LWN Weekly Edition
Front pageSecurity
Kernel development
Distributions
Development
Linux in the news
Announcements
->One big page
This page
Previous weekFollowing week
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Development
Cracking Passwords with John the Ripper
John the Ripper is a general purpose password cracking application:
John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
![[John the Ripper]](/images/ns/johntheripper.png)
Version 1.7 of John
was announced
on February 9 by Solar Designer:
"John the Ripper became a lot faster, primarily at DES-based hashes.
This is possible due to the use of better algorithms (bringing more
inherent parallelism of trying multiple candidate passwords down to
processor instruction level), better optimized code, and new hardware
capabilities (such as AltiVec available on PowerPC G4 and G5 processors)." This is the first release that is not considered
a development snapshot.
Version 1.7 of John also adds better use of x86 MMX hardware,
improved vectorization support, an event
logging framework, new build targets, and more.
Compiling a working version of John was a simple matter of downloading the source code, reading the installation documentation, and running a make command with the specified computer architecture. The passwd file and shadow file, with the encrypted passwords, were combined into a working password file using the supplied unshadow command. John was then run with the unshadowed password file. Decryption is a compute-intensive operation, it would be advisable to run John on the fastest system you have access to, and import password files to that machine.
I did a test run John on my new 3Ghz Athlon 64 Lini box, it quickly spit out the default password for the default gvuser account, then proceeded to crank heavily (near 100% cpu utilization) for a long time with no further output. John had amassed nearly an hour of CPU time by the time I finished this article.
John should be considered an important utility for any systems administrator's collection of tools. It found a weak password on my system (since changed) and will be useful for testing other password files for weak points. Administrators with Internet-exposed or otherwise accessible machines would be advised to give this handy utility a spin.
System Applications
Clusters and Grids
Release 2.0.3 of Linux-HA is now available
Release 2.0.3 of Linux-HA, a cluster management system, is out. "There are many fixes, and for the first time ever, a GUI! This new release also provides support for monitoring by Common Information Model (CIM) agents."
Database Software
Firebird 2.00 Beta 2 released
Version 2.00 Beta 2 of the Firebird database has been announced. "Firebird 2 contains a large number of new features, including derived tables, support for Execute Block, increased table sizes, new improved index code (the 252-byte index length limit is no longer applicable), expression indices, numerous optimiser improvements, enhanced security features, support for on-line incremental backups, new international language support, along with numerous other improvements and bug fixes."
MySQL 5.1.6-alpha has been released
Version 5.1.6-alpha of the MySQL database is available. "This is a new alpha development release, adding new features and fixing recently discovered bugs."
PostgreSQL release 8.1.3 patches security issue
PostgreSQL version 8.1.3 has been announced. "PostgreSQL minor version 8.1.3 has been released, containing a patch for a serious security issue present in the 8.1 branch. All users of 8.1 are urged to upgrade at the earliest opportunity. Minor versions 8.0.7, 7.4.12, and 7.3.14 are being released at the same time as well. These contain only minor bug fixes to the 8.0, 7.4 and 7.3 versions and can be upgraded on a more planned schedule, unless of course you are encountering one of the bugs described."
PostgreSQL Weekly News
The February 12, 2006 edition of the PostgreSQL Weekly News is online with new PostgreSQL articles and resources.
LDAP Software
LAT 0.9 is out
Version 0.9 of LAT, the LDAP Administration Tool, has been announced, it features several new capabilities.
Libraries
Oggz 0.9.4 Released
Version 0.9.4 of Oggz, a C library for working with Ogg files and streams, is available with several new capabilities and bug fixes. "Oggz comprises liboggz and the command-line tools oggzinfo, oggzdump, oggzdiff, oggzmerge, oggzrip, oggz-scan and oggz-validate."
Mail Software
Dada Mail 2.10.6 Released. (SourceForge)
Dada Mail version 2.10.6 has been released. "Dada Mail is an intuitive, web-based e-mail list management system, which runs on any hosting account that can execute custom CGI scripts. Dada Mail is also a conceptual art project This version of Dada Mail includes many new features, including a screen caching scheme, to allow often-used and resource-intensive HTML web screens to be cached to be shown again, instead of relying on redundant processing of the same information."
Networking Tools
OpenSSH 4.3p2 released
Version 4.3p2 of OpenSSH has been released. "This is a release of Portable OpenSSH only, to resolve some portability bugs. There are no new features, only fixes".
Security
Sussen 0.14 released
Version 0.14 of Sussen, a tool for checking vulnerabilities and configuration issues on computer systems, has been announced. Changes include an improved OVAL interpreter, bug fixes and code cleanup.
Web Site Development
mod_python 3.2.7 released
Version 3.2.7 of mod_python, the Apache Python language extension, is out. See the online documentation for information on this version.
TWiki 4.0 released
Version 4.0 of TWiki, a Perl-based wiki application, has been announced. "TWiki.org today announced version 4.0 of its popular enterprise collaboration platform TWiki. Code-named Dakar, the structured wiki features highly-requested features including a WYSIWYG (what-you-see-is-what-you-get) editor, an enhanced security model, and a REST (representational state transfer) interface, among others."
Debugging and Profiling mod_perl Applications (O'Reilly)
Frank Wiles shows how to debug mod_perl applications on O'Reilly. "Because of the added complexity of being inside of the Apache web server, debugging mod_perl applications is often not as straightforward as it is with regular Perl programs or CGIs. Is the problem with your code, Apache, a CPAN module you are using, or within mod_perl itself? How do you tell? Sometimes traditional debugging techniques will not give you enough information to find your problem. Perhaps, instead, you're baffled as to why some code you just wrote is running so slow. You're probably asking yourself, "Isn't this mod_perl stuff supposed to improve my code's performance?" Don't worry, slow code happens even to the best of us. How do you profile your code to find the problem? This article shows how to use the available CPAN modules to debug and profile your mod_perl applications."
Desktop Applications
Audio Applications
CLAM 0.90 Released
Version 0.90 of CLAM is out with numerous enhancements. "CLAM is a framework for research and application development in the Audio and Music Domain. It offers a conceptual model as well as tools for the analysis, synthesis and processing of audio signals."
JACK Rack 1.4.5rc1 released
Version 1.4.5rc1 of JACK Rack, a virtual patch panel for the JACK Audio Connection Kit, is out with several new features and bug fixes.
Desktop Environments
Gnome 2.12.3 Released
Version 2.12.3 of the GNOME desktop environment has been announced. "We are pleased to announce the release of Gnome 2.12.3, the final release in the 2.12 series of Gnome."
GARNOME 2.12.3 announced
Version 2.12.3 of GARNOME, the bleeding edge GNOME distribution, has been announced. "Incorporating the GNOME 2.12.3 Desktop and Developer Platform (the final release in the 2.12 series), together with a host of third-party GNOME packages, Bindings and the Mono(tm) Platform -- this release irons out yet-more bugs, hopefully adds yet-more stability and ships with the latest and greatest stable releases."
gnome-icon-theme branched for GNOME 2.14
Rodney Dawes has made a new branch of gnome-icon-theme for GNOME 2.14. "I have just branched gnome-icon-theme for gnome-2-14, from an earlier date in the 2.13 cycle, where the changes to follow the naming spec have not yet been implemented. A couple of fixes and a new icon used by the search functionality added to Nautilus in 2.14, are still in however."
Module decisions for GNOME 2.14
The GNOME release team has announced its GNOME 2.14 module plans. Take a look for the status of gnome-power-manager, libnotify/notification-daemon, gnome-screensaver, and more.
Compiz Window Manager Released (GnomeDesktop)
GnomeDesktop covers the release of Compiz. "Compiz, the OpenGL window/composite manager, has been released following David Reveman's talk at XDevconf yesterday. "Compiz is an OpenGL compositing manager that use GLX_EXT_texture_from_pixmap for binding redirected top-level windows to texture objects. It has a flexible plug-in system and it is designed to run well on most graphics hardware.""
GNOME Software Announcements
The following new GNOME software has been announced this week:- cairomm 0.5.0 (new features and documentation work)
- control-center 2.13.92 (bug fixes and translation work)
- Dasher 3.99.4 (bug fixes)
- Ekiga 1.99.1 (new features and bug fixes)
- Epiphany 1.9.7 (new features, bug fixes and translation work)
- gcalctool 5.7.29 (translation work)
- GDM2 2.13.0.8 (unstable development release)
- gedit 2.13.91 (new features, bug fixes and translation work)
- GLib 2.9.6 (unstable development release)
- Glom 0.9.4 (new features and bug fixes)
- Glom 0.9.5 (new features and bug fixes)
- GNOME Applets 2.13.4 (bug fixes and translation work)
- GNOME Commander 1.1.7 (new features, bug fixes and translation work)
- gnome-games 2.13.7 (bug fixes)
- Gnome Spell 1.0.7 (bug fixes and translation work)
- gnome-media 2.13.92 (new features)
- Gnome-utils 2.13.92 (bug fixes and translation work)
- GShowTV 0.9.2 (bug fixes)
- GTK+ 2.8.12 (bug fixes, documentation and translation work)
- Gtk2-Perl 2.13.91 (bug fixes)
- gucharmap 1.5.2 (minor enhancements)
- Metacity 2.13.89 (new features, documentation and translation work)
- Nautilus-actions 1.0 (new features)
- Nautilus-python 0.4.2 (bug fixes)
- Pango-1.11.5 (unstable development release)
- vte-0.11.18 (new features and bug fixes)
- Yelp 2.13.5 (new features, bug fixes and translation work)
Technical Working Group Elected (KDE.News)
The first Technical Working Group for KDE has been elected. "This initial Working Group is elected for a period of six months. After this period an evaluation of the Working Group will take place. If it proves successful, elections will take place once every year. The group will help the hundreds of KDE developers in reaching technical decisions. Read on to learn about the members of the first Technical Working Group." The members of the working group are David Faure, Dirk Müller, George Staikos, Gunnar Schmidt, Lubos Lunak, Stephan Kulow and Thiago Macieira.
Mandriva Donates Polish Translation of KDE Docs (KDE.News)
KDE.News covers the contribution of Polish translations to KDE by Mandriva. "The Polish department of Mandriva has contributed over 100 files of documentation translations to the Polish localisation team. The commits (1, 2) are made up of over 8000 messages. This allows Polish people to get an even better experience when using KDE in their native language."
KDE Software Announcements
The following new KDE software has been announced this week:- amaroK 1.4 Beta 1 (new features and stability improvements)
- DVD BacKup Express 1 (initial release)
- K3b 0.12.11 (new features and bug fixes)
- kdbus 0.8.4 (unspecified)
- kdesvn 0.7.3 (new features and performance improvements)
- KDevelop 3.3.1 (code and documentation improvements)
- Krusader 1.70.0 (UI improvements, bug fixes)
- Kst 1.2.0 (new features and bug fixes)
- Scribus 1.3.2 (new features, bug fixes, translation and documentation work)
Electronics
XCircuit 3.6.4 released
Development version 3.6.4 of XCircuit, an electronic schematic drawing package, is out with several bug fixes.
Financial Applications
GnuCash 1.9.0 released
GnuCash 1.9.0 has been released. Do note that this is an unstable, development release; best not to apply it to your important financial decisions quite yet. But it's important because it's the long-awaited, first GTK2-based GnuCash release. Congratulations to the GnuCash developers for reaching this milestone, and let's hope that it stabilizes quickly.
Games
ScummVM 0.8.2 released (SourceForge)
Version 0.8.2 of ScummVM, a cross-platform interpreter for point-and-click adventure game engines, is available. "Due to a bug discovered in 0.8.1, which rendered Broken Sword 2 unplayable, we're forced to release ScummVM 0.8.2 "Broken Broken Sword 2". Also, we used this opportunity to fix the WinCE builds, as well as the MacOS X bundle."
GUI Packages
wxWidgets 2.6.3 Release Candidate 1
Release candidate 1 of wxWidgets 2.6.3, a cross-platform GUI package, is available. Changes include: "Support for Windows Mobile devices * enhanced GTK+ 2 support * XRC resource system compiled as standard * radical overhaul of the Mac OS X port * replacement build system, Bakefile * better integration with STL * a CppUnit-based test suite * sizer improvements * new Gnome printing features * ODBC enhancements such as BLOB support and Unicode support on Windows * wxTaskBarIcon support on Mac OS X and Linux as well as Windows * arbitrary shapes for top-level windows * flicker reduction on Windows * better theme support * alpha channels for images * Compilation of the wxMSW port on Unix using Winelib * plus many API enhancements and bug fixes to existing classes."
Interoperability
Wine Traffic
The February 10, 2006 edition of Wine Traffic is online with coverage of the Wine project. Topics include: Wine 0.9.7 & CXO for Linspire, Eating Dogfood, MP3 Decoding, Demangling Symbols and Winelib & Easy Distribution.
Mail Clients
MH-E 7.91 released
Stable version 7.91 of MH-E, an EMACS interface to the MH mail system, has been announced. The source notes contain the change information: "Version 7.91 is the second 8.0 beta release and fixes several bugs that were uncovered in wider testing."
Music Applications
Fastbreeder, a genetic programming synth
The Fastbreeder audio synthesizer project is taking a new approach to generating sounds. "Fastbreeder is essentially a 4 button synth. The idea is to grow code by choosing from a range of automatically generated variations of functions, you don't have to know how they work, but each function creates a sound which can be selected by you. The following generation is then created containing mutants of your chosen sound. You can refine and develop the sound just by auditioning and choosing the best one each time."
Peer to Peer
Azureus 2.4.0.0 released (SourceForge)
Version 2.4.0.0 of Azureus, a cross-platform java BitTorrent client, has been announced. "This release has many new features and improvements including: Encrypted/Obfuscated data transfer, High speed LAN transfer and Improved download algorithm."
Science
BioImageXD 0.9.0 released
Stable version 0.9.0 of BioImageXD is available. "BioImageXD - Free and open source software for analysis, processing and 3D rendering of multi dimensional microscopy images. It uses free software such as Python, wxPython, VTK, and is a free replacement for very expensive commercial 3D microscopy analysis and visualisation software BioImageXD is a collaborative open source free software project, designed and developed by microscopists, cell biologists and programmers from the Universities of Jyväskylä and Turku in Finland, and collaborators worldwide."
Web Browsers
Ben Goodger Explains Higher Memory Usage in Firefox 1.5 (MozillaZine)
MozillaZine points to a weblog entry by Firefox hacker Ben Goodger about memory usage in Firefox 1.5. "What I think many people are talking about however with Firefox 1.5 is not really a memory leak at all. It is in fact a feature. To improve performance when navigating (studies show that 39% of all page navigations are renavigations to pages visited < 10 pages ago, usually using the back button), Firefox 1.5 implements a Back-Forward cache that retains the rendered document for the last few session history entries. This can be a lot of data. It's a trade-off. What you get out of it is faster performance as you navigate the web."
Bloggers Comment on addons.mozilla.org Review Process (MozillaZine)
MozillaZine considers ideas from Mozilla Bloggers about the review of browser extensions. "Several Mozilla Bloggers have recently expressed concerns about the review process for extensions at addons.mozilla.org. David Baron feels that crashes and memory leaks caused by extensions could change user perception of quality of Mozilla products as a whole. Unlike the Mozilla source code, extensions do not benefit from an extensive community review process."
Minutes of the Firefox Team Status Meeting (MozillaZine)
The minutes from the February 7, 2006 Firefox Team Status Meeting have been announced. "Issues discussed include status updates on planned Firefox 2 features, schedule revisit calling for a 2 week slip, decision to use dev-apps-firefox as the newsgroup/mailing list for discussion of development issues and action items for the upcoming alpha1 release."
Minutes of the mozilla.org Staff Meeting (MozillaZine)
The minutes from the February 6, 2006 mozilla.org staff meeting have been announced. "Issues discussed include Firefox 1.5.0.1 Feeback, Upcoming Releases, Firefox 2, Personnel and Marketing."
Miscellaneous
Gourmet 0.10.0 released (SourceForge)
Version 0.10.0 of Gourmet, a cross-platform recipe management application, has been announced. "Gourmet 0.10.0 involves a major rewrite of the database backend. Import is much faster now and we do much better with large databases. Update from old versions should be safe (we won't clobber the last database) but requires a bit of magic that isn't easy to package up nicely. So we're holding off on installers (.deb, .rpm, .exe) for the time being. "
Roundup Issue Tracker release 1.1.0
Version 1.1.0 of Roundup, an Issue Tracker application, has been announced. Changes include new features and some bug fixes.
Languages and Tools
Caml
Caml Weekly News
The February 7-14, 2006 edition of the Caml Weekly News is out with new Caml language articles.
Java
J2EE Without the Application Server (O'ReillyNet)
Guy Pardon discusses the operation of J2EE code without a server in an O'Reilly article. "Thanks to modern notions like inversion-of-control (IoC) and aspect-oriented programming (AOP) represented in lightweight containers like the Spring framework, the programming model for J2EE can be made a lot simpler and more elegant. Nevertheless, even with these tools, the application server still remains an important source of complexity and cost. This article proposes a further simplification of J2EE, by showing a way to eliminate the overhead of the runtime platform: the application server. In particular, this article shows that many applications no longer need an application server to run."
PHP
PHP Weekly Summary for February 13, 2006
The PHP Weekly Summary for February 13, 2006 is out. Topics include: SOAP bug?, pecl/spread, Standalone module build, Unsigned integers, The taming of the shrew, OSCON 2006, API docs, JANI missing from core, Iterator API change and Magic cmd /s.
Python
PyInstaller 1.1 released
Stable version 1.1 of PyInstaller has been released. "PyInstaller is a program that packages Python programs into stand-alone executables, under Windows, Linux and Irix. This is similar to the famous py2exe, but PyInstaller works with any version of Python since 1.5, it builds smaller executables thanks to transparent compression, it is multi-platform (so you can build one-file binaries also under Linux), and use the OS support to load the dynamic libraries, thus ensuring full compatibility." See the Change Log file for release details.
python-openid 1.0.4 announced
Version 1.0.4 of python-openid, a Python language OpenID library, has been announced. This is a maintenance release, it features bug fixes and other improvements.
Urwid 0.9.0-pre1 curses-based UI library for Python
Version 0.9.0-pre1 of Urwid, a curses-based UI library for Python, is out. "This is a development release intended only for those interested in working with the new Layout classes and those who want to help improve UTF-8 support."
Why Not Python?, Part 3 (Linux Journal)
Linux Journal presents part 3 in a series on learning Python by Collin Park. The series covers the creation of a Sudoku puzzle game. "ow it's time for this new Python user to do the hard work--code the program to fill in the blanks of Sudoku puzzles."
Dr. Dobb's Python-URL!
The February 13, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.
Building Decision Trees in Python (O'Reilly)
Christopher Roach works with decision trees with Python in an O'Reilly article. "This article introduces a popular and easy-to-use datamining tool called a decision tree that should help you solve your marketing dilemma. Decision trees are a topic of artificial intelligence. More specifically, they belong to the subfield of machine learning. This is due to their ability to learn--through example--to classify individual records in a data set."
Ruby
Ruby Weekly News
The February 12th, 2006 edition of the Ruby Weekly News looks at the latest discussions from the ruby-talk mailing list.
Tcl/Tk
Dr. Dobb's Tcl-URL!
The February 14, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.
XML
Open source Eclipse/SWT XForms engine released
Nuxeo has released the code for an XForms engine for SWT and Eclipse. "This engine will be used in the Apogee project recently submitted as a proposal to the Eclipse Foundation. Apogee aims at building a framework to create ECM-oriented desktop applications, independent from vendor or technologies. This framework could be used to create applications that will be integrated with Documentum, Interwoven, Nuxeo CPS or any ECM platform."
GovTrack.us, Public Data, and the Semantic Web (O'Reilly)
Joshua Tauberer uses XML to track US government legislation in an O'Reilly article. "No matter where you fall in debates over free software or DRM, there's one type of information that is unarguably meant to be free, and that's information about our government. The more knowledge citizens have about government the better. So how can we use XML and the Semantic Web to make it easier to get that knowledge, and to foster civic participation?"
Page editor: Forrest Cook
Next page: Linux in the news>>