portupgrade, Railroad Security, Paranoid PHP System Calls, and XP for Open Source Developersby chromatic
Linux Newsletter for 09/02/2003
Greetings! Yesterday was Labor Day here in the U.S., so instead of laboring to produce the next week of stories and book excerpts for ONLamp.com, your editor spent the day laboring to finish installing Gentoo GNU/Linux on his laptop. Consequently, today is Linux Newsletter Day. Let's start here:
Noel Davis warns of several Security
Alerts. Programs with potential remote exploits include
(which implements the Simple Railroad Control Protocol, very cool!); ViRobot
Linux Server (an antivirus tool);
netris (a game); and
autorespond (a mail responder). Please take a few moments to
check your vendor for updated packages.
Dru Lavigne's latest jaunt through the fine world of FreeBSD explores
You can go a long time without even knowing it's there, but once you've seen
what a searchable index of your ports can do, you'll never forget it's there.
John Coggeshall's latest PHP Foundations column, Securing System Calls, is a reminder that user input is untrustworthy. Though PHP has a fantastic amount of included functionality, sometimes the simplest solution to a problem is to execute a standard program, such as a zipping program or a legacy binary. Unless you're sufficiently paranoid, it's possible for malicious user input to do things you don't expect—so it behooves you to learn exactly how paranoid you should be.
To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit https://epoch.oreilly.com/account/default.orm and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).
To change your newsletter subscription options, please visit https://epoch.oreilly.com/account/default.orm and click the"Manage My Newsletters" link. For assistance, send email to
One nice feature of open source development is that developers can make lots of mistakes and still, eventually, succeed. Of course, it'd be nicer to avoid some of those mistakes. Your editor's Five Lessons Open Source Developers Should Learn from Extreme Programming explores some of the common mistakes and explains ways to avoid them. Not every practice has a direct match, but you can improve your software and lower your sanity roll with a little discipline.
This week's weblogs feature Andy Lester discussing who speaks for open source advocates; Steve Mallett introducing O'Reilly's developer news site; Jason Deraleu discussing security designs in popular operating systems; and William Grosso complaining about bad MPAA propaganda at the movies.
Finally, your editor would like to thank eagle-eyed (no pun intended) James Burchell for pointing out the correct spelling of blepharitic. We'll stick to simpler words from now on.
Six days until the next newsletter,
ONLamp.com and Linux Devcenter Top Five Articles Last Week
Five Lessons Open Source Developers Should Learn from Extreme Programming
It may be harder to see how Extreme Programming (XP) can apply to open source projects, especially those without a formal customer. But to build a successful open source project, you must solve many of the same problems you'd face with an in-house project. Here chromatic, author ofExtreme Programming Pocket Guide, offers five lessons open source developers can learn from XP.
One of FreeBSD's biggest benefits is its ports collection. Perhaps the most important ports utility is portupgrade. Dru Lavigne demonstrates how you can get the most out of your ports collection.
Five Habits for Successful Regular Expressions
For many programmers, writing regular expressions is a black art. They stick to the features they know and hope for the best. Tony Stubblebine, author of Regular Expression Pocket Reference, says programmers can avoid a lot of trial and error by adopting these five habits for regular expression development. The code examples in this article use Perl, PHP, and Python, but the advice Tony espouses is applicable to nearly any regex implementation.
Noel Davis looks at problems in BitKeeper, the GNOME Display Manager, rcpd, ViRobot Linux Server, OpenSLP, eMule, lMule, xMule, netris, and autorespond.
Guido van Rossum Speaks
Guido van Rossum, creator of Python, recently announced a move from PythonLabs to Elemental Security. Steve Holden caught up with Guido to talk about the move, the future of Python, and computer programming for everybody.