Advertisement
Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.
Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for July 07, 2005Getting Started Listening to Podcasts Last week, I discussed creating podcasts and offered some pointers to how you could get started along with reviews of a couple of books that can help. This week I want to back up a bit and talk about how you can get started listening to podcasts.The Basics First, though, I do need to address the question of what makes a podcast different from a regular audio file posted on a website. On a purely technical level, nothing is really different about the audio file. In fact, if you just want to listen to a podcast to see if it is something you would like to listen to on a regular basis, the best bet is often to go to the podcast website and simply download a recent episode and play it in your media player. What is different is the way in which the audio file is normally retrieved. Rather than being something you click on, download, and play, you subscribe to the podcast RSS feed. This works by virtue of the fact that Dave Winer added an element called an Enclosure to RSS 2.0. Note that the enclosure element is actually not specific to audio: it can be used for pretty much any media element including video or images. The beauty of this solution is that you simply need to subscribe to whichever podcasts interest you and then listen to them whenever new shows arrive - and whenever you feel like playing them. No need to check web sites for updates. No need to be online to listen to a streaming feed. Many people have referred to podcasting as "TiVo for audio" or "timeshifting radio" and indeed it very much works that way. So in order to subscribe to podcasts, you need some software tool that can: a) handle RSS feeds; and b) interpret the RSS enclosure tag to download the media automatically for you. At a base level, that is pretty much all you need and the software that does this is often called either a "podcatcher" or "podcast aggregator". Of course, the programs out there don't simply do the base. They add the ability to easily manage your subscriptions, schedule the interval to check (ex. setup an appropriate cron job), manage the downloaded files, etc. The Software Linux users have the choice, of course, of podcatcher software in pretty much any language and with or without a GUI. A search on "podcast" at sites such as SourceForge or freshmeat will turn up a variety of choices in various states of development. Some of the prime contenders are: iPodder - For someone just getting started who wants a GUI, my personal recommendation would be to start out with iPodder (also called the "iPodder Lemon" because of its logo). Being python-based, iPodder is cross-platform and is heavily-used within the Windows and Mac worlds. Linux users receive the benefit of all that usage/testing and have a robust program to use. Screenshots are available if you would like to see what it is all about. BashPodder - For the text-inclined, BashPodder provides the functionality you need via a basic shell script. Simple, easy, and a breeze to extend. In fact, the site contains a wide range of user-contributed extensions and customizations. Additionally, for those who want the power of the shell but still with a GUI, there is BPConf that allows you to easily configure BashPodder. jpodder - Another interesting choice is jpodder, a Java-based cross-platform podcatcher. Like iPodder, it is GUI-based and has a range of features. Other choices - There are a range of other options (and readers are encouraged to leave their recommendations as comments), including:
A reader last week also commented that they were able to have Apple's iTunes program running on their Linux system using CrossOver Office. In any event, you need to have one of these programs installed to have the simplicity of subscribing to podcasts. The Next Step Once you have the software installed, you need to find podcasts to which you can subscribe. Some of the podcatchers, such as iPodder, include a built-in directory. Even with such a directory, though, you'll probably want to check out some of the directory sites. More keep appearing on a daily basis, but some of the major sites include:
Typically all you need to do is find the URL for the show's RSS feed and then enter it into your podcatcher software. Some programs allow drag-and-drop... but in any event that's it... you are now subscribed and will start to receive new shows. (Some podcatcher software will download the most recent show and then all new shows - some software will download all shows available in the feed.) Happy listening! And please do feel free to leave comments to this article about your favorite podcasts - or feedback about various podcatcher software.
A look at the Bizgres Project There are a lot of PostgreSQL-derivative projects in the news lately. In May we looked at the EnterpriseDB project. The Bizgres Project released their 0.6 release last week, with a few new features of interest to organizations using PostgreSQL for data warehousing and business intelligence.The Bizgres project was launched in April of this year. It is based on the PostgreSQL project, with development sponsored by Greenplum, which also uses the Bizgres source code in its DeepGreen offering. Josh Berkus, who works for Greenplum and is a member of the PostgreSQL core team, talked to us about the Bizgres release and the plans for the project. The 0.6 release has two features of interest that are not currently found in PostgreSQL. The first is a patch that speeds up bulk loading of text data. Berkus said that the patch "speeds up bulk loading of text data by refactoring some of the bulk loader code." The other feature is an improvement in temporary table creation. When tables are created using the "CREATE TABLE AS SELECT" statement, transaction logging is bypassed which can provide major benefits in performance -- in effect, a kind of "scratch" table that can be used to hold a copy of data that is being worked with without logging transactions. Berkus said that the Bizgres team is planning on expanding the capability to include the ability to bulk load into a "scratch table" but the current feature does not allow that. With so many PostgreSQL-derived projects available, some may wonder if the project is forking. He said that Greenplum plans to contribute its features back to the PostgreSQL project, but that the timing of PostgreSQL releases made it hard to get the features that interest Greenplum and its customers into mainstream PostgreSQL in a timely fashion:
Feature freeze for 8.1 was July 1st, that was the last day for consideration of patches for 8.1, and for that matter, if you introduced a major patch on July 1 that hadn't been discussed, there's very little chance it'd be introduced [in the 8.1 release of PostgreSQL]. Much of the stuff [in Bizgres] has bad timing, and would have waited for 8.2.
Since PostgreSQL 8.2 is currently slated for summer of 2006, there is a distinct advantage in creating a derivative distribution of PostgreSQL to allow Greenplum and the Bizgres Project to push its features out to its users earlier. Berkus compared this to Linux vendors like Red Hat backporting features from the 2.5/2.6 kernel series to the 2.4 series while 2.6 was still in development. He also compared Bizgres to embedded Linux or Real Time Linux, "in that we're focusing on a distribution of PostgreSQL entirely focused on needs of people running data warehouses or doing business intelligence." Users outside those profiles, said Berkus, probably don't want to consider Bizgres or DeepGreen at all. He also said that the Bizgres project is focused only on Linux, Solaris and Windows, as opposed to all of the platforms that are supported by the PostgreSQL project, which produces fewer platform compatibility issues for Bizgres. Berkus allowed for the possibility that Bizgres could have features that do not make it into mainstream PostgreSQL, if they were of benefit to data warehouse applications without providing a benefit to general performance, but that he wasn't aware of any features under consideration that would fit that category. As for licensing, Berkus said that anything developed by Greenplum for Bizgres would be available under a "BSD or analogous license."
We want to permit commercialization. Our goal, overall is to make it the standard in data warehousing and the BSD license is the best to choose. It eliminates any legal concerns that someone might have about adopting your software.
He also said that he wasn't concerned about other companies snapping up Bizgres' technology. According to Berkus, the major vendors like Microsoft, IBM and Oracle, "already have technology of their own that they have investment in, and they're unlikely to abandon theirs... and if they did [take Bizgres features and make them proprietary] it would be enough of a moral victory that it would be worth it." Given the number of companies working on PostgreSQL distributions, it should be interesting to see how many of the improvements flow back into the main project, and whether the various companies can avoid straying too far from the main project. It should also be interesting to see whether the Bizgres project gains much steam as an independent project. The mailing list traffic isn't particularly heavy yet, but the project is still very new. For users who are interested in trying out Bizgres, the 0.6 release is available as source code or binaries for Solaris 10 or Red Hat Linux.
First Look at Knoppix 4.0 The much awaited "maxi" DVD edition of Knoppix 4.0 was presented at the Linux Tag conference in Karlsruhe, Germany last week. As usual, this was a special edition and not a public release, but it didn't take long before the ISO image hit some of the popular BitTorrent download sites and it was even spotted on a few FTP servers a few days later. The reason for the high demand is not hard to understand - Knoppix 4.0 is the largest live Linux DVD ever produced, with a great collection of "the best open source software" available today.First, some numbers. The size of the single-layer compressed DVD image is 4,122 MB. It contains over 9 GB of software in the form of 2,663 Debian packages providing more than 5,300 individual programs. Most of them come from the recently released Debian 3.1 "sarge", but there are several noteworthy upgrades, such as KDE 3.4.1. KDE is still the default desktop, but Knoppix 4.0 now contains ten other desktop environments and window managers, including the complete GNOME (2.8.1) and XFce (3.8.16 and 4.0.6), and even some exotic ones, such as LarsWM, Openbox, and RatPoison. Booting this DVD on a 4-year old 1.4 GHz Pentium 4 system with 384 MB of RAM took just under 8 minutes (from the GRUB boot prompt to KDE); for comparison, booting the Knoppix 3.9 CD on the same system took only about 3.5 minutes. It needs to be mentioned that, starting from version 4.0, Knoppix will be split into two editions - "maxi" DVD and "light" CD. The light edition will essentially be the same Knoppix live CD that we have come to love and appreciate over the last couple of years, except that all development software will be removed and replaced with more general desktop applications. The public release of Knoppix 4.0 is expected within the next few weeks, with the "maxi" DVD and "light" CD editions appearing simultaneously. The Knoppix 4.0 DVD contains many of the most popular open source software packages for the desktop, server, office, graphics, multimedia, and development. Compared to the live CD edition, users now have a choice of KOffice (1.3.5) and GNOME Office (AbiWord + Gnumeric), in addition to OpenOffice.org (a recent beta of the 2.0 series). On the server side of things, both Apache 1.3 and 2.0 are present, and, unlike the CD edition, the DVD also includes PostgreSQL 8. Some other interesting packages that have been missing from all recent Knoppix CD releases include Blender, Eclipse, GnuCash, Mozilla, LyX and teTeX. One downside of the DVD is that, with so many applications included, the standard Debian menus tend to be badly cluttered and poorly organized; as an example, the "Internet" submenu contains a total of 76 items, while the "System" submenu contains 88 items! Besides adding new packages, what else is new in Knoppix 4.0? In the absence of any changelog we had to dig around the menus and file system to see what exciting things are hiding under the bonnet. The DVD has retained the Unionfs file system so extra packages can be installed on the fly - either from Debian repositories with apt-get or the newly included Synaptic, or via the web-based Klik installer, which also includes some non-free packages. A new feature is the ability to switch between the 11 desktop environments through a "Restart KNOPPIX Desktop" utility. Also, the DVD now contains a lot more documentation in HTML and PDF formats, including the excellent 133-page Knowing Knoppix and m23 Software Distribution guides. There seems to be an increasing level of collaboration between the developers of Knoppix and other Knoppix-derived live CD and DVD projects. The Kanotix developers contributed some DSL network configuration and hard disk installation code (due to data decompression, a partition of at least 12 GB in size is required for installing the DVD edition of Knoppix 4.0 on the hard disk). Much of the newly included scientific and statistical software was accepted from the Quantian and Paipix live DVD projects, while a lot of educational software found its way into Knoppix from Freeduc, a distribution designed for schools. Although providing a large number of applications on the DVD should please those users who missed some important pieces of software on the earlier CD editions, the size of the DVD presents its own set of problems. We have already mentioned the unsightly and difficult-to-navigate menus, but a potentially more annoying problem is the general sluggishness of the system while it runs from the DVD. Maybe a more modern DVD drive would be able to launch software packages in a speedier manner, but we were not impressed with a delay lasting several minutes after clicking on a PDF file in Konqueror. Likewise, OpenOffice.org Writer took 150 seconds to launch. Even navigating the menus was painfully slow, much slower than any of the CD editions. Of course, once an application is cached in the memory it starts a lot faster, but the first run of any large software package will likely test your patience. This brings in the question about how useful a 4 GB Knoppix live DVD really is. Although it is easy to get excited over all the goodies available at a mouse click, many people will undoubtedly be put off by the long boot times, poor system responsiveness and cluttered menus. After having played with the system for a few minutes, we found ourselves craving for the much leaner and faster Knoppix CD - although not nearly as full-featured as the DVD edition, it contains enough applications to satisfy the majority of users. Whether you use Knoppix as a rescue CD, carry it around to boot computers in Internet cafes, or employ it to demonstrate Linux and open source software to interested parties, the CD edition of Knoppix will probably remain a more practical tool than the more complete, but also more sluggish DVD edition.
Page editor: Rebecca Sobol Security Security news PEAR XML_RPC remote code execution vulnerability A serious vulnerability in the PEAR XML_RPC library and the XML-RPC for PHP package has been disclosed. The vulnerability allows unsanitized data to be passed to theeval() call, which would allow execution of arbitrary PHP code.
The vulnerability was reported by James Bercegay of the GulfTech Security Research Team. Bercegay reports that the
<?xml version="1.0"?>
<methodCall>
<methodName>test.method</methodName>
<params>
<param>
<value><name>','')); phpinfo(); exit;/*</name></value>
</param>
</params>
</methodCall>
PEAR's library or the XML-RPC for PHP package are used in a number of PHP-based projects, including WordPress, Drupal, PostNuke, Xaraya, phpGroupWare, Tikiwiki, and many others, which means that there are a lot of vulnerable servers out there. Users of PHP-based blogging applications and other packages that use XML_RPC should check to see if the software is vulnerable and update the package as soon as a new release is available. Some projects, like PostNuke, are advising users to remove the offending code altogether.
PEAR's XML_RPC library is also distributed with many Linux distributions. Most of the vulnerable projects and distributions have announced updated packages, and the PHP project has bundled the new PEAR XML_RPC package in PHP 4.4.0RC2, and a separate release is available on the PEAR site. The final PHP 4.4.0 release is scheduled for July 11. Users can also update the PEAR library by running " Users should upgrade or take steps to remove the library as soon as possible, as it seems likely that exploits of this vulnerability will begin appearing in the wild soon, if they have not already.
New vulnerabilities crip: insecure temporary files
kernel: multiple vulnerabilities
phpbb: arbitrary command execution
php-pear: remote code execution
zlib: buffer overflow
Updated vulnerabilities a2ps: input validation error
kernel: Linux amd64 kernel vulnerabilities
bzip2: race condition and infinite loop
cacti: SQL injection and PHP file inclusion
ClamAV: denial of service
cpio - file permissions error
cpio: directory traversal
cURL: buffer overflow
cvs: multiple vulnerabilities
cyrus-imapd: buffer overflows
dbus: information disclosure
dhcp: format string vulnerability
Dnsmasq: poisoning and DoS
emacs21: format string vulnerability in "movemail"
enscript: arbitrary code execution
ettercap: format string vulnerability
evolution: message crash vulnerability
Foomatic: Arbitrary command execution in foomatic-rip
gaim: denial of service
gdb: multiple vulnerabilities
gtk-pixbuf, gtk2: denial of service
gedit: format string vulnerability
gettext: Insecure temporary file handling
gftp: missing input sanitizing
ghostscript: symlink vulnerabilities
glibc: tempfile vulnerability in catchsegv script
gnupg: information leak
grip: buffer overflow
groff: insecure temporary directory
gxine: format string vulnerability
gzip: race condition and directory traversal
Heimdal: buffer overflow vulnerabilities
htdig: cross site scripting
ImageMagick: xwd coder denial of service
imap: buffer overflow in c-client
imlib2: buffer overflows
infozip: privilege escalation, directory-traversal
junkbuster: heap corruption and settings modification
kdelibs: unsanitzied input
kernel: multiple vulnerabilities
kernel: ELF loader core dump vulnerability
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||