Steven writes “This is the first issue of LinuxGuru’s new weekly column with news and links about Free Software and Linux development. Article here on LinuxGuru.net.”

“A tutorial discussing how to use X11 fully and effectively.

When I started programming many years ago, on a system very, very different from what we use now, producing graphical output from programs was easy;
all the necessary commands were usually built right into the language. Later, when I moved to C and UNIX, things were no longer simple. Not only does
C not include any graphics manipulation functions, per se, but all graphical output in UNIX has to go through the standard UNIX windowing system: the
X Window System, release 11, version 6.6 (its current incarnation), or X11 for short.”

jleveille writes “Understanding Linux file and directory permissions can be daunting for the new Linux user the first time they need to use them, but are easy to understand once you start using them on a regular basis, there are a couple of different ways to set permissions and the way you do it is your choice.We have the symbolic method:
$chmod o+x myfile
And the Absolute (Octal) method which is my choice:
$chmod 755 myfile

We cover both along with changing groups and owners.”

LinuxDevices.com:
“In this informative and entertaining technical article, embedded developer Patrick Glennon relates his experiences in creating a small Linux-based system for a client that required robust, easy-to-use, low-cost kiosks for conducting surveys at hotels. Glennon makes use of Intrinsyc’s CerfPod as the kiosk’s base platform, and equips it with open source software such as the Familiar project’s Linux distribution for the iPAQ and the Dillo browser.”

IBM: “Tom Adelstein of Bynari Systems, Inc. (www.bynari.net) has found the missing piece to enable corporate migration from Windows to Linux systems… Adelstein’s team wrote the two DLLs that make up InsightConnector so that he could sell Bynari’s InsightServer. Together these two solve the problem of letting employees use Outlook on their PCs while connecting with their non-Microsoft e-mail servers.”

Earthweb CrossNodes: “The wise network admin employs an array of tools to monitor network
activity. There are almost as many monitoring apps as network admins,
here are some I’ve found to be useful and versatile. I like color
pictures and graphs, you can’t beat scary little red icons for quickly
identifying trouble spots.” Read more here.

Slackware: “New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.”

New sudo packages are available to fix a security problem which may allow
users to become root, or to execute arbitrary code as root.

Here's the information from the Slackware 8.0 ChangeLog:

----------------------------
Thu Apr 25 12:00:50 PDT 2002
patches/packages/sudo.tgz:  Upgraded to sudo-1.6.6.
  This version of sudo fixes a security problem whereby a local user may gain
  root access through corruption of the heap (Off-By-Five).
  This issue was discovered by Global InterSec LLC, and more information may
  be found on their web site:
  http://www.globalintersec.com/adv/sudo-2002041701.txt
The discussion on the site indicates that this problem may only be exploitable
  on systems that use PAM, which Slackware does not use.  However, in the
  absence of proof, it still seems prudent to upgrade sudo immediately.
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------

Updated sudo package for Slackware 7.1:
ftp://ftp.slackware.com/pub/slackware/slackware-7.1/patches/packages/sudo.tgz

Updated sudo package for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sudo.tgz

Updated sudo package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.6.6-i386-1.tgz


MD5 SIGNATURE:
--------------

Here is the md5sum for the package:

Slackware 7.1:
1f2eb2c0e01c5d2182431cc401f78a89  sudo.tgz

Slackware 8.0:
d0598233fefeb9d37450eec10a087e07  sudo.tgz

Slackware -current:
26c70a9a740823353300b23f110b3cca  sudo-1.6.6-i386-1.tgz


INSTALLATION INSTRUCTIONS:
--------------------------

As root, upgrade to the new sudo.tgz package:
# upgradepkg sudo.tgz

Remember, it's also a good idea to backup configuration files before
upgrading packages.

- Slackware Linux Security Team
  http://www.slackware.com

Caldera: From Squid advisory SQUID-2002:2 : Error and boundary conditions
were not checked when handling compressed DNS answer messages in
the internal DNS code (lib/rfc1035.c). A malicious DNS server
could craft a DNS reply that would cause Squid to exit with
a SIGSEGV.

____________________________________________________________________________

                Caldera International, Inc.  Security Advisory

Subject:                Linux: squid compressed DNS answer message boundary failure
Advisory number:        CSSA-2002-017.0
Issue date:             2002 April 25
Cross reference:
____________________________________________________________________________


1. Problem Description

        From Squid advisory SQUID-2002:2 : Error and boundary conditions
        were not checked when handling compressed DNS answer messages in
        the internal DNS code (lib/rfc1035.c). A malicious DNS server
        could craft a DNS reply that would cause Squid to exit with
        a SIGSEGV.


2. Vulnerable Supported Versions

        System                          Package
        ----------------------------------------------------------------------

        OpenLinux 3.1.1 Server          prior to squid-2.4.STABLE2-4.i386.rpm

        OpenLinux 3.1 Server            prior to squid-2.4.STABLE2-4.i386.rpm


3. Solution

        The proper solution is to install the latest packages.


4. OpenLinux 3.1.1 Server

        4.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/RPMS

4.2 Packages

        ce1fbb905f270ca49d9151b6b40507c9        squid-2.4.STABLE2-4.i386.rpm/

        4.3 Installation

        rpm -Fvh squid-2.4.STABLE2-4.i386.rpm/

        4.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/Server/current/SRPMS

4.5 Source Packages

        b5001b17b2b841a6cd8b196d5789db64        squid-2.4.STABLE2-4.src.rpm


5. OpenLinux 3.1 Server

        5.1 Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMS

5.2 Packages

        9a72c528ba333d87e1d6719340ee768b        squid-2.4.STABLE2-4.i386.rpm

        5.3 Installation

        rpm -Fvh squid-2.4.STABLE2-4.i386.rpm

        5.4 Source Package Location

        ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/SRPMS

5.5 Source Packages

        cd38d3243263a06eba7c20c836709711        squid-2.4.STABLE2-4.src.rpm


6. References

        Specific references for this advisory:

                http://www.squid-cache.org/Advisories/SQUID-2002_2.txt

Caldera OpenLinux security resources:
                http://www.caldera.com/support/security/index.html

Caldera UNIX security resources:
                http://stage.caldera.com/support/security/

This security fix closes Caldera incidents sr862189, fz520428,
        and erg711999.


7. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on this website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera products.


8. Acknowledgements

        This vulnerability was discovered and researched by zen-parse
        <zen-parse@gmx.net>.

____________________________________________________________________________

John Gowin writes “If anything is creating a stir in the world of computing these days, it’s definitely Linux.

You may have heard a lot of things about Linux, or not much at all, depending on what you read and who you talk to. Comments range from how incredible Linux is and how it will be a serious threat to Microsoft, to how difficult it is to use, and how there’s no software support. Well, every tidbit you hear gained life from some sort of truth, but it’s hard to put all the facts together when they’re being fired at you from all over the place. With this article I hope to tell a prospective Linux user what he or she needs to know to make the decision to switch. I’m not talking enterprise server stuff here, you can find information on that all over the place. I’m talking about the OS on your home PC that you’re probably using right now.

Read the article here“

IBM today announced new industry-standard
ECperf benchmark results showing that WebSphere* running on Linux**, the
open source platform, delivers the high-performance and scalability
required to deploy e-business applications while enabling customers to
reduce the total cost of ownership (TCO).
ECPerf is an Enterprise JavaBeans benchmark designed to measure the
scalability and performance of J2EE servers and containers. It is
developed
under the Java Community Process and has been built in conjunction with
J2EE server vendors.

IBM’s most recent ECperf submission, demonstrates a real e-business
solution with IBM WebSphere Internet infrastructure software, a cluster
of
eServer xSeries systems running Red Hat Linux and DB2. This solution
almost doubled the previous performance record held by BEA and HP running
Windows 2000 Server. While setting a new standard for performance, the
IBM
submission was also 39 percent less expensive than the BEA and HP
solution.

IBM is the first company to submit an ECperf benchmark running on Linux.

IBM delivered 32581.47 BBops/min@Std, a measurement of workload, and
$11/BBops, the measurement of total cost of ownership of the system under
test. These results show the value and performance that customers can
realize with a world-class e-business infrastructure from IBM. For more
information about IBM’s ECperf benchmark results, as well as the full
disclosure report, visit http://ecperf.theserverside.com/ecperf/

“IBM software and hardware running on Red Hat Linux is a powerful
combination, delivering the industry’s best value, lowest TCO with
industry
leading performance,” said Scott Hebner, Director of Marketing, IBM
WebSphere. “More and more businesses are considering performance results
when making purchasing decisions. These results, coupled with our
extensive customer base, shows that WebSphere delivers superior
performance
while cutting the overall cost of running applications.”

IBM continues to set the standard for performance. In an earlier
submission using Java, WebSphere and DB2 running Windows 2000, IBM
achieved
the equivalent performance at only 72 percent the cost of BEA WebLogic’s
submission.

About IBM’s WebSphere Software

WebSphere is the market-leading Internet infrastructure software, or
middleware, for creating, running and integrating e-business applications
across a variety of computing platforms. Built on open standards such as
J2EE, XML and the new Web services standards, and endowed with IBM’s core
strengths of reliability, scalability and security, WebSphere server
software and development tools are used by tens of thousands of customers
and have shown 11 consecutive quarters of doube-digit sales growth. For
more information: http://www.ibm.com/websphere.

*Indicates trademark or registered trademark of International Business
Machines Corporation.

**Linux is a trademark of Linus Torvalds.

All other trademarks or registered trademarks are property of their
respective owners.