Planet Ubuntu
Linux Q New Threads
11.03.10: Optimize this script...
Hey guys,
I need a little assistance. I need this script to delete all files that are not that of *.uz including files starting with a . such as, but not limited to, .htaccess.
Code:...
11.03.10: Software for monitoring Hard-disk failure or damage
I am running CentOS with single hard-disk (no RAID). I frequently saw people lost data because of hard-disk damage or failure.
I am wondering if there is a software for monitoring the hard-disk so...
11.03.10: configuring dhcpd.conf with ip reservations
Hi All,
While configuring dhcpd.conf on centos 4 I couldn't find option to reserve that ip addresses. I have subnet of 10.0.0.0 network of which i want reserve 1 - 50 addresses for my servers. I'll...
11.03.10: Yum "Package(s) php available, but not installed. No Packages marked for update"
Hi All,
I have enabled jasonlitika's repo for a php 5.2.6 upgrade on centOs5
www.jasonlitka.com/yum-repositories
after much updating and installing . ... . .
*#yum update php or yum install...
11.03.10: LXer: Happenings: FOSS at CeBIT 2010
Published at LXer:
This year's CeBIT, held each spring since 1986, took place from the 2nd to the 6th of March, 2010 in in Hannover, Germany. CeBIT, an acronym for "Centrum der Büro- und...
11.03.10: sierra wireless aircard 850 on RHEL 5.2 lenovo w500
Hi All,
I am trying to configure the mention card with no success, after searching google and this forum, i install the manfc. driver firmware in /lib/firmware:
SW_7xx_SER.cis, SW_8xx_SER.cis
and...
11.03.10: network speed monitoring
I want to know which are the different internet speed testing tools which can be integrated to web based application.
11.03.10: which logs or cmd ?
In my Ubuntu 910 machine,My graphic is ATI ,and using HD3450 driver.After I do some compiz-fusion 3d effect,I feel the system will turn slowly.So I want to know in where I can get the info of the...
11.03.10: [SOLVED] Compiling while in the GUI.
Hi:
can I compile and install a source package in one of the text consoles and at the same time be working in the GUI?
By text consoles I mean /dev/tty1, tty2, ..., tty6.
Or may somethig go...
11.03.10: Device driver model in Linux....?
I've wanted to ask this for a long time - if there is a device on my puter which requires a new device driver, how do I get hold of that and install it?
How does a device driver interface with the...
11.03.10: can't auto-login without monitor attached
I'm running Fedora 11 GNOME as a server and I do not want to attach a keyboard, mouse or monitor. I will be shutting down the server at night to save electricity. But, I noticed that when I start up...
11.03.10: Mr Bisquit gets bisquity
I'm light and fluffy.
11.03.10: pxe boot installation in redhat enterprise linux
i want to install the redhat enterprise linux 5.3 through the network with pxe boot .
plz tell me the step by step configuration of configuring the pxe boot installation server.
11.03.10: Good tutorial for PAM
Dear All,
I read a tutorial on PAM from Redhat Manuals i.e.,
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/ch-pam.html
But I did not find this very much clear.
Can anyone...
11.03.10: Help require to install the package.
This is my first installation in linux machine .
I m getting following error while installing mrtg.tar.gz .Please help.
Kindly suggest how would i install file with *.tar.gz in linux machine.
...
Mandriva
10.03.10: Mandriva displays its products at the 2010 Solutions Linux exhibition
Paris, March 10th, 2010 - Mandriva, Europe's leading Linux solutions publisher, will display its latest products at the 2010 Solutions Linux exhibition, from March 16 to 18 at the porte de Versailles Exhibition Centre – Hall 1 – Stand E 29.
Team Mandriva will take the opportunity to show off its latest range of products designed for both professionals and individuals.
Catch up with us at stand E29, where for three days you will be able to :
26.02.10: Mandriva will be present at the Linux 2010 Solutions Exhibition
Paris, the 25th February, 2010 – Mandriva, the leading European publisher of Linux distributions, will unveil its latest products at the Linux 2010 Solutions Exhibition from 16th March to 18th March at Paris - Porte de Versailles, in Hall 1, Booth E29.
The Linux Solutions Exhibition, the annual European meeting place for Linux and free software, offers exhibitors a unique platform allowing them to meet the different participants in the market besides presenting their products, services and technology.
24.02.10: Mandriva Joins ARM Connected Community
Paris, France – February, 24th, 2010 – Mandriva, Europe's leading Linux publisher, today announced it is a new member in the ARM® Connected Community, the industry’s largest ecosystem of ARM technology-based products and services. As part of the ARM Connected Community, Mandriva will gain access to a full range of resources to help it market and deploy innovative solutions that will enable developers to get their ARM Powered® products to market faster.
Paris, February 11th , 2010 - Mandriva, Europe's leading Linux publisher, devolps and releases every six months a new version designed to respond simply and efficiently to all users' needs, whether they are destined for professional or private activities.
Delta Informatique was looking for an operating system both reliable and easily deployed to minimise problems linked to client work stationswhen setting up its new core banking system.
28.01.10: Mandriva Brazil launches its brand new website
Red Hat Magazine

29.01.10: Now showing: opensource.com
Hi. We’re back. Well, not back exactly. We’d just like to take a minute to introduce you to somebody. Somebody that’s important to us.
opensource.com
We promised we’d let you know when we had news–and now we do. Opensource.com is our new adventure. It’s still sponsored by Red Hat, and still shining [...]
15.09.09: Where have we been?
It seems we’ve been a bit out of touch. Rather than bore you with excuses, let’s cut to the chase. Over the last year, we’ve slowed down—and then stopped altogether—publishing articles in Red Hat Magazine. And some of you have been contacting us to ask why.
There’s really a couple of reasons.
First of all, we’ve been [...]
19.05.09: Video: Open source government
Download this video: [Ogg Theora]
Open source is answering the call at government agencies on all levels as they look for opportunities to carve out costs and improve security, transparency, public participation, and collaboration. Why? Open source is stable, trustworthy, and secure, and Red Hat solutions are being used across government agencies to create efficiencies, eliminate [...]
28.04.09: Call for submissions: Innovation Awards and RHCE of the Year
It’s that time of year again–the Red Hat Summit and JBoss World are fast approaching, and with them, Red Hat’s annual awards ceremonies. But first, we need nominations. And for that we appeal to our customers, readers, partners, and friends. That’s you.
Nominate that innovative business you worked with, or the admin who [...]
14.04.09: Red Hat and Intel: Smart processors, virtualization boost efficiency and performance
On Monday March 30, Intel announced the availability of their much anticipated new line of processors, the Intel® Xeon® Processor 5500 series–nicknamed Nehalem.
Red Hat, a long-time partner of the market-leading chip maker , collaborated on the chip’s debut, testing and optimizing the recently released Red Hat® Enterprise Linux® 5.3 on the new processor. [...]
SuSE Linux
20.12.07: Elapsed Time 4
Determine elapsed time of LDAP searches.
12.12.07: One Giant Leap: Cool Solutions gets some New Digs
Eleven years after launching the first Cool Solutions site, we have just taken a major step forward. We have some new digs - a full-on community site with all the Web 2.0 bells and whistles. Check it out!
03.12.07: Deleting Private Data from Your Linux/Microsoft Windows Machine
Private data can still be recovered after you format your Linux/Microsoft Windows machine. Here's a tip from Damian Myerscough that will help you make sure your data cannot be recovered.
30.11.07: Finding Open Files and Network Connections
Mike Farrell shows you how to use the lsof and netstat commands to get a complete list of all open files or network connections on your system.
29.11.07: List Running Resources on V1-style Heartbeat Cluster Node
Small Python script to check for running resources on your heartbeat cluster node.
Linux Q News
09.03.10: UKnow4Kids: a live DVD educational linux distribution with low hardware requirements
UKnow4Kids (http://www.uknow4kids.org) is a Live DVD Linux distribution compiling educational and gaming software for children 2- to 10-years-old. The distribution is intended for broad usage by a...
05.03.10: Open-Source Software: Bad, Evil and un-American
http://www.serverwatch.com/trends/article.php/3868046/Open-Source-Software-Bad-Evil-and-Un-American.htm
floppy
04.03.10: The Three Giants of Linux
Linux Mag article on first Linux Distro's, nice little read.
http://www.linux-mag.com/cache/7721/1.html
02.03.10: Apple sues HTC over phone patents
"Apple has taken legal action against phone maker HTC, alleging it has infringed patented technology."
http://news.bbc.co.uk/2/hi/technology/8545976.stm
02.03.10: Is it time to defend our rights?
"Copyright is not the only thing that matters online, says Bill Thompson:"
"John Young is a brave and tenacious man, an architect based in New York whose website, cryptome.org, has been a safe...
27.02.10: JavaME SDK 3.0 (j2me) + Linux = soon? maybe?
Well it appears I forgot to look at my options when I switched to 64bit Linux. It appears I'm missing out on JavaME development. The old Wireless Toolkit 2.5.2 is only in an i486 binary on Linux...
25.02.10: Amazon pays Microsoft Tax for using Linux
File under what just happened here? According to a press release issued by Microsoft yesterday, it has entered into a cross-licensing patent deal with Amazon.
This covers the Kindle as well the...
17.02.10: Intel & Nokia merge Moblin and Maemo to form MeeGo
MeeGo* enables an open ecosystem for rapid development of exciting new user experiences
NEWS HIGHLIGHTS
Global leaders Intel Corporation and Nokia merge Moblin and Maemo to create MeeGo*, a...
11.02.10: Google to offer 'ultra high-speed' broadband in US
"Google is spreading its wings in yet another direction - this time as a network provider, offering super-fast broadband to thousands of US homes."
http://news.bbc.co.uk/2/hi/technology/8509110.stm
10.02.10: PeaZip 3.0.beta [file and archive manager]
PeaZip 3.0.bet features faster archive testing, more informations about job's progress and speed, and more descriptive error messages.
3.x completes the UI development of 2.x line: multiple...
09.02.10: 2009 LinuxQuestions.org Members Choice Award Winners
The polls are closed and the results are in. We had a record number of votes cast for the ninth straight year. Congratulations should go to each and every nominee. We once again had some extremely...
Fedora News Weekly
11.03.10: New Feed for FWN
11.03.10: Fedora Weekly News Issue 128
11.03.10: Fedora Weekly News Issue 127
11.03.10: Fedora Weekly News Issue 126
11.03.10: Fedora Weekly News Issue 125
11.03.10: Fedora Weekly News Issue 124
11.03.10: Fedora Weekly News Issue 123
11.03.10: Fedora Weekly News Issue 122
11.03.10: Fedora Weekly News Issue 121
11.03.10: Fedora Weekly News Issue 120
Linux Security Hybrid
10.03.10: Hackers aren't as sneaky as you think
LinuxSecurity.com: Two weeks ago, I essentially claimed that nearly every company I know is hacked -- and in many cases, thoroughly hacked. Although there's a bit of hyperbole in that statement, it isn't that far from reality. That statement, however, has led some readers to believe detecting hackers and preventing attacks is impossible. Nothing could be further from the truth.
10.03.10: What Are the Most Overrated Security Technologies?
LinuxSecurity.com: The security community has grown to depend on some basic technologies in the fight against cyber thieves, such as antivirus software and firewalls. But are practitioners clinging to tools that outlived their usefulness long ago? Were those tools ever really useful to begin with?
10.03.10: Building a UNIX/Linux Incident response / Forensic Disk
LinuxSecurity.com: There are many Linux distributions readily available. This however should not stop you creating your own version of a UNIX forensic tools disc. Whether you are on Solaris, HP-UX or any other variety of UNIX it is simple to create a forensic tools CD that can go between systems. The added benefit of this method is that the tools do not need to be left on the production server. This in itself could be a security risk and the ability to unmount the CD and take it with you increases security.
09.03.10: Multiple Apache Web Server Flaws Patched
LinuxSecurity.com: The Apache HTTP Web Server is the most widely deployed Web server on the Internet today, which means that vulnerabilities in the open source server can have a devastating impact. That also makes security updates like the new 2.2.15 release critical, since it addresses several security vulnerabilities in Apache's flagship HTTP Web server.
09.03.10: Top Ten Wi-Fi Security Threats
LinuxSecurity.com: Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer our Top Ten Wi-Fi Threats and explain why diligence is (still) required.
09.03.10: Scan a Windows drive for viruses using Linux
LinuxSecurity.com: Recently I came into a client who had a Windows XP machine that contained a nasty little virus that rendered the machine nearly unusable. When the machine would boot the CPU was pegging out at 100%, causing the GUI to be nearly unresponsive.
09.03.10: Debian: 2009-1: tdiary: insufficient input sanitisi
LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...]
09.03.10: Mandriva: 2010:058: php
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in php:
* Improved LCG entropy. (Rasmus, Samy Kamkar)
* Fixed safe_mode validation inside tempnam() when the directory
path does not end with a /). (Martin Jansen)
[More...]
09.03.10: Pardus: 2010-39: Firefox: Multiple Vulnerabilities
LinuxSecurity.com: Multiple vulnerabilities have been fixed in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
09.03.10: Pardus: 2010-38: Sudo: Privilege Escalation
LinuxSecurity.com: A security issue has been fixed in sudo, which can be exploited by malicious, local users to gain escalated privileges.
30.01.10: Review: Mod-Security 2.5 by Magnus Mischel
LinuxSecurity.com: Thanks to Eric Lubow for contributing this great review.
16.12.08: Review: Googling Security: How Much Does Google Know About You
LinuxSecurity.com: If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business - and what you can do to protect yourself.
Linux Security Features
30.01.10: Review: Mod-Security 2.5 by Magnus Mischel
LinuxSecurity.com: Thanks to Eric Lubow for contributing this great review.
16.12.08: Review: Googling Security: How Much Does Google Know About You
LinuxSecurity.com: If I ask "How much do you know about Google?" You may not take even a second to respond. But if I may ask "How much does Google know about you"? You may instantly reply "Wait... what!? Do they!?" The book "Googling Security: How Much Does Google Know About You" by Greg Conti (Computer Science Professor at West Point) is the first book to reveal how Google's vast information stockpiles could be used against you or your business - and what you can do to protect yourself.
11.11.08: A Secure Nagios Server
LinuxSecurity.com: Nagios is a monitoring software designed to let you know about problems on your hosts and networks quickly. You can configure it to be used on any network. Setting up a Nagios server on any Linux distribution is a very quick process however to make it a secure setup it takes some work. This article will not show you how to install Nagios since there are tons of them out there but it will show you in detail ways to improve your Nagios security.
25.09.08: Never Installed a Firewall on Ubuntu? Try Firestarter
LinuxSecurity.com: When I typed on Google "Do I really need a firewall?" 695,000 results came across. And I'm pretty sure they must be saying "Hell yeah!". In my opinion, no one would ever recommend anyone to sit naked on the internet keeping in mind the insecurity internet carries these days, unless you really know what you are doing. Read on for more information on Firestarter.
18.08.08: Review: Hacking Exposed Linux, Third Edition
LinuxSecurity.com: "Hacking Exposed Linux" by ISECOM (Institute for Security and Open Methodologies) is a guide to help you secure your Linux environment. This book does not only help improve your security it looks at why you should. It does this by showing examples of real attacks and rates the importance of protecting yourself from being a victim of each type of attack.
23.06.08: Security Features of Firefox 3.0
LinuxSecurity.com: Lets take a look at the security features of the newly released Firefox 3.0. Since it's release on Tuesday I have been testing it out to see how the new security enhancements work and help in increase user browsing security. One of the exciting improvements for me was how Firefox handles SSL secured web sites while browsing the Internet. There are also many other security features that this article will look at. For example, improved plugin and addon security. Read on for more security features of Firefox 3.0.
Ubuntu Advisories
11.03.10: Study: Spammers use e-mail ID to gain legitimacy
(Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ...
11.03.10: Review: Mod-Security 2.5 by Magnus Mischel
(Jan 29) Thanks to Eric Lubow for contributing this great review. ...
11.03.10: Ubuntu: 907-1: gnome-screensaver vulnerabilities
(Mar 8) It was discovered that gnome-screensaver did not correctly lock all screenswhen monitors get hotplugged. An attacker with physical access could usethis flaw to gain access to a locked session. (CVE-2010-0285) [More...]
11.03.10: Ubuntu: 906-1: CUPS vulnerabilities
(Mar 3) It was discovered that the CUPS scheduler did not properly handle certainnetwork operations. A remote attacker could exploit this flaw and cause theCUPS server to crash, resulting in a denial of service. This issue onlyaffected Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10. (CVE-2009-3553,CVE-2010-0302) [More...]
11.03.10: Ubuntu: 905-1: sudo vulnerabilities
(Feb 26) It was discovered that sudo did not properly validate the path for the'sudoedit' pseudo-command. A local attacker could exploit this to executearbitrary code as root if sudo was configured to allow the attacker to usesudoedit. The sudoedit pseudo-command is not used in the defaultinstallation of Ubuntu. (CVE-2010-0426) [More...]
11.03.10: Ubuntu: 903-1: OpenOffice.org vulnerabilities
(Feb 24) It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) [More...]
11.03.10: Ubuntu: Pidgin vulnerabilities
(Feb 22) Fabian Yamaguchi discovered that Pidgin incorrectly validated all fields of an incoming message in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. (CVE-2010-0277)
11.03.10: Ubuntu: XML-RPC for C and C++ vulnerabilities
(Feb 18)
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for XML-RPC for C and C++.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
11.03.10: Ubuntu: Firefox 3.0 and Xulrunner 1.9 vulnerabilities
(Feb 17)
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-0159)
Orlando Barrera II discovered a flaw in the Web Workers implementation of
Firefox. If a user were tricked into posting to a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0160)
Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free
memory under certain circumstances. If the browser could be made to access
these freed memory objects, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1571)
Hidetake Jo discovered that the showModalDialog in Firefox did not always
honor the same-origin policy. An attacker could exploit this to run
untrusted JavaScript from other domains. (CVE-2009-3988)
Georgi Guninski discovered that the same-origin check in Firefox could be
bypassed by utilizing a crafted SVG image. If a user were tricked into
viewing a malicious website, an attacker could exploit this to read data
from other domains. (CVE-2010-0162)
11.03.10: Ubuntu: Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
(Feb 17)
Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-0159)
Orlando Barrera II discovered a flaw in the Web Workers implementation of
Firefox. If a user were tricked into posting to a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0160)
Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free
memory under certain circumstances. If the browser could be made to access
these freed memory objects, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1571)
Hidetake Jo discovered that the showModalDialog in Firefox did not always
honor the same-origin policy. An attacker could exploit this to run
untrusted JavaScript from other domains. (CVE-2009-3988)
Georgi Guninski discovered that the same-origin check in Firefox could be
bypassed by utilizing a crafted SVG image. If a user were tricked into
viewing a malicious website, an attacker could exploit this to read data
from other domains. (CVE-2010-0162)
11.03.10: Ubuntu: Squid vulnerabilities
(Feb 16)
It was discovered that Squid incorrectly handled certain auth headers. A
remote attacker could exploit this with a specially-crafted auth header
and cause Squid to go into an infinite loop, resulting in a denial of
service. This issue only affected Ubuntu 8.10, 9.04 and 9.10.
(CVE-2009-2855)
It was discovered that Squid incorrectly handled certain DNS packets. A
remote attacker could exploit this with a specially-crafted DNS packet
and cause Squid to crash, resulting in a denial of service. (CVE-2010-0308)
11.03.10: Ubuntu: Ruby vulnerabilities
(Feb 16)
Emmanouel Kellinis discovered that Ruby did not properly handle certain
string operations. An attacker could exploit this issue and possibly
execute arbitrary code with application privileges. (CVE-2009-4124)
Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that
Ruby did not properly sanitize data written to log files. An attacker could
insert specially-crafted data into log files which could affect certain
terminal emulators and cause arbitrary files to be overwritten, or even
possibly execute arbitrary commands. (CVE-2009-4492)
It was discovered that Ruby did not properly handle string arguments that
represent large numbers. An attacker could exploit this and cause a denial
of service. This issue only affected Ubuntu 9.10. (CVE-2009-1904)

Save to Del.icio.us


