Showing headlines posted by dave

Approximately 650 MySQL users and supporters are spending April 14 - 16 in the conference center of the Peabody Hotel, with so much of their time occupied by MySQL training sessions that hardly any of them seem to be taking advantage of Orlando-area tourist attractions like Walt Disney World. These people came here to learn -- and possibly to swim with dolphins Thursday evening. The dolphin outing is totally appropriate; there's a dolphin in the MySQL logo. But long discussions about how to make MySQL run better and faster are this group's main course. The dolphin swim is just dessert.

A CANADIAN researcher has warned that Open Source will fall flat on its face unless it gets its act together. In First Monday, Michelle Levesque said that the Open Source concept fails because of its "user-interface design, documentation, feature-centric development, programming for the self and religious blindness". She warned that Open Source will remain an unknown quantity to most computer users until these problems were addressed.

Real World Linux 2004 Conference and Expo is under way this week at the Metro Convention Center in Canada's largest city, and NewsForge is there. Day 2 of the conference saw a lot more people and a lot more happening.

Updated Subversion packages that fix a vulnerability in neon, exploitable by a malicious DAV server, are now available.

Building the case for turning the Boy Scouts into a worldwide advocate of free software.

So, my challenge goes out to everyone to share their own experiences in getting an open source project off the ground, technically speaking. Are there tools out there that make this process much easier, and perhaps ones that I could take advantage of by moving my own open source project to? Also what experiences have people had with the different community projects?

Introducing open source software to those who will teach future generations of computer programmers was a major theme at the ICT in Education Conference held in Cape Town last week.

Two years after the start of the trademark dispute between Microsoft Corporation and Lindows Inc., the battle over the "LindowsOS" name is over - henceforth it will be called "Linspire."

Here is our promised in-depth look at the latest SUSE 9.1 beta. I found a little more flakiness than I would be comfortable with long-term, but I have been using this near-final version in my day-to-day work for nearly a week now and see no reason to go back to my previous installation.

"It is important to remember that open source is not free of cost – it is free to use and share. Its use must be part of a strategy as it can be costly in terms of migration, integration, training and systems management."

With Open Source proliferation on the rise, there is a surging demand for organizations specializing in handling demanding migration projects. Migration has become a key concern for enterprises dreaming of a complete Open Source environment, as legacy overhauls and application transfers impose a gargantuan challenge.

Shaun Colley discovered [1] that the scripts "mysqlbug" and "mysqld_multi" of the MySQL RDBMS [0] perform insecure creations of temporary files. An attacker could create symbolic links in /tmp to achieve the overwriting of files with the privileges of the user invoking the scripts. The RDBMS startup wrapper "mysqld_multi" is currently not used in OpenPKG, although it is contained in the "mysql" package. The "mysqlbug" script could be run manually by the administrator. The Common Vulnerabilities and Exposures (CVE) project assigned the ids CAN-2004-0381 [2] and CAN-2004-0388 [3] to the problem.

You already know Mozilla excels at providing state of the art Internet products like Mozilla Application Suite and currently in the oven Firefox and Thunderbird, as well as big bunch of other applications like ChatZilla and Mozilla Calendar (recently reviewed). But, what about eye candy?

The recently released Linux 2.6 kernel is going to be the heart of future enterprise Linux offerings. Taking it on a road test enables your IT shop to evaluate its hardware and software upgrade and replacement policies as well as its claims of improved peripheral connectivity.

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).

Sebastian Krahmer from the SuSE Security Team discovered [1] a flaw in Concurrent Versions System (CVS) [0] clients where RCS "diff files" can create files with absolute pathnames. An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0180 [2] to the problem.

There have been 12 security alerts posted already today, and each time I think I've posted the last one, another appears. This raises a question that I've had for a while, and now seems a good time to ask... Should we make a filtering program for the LXer homepage?

Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem.

A recent commentary by Robin Miller regarding squabbling within the free software and open source communities was a useful wake-up call. This bickering is having a detrimental effect on our ability to confront those who are trying to convince policy and opinion makers against the use of free and open source software (FOSS). These challenges are neither severe nor insurmountable, but they do require the parties understand the differences between internal and external debate.

Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user.