2003 01 30

                    LINUX NEWS
        Resources & Links From CramSession.com
             Thursday, January 30, 2003


1) Sean’s Notes

2) Linux News

Interview With Alan Cox
PostgreSQL Wins Over .ORG
Homeland Security Chooses Linux
Mandrake 9.1 Beta Review

3) Linux Resources

Inspiring Work
Sean's Obsessions
How To Be A Programmer
User Mode Linux?
PHP Caching

4) App o’ the week

~~~~~~~~~~~~~~~~~~~~~~ ADVERTISEMENT ~~~~~~~~~~~~~~~~~~~~~~~

Serebra Learning Corporation knows that it’s true: you get paid more if you have the skills. Learn at your own pace with our dynamic training programs for the skills needed to succeed in today’s IT market. The Best Way to Learn Anything, Anywhere, Anytime. Check out this month’s specials!


For information on how to advertise in this newsletter
please contact mailto:adsales@CramSession.com or visit

1) Sean's Notes

I was going to write about Apache configuration this week,
but this Slammer thing has got me in a knot.  (Yes, it ruined
a perfectly good Saturday afternoon)

For those that are behind the news, Slammer is a worm that
attacks Microsoft SQL 2000 Servers, including the servers
that are part of MSDE (the mini-SQL Server included with some
packages, everything from Visio to Cisco Call Manager).  376
bytes of UDP payload, it overflows a buffer in a rarely used
service, and enters an infinite loop trying to infect others.
Since it's written in machine code, it's fairly fast.

This, of course, is a Linux newsletter.  However, many lessons
can be learned no matter what the OS.

The first, obviously, is to patch your systems.  Try telling that
to someone with a hundred boxes.  Even Microsoft was hit by
the worm.  If the vendor themselves can't keep their systems
up to date, what hope do you have?

No matter what distribution you run, subscribe to their security
mailing list.  If you're a Red Hat user, I strongly urge you
to shell out the $5US/month, and put your server on the Red Hat
Network.  The first one is free, and not only will it email you
when a system becomes out of date, but you can push patches
over the web.  It's a lifesaver once you have more than half a
dozen machines.  If this isn't an option, look on a site like
freshmeat.net for something that can help you keep up to date.

The second lesson is a call to the developers -- if you accept data
from the network, don't trust it!  Bounds check your strings.
If you're expecting 30 bytes, ensure you only read 30, and not 31
or more.  This mistake is almost unforgivable -- we've known about
this type of attack for decades.  It's especially unforgivable from
a company that not only claims to hold security paramount, and who
also closes off their software to inspection from the user.

It shouldn't need to be said that Internet facing systems should
have as little as possible exposed to the public.  I've yet to
run across a situation where I've needed my database ports to be
open to everyone.

Network administrators, you've got a part in this too.  UDP traffic
leaving your firewall, except from your DNS servers, is fairly rare.
Unless you know what it is, don't let it out.  And filter!  Don't
allow private addresses out to the Internet!

One of the things this worm did was to flood the network with traffic,
in an attempt to find more victims.  As such, it probably rendered
your network management system ineffective, and also limited your
ability to manage switches to find out who was the victim.  A
packet sniffer is an indispensable tool at this time, letting you
watch all the traffic on the wire, which would point you toward
the victim.  In this case, the source address was left intact,
so you'd quickly see who it was.  If the source address were forged
(and I'll bet the next mutation is), you're stuck looking at MAC

Ethereal (http://www.ethereal.com) is a powerful, free, packet sniffer.
It even runs on Windows (much slower, because of the extra libraries, but
it works).  Keep it loaded on your laptop for such an emergency (not only
is a packet sniffer a good idea in these situations, it solves a wide
variety of problems too).

Practice for such an emergency.  Know how to quickly take your
network off the Internet if such a situation arises.  Document
your connections to other networks, such as extranets and VPNs.
Filter incoming traffic, and only allow what's necessary.

Finally, demand more from your software vendors.  Open Sourced
software has its share of bugs, but you also have a lot of choice.

Slammer, like all the worms before it, and the ones that will
surely come after it, show how fragile the Internet is.  Not only
must we protect ourselves from the rest of the 'Net, but we must
also be "Good Internet Neighbours", and make sure that we're
not going to infect other people.

Linux and Open Source build on these communities.  We often
trust the software we install, knowing that someone is looking
out for us.  Often, someone is -- code reviews are an ongoing thing.
But if you choose to use the software, you must join the community,
even if you don't say anything.  Keep up to date.  Be a good neighbour.
Learn, and share the knowledge.

On another note, this is the last issue of the Cramsession Linux
News that I'll be writing.  Sean McCormick, who filled in for me
at the beginning of the year, will be picking it up from here.  I
thank all my readers, especially those that wrote in with their
comments and suggestions.  I enjoyed writing each and every of the
114 issues over the past couple of years, and I wish Sean M. the very
best as he continues on.

Best of luck, fellow Linux fans.  The Penguin lives on.


2) Linux News

Interview With Alan Cox
Alan Cox has been involved with Linux almost as long as it's
been around.  He's currently working for Red Hat, being paid
to work on the kernel and squash customer bugs.  This interview
touches on his thoughts about Linux, and Microsoft's announcement
that they're letting select governments see the source to Windows.


PostgreSQL Wins Over .ORG
"PostgreSQL developers and advocates notched up a significant win
for the open source database following the successful transition
this month of the .ORG domain registry to the object-relational
management system."  PostgreSQL kicks some serious ass, and I'm glad
to see that it's getting into some critical systems.


Homeland Security Chooses Linux
The US Department of Homeland Security recently moved their website
over to Oracle and Linux.  Linux in government... Good stuff!


Mandrake 9.1 Beta Review
This review, with several screenshots, takes a look at Mandrake's
upcoming offering.  Several things, including font handling,
are looked at.


3) Linux Resources

Inspiring Work
"Work" was a column in a trade rag that I looked forward to every
month.  It was written by a couple of old Unix gurus who would
tackle everyday problems with a bit of Unix magic.  Not only did
it help me in my own work, but it inspired me and influenced the
way I wrote the Linux News.  Though they've stopped publication,
the archives are here.


Sean's Obsessions
A few days before I learned about the cancellation of the Linux
News, I started a blog to speak my mind about various technical
topics.  With a bit more free time on my hands, I might even manage
to keep it updated.


How To Be A Programmer
"This long essay attempts to summarize the non-technical things
that I wish someone had explained to me at the beginning of my
career as a professional programmer."  As someone who's held down
a couple of programming jobs, I agree with what this guy is saying.


User Mode Linux?
As an alternative to running Linux under a virtual machine,
such as VMWare, you can run Linux under... well... Linux.
It's called "User Mode Linux", and the whole system runs
as a userland task.  This IBM tutorial takes a closer look.


PHP Caching
One of the things that's always irked me about embedded code in
HTML is the overhead of compilation, and the lack of persistence
between successive hits.  This article proves me wrong, showing
how this can be attained, and decreasing processor overhead in
the process.


4) App o' the week
"Snare" is a series of kernel modules and userland software that
provide detailed auditing down to the system call level.  It's
similar to some of the things that NT has, such as logging who
touched a file, and what various processes are doing.  There's
even a GUI for log viewing.


(C) 2002 BrainBuzz.com, Inc. All Rights Reserved.


          This message is from CramSession

You are currently subscribed to the following list
   Hottest Linux News and Resources
   as: sean@ertw.com

To un-subscribe from this newsletter by e-mail,
   send a blank email message to:

To subscribe to this newsletter and many others visit
our site at: