance of attack, guidelines administrators can follow to protect their wireless LANs, and an excellent supply of online resources for setting up a secure wireless network.
Source: Security DevCenter If your web application expects only that users always follow instructions and can never do anything other than what you want, it's probably insecure. You might find it surprising how much information your app exposes to a potentially hostile world. Shreeraj Shah demonstrats how to use Mozilla's LiveHTTPHeaders extension to see what your app does and probe it for vulnerabilities.
Source: Security DevCenter What motivates a hacker? Perhaps curiosity, the pursuit of knowledge, and the simple joy of saying "Hmm, that's funny! What happens if I ?" Eccentric security researcher Michal Zalewski exhibits these traits. Fearless interviewer Federico Biancuzzi recently talked with Zalewski about his curious approach to computer security, the need for randomness, and how the hacker mind works.
Source: Security DevCenter O'Reilly Media, Inc. is rolling out a new syndication mechanism that provides greater control over the content we publish online. You'll notice some improvements immediately, such as better standards compliance, graphical tiles accompanying article descriptions, and enclosure support for podcatching applications. We've tested the new feeds using a variety of popular newsreaders and aggregators, but we realize that there may be a few bumps along the way. If you experience problems, please don't hesitate to send mail to webmaster@oreilly.com. Please include detail about your operating system and reader applications. We also welcome your suggestions. Thank you for your continued support of the Security DevCenter. The following URLs represent the Security DevCenter's article and weblog content in a variety of popular formats: Atom 1.0 http://www.oreillynet.com/pub/feed/14 RSS 1.0 http://www.oreillynet.com/pub/feed/14?format=rss1 RSS 2.0 http://www.oreillynet.com/pub/feed/14?format=rss2 We will begin automatically redirecting the existing feeds to the new feeds above, but we recommend that you update your feedreader's subscription settings to ensure continuous and uninterrupted service. Thanks, O'Reilly Media, Inc.'s Online Publishing Group
Source: Security DevCenter Web services build atop HTTP to allow more flexible applications. However, their flexibility and ubiquity do not always protect against vulnerabilities due to the way HTTP works. Fortunately, the mod_security module and some planning can block potential attacks at both the protocol and application level before they start. Shreeraj Shah explains.
Source: Security DevCenter The five Ps--Probe, Penetrate, Persist, Propagate, and Paralyze--represent a model of how a security attack progresses. In this excerpt from Managing Security with Snort & IDS Tools, the authors discuss an attack's progression through these five steps, whether the attack is sourced from a person or an automated worm or script, with emphasis on the Probe and Penetrate phases, the stages that Snort monitors.
Source: Security DevCenter Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution. Scott Brumbaugh explains how to deploy a VPN using OpenVPN and OpenSSL.
Source: Security DevCenter The fact that Google indexes pages you might never have known were public is both good and bad. It's good when you're searching for specialized or esoteric information. It's bad when Google indexes potential security vulnerabilities on your site. Nitesh Dhanjani demonstrates how to use the Google API to help identify your inadvertently shared secrets.
Source: Security DevCenter Network security analysts sometimes need access to create and analyze raw packets. Salvatore Sanfilippo's hping is a tool that allows them to do just that. Federico Biancuzzi recently interviewed Salvatore on the project's design, implementation, and goals.
Source: Security DevCenter Security and convenience often conflict with each other. It'd be nice to have access to your office network from anywhere, but you can't trust the Internet. Virtual private networks are one solution. How do they keep your data safe, though? Scott Brumbaugh explains the basics of Public Key Infrastructure, the cryptographic basis for secure VPNs.
Source: Security DevCenter Does the open source process guarantee better security than proprietary development methods do? Not necessarily, warns John Viega. There are several security challenges facing open source software that many developers have so far failed to recognize.
Source: Security DevCenter An intrusion detection system (IDS) can scan your network for suspicious packets, but someone has to review the logs. Having previously shown how to construct packet filters, Don Parker demonstrates how to analyze an intrusion attempt, in order to gauge your network's security.
Source: Security DevCenter Ryan Russell, one of the coauthors of Stealing the Network: How to Own a Continent (from Syngress), has written a "prequel" that depicts a '70s-era security hack, set at a tech company back East. If you've been curious about Stealing the Network, this short bit of fiction provides a real sense of the concept behind the book. And be sure to respond to the talkback at the end of this tale -- we'd like to hear your theory.
|
|
