2002 01 17

                    LINUX NEWS
        Resources & Links From CramSession.com
                 January 17, 2002


1) Sean’s Notes

2) Linux News

Put an End to Word Attachments
Government of Korea to Buy 120K Linux Seats
No More Solaris x86
Why Can't We All Get Along?

3) Linux Resources

Linux Gamers FAQ
12 Steps to a Microsoft-Free Shop
A Little Challenge?
Munitions Archive
Using MP3s in Linux

4) App o’ the Week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Try Our IT Certification Courses FREE! SmartCertify Direct gives you classroom-quality IT training at a fraction of the cost of traditional courses. You’ll get 24-hour online mentoring from certified advisors, hands-on interactive exercises, the popular Test Prep exams and more! Choose from MCSE, Cisco, A+, CIW, Linux and many other courses. Click below to try them all FREE and register to WIN a state of the art Dell PC!


For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit

1) Sean's Notes

This week, it's the original Sean back in the chair.  I'd
like to thank my good friend Sean M. for taking care of the
newsletter in my absence.  I'd also like to thank all of you
who wrote in with your concerns that I'd been replaced.  It's
great to know that I'm able to help so many people with this

I was gone for about 12 days, and between mailing lists that
I don't filter out, personal email, and spam, I had around
400 messages in my inbox.  Out of those, I'd have to say
that over 100 of those were spam.  It wasn't until I started
to wade through my email that I realized how much time I waste
sorting through junk.

Now I'm not much for New Year's resolutions, but here's one
I came up with.  I'm going to do what I can to stop spam.

>From my viewpoint, there are three ways a computer can
determine if a message is spam.  It can either compare it to
a database of known spam, or it can use heuristics to look
for spam traits.  "Heuristics" is a fancy word that describes
the process of making the computer look for patterns, almost
like the human brain.  The third method involves mangling my
email address such that it is only valid for a certain period
of time, or other similar methods.

My criteria for choosing which way to go are: I don't mind
false negatives, but I don't want any false positives.  That
is to say, I don't mind if I get some spam, but I don't want
any legitimate message being classified as spam.  Secondly,
I want this process to be transparent to the sender.

The last requirement means I can't use the third method
(mangling my address).  Since my email addresses are already
widely known (by spammers and legitimate people alike), it
would be too much of a hassle.  The first requirement is
there, so that I don't have to review all the quarantined
messages, which cuts out heuristics.

So, that leaves me with comparing my incoming messages against
known spam.  The downside with this approach is that in order
to be effective, a central registry of spam has to be kept.
This is vulnerable to abuse, though, since there is nothing
stopping someone from submitting, say, this newsletter, to the
registry.  It could not be a complete registry, either, since
it would always lag, and spammers are starting to add random
strings to email.  However, it's better than nothing.

Vipul's Razor is the software I've chosen to use.  It consists
of a series of database servers.  Each person subscribing to
the service calculates a checksum of the message, and sends it
to the central server.  Based on a match or not, the remote end
can do whatever it would like to the message, such as drop it.


Signatures are added to the database from the people using the
service.  People can either bounce the message to an address,
which will submit the checksum to the central database, or
even set up troll addresses which automatically do the same.
Since I already use procmail to filter my mail, implementing
Razor is a simple matter of adding some extra recipes.

Next week I'll get into how to install and configure Razor.
I'll also do my best to give you some figures on how many
messages I received, and how many spam letters were detected.
In the meantime, you may want to review how procmail works:


Long live the Penguin,


2) Linux News

Put an End to Word Attachments
Even though email is cross platform, people still insist on
sending content in proprietary format such as MS Word.  For
those of us that don't have it, this causes us to undergo
the burden of converting it, and trying to decypher the
output. This article (by RMS himself) outlines some friendly
ways of requesting that the sender use a more open format.


Government of Korea to Buy 120K Linux Seats
This is the largest announcement of its kind that I can
remember. 120,000 copies of Hancom Linux were sold to the
Korean government. Hancom appears to use KDE, localized for
the Korean language, and includes an MS Office-compatible
office suite.


No More Solaris x86
Sadly, SUN has decided not to release Solaris 9 for x86,
which does not bode well for the product. Besides being a
great platform, it is an excellent way to work on Solaris
without needing an expensive SUN server. Those currently
using it in production need not panic, as SUN will be
supporting the product for the next several years.


Why Can't We All Get Along?
Even though they don't yet have a product in sight,
Lindows is in trouble from Microsoft. Seems that Bill and
his cronies think that people might confuse "Windows" and
"Lindows". It's all bunk if you ask me, but that's for the
courts to decide now.


3) Linux Resources

Linux Gamers FAQ
This FAQ answers lots of questions that may come up when
playing games under Linux. Everything from hardware to the
different game vendors (and emulators) is covered.


12 Steps to a Microsoft-Free Shop
"DO YOU FIND that you're incapable of stopping upgrades? Do
you spend much of your day patching security holes? Do you
have a vague sense that you're spending too much money on
software? If you answered yes to any of those questions,
you may have become overly dependent on Microsoft. Here's a
handy 12-step program to cure your condition."


A Little Challenge?
What do you do when you've lost the tools you're used to?
If you can't trust ps to bring up a listing of all the
processes, such as after you've been hacked, what do you do?
I asked this question on the Linux-General board; read what
others have to say, and put in your two cents.


Munitions Archive
This site has a rather large collection of cryptographic
software for Linux. The site's layout is very good, so it's
relatively easy to find what you're looking for.


Using MP3s in Linux
There's a great deal of software out there to convert from
(and to) MP3 audio files. This Howto walks you through the
steps to work with this format, and it's Free alternative,
Ogg Vorbis.


4) App o' the week
"screamingCobra" is a program that crawls through your web
site and tries to find CGI programs. Once it does that, it
gives them a workout, looking for common vulnerabilities.
Better use it on your site before someone else does.


(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.

         This message is from CramSession.com.

You are currently subscribed to the
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail:
   send a blank email message to:


To Subscribe to this newsletter by e-mail:
   send a blank email message to: