eWEEK reviews Red Hat’s Tux 2.0 Web server: “Running on a Linux 2.4 kernel [Tux] has taken performance far beyond what was previously possible and blazes the way for future Web servers built on the same architecture.”

Portable OpenSSH 2.9.p2 is now available for your downloading pleasure. From the Portable OpenSSH home page: “Normal OpenSSH development produces a very small, secure, and easy to maintain version for the OpenBSD project. The OpenSSH Portability Team takes that
pure version and adds portability code so that OpenSSH can run on many other operating systems.”

ATLANTA, GA June 18, 2001 – ActiveState, a leader in open source programming tools,
today at Microsoft Tech Ed 2001, announced the first
release of Visual Perl, Visual Python and Visual XSLT for Beta 2 of Microsoft Visual
Studio.NET. These solutions allow developers to edit,
debug and run programs written in Perl, Python and XSLT in the Visual Studio.NET IDE.
“Our participation in the Visual Studio Integration Program enables us
to bring the advanced editing and testing environment of Visual Studio
.NET to our customers,? said Dick Hardt, Founder & CEO, ActiveState. ?A
chief benefit of this integration for customers is in productivity
advances. For example, moving from a text editor to a visual
environment in programming is akin to the advances of moving from
Notepad to Word in word processing.?

Features:

• Editor – code completion, syntax-based colorizing, syntax error
  detection, language-aware auto-indenting, code folding, and keyword tips
• Integrated online help – connect to ASPN and search and retrieve
  online resources
• Graphical debugger – manage breakpoints, control flow, view
  variables, lists, and complex objects, and for Perl debug remote
  processes
• Project manager – manage groups or related files, data files,
  and for XSLT remote URL handling

Visual Perl also includes ActiveState?s unique regular expression
debugger, which enables programmers to easily step through Perl regular
expressions one step at a time. The debugger helps determine where and
why regular expression matches fail and provides a user interface with
easy to understand descriptions for generating regular expression
syntax.

Visual XSLT also contains ActiveState?s one-of-a-kind XSLT debugger,
which synchronizes input and code while debugging in real time. It also
displays XSLT variables and parameters and allows programmers to enter
arbitrary Xpath expressions in the debugger Watch window while
debugging.

?It?s great to have full development support for Perl within Visual
Studio. Visual Perl?s features such as the colorized editor and code
completion have helped me develop code more quickly,? said Visual Perl
beta tester Chuck Wagner, Software Developer, Data Stable Consulting.
?I?m particularly looking forward to trying out the new regular
expression debugger — so that I can step through a regular expression
while it is being matched — it?s a process that until now I?ve found
frustrating to say the least.?

?It?s been exciting working with ActiveState on bringing these open
source programming languages to Visual Studio.NET,? said Tom Button,
vice president of Developer Tools at Microsoft Corp. ?This really fits
our mission of enabling developers to rapidly create Web applications
using their language of choice.?

?We?ve received tremendous feedback from beta-testers, who?ve found the
advanced editing and debugging features in Visual Studio.NET in
combination with Perl, Python and XSLT to be a powerful tool. In
particular, they like being able to interactively test the trickier
parts of programs with the Regex and XPath debuggers, before running the
entire program. This has resulted in significant productivity gains,?
said Eric Promislow, Visual Project Lead, ActiveState.

Visual Perl is available with ASPN Perl at $495. The download is accessible at
http://ASPN.ActiveState.com/ASPN/Perl. Visual Python and
Visual XSLT are currently available in beta and can be freely downloaded
from www.ActiveState.com/ASPN.

About ActiveState:
ActiveState is the leading provider of open source based programming
products and services for cross-platform development. ActiveState’s key
technologies are Perl, the Internet’s most popular programming language;
Python and Tcl, user-friendly scripting languages; PHP, the dynamic Web
programming language; and XSLT, the XML transformation language. The
ActiveState Programmer Network (ASPN) offers these technologies with the
latest information and productivity tools, empowering programmers with
the freedom to work with their preferred language and development
environment.

Media/Analyst Contact:
Lori Pike
Director Corporate Communications,
ActiveState
phone 604.484.6417 / cell 604.808.6655

© ActiveState Corporation 2001.

ActiveState, ASPN, Visual Perl, Visual Python and Visual XSLT are
trademarks of ActiveState Corp. All other company names herein may be
trademarks of their respective owners.

GGZ Gaming Zone, an alternative to Microsoft’s online gaming product, now supports KDE with its 0.0.4 release. A few KDE games and frontends are available, with many more planned for future release. Check out KDE Dot News for more information on GGZ’s spiffy new KDE support.

Distributed denial of service attacks, report eWEEK, “are likely to get much worse” in the future. The reason: Attackers are refining their skills to create more complex assaults on remote systems that are “designed to elude even the best defenses.” The article states that the upcoming release of Microsoft’s Windows XP operating system “provides attackers with a made-to-order launching pad for their DDoS assults” because it will support “raw sockets,” allowing users to spoof IP addresses.

A buffer overflow in version 1.4 of GazTek HTTP Daemon may allow a remote user to execute code on that system with ‘nobody’ user privileges. The post on Help Net Security notes the author has been contacted regarding the bug, but has not yet responded.

Help Net Security posts two items for Debian users. Version 2.6.2 of VT102 terminal emulator rxvt have a bugger overflow in the tt_printf() function (details). In xinetd, there is a possible overflow in the logging code that could be triggered when using a fake identd (details).

– By Jeff Field –

Security is a big issue in Linux. It’s always in the forefront, whether users are talking about the latest security updates for the various distributions, or about which OS is more secure. What follows is a review Engarde Secure Linux, a distribution from Guardian Digital that was created with security in mind.The software
Engarde has very little in common with other distributions. First, it is not suitable for the average desktop user. It is targeted
solely to be a server. It has no GUI, few user programs and heavily restricted
system access.

A full installation takes up only 170 megs, a
testament to how focused this distribution is. I have a Mandrake installation
on this laptop that takes up nearly two gigabytes of space. Because Engarde is so
tightly focused on the server, it does not need all of the “fluff” that many distributions
include.

Installation
Installation is simple. You pop in the bootable Engarde Linux CD, and it boots
from that. It asks you what type of server — mail server or web server — you
intend the machine to be. Later, you can have it do both, when you select which
services to run. I suspect this selection merely affects the way disks are
partitioned. Setup attempts to detect your network card, and did so perfectly
with my RTL8139-based card. You then configure the network, add a user to the
system, and reboot. The installation routine is
very rigid — you may not select how a disk is partitioned, what file systems to
use, what programs to install, or anything like that, but in a secure
environment such control is often necessary.

Once you are done with the first phase of the installation, the machine reboots to a root login prompt that you have no access to — you do not set a root
password at any point, because there is a second
step to the installation. You must connect to the machine via SSL to the
hostname/IP you provided with a secure web browser. The address will be
something like http://machinehost.domain:1023. You then give the default
user name and password, provided by Engarde, and enter into the second part of
the setup with the “WebTool” that comes with the distribution.

The first step in the WebTool is to set up a root password for root access to
the machine. Then, you reset the password for the WebTool itself, and add
users, specifying whether or not they can access the machine remotely (the only
methods of accessing the machine remotely are FTP and SSH). Then follows network
configuration and selection of “trusted” hosts (hosts which should be allowed to
connect to the WebTool). You then select the proper time zone and setup what services
are to be activated at boot time.

Web interface
Once you have configured Engarde, you will now have to use its Web interface for
maintenance purposes. You access this through the same method (SSL) you did for
the initial configuration. Through this, you can manage all the various
functions of the system. Almost everything is done through this interface, with
the exception of the tripwire and FTP services, which must be initially setup
from the console (or from an SSH session).

When you enter the main screen, you see several sections. Virtual host
management is where you manage the virtual hosts on the machine (many hosts can be attached to one machine). System management is where all the
basic configuration options are for things from system time to SSH
configuration. System monitor will show you the state of the system, and lets
you see logs, lists of running processes, and other useful information.
Security has a variety of security-related settings, such as certificates
for SSL, trusted IPs/hosts, and the ability to change the banner users get when
attempting to log in to the console. Guardian Digital update is a
not-yet-functional section that, once it is operational, will allow you to
update the software on your system, because keeping the system up to date is a key
to keeping it secure. Last is the system backup section, which allows you
to back up the files on the system. Through the Web interface, you may also use
the software provided to create a secure online store (you will need a merchant
account, and this software only works in the United States). This is a very nice
touch, making it so someone who wants to put up a quick ecommerce site with
little hassle can do just that.

The Web interface is nice — it is well thought out, and easy to use. For
some people it might actually be easier than other distributions because nearly
everything is configured through this graphical WebTool within their browser of
choice. It’s an interesting design from Engarde, and one that gets high marks in my
book.

Conclusion
With minimal system access allowed and every precaution taken, Engarde Secure
Linux just might be the best distribution for Web/mail servers yet. It doesn’t have all the bells and whistles of other distributions or operating systems, but
it would seem that, unlike other companies that market server OSes, Guardian
Digital does not think Pinball is an appropriate application for a server. With
tight security and everything you need to configure a server out of the box
built into it, Engarde Linux is something you should consider if building a
secure Web site for commerce or any other purpose, or just needing a reliable
mail server. Engarde is available on at the
Web site at no charge, or you may purchase it for $35, which includes shipping, 60 days installation support (though I very much
doubt you will need it) and a printed manual, as well as the Engarde CDs
themselves. Even at $35, Engarde is a steal compared to other ecommerce
solutions.

Maurice R writes: “Linux4us and RadioTux are relaunching with a new entry page.
On this new entry page, visitors will get an overview of all
articles, whether on RadioTux, or on the email-magazin Magazin42, or even articles Linux4us is promoting. And of course, visitors can also find news, events, and votes.”

RadioTux

In broadcast 6 you can find following articles

– Changes on RadioTux
– Report about the C64 emulator V.I.C.E
– A report about SuSE Linux 7.2
– Linux-news of the past 14 days
– and much more

Linux4us

The listeners of RadioTux should know Linux4us allready.
Linux4us offers linux-news and events. Besides workshops, interviews
and much more is offered.

Magazin42

Magazin42 is an email-magazin offering articles about GNU/Linux
Every four weeks it will be sent to the substribers.
Two types will be available a html and a plaintext-version
The first magazin will be published on June the 24th 2001″

From the Wall Street Journal: “Software connected with the FreeBSD open-source operating system
is used in several places deep inside several versions of Microsoft’s
Windows software, such as in the “TCP/IP” section that arranges all
connections to the Internet. The company also uses FreeBSD on
numerous “server” computers that manage major functions at its
Hotmail free e-mail service, whose registered users exceed 100
million and make it one of the Web’s busiest sites.”