Whenever a new kernel comes out, there's a lag time between when it's
adopted by those who don't mind compiling it themselves and by those
who are waiting to get it bundled in an already-tested package from
the maintainers of their distributions. In part, the delay is just
the result of the difference between those who live on the edge and
those who stick with the tried-and-true, but could it be shortened by
reducing the work that the distributions have to do to adopt the new
kernel? In today's editorial, Jeff Garzik of MandrakeSoft describes
the process of fitting the two together.
Update: Developers from Conectiva have written to share their thoughts on the subject.
The inetd server as shipped with Red Hat Linux 6.2 fails to close sockets for internal service properly. This could make services stop working when
the system had leaked sufficient resources.
It's here. It's new. It's freshmeat II. (/me quits rhyming) -- Way too much time has passed since the last rewrite. The first baby-blue freshmeat went online Jan 1st 1999, more than 2 years ago. Here's baby-blue freshmeat II
, codenamed 'Verdi'. Besides being completely restructured database wise to better cope with with the project data, this release incorporates most of the features users requested in the past months. Click the link for a quick rundown.
Update: Yes, you convinced me the select boxes suck and as such they will be replaced with link icons as soon as I get a chance.
Some security problems, including a remotely exploitable information leak allowing anyone to read the stack, have been found in bind versions prior
to 8.2.3. Updated packages are available from updates.redhat.com
BIND 8 suffered from several buffer overflows. It is possible to construct an inverse query that allows the stack to be read remotely exposing environment variables. CERT has disclosed information about these issues. A new upstream version fixes this. Updated packages are available from security.debian.org
Anonymous has had his eye on his Web server logs lately, and is
worried at the shift in the ratio of Netscape to IE browsers hitting
his pages. He worries that, if we're not careful, this trend on the
desktop could undo all the progress Linux has made in the server room,
and he offers some ideas on how we could fix things.
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or something. crontab files are not especially secure anyway, as there are other ways they can leak. No
passwords or similar sensitive data should be in there.
Every day, dozens of hackers send us news of their code and hope for a spot in the appindex. Since we know how much our approval can mean, it honestly does hurt us more than it hurts you when we have to frown over a submission and write back, “You know, this really doesn’t fit here…” In today’s editorial, Nathan Hurst, part of Freecode’s Australian crew, explains what goes through our minds and why we sometimes feel we just have to say “no”.
A recent Slashdot story sparked a great deal of discussion about
Aduva's plans for simplifying Linux administration. Aduva's Izar
Tarandach says it sparked a great many misconceptions as well. Today,
he tries to put the record straight.
Recent freshmeat editorials have dealt with the current state of
package management systems. Today, Alex Botero-Lowry and David Eklund
look to the future and discuss the work they're doing to create an
alternative that draws on the best features of the current "big two".
Jeffrey Fulmer offers YAPFILA (Yet Another Plea For Intelligent Linux
Advocacy), focusing on the culture clash between those who choose the
technology and those who have to use it.
Dan Feldman offers an analysis of the systems available for
centralized computing in a computer lab, and how Linux can fit into
Spam in the inbox is bad enough. Spam that announces itself with a
cheery little tune and steals the focus from your application is much
closer to intolerable. Andrew Macks (one of freshmeat's Australian
Submission Bin Warriors) offers his guidelines for ICQ users who want
to avoid spamming others, and we ask what can be done about this new
and more intrusive type of spam.
In a followup to Claudio Matsuoka's "Is it Time to Change RPM?",
Alfredo Kojima offers news of Conectiva's APT/RPM integration work,
gives the reasons he thinks it's superior to other RPM frontends, and
hopes it will provide a means for bringing the various Linux
distributions closer together.
I see two trends in progress. In one, we're continuing movement
towards application-independent data storage. In the other, we're
witnessing a proliferation of devices that each store the same data in
a unique and incompatible way. I believe it's a time to watch
developments carefully, and to be ready to move our advocacy efforts
to a new arena.
When you want to announce changes in your project to several Web
sites, you go to the first one and fill in a form with your new info.
Then you go to the next one and do it again. And again with the next
one. And again. And again. Doc O'Leary thinks he has a solution.
Please read to the bottom for my comments and a couple of questions
I'd like to ask everyone.
Kenneth Broll brings an historical perspective to the debate over
supporting Windows languages and applications under Linux, and offers
a warning drawn from his own experience.
Linux continues its march to the desktop, strengthened by the arrival
of Open Office and other non-hacker applications, but what good are
these apps to you if they don't speak your language? In today's
editorial, Juraj Bednar asks that the community not forget
localization if it wants Linux to be an alternative for the
Projects are appearing that attempt to bring Visual Basic clones to
Linux. Marc Boorshtein, a former VB programmer, thinks this is a
mistake, and that we should be innovating with what we already have
instead of spending time working at emulating what he considers a
technological dead end.
If you want to write really fast code, what should you do? Hone your
assembly skills? Erik Greenwald thinks that's a mistake too many
people make, and that it's possible to write even better-optimized
code in a high-level language.
Blind computers users had more difficulty than most people when they
made the transition from DOS to Windows. Would a switch to Linux be
as great a problem? Saqib Shaikh thinks it would instead make their
computing experience easier and richer.
Luke Andrews writes: "The following whitepaper discusses the
importance of bug testing with respect to client and vendor
environments. Various responsibilities are placed on either side of
product development, and it is necessary to understand the reasons
behind practicing secure coding and ethical loyalty."
In today's editorial, representatives from Linux-Mandrake rebut Bill
Gates's recent comments about Linux and Open Source.
New Linux distributions usually base their package management on one
of two options -- Red Hat's or Debian's. Brazilian distributor
Conectiva decided to go with RPM, but has reservations about its
ability to provide smooth automated upgrades. In today's editorial,
Conectiva's Claudio Matsuoka describes the problems he sees and what
he thinks should be done.
Dave Gudeman writes: "A developer who wants to make a piece of
software available to others faces the daunting task of software
delivery. There are several strategies for delivering software,
primarily source code, machine binaries, and virtual machine binaries,
each with its own advantages and disadvantages. I'm going to discuss
each of the alternatives, then suggest a variation that is potentially
better than any of the other solutions for commercial as well as Open
Source software projects."
Thanks in part to the discussions held here by the freshmeat
community, Trolltech has decided to release the next version of Qt
under the GNU General Public License. In today's editorial, Eirik Eng
and Matthias Ettrich explain the reasoning behind their decision.
freshmeat has presented a number of editorials this summer about both
sides of the conflict over Qt, KDE, and Debian. At the recent
Linuxworld Conference and Expo, news about desktop environments went
beyond the community and into the mainstream press when several
commercial vendors said they would adopt GNOME as the standard GUI for
UNIX systems. Today, Gaël Duval explains the problems he sees with
this and why Mandrakesoft will not commit to a single standard
Application Service Providers bring the mainframe + dumb terminals
model to the Web, and users get all the benefits of a
centrally-maintained system. Unfortunately, the distance from your
house to my.service.com is longer than that from your office to the
admin down the hall, and it can be harder to hold your provider
accountable. In today's editorial, Paul Reiber points out the
downsides of ASPs.
Cal Evans writes: "Unless you are working on an Open Source project,
deadlines are probably a fact of life for you. Like most of us, you
have missed your share of them; we all do. The trick is to make more
than you miss, and to always make the important ones. To that end, let
me offer you the lessons learned by a Nerd Herder who has hit more
than he has missed and has the scars to prove it."
Dennis Faust writes: "The vast majority of technology companies
fail. That is market Darwinism at work. Through no fault of your own,
chances are you currently work at one of the eventual losers. If you
are prepared, this experience will be little more than an opportunity
for an unpaid vacation. If you are caught flat footed, it can be a
very traumatic experience. With a little forethought, effort, and
strategy, you will be in control."