Posted on LinuxSecurity.com: “ucd-snmp is an implementation and a set of tools to deal with the
Simple Network Management Protocol (SNMP), which is responsible for
enabling remote administration and monitoring of network devices.

There are several vulnerabilities[1,2] in the ucd-snmp implementation
of SNMP which could lead to DoS attacks and even remote intrusion.”

This may be old news to many readers, but the ZDNet/C|Net coalition has a story about Linus Torvalds using software to “automatically apply patches and updates to the open-source OS after receiving complaints that the process was too slow. Addressing concern that tweaks to the operating system aren’t being pushed through fast enough, Torvalds has taken steps to formalise control over the project’s underlying source code.”

A San Fransisco Chronicle story says that Hewlett-Packard Co. reported quarterly profits Wednesday that surged nearly 250 percent. The maker of printers and computers based in Palo Alto, Calif., reported net income of $484 million (25 cents per share) in its first quarter, which ended Jan. 31, compared with $141 million (7 cents) in the same quarter last year.

Anonymous Reader writes, “An article just went up over at at the developerWorks Linux Zone that test the management of threads and processes on Linux and Windows systems. It walks you through the differences between processes and threads on each OS and test which system OS does better. The result of the testing clearly shows a big Linux performance advantage over both Winbdows 2000 and Windows XP. The scripts can be downloaded, tested and performance results confirmed on your own system.”

–
By Andrew Orlowski of The Register –

BSD is now three times as popular on the desktop as Linux, Apple’s Ernest Parbakar told attendees at the annual USENIX BSD Conference in San Francisco Wednesday.

That’s thanks to Mac OS X, of course, which is a BSD-based Unix (although much of this remains hidden).

Parkabar was summing up Darwin developments for a BSD State of the Nation panel, at which the five major tribes summarised what’s been happening, and what to expect in the near future. Two of the panelists were Apple staffers: Jordan Hubbard, who talked about FreeBSD, and Parbakar himself.

According to Parbakar, Apple has acquired “a lot of talent” from Bay Area companies: “We have Eazel and Sun refugees, and even a few freaks from FreeBSD.”

Apple has one of the biggest gcc compiler design teams in the world, he reckons; he is working to get optimizations developed at Apple integrated into the main code tree.

It sounds like Hubbard has had an influence on the Darwin development. Parbakar says that synchronization between Darwin and FreeBSD is still really important. The goal is to bring it up to FreeBSD 4.0 status, although this task is like porcupines mating — “you have to be careful.”

Future Apple development would focus on looking for a better threading mode, and more Kerberos work including interoperability with Microsoft’s Active Directory.

Speaking of which, Parbakar reminded attendees that Microsoft now has Office running on a Berkeley UNIX.

The relationship between Darwin and the rich NeXTish layers isn’t easy, he acknowledges: There are two namespaces and two forms of package management. But it is a unique adventure, for sure.

“The Macintosh has always been very fascist, but we’re now starting to embrace the diversity of BSD. We’d love you to bring your X11 application to Mac OS X.” He cites XFree86 4.2 as a model of a Mac-friendly BSD app.

All Content copyright 2002 The Register

Wired.com reports that Slashdot founder Rob “CmdrTaco” Malda has proposed to his girlfriend on the site on Valentine’s Day. Here’s the proposal at Slashdot. Wired.com notes one reader comment: “If you two get married, will you be all proprietary towards her, or will she be open source?” (Slashdot, like NewsForge and Linux.com, is part of OSDN.)

Digi International*, Inc.
(Nasdaq: DGII), the leader in Connectware, has introduced the new
PortServer CM*, a product line focused on the demanding requirements
of data center managers.

The PortServer CM enables system administrators to monitor and control
IT equipment such as Unix and Linux servers, routers, network
switches, intelligent power supplies and telephone switches, through
industry standard serial console ports. Administrators can securely
monitor and control any mix of connected devices from anywhere on the
corporate network, including standard TCP/IP connections over Ethernet
LANs or dial-up modem connections.

The PortServer CM provides the highest level of security available for
serial console connections. Using Secure Shell (SSH v2), a robust,
standards-based security interface, PortServer CM protects against
unauthorized data monitoring (also known as “sniffing”) and provides
access to approved users on a per port basis. PortServer CM’s Sun
Safe feature protects against any unintentional break signals
affecting Sun servers.

The PortServer CM also provides a detailed Console History Log that
tracks minute-by-minute audit trails and can be used by network
managers as a diagnostic tool to avoid potential loss of
mission-critical data.

Packaged in a slim 1U, 32 port design, the PortServer CM is designed
to be rack-mounted with servers for better co-location with network
hardware. PortServer CM comes with Digi International’s
industry-leading service and support.

“PortServer CM addresses a rapidly-growing market for secure, reliable
console management solutions,” said Burk Murray, vice president of
marketing for Digi International. “As new technologies emerge and
network infrastructures rapidly expand, we’ll continue to enhance the
functionality and flexibility of our console management product line
to meet evolving market demands.”

Joe Dunsmore, president and CEO of Digi International, said, “The new
PortServer CM is consistent with our Connectware strategy, and one
more example of how we are helping customers reduce costs and more
efficiently manage their business through advanced connectivity
solutions.”

According to a recent report entitled ” Connectware: Network-Enabling
the Next Generation of Intelligent Devices” by William R. Becklean, an
analyst at Commerce Capital Markets, “We estimate the market for
‘connectware’… will increase to approximately $1.0 billion by the
middle of this decade…. Terminal servers historically represented
about 25% of the total [connectware] market but this figure appears to
be increasing rapidly as a result of growth in the console server
market.”

About Digi International
Digi International, based in Minneapolis, is the leader in
Connectware, wired and wireless, hardware and software connectivity
solutions that businesses use to create, customize and control retail
operations, industrial automation and other applications. Digi markets
its products through a global network of distributors and resellers,
systems integrators and original equipment manufacturers (OEMs).

Slashdot readers discuss this observation: “I was just checking out the Linux 2.5 changeset and noticed that Linus has just merged ALSA into his tree. Its about time.”

LinuxSecurity Contributors write, “Although SafeWeb’s Web anonymizing service has been shut down since December, they claimed it was
the ‘most widely used online privacy service in the world’ … Andrew Schulman and I have just finished a
technical report detailing SafeWeb’s catastrophic failures under the simplest of JavaScript attacks by Web
sites or firewalls (e.g., by redirecting to a page containing the exploit).”

http://www.linuxsecurity.com/articles/privacy_arti cle-4444.html

Pull up the changelogs for the 2.2
kernel or the 2.4 ac branch. In most of them, you’ll find the name
Val Henson. Yes, that’s a woman. Not
only is Val Henson one of the top women
in Open Source, she’s one of the top
humans in Open Source: a true kernel
hacker.

In the Renaissance Period, (15th
century) women were expected to give
birth to boys and mind their manners.
Not to make spectacles of themselves.
But the woman known as the first lady of
the Renaissance, Isabella D’Este, didn’t
follow the trend. She became the ruler
of Mantua, Italy, at an early age. She
spoke Greek and Latin, played the lute,
and debated with men about politics and
war. She was in a small minority.

Today, even though women have more
freedom, there are still things we’re
expected not to do, like major in
computer science and become programmers.
Enter another trend-bucker, 23-year-old Henson. She lives in
Socorro, New Mexico. She’s a senior
software engineer at Synergy Microsystems, where she maintains
Linux for Synergy’s line of embedded
PowerPC-based boards.

“What I spend most of my time doing is
writing and debugging Linux kernel code
— which is also my favorite part of the
job,” says Henson. “I participate in the
various linuxppc-* lists more than linux-kernel, but I occasionally have a patch
to post to lkml. I also make our
installation CD work and answer
questions for our Linux customers.”

Henson was one of the first women to be
placed on LinuxChix’s growing list of
the Top Women in Linux. As the
first installment in a series about
women in Open Source, I recently had
the good fortune to ask
Henson about her life as a female geek.

Newsforge: Tell me about your
early experiences with computers, and
how you got hooked.

Val Henson: My first “computer”
was an Atari my mother brought home when
I was 4 years old. I still remember
how my sisters and I all laughed with
delight the first time we heard the
PacMan theme song played on the Atari’s
tinny speaker. A succession of “real”
computers followed, including an IBM PCjr, a Intel 286 with a monochrome monitor, and at
long last, the Intel 486 with color monitor. My favorite game on the
IMB PCjr was based on electrical engineering, but at the time, I just
knew that it had pretty colors, NOT-gates, flip-flops, electric wires,
and a fox that danced to a different song every time I solved a
puzzle. Later on, I still mostly used the computer for games, but I
also did a little BASIC programming and wrote a small newsletter using
WordPerfect 5.0.

The summer before I started college, I’m embarrassed to admit that I
went to a hacker convention. While I was there, I met several
computer professionals who were well-dressed, intelligent, funny,
attractive, outgoing, and well-paid. I wanted to be all those things.
I began college as a biology major, but switched to computer science
in my second semester and never looked back.

NF: Do you consider yourself a geek? What does that mean to you?

VH: Yes, I’m a geek. To me, being a geek means mostly that you don’t
think you’re this amazing, suave, cool person. It means that you have
unusual interests, a strong sense of humility, and you don’t take
yourself seriously. I have a large group of geek friends, and we
usually organize three or four social
activities a week, so being anti-social
or socially inept is not part of my
definition of geek. The best part about
being a geek is that you don’t have to
spend a lot of time keeping up
appearances. Yes, I am interested in
computers, and I don’t know what
happened on the latest episode of
“Friends,” and my fashion sense is
terrible — and that’s okay.

NF: When and how did you first
realize, “Hey, I’m a geek!”?

VH: Hmm, I was popular for a few
days in third grade. Other than that,
I’ve always considered myself a geek. I
finally met people like me when I went
to college, which was a revelation in
itself — people like me existed, and I
could have friends and still be myself.
I’m much happier now than when I was in

high school.

NF: We’ve seen your name in most
of the kernel updates. It’s obvious
you contribute a great deal to Linux.
How much of your spare time goes to
volunteer work?

VH: I’m paid to do Linux kernel work, although I do spend more time on it
than absolutely necessary because I enjoy operating system work so
much. I spend all my volunteer time on projects encouraging women in
computer science. My largest volunteer project is LinuxChix, where I’m teaching Linux
kernel hacking and running a women-only
mailing list. I recently started
mentoring women who were interested in
Linux kernel hacking, and that has
worked out really well so far.

NF: What other projects do you contribute to?

VH: I contribute little tiny snippets of code here and there, mostly as
bugfixes. I’m most proud of fixing a minor bug in the typo generating
code of the “xjack” hack for the
xscreensaver suite for Xwindows.
And every time I want to play Zork, I have to fix minor bugs
in the Linux Z-machine code. I should really submit that patch
someday…

NF: Why is it important to
increase awareness of women in
computing?

VH: I believe strongly in the equality of all humans. I’ve chosen to work
on encouraging women to enter computer science because it’s personally
meaningful to me, and because there is a lot of room for improvement.
My particular field, Linux kernel development, has far fewer than 1%
women.

Increasing awareness of women in computing is important because it
encourages women, especially younger women, to get into computing.
People, consciously or unconsciously, pick up clues about what they
should and shouldn’t do. One of those clues is, “Are other people
like me doing this?” If you’re a girl just about to graduate high
school, and you’ve never met or even heard of a woman in computer
science, you’re not likely to choose computer science as your career.

Part of the problem is that women have difficulty promoting
themselves. We tend to be self-effacing and modest and more
interested in helping other people than promoting ourselves. Women in
computing need to realize that they are
helping other people by promoting
themselves.

NF: Do you feel that women bring something to the field that would be
missing otherwise? In other words, how has Open Source in particular
benefited from the feminine presence? How has the world benefitted? And
how will women benefit from increased involvement in this area?

VH: A year ago, I would have said that women don’t bring anything new to
open source. Now I know I was totally wrong. Women are definitely
more cooperative, more polite, and better at mentoring. Our focus is
much more on getting things done and doing them correctly, rather than
defending our “turf.” We’re still independent and prefer to learn on
our own, but we don’t insist on the “sink-or-swim” model of getting
involved in a project.

Women benefit from being involved in open source financially,
professionally, and personally. Financially, because working on an
Open Source project can give you the training to get a better-paying
job. Professionally, because people recognize your name from project
OpenXYZ and respect you more for it. And personally, because having
your work accepted and used by the open source community is a huge
self-esteem boost.

In the broadest sense, the world benefits from women in open source
because it increases human happiness, both through increasing human
equality and through the benefit that Open Source gives to everyone.
But we’re getting dangerously close to philosophy, so I’ll leave it
at that.

NF: Do you have any mentors? Who, and how have they contributed to your
life?

VH:Cort
Dougan is my number one mentor. He
was a graduate student in computer
science at New Mexico
Tech at the same time I was an
undergraduate. I tried very hard not to
ask him questions, but when I was really
stuck, he would help me out. Mostly,
Cort always encouraged me in my
ambitions, in fact, always encouraged me
to raise my ambitions and aim higher
than I thought possible. He was also
the first Linux kernel hacker I met
(actually, he ported Linux to the
PowerPC and maintained it up until
recently, so he’s more than just another
kernel hacker).

NF: Who’s
your hero?

VH:Ellen Spertus,
currently at Mills
College. She has three degrees from
MIT in computer science, and did some
excellent work on women and
computer science in addition to her
purely technical CS research. She won
the “Sexiest Geek Alive 2001” competition on the basis that, as a
CS professor, she has reproduced more
geeks than anyone else. I admire her
immensely, and am considering going back
to college to get my PhD because of her.

NF: Free Software or Open Source?

VH: I prefer the term “open
source” for several reasons. Open
source has fewer strange implications
than the “free” in free software. I’m
also not a free software zealot. For
example, I really like the BitKeeper
license because it makes the
software free (as in beer) as long as
you are using it to write free software.
You can even use it for free to write
closed software, but you’ll lose some
privacy if you do. The BitKeeper license
isn’t a classic “free software” license,
but it is an “open source” license and
it actually encourages other companies
to open source their software. In
summary, I prefer software to be open
source, but I don’t believe that the
“free software” model makes sense for
all software.

NF: GUI or command line?

VH: It depends. I mostly prefer command line because I’m a control freak.
I like to fiddle and customize and make things work exactly the way I
want them too. But BitKeeper’s GUI
tools have shown me that GUI’s can
be useful and friendly to control
freaks like me as well as people
who just want to get things done with
the minimum of effort. I think GUIs
can be written to be appealing to
command line users, but usually aren’t.

NF: Distribution?

VH:FSMLab’s RTLinux Development kit.
It’s basically Red Hat with a lot of
bugfixes and a really nice
cross-compilation development
environment. Oh yeah, and you can use
it for developing RTLinux (hard
real-time) applications, too. I
cross-compile for PowerPC on my x86
workstation a lot, and it was wonderful
to just install the RPM’s and have them
work.

NF: Favorite beverage while coding?

VH: Water. It used to be Dr Pepper, but I can now stay up programming
all night without any help from caffeine. I’m a little disturbed by
this ability, but it’s nice to not get the shakes at 5 a.m. any more.
And you never run out of water.

NF: Best atmosphere for hacking?

VH: In my home office, with a big glass of water, and a good techno or
trance CD cranked up on the stereo. I’m a fan of Orbital, Paul
Oakenfold, and Juno Reactor.

NF: Hobbies?

VH: Hiking, fossil hunting, and hanging out with my friends. I’m also
collecting questions for the TCP/IP Drinking Game. I’d like
to take up kayaking, but I live in a
near-desert so that may be difficult.

NF: What do you do to get away
from the computer?

VH: Hiking. I live in a state that is more than 50% public lands, and
most of it is prime hiking territory. I am a 20-minute drive from
several hundred square miles of semi-badlands which I’ve only just
begun to explore, and an hour’s drive from four large mountain ranges.
Hiking is really exciting to me, especially when all I can see from
where I’m standing to the horizon is empty badlands with no sign of
humanity. Wow.

NF: Tell me something interesting
or unusual about you that not many
people know.

VH: When I was a teenager, I raised and showed dairy goats. I can milk a
goat, help a goat give birth, and drag a goat around a show ring in a
sad parody of the term “showing a goat.” I would like to own another
goat someday, but goats are a big responsibility and I’m not ready for
anything more demanding than a cat right now.

NF: Have you experienced any hardships directly related to being a woman in
Open Source?

VH: I have a somewhat gender-neutral name, and since most open source
development is conducted over email, I’d be surprised if many people
knew I was female. The biggest barrier to entry for me was
self-confidence, which is where Cort really helped me out a lot. The
hardest thing I have to deal with on a daily basis is when someone
makes an obnoxious comment about women on an open source mailing list
that I know is 99% men. I’m working hard on figuring out the best
response to that, considering the environment and culture of the
mailing list.

NF: Is there anything else you’d like to say?

VH: Women: Computing is fun! Lots of women are doing it! If you’d like
to find a peer group, I suggest joining one or more of the mailing lists
at
LinuxChix.