THE OPEN SOURCE NEWSLETTER - Issue 0.1, edition 1

This issue's topics: News: * Red Hat to release version 8.0 soon? * Spread the Linux virus with Knoppix! Commentary Security Advisories: * Patch for Konqueror SSL hole * Updated 2.4.18 kernel New Software: * KDE 3.0.3 Released * Linux Kernel 2.4.20-pre4 * Doc2pdf 0.7.0 Shell-FU Reader Questions and Comments: * Source or package?

THE OPEN SOURCE NEWSLETTER

Issue 0.1, edition 1

This issue's topics:

News:

* Red Hat to release version 8.0 soon?

* Spread the Linux virus with Knoppix!

Commentary

Security Advisories:

* Patch for Konqueror SSL hole

* Updated 2.4.18 kernel

New Software:

* KDE 3.0.3 Released

* Linux Kernel 2.4.20-pre4

* Doc2pdf 0.7.0

Shell-FU

Reader Questions and Comments:

* Source or package?

NEWS:

* Red Hat to release version 8.0 soon?

The biggest Linux distributor in the world, Red Hat Inc, has been beta

testing the next release of its Open Source operating system under the code

name "Limbo". Two Limbo betas have already been released, but to testers'

surprise, the third version was renamed "null".

Jay Turner, QA Manager of Red Hat, says there's no particular reason for the

name change, apart from giving testers "something different for the third

beta".

As the Limbo/null betas introduce new versions of GCC (the GNU C compiler),

glibc (GNU C libraries) and other fundamental OS components, it is more or

less certain that the version number will bumped up to 8.0 from 7.3

currently, as per Red Hat Tradition.

Check it out at Red Hat's site

* Spread the Linux virus with Knoppix!

Looking for an easy way to demonstrate what Linux is (and isn't) capable of?

Look no further than the clever Knoppix distribution. This comes in the form

of a bootable CD ROM, and it's based on Debian GNU/Linux. Version 3.1 of

Knoppix offers the latest 2.4 Linux kernel, KDE 3.0.3 and lots of goodies

that will run on just about any x86-based PC.

The 650MB of software on the CD is compressed, so the actual amount is

around 2GB. Knoppix doesn't touch the existing data on your hard disks, and

once you reboot without the CD in the drive, you're back to whatever

operating system you have installed.

Knoppix is the brainchild of Klaus Knopper of Germany, and is available from your nearest friendly Linux distributor, or download it from

The Knopper.Net site

COMMENTARY:

Microsoft's recent decision to pull the Web TrueType fonts highlights the

need for a good alternatives if Open Source desktops are going be successful.

The freely-downloadable Web fonts from Microsoft were popular with Open

Source users, as they are good quality typefaces, with excellent hinting and

scaling.

Microsoft cites license abuse (the fonts were destined for Windows desktops

only) as the prime reason for its decision to remove them for the Web site,

and you can't really argue against that. In fact, if you copy over the

TrueType fonts from your licensed Windows machine to a Linux box, you are

most likely violating the license for the fonts.

Part of the problem is that creating digital type is hard work. It's more of

an art than programming, and takes a long time. Font designers

understandably like to be paid for their efforts, and typefaces ain't cheap.

We can't expect font designers to take months of their busy schedules and

produce high-quality typefaces for Open Source use for free. Instead, this

is a call to all the large and wealthy corporations like IBM and Sun, who

are benefiting from Open Source, to sponsor the development of Open Source

type.

That's right: it's time to give something back to the movement.

SECURITY ADVISORIES:

* Patch for Konqueror SSL hole

It's been a busy week on the cracking and patching front: KDE was quick to

release a patch to fix the Konqueror SSL hole, so head over to KDE.org

(or your nearest mirror) to download the latest version.

KDE.org website

* Updated 2.4.18 kernel

Red Hat has released an updated 2.4.18 kernel (patch level 10), which apart

from the usual round of bugfixes, sorts out a couple of local security

issues that have yet to be exploited.

Go to Red Hat's site for details

NEW SOFTWARE

* KDE 3.0.3 Released

Arguably the leading Open Source desktop environment, KDE 3.0.3 primarily

provides stability enhancements over KDE 3.0.2, which shipped in eary July

2002, and also contains a security correction for SSL (Internet security) certificate handling.

KDE 3.0.3 Release announcement

* Linux Kernel 2.4.20-pre4

IBM's Journalling File System finally merged into the Linux kernel!

The Linux Kernel Archives

* Doc2pdf 0.7.0

About: Doc2pdf is an email robot that converts Microsoft Office attachments

(.doc, .ppt and .xls) to PDF files. All you need do is carbon-copy (CC)

doc2pdf when you email a Microsoft Office document. Doc2pdf converts the

attachment to a PDF file and sends the PDF file, as an attachment, in a

reply to all recipients.

Doc2pdf website

SHELL-FU:

Random numbers are very useful in shell scripts. They can be

used to print changing "fortune cookie" every day, or select

a random MP3 file from a play list.

A common way to get a random number is to use the special

$RANDOM environment variable (ksh, BASH, zsh). Unfortunately

this will only give us values in the range 0..32767. This is

disturbing, the more so because some systems (Linux, Solaris

9) have a high quality random source: /dev/random, or

/dev/urandom.

The following example script will use /dev/urandom to print

random numbers in the range [1.. number specified on the

command line], or [1..18446744073709551616] if called without

arguments:

# rand - create large random number using /dev/urandom

# usage: rand [maxvalue]

RandomDevice=/dev/urandom

MaxRand=18446744073709551616 # 2^64

[ $# -lt 1 ] && set -- $MaxRand

# Read 8 (binary) bytes, convert them to 8 upper-case hex

# numbers using "od", remove whitespace:

hex=$(dd if=/dev/urandom bs=1 count=8 2>/dev/null |

od -tx1 | head -1 | cut -d' ' -f2- |

tr -d ' ' | tr '[a-f]' '[A-F]')

# convert from hexadecimal to decimal:

dec=$(echo "ibase=16; $hex" | bc)

echo >&2 "DEBUG: hex=<$hex>; dec=<$dec>"

echo "$dec % $1 + 1" | bc

READER QUESTIONS AND COMMENTS

* Source or package?

Question:

In your opinion, which is best: to download the source code for a program

(e.g. the BIND name server), and compile it, or to use binary packages

designed for your specific distribution?

- Manny Gitis, Wellington

Answer:

As a general rule, always go with the packages rolled for the distribution

you use. That way, you'll ensure that the files end up in the right place,

according to the file system layout for your distribution. You'll also have

the advantage of easier system maintenance, signed packages that can be

verified to prevent trojans being installed, and speed -- compilation

(especially of C++ code) does after all take a while, and isn't always

succesful, if you haven't got the right development environment set up.

You would literally only need the source if you had to change some compile

time options and/or patch the code before building the binary.

Even then, you are better off getting the source package file, installing

that, making your changes, and then building a binary packages from there.

COMMENTS, QUESTIONS AND FLAMES

Please direct these to: opensource_ed@idg.co.nz

Do you have Open Source news or tips to share? Want to show off your

scripting prowess? Have a (short) commentary on Open Source topics that we

could print? We want to hear from you!

(c)2002 IDG Communications Ltd

Contents freely redistributable in unchanged form and with the copyright

notice intact.

Join the newsletter!

Error: Please check your email address.

More about Debianf2IBM AustraliaIDGIDG CommunicationsIDG CommunicationsIDG CommunicationsKDEKDELinuxMicrosoftRed Hat

Show Comments
[]