•   Distro Watch
•   Linux Today News Service
•   News for nerds, stuff that matters
•   The O'Reilly Network ONLamp Articles and Weblogs

Source: LinuxTracker.org

Category: LFS Size: 490.32 MB Status: 3 seeders and 2 leechers Added: 2006-12-19 21:23:26

Source: LinuxTracker.org

Category: Arch Size: 17.98 MB Status: 4 seeders and no leecher Added: 2006-12-19 13:23:47

Source: LinuxTracker.org

Category: Arch Size: 143.30 MB Status: 5 seeders and 1 leechers Added: 2006-12-19 13:01:08

Source: LinuxTracker.org

Category: Arch Size: 17.98 MB Status: no seeders and no leecher Added: 2006-12-19 12:45:13

Source: LinuxTracker.org

Category: Ubuntu Size: 1.47 GB Status: 6 seeders and 26 leechers Added: 2006-12-19 04:40:45

Source: LinuxTracker.org

Category: FreeSBIE Size: 635.53 MB Status: 5 seeders and 2 leechers Added: 2006-12-19 01:25:56

Source: zenwalk

The Zenwalk Linux project has announced the release of ZenEdu 0.3, a distribution whose main goal is to provide an easy-to-install, stable and free operating system to nurseries and primary schools. ZenEdu includes a good collection of teachers' tools for their daily educational work as well as games .

Source: Linux Today

Recently there has been a lot of discussion bubbling up regarding the possibility that Ubuntu will ship proprietary 3D drivers by default for some video cards

Source: Linux Today

The column was to begin a series of events that changed my life because I used, as an example, a CIO who had chosen Linux for the wrong reasons. Now, to be clear, Linux may have been the right choice

Source: Linux Today

The 3-D effects fell flat in my tests, but I found the distro to be a pretty good OS if you're looking for a Windows replacement

Source: Linux Today

Tivoisation is a technique that manufacturers use to produce a computer, to sell to you, whose software they can update but you can't

Source: Linux Today

Opera Software today released an update to its popular, eponymous, freely-available web browser

Source: Linux Today

The British Education and Communications Agency (Becta), tasked by the government with organising IT in schools, has dismissed an independent report claiming that over £200m of government funds have been wasted under its watch

Source: Linux Today

The IT job market is 'very attractive right now,' says Scot Melland, CEO of tech job site Dice. 'Much better than in past years '

Source: Linux Today

The GNOME Foundation Membership & Elections Committee is pleased to announce the preliminary results for the Board of Directors

Source: Linux Today

Gartner released a number of predictions for 2007 on Wednesday with the biggest being that Vista will be Microsoft's last major release of the Windows operating system

Source: Linux Today

A quick study of the network industry could be enough to give you the blues

Source: Linux Today

Yesterday we introduced NIS, the Network Information Service. In the second and final article in this series, let's look at how to use it effectively

Source: Linux Today

Consider this scenario Your machine running GNU/Linux has been penetrated by a hacker without your knowledge and he has swapped the passwd program which you use to change the user password with one of his own

Source: Linux Today

One of the many benefits of Fully Buffered Dual Inline Memory Modules is the ability to have up to six memory channels per memory controller

Source: Linux Today

This is a detailed description about how to set up an OpenSuSE 10.2 based server that offers all services needed by ISPs and hosters

Source: Linux Today

Not very many, but Stratus Technologies sells systems that offer the kind of fault tolerance that will handle mission-critical applications and leave admins with peace of mind

Source: Linux Today

Today's security advisories: kernel-source-2.4.27, clamav, and sql-ledger (Debian GNU/Linux); dovecot and kernel (Fedora Core); ClamAV (Gentoo Linux); and clamav (SUSE Linux).

Source: Linux Today

As you might have guessed this is going to be a brazen and shameless plug for the command line. I write it to throw in my tuppence-worth after my own Linux experiences

Source: Linux Today

Of course, I couldn't let my Core 2 Duo go to waste, so I had to install 64-bit Linux. Suffice to say, Java and Flash are a pain and some 32-bit applications aren't entirely stable

Source: Linux Today

Open source company MySQL AB, which puts out the well-known database of the same name, has made a couple of moves this year, both of which have passed without much comment

Source: Linux Today

Emergence of open technologies and open-source alternatives makes customizing school software a reality

Source: Slashdot: Linux

lisah writes "Last month members of the Fedora community met for a three-day summit (wiki here) designed to chart a course for future version releases as well as to plan other Fedora projects. Team members say they want to leverage the enthusiasm of a community that has demonstrated a willingness to develop Fedora Extras (add-on features to the Core package) and support Fedora Legacy (past releases). Red Hat's community development manager, Greg DeKoenigsberg, said, 'Community contributors have proven conclusively over the past 18 months that they can build packages every bit as well as Red Hat engineers — better, in some cases.' In addition to creating several proposals that will be introduced the the community for input and feedback, the summit also gave rise to the newly-created position of Fedora Infrastructure Leader." Linux.com and Slashdot are both owned by OSTG.

Source: Slashdot: Linux

martin-k writes "Commercial office suite software is coming to FreeBSD, Linux, Windows, Sharp Zaurus and Windows Mobile. SoftMaker, a German developer, recently released SoftMaker Office, a multi-platform office suite that excels in Microsoft Office compatibility, claims to be much leaner and faster than OpenOffice.org and works on many operating systems, down to PDAs." While SoftMaker certainly isn't new, it is nice to see them roll out a finished suite as opposed to one-off programs.

Source: ONLamp.com

Language redesign is difficult, isn’t it? Once you start challenging base assumptions, you find that a lot of your previous conclusions are shaky, and good luck reigning in blue-sky ideas!

See you in 2007… or 2008… or 2009.

Best wishes,
a Perl 6 hacker

Source: ONLamp.com

Guido, the BDFL for the Python language recently posted concerns about the Python 3000 release schedule. It seems that the discussions are “more about radical redesign of the language than about the relatively modest tweaks that [Guido] had in mind when [he] started the project.” His post showed a considerable amount of wisdom in balancing the needed (and desired) changes with getting things done. In any project, you can spend an infinite amount of time thinking and re-thinking the design, but at some point, you have to decide to get it done even if there are improvements that you could have made.
The results of the post were 1) Guido committed to try to set the tone on the Python 3000 Dev list to focus primarily on the work that needs to get done. 2) He offered to create a Python 4000 list on which people can discuss more radical changes to the language. 3) Guido mentioned some specific items for Python 3000 which he could use some help on. If you’re so inclined, read the post I’ve linked to and see if there’s an area where you can lend a hand.

Source: ONLamp.com

High risk vulnerabilities such as SQL Injection can be easily demonstrated by security analysts to developers or business executives. For example, a xp_cmdshell request injected into an application vulnerable to SQL Injection can be used to demonstrate how an attacker can abuse SQL injection to obtain a command prompt from the host running the (Microsoft) SQL server. Such demonstrates have major visual impact and the consequences of the vulnerability are clear.
In the case of Cross Site Scripting (XSS), it can be quite cumbersome for a security analyst to come up with a visual demonstration that clearly indicates the consequences of the vulnerability. Security analysts often demonstrate XSS by injecting JavaScript code such as alert('xss'); causing the vulnerable application to display a pop-up window with the word ‘xss’. From a technical perspective, such a demonstration does prove the existence of a XSS vulnerability, but it doesn’t do much to visually convey the impact and consequence of the issue. While trying to find tools or methodologies that can automate a XSS demonstration, I came across the BeEf tool. Its website states: BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting (XSS) issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. Some of the basic functionality includes Keylogging and Clipboard Theft.
BeEF is a PHP based web application that captures requests from web browsers of users that are victims of a vulnerable XSS application. The basic idea is to run BeEF on your host, and then exploit an application effected by XSS to make its users request a resource on your host (served by BeEF) by way of XSS. Once the victim’s browser requests a BeEF resource, BeEF will alert you and allow you to inject JavaScript code, perform javascript port scans (i.e. the victim’s browser will initiate the scan: this can be used by an attacker in port-scanning an intranet environment the victim’s browser may have access to), and so on. The flash tutorials do a great job of demonstrating BeEF.
At the moment, a good friend of mine is working on a project similar to BeEF. If he decides to make a version available to the public, I’ll post about it here.

Source: ONLamp.com

I will be teaching Security, Privacy, and Politics in the Computer Age again this spring semester at Tufts University through the Experimental College. I had great success the first time I taught the course. This time, I am reshuffling the syllabus with several major changes:

New sections for 2007:

Social Engineering
Databases and Data Security
Risk Management and Policy Framework
Software Insecurity
Secure Software Development
Regulatory Compliance
Digital Investigations and Forensics
Ethics

Deeper discussion of privacy

Also, students will be placed in groups to design two “secure” products, which will be 25% of the final grade.
As usual, all news, lectures notes, resources, and selected students’ works will be online on the course website.