portupgrade, Railroad Security, Paranoid PHP System Calls, and XP for Open Sou

edwardhayes

portupgrade, Railroad Security, Paranoid PHP System Calls, and XP for Open Source Developers
by chromatic
Linux Newsletter for 09/02/2003
Greetings! Yesterday was Labor Day here in the U.S., so instead of laboring to produce the next week of stories and book excerpts for ONLamp.com, your editor spent the day laboring to finish installing Gentoo GNU/Linux on his laptop. Consequently, today is Linux Newsletter Day. Let's start here:


Noel Davis warns of several Security Alerts. Programs with potential remote exploits include srcpd (which implements the Simple Railroad Control Protocol, very cool!); ViRobot Linux Server (an antivirus tool); netris (a game); and autorespond (a mail responder). Please take a few moments to check your vendor for updated packages.

Dru Lavigne's latest jaunt through the fine world of FreeBSD explores portupgrade. You can go a long time without even knowing it's there, but once you've seen what a searchable index of your ports can do, you'll never forget it's there.

John Coggeshall's latest PHP Foundations column, Securing System Calls, is a reminder that user input is untrustworthy. Though PHP has a fantastic amount of included functionality, sometimes the simplest solution to a problem is to execute a standard program, such as a zipping program or a legacy binary. Unless you're sufficiently paranoid, it's possible for malicious user input to do things you don't expect—so it behooves you to learn exactly how paranoid you should be.

To subscribe to the Linux newsletter (or any O'Reilly Network newsletters), visit http://www.oreillynet.com/cs/user/home and select the newsletters you wish to receive in your user profile (you'll need to log in with your existing O'Reilly Network account -- if you don't yet have an account, you'll need to create one).

If you want to cancel an O'Reilly Network newsletter subscription, go to http://www.oreillynet.com/cs/user/home and de-select any newsletters you no longer wish to receive. For assistance, send email to help@oreillynet.com

One nice feature of open source development is that developers can make lots of mistakes and still, eventually, succeed. Of course, it'd be nicer to avoid some of those mistakes. Your editor's Five Lessons Open Source Developers Should Learn from Extreme Programming explores some of the common mistakes and explains ways to avoid them. Not every practice has a direct match, but you can improve your software and lower your sanity roll with a little discipline.

This week's weblogs feature Andy Lester discussing who speaks for open source advocates; Steve Mallett introducing O'Reilly's developer news site; Jason Deraleu discussing security designs in popular operating systems; and William Grosso complaining about bad MPAA propaganda at the movies.

Finally, your editor would like to thank eagle-eyed (no pun intended) James Burchell for pointing out the correct spelling of blepharitic. We'll stick to simpler words from now on.

Six days until the next newsletter,

chromatic
chromatic@oreilly.com
Technical Editor
O'Reilly Network

ONLamp.com and Linux Devcenter Top Five Articles Last Week
Five Lessons Open Source Developers Should Learn from Extreme Programming
It may be harder to see how Extreme Programming (XP) can apply to open source projects, especially those without a formal customer. But to build a successful open source project, you must solve many of the same problems you'd face with an in-house project. Here chromatic, author ofExtreme Programming Pocket Guide, offers five lessons open source developers can learn from XP.

portupgrade
One of FreeBSD's biggest benefits is its ports collection. Perhaps the most important ports utility is portupgrade. Dru Lavigne demonstrates how you can get the most out of your ports collection.

Five Habits for Successful Regular Expressions
For many programmers, writing regular expressions is a black art. They stick to the features they know and hope for the best. Tony Stubblebine, author of Regular Expression Pocket Reference, says programmers can avoid a lot of trial and error by adopting these five habits for regular expression development. The code examples in this article use Perl, PHP, and Python, but the advice Tony espouses is applicable to nearly any regex implementation.

GNOME trouble
Noel Davis looks at problems in BitKeeper, the GNOME Display Manager, rcpd, ViRobot Linux Server, OpenSLP, eMule, lMule, xMule, netris, and autorespond.

Guido van Rossum Speaks
Guido van Rossum, creator of Python, recently announced a move from PythonLabs to Elemental Security. Steve Holden caught up with Guido to talk about the move, the future of Python, and computer programming for everybody.