August 31, 2001 – Manchester, UK – Representing the Open Cluster Group –
Tim Mattson of Intel proclaims OSCAR v1.1 a success with over 1400
downloads taking place in approximately 30 days. On August 2, 2001, the Open Cluster Group (OCG) released version 1.1 of
its software package that makes configuring and maintaining a Linux
cluster as easy as installing commercial software from a CD. Version 1.1
includes updated versions of nearly all the included software tools as
well as support for RedHat 7.1, LAM/MPI, and the Maui scheduler.

The software, called Open Source Cluster Applications Resources (OSCAR),
is available for download from the OSCAR project page on SourceForge:
http://oscar.sourceforge.net/

OSCAR is being developed by the Open Cluster Group, a collaboration
among technology companies and major research centers led by IBM, Intel,
Oak Ridge National Laboratory, Indiana University, University of
Illinois’ National Center for Supercomputing Applications, Dell, SGI,
MSC.Software Corporation, and Veridian. More information is available
at the OCG web page: http://www.openclustergroup.org/. Developers from
the OCG will provide demos at SC’2001 in the Oak Ridge National
Laboratory booth on equipment provided by Dell.

OSCAR is being developed as a complete Linux cluster infrastructure that
allows users to set up a parallel Linux supercomputing cluster in a
matter of hours. The tools included in OSCAR are all community accepted,
tested, and configured to work together. Without OSCAR, each of these
tools would need to be installed, tested, and configured separately — a
process that can take days. Included in the package are Portable Batch
System (PBS), which queues computing jobs for running on a cluster,
Parallel Virtual Machine (PVM), which allows parallel applications to
run on clusters, LAM/MPI and MPICH, tools that allow Message Passing
Interface (MPI) codes to run on many high-end computing systems, and
Cluster Command and Control (C3), a suite of tools to simplify the use
and administration of clusters.

“OSCAR allows users to quickly and easily create a high performance
Linux cluster without the requirement of high-level technical
expertise,” said Jeff Squyres, a researcher at Indiana University and
one of the core OSCAR developers. “The use of OSCAR and OSCAR-enabled
tools, particularly tools supported by major vendors such as IBM and
Intel, leverages the current best-known ways of building an maintaining
a Linux cluster.”

Design and development is already in progress for OSCAR 2.0. The 2.x
OSCAR series is being designed to include a scalable development
infrastructure that will allow transparent support for multiple Linux
distributions, support for Intel’s new Itanium processor, and
finer-grained releases of sub-packages and tools included in the OSCAR
framework. The finalized OSCAR 2.0 design will be an open, published
API.

“The published API will enable third party software packages to easily
utilize the OSCAR management framework, allowing independently developed
tools to be integrated in to an OSCAR-installed cluster,” said Squyres.
“We consider it to be one of the most important aspects of the OSCAR 2.x
series.

Progeny Linux Systems chairman Ian Murdock officially announced that his company has suspended development of its Linux Network of Workstations project: “It is with great disappointment that I must formally announce that
the Linux NOW project is on hold for the foreseeable future. In
reality, it has been on hold since February, as we have had no
one working full-time on the project since then, but we held off on
announcing that in the hope that we would be able to find the
resources to pick up development again. That does not appear likely
in the near term.” Read the full message at Progeny.

Posted at Help Net Security: “eRiskSecurity has discovered a fatal flaw in PhpMyExplorer, a popular (and very good
looking) PHP based file manager. It is vulnerable to directory traversal. If the web
server doesn’t have appropriate limits set, like most out-of-the-box Linux
distributions, the intruder can browse the entire drive, even reading sensitive files such
as /etc/passwd.”

Reported at ZDNet Interactive Week: “Nearly three years after its formation,
the non-profit corporation that oversees Web addresses is still
figuring out what level of influence its members should have, the chief
executive said on Wednesday.

At issue is the notion of having representatives from the Internet
community “at-large” electing board members of the Internet
Corporation for Assigned Names and Numbers (ICANN).”

And now, a short item at ZDNet News: “Jeremy Allison, leader of the Samba project that lets Linux servers share files like a Windows
server, is among those left jobless by cuts at VA Linux Systems, Allison said Wednesday. The
company shucked its hardware business in July. VA also hired Samba’s Andrew Tridgell.” VA Linux is the parent company of NewsForge operator OSDN.

From Help Net Security: “There are many patches that need to be applied to properly close these holes, so they
are not included here. If you will not be upgrading your system to 2.14 and instead wish
to apply these patches to your existing system, please consult the bug reports on
bugzilla.mozilla.org for the bug numbers listed below, where you can obtain the patches
attached to those bugs.”

Over at Slashdot, Craig Maloney reviewsThe Book of SCSI, 2nd Edition, a new title by Gary Field and Peter M. Ridge from No Starch Press. Maloney: “I wish the authors had written this book ten years ago. However, it is still a welcome addition to
my library today.”

Posted at Help Net Security: “The vulnerability presents itself when an attacker submits a specially- crafted,
incomplete print job. An attacker can subsequently request a display of the printer
queue to trigger a buffer overflow. A static buffer overflow condition exists in the
functionality that parses the attacker’s first request. Attackers may use this overflow to
execute arbitrary commands on the system, or spawn an interactive shell and then
navigate the filesystem. After the attacker successfully exploits the buffer overflow, all
commands are executed with superuser privilege.”

From InfoWorld, posted at CNN: “Dreamworks itself today is composed of more than 250 workstations and a
rendering farm comprising more than 1,000 servers, the bulk of which are
Linux-based. The systems are primarily based on dual processor Pentium 3
processors, with migration to Itanium/Pentuim 4 technology just around the
corner. Where workstations are concerned, Dreamworks runs the film industry’s
most popular machines: Silicon Graphics 02 and Octane platforms.

Judging by audience enthusiasm here,
Dreamworks’ public declaration of Linux
support was a welcome vote for open-source
true believers.”

Posted at LinuxSecurity.com: “Sendmail contains an input validation error which may lead to the
execution of arbitrary code with elevated privileges by local users.
Due to the improper use of signed integers in code responsible for the
processing of debugging arguments, a local user may be able to supply
the signed integer equivalent of a negative value supplied to
sendmail’s “trace vector”. This may allow a local user to write data
anywhere within a certain range of locations in process memory.
Because the ‘-d’ command-line switch is processed before the program
drops its elevated privileges, the attacker may be able to cause
arbitrary code to be executed with root privileges.”