Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LWN.net Weekly Edition for June 13, 2002SELinux and patents SELinux is a distribution produced by the U.S. National Security Agency. It is based on the Linux Security Module architecture (which is not yet part of the 2.5 kernel). SELinux provides a whole set of mandatory access control features to protect parts of the system from each other. There is no "root" user in SELinux. Even if a server process is compromised, it is highly limited in the damage it can do to the rest of the system.According to the license page, SELinux is freely distributable under the terms of the GPL. It looks like a high-quality and useful contribution to the Linux community. There is a potential problem, however. Much of the actual work in the implementation of SELinux was done by Secure Computing Corporation (SCC). SCC, in its implementation of SELinux, used a technology that it calls type enforcement. As it turns out, SCC has a patent on this technology. Concerns over the type enforcement patent are not new - they were first raised back in 2000. At that time, SCC put up an SELinux FAQ stating:
Question 6: Will SCC use its patent on Type Enforcement TM to
restrict use, future development, derivative work, or release of the
source code of the system?
There will be no restrictions on the use of TE by the Linux open source community.... We will release source code for all the modifications to the existing kernel and for a general-purpose security policy engine under the GPL. Recently, this page has been removed from the SCC web site - a move which should be of concern to anybody who is relying on web-based promises about access to patented technology. For now, the cached copy on Google is still available, though. Grab a copy while you can - web-posted promises can be ephemeral things. More recently, in a conversation on the Linux Security Module list, an SCC employee made a rather different statement:
SELinux includes Type Enforcement technology developed and patented
by the Secure Computing Corporation, who still holds rights to all
commercial use of the technology. Before a colo company, or anyone
else uses the technology commercially, it will be necessary to
negotiate a license with Secure Computing. If anyone wants to do
so, I can help get the ball rolling with our Legal and BD folks.
This, of course, puts a damper on many possible uses of SELinux, as well as negating any claims of GPL licensing. Projects which have used some of the SELinux code, such as the Debian SE effort, are having to reconsider. It would appear that SCC has not really decided what its policy is going to be; a message has been posted stating:
We would like to set the record straight with a clear statement,
and we will do that soon. However, we want to avoid creating more
confusion, so we are going to take a little time to reflect before
we respond. My initial response was intended to let people know
that the licensing issues have not yet been resolved.
So, SCC may eventually do the right thing (from the free software community's point of view) and preserve the free licensing of SELinux. (This cause will probably not be helped by sending inflammatory mail, by the way). Either way, this situation shows, yet another time, the sort of threat that software patents pose to free software.
Deersoft announces its existence A press release hit the wires on June 12: a new company called "Deersoft" was announcing existence as a spam-fighting company. Deersoft, as it turns out, is an attempt to commercialize SpamAssassin, a highly effective, free spam filtering system.SpamAssassin is certainly a good base to start with. We first started using it here at LWN some months ago; as one might imagine, LWN's public email addresses get substantial amounts of spam. SpamAssassin filters out the vast majority of that spam (though, we notice, its hit rate has fallen a little recently) with almost no false positives. The SpamAssassin developers have provided us a real service. Deersoft is following a reasonably common strategy for companies built around a free software package: offer a value-added, proprietary version of the program. In this case, Deersoft is selling "SpamAssassin Pro," which brings SpamAssassin's capabilities to Microsoft Outlook. A 30-day demo version can be downloaded from the company's web site. The idea of charging Outlook users as a way of supporting SpamAssassin development has a certain appeal. There is, however, a considerable list of contributors who were, it seems, not asked whether it was permissible to distribute their code under a proprietary license. SpamAssassin is licensed under the Artistic License, which is a little vague on just when this sort of distribution is allowed. LWN has talked with a couple of people who have contributed code to SpamAssassin; they recognize the significant role that Deersoft principal Craig Hughes has taken in SpamAssassin development and seem to not begrudge the use of their contributions in this manner. One hopes that development of the free version of SpamAssassin will continue. The press release makes encouraging noises in that regard:
Craig Hughes makes his ongoing dedication to the open software
community clear, "Deersoft is committed to supporting the open
source community, and is pleased to announce the release today of
SpamAssassin(TM) 2.3.0."
The lack of an actual 2.3.0 release on SpamAssassin.org as of this writing, one presumes, is just the result of some last-minute delays. Free software companies have had a hard time since the bubble burst; it really is harder to make money when the code is freely available. SpamAssassin is a great counterexample to the often-made claim that free software can only imitate, not innovate. Wouldn't it be nice if it also helped provide a good example of a successful business built around free software?
The Alexis de Tocqueville Institution report The report issued by the Alexis de Tocqueville Institution has been extensively covered elsewhere. For those who may have missed it, here are the core points:
There are persistent claims that this report was directly funded by Microsoft, though nothing has been demonstrated in any definitive way. For the curious, this PoliTech posting documents many of the (numerous) past ties between Microsoft and the Institution. (See also: this point-by-point rebuttal to the report by Leon Brooks).
Page editor: Jonathan Corbet Security Security news Security through obsolescence (Register) Robin Miller considers the virtues of mature software.
Here's an interesting way to secure an Internet-connected computer against
intruders: Make sure the operating system and software it runs are so old
that current hacking tools won't work on it.
An interesting read.
The New Debian Security Build Infrastructure Woody release manager Anthony Towns shares some information about the new security infrastructure. This new infrastructure is a critical component of the woody release.
Super-Secure Linux, Inch by Inch (Wired) Wired News covers the National Security Agency's Security-Enhanced linux (SElinux). "NSA's Wagner says that SELinux's adoption rate "has exceeded our original expectations. This release has also caused developers of non-Linux systems to consider incorporating similar controls based upon our earlier prototypes.""If you haven't seem it already, this week's LWN.net leading item is about SELinux and patents.
Complex Linux virus warning (vnunet) Vnunet covers cross-platform viruses, which might be able to infect Linux systems. "Although the virus was not the first of its kind to infect both Windows and Linux machines, it apparently moved virus-writing techniques "yet another step up the scale of complexity"."
New viruses aim to cross multi platforms (ZDNet) Robert Lemos worries that although the Simile.D cross-platform virus isn't much of a threat,the techniques it uses may be bad news. Simile.D is one of the few, so far, viruses with the "ability to jump from Windows to Linux and back again."
Support discontinued for SuSE 6.4 After Monday, June 17 2002, SuSE will will not provide security fixes for SuSE Linux 6.4 any more. With SuSE 8.0 in release, the announcement isn't a surprise.
Security reports Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 The Bugzilla team has issued a security advisory encouaging all Bugzilla installations to upgrade to the latest versions of Bugzilla released Jun 8th, 2002, 2.14.2 and 2.16rc2. " Various security issues of varying importance have been fixed in Bugzilla 2.14.2. Most of these were fixed already in 2.16rc1, a few were not."
Remote vulnerability in Mozilla 1.0 Tom Vogt has reported a frustratring problem with Mozilla 1.0 and earlier. A maliciously crafted stylesheet can cause the X server to crash or consume memory until stopped with a kill -9. Either way, it takes the desktop with it when it goes.
CBMS: XSS and SQL Injection holes Ulf Harnhammar reports that CBMS "is littered with XSS (Cross-site Scripting) and SQL Injection holes."
CBMS is a full featured client/billing system designed from the ground up to cater specifically to hosting providers. The softwares is a PHP script package which uses MySQL. Notable features include automated invoicing, client search, multiple customizable packages for clients and a client viewable real time invoice.
CGIscript.net - csNews.cgi has multiple vulnerabilities Steve Gustin has reported multiple vulnerabilities in the csNews.cgi script from CGIscript.net "Contact vendor for updated version, only allow completely trusted users to access the application, disable access to .style and *db files through Apache .htaccess files."
AlienForm2 CGI script arbitrary file read/write vulnerability Nick Cleaton reports that the AlienForm2 form to email gateway has a flaw which, subject to file permissions, allows an attacker to read and modify "any file on the server." A suggested fix is included.
Format string vulnerabilities in mmmail and mmftpd Guillaume Pelat has reported format string vulnerabilities in mmmail 0.0.13 and mmftpd 0.0.7. Updated versions which fix both problems are available. Mmmail supplies SMTP and POP3 daemons using MySQ and other features. Mmftpd is a secure FTP server
New vulnerabilities Ethereal buffer overflow, infinite loop and memory management vulnerabilities
LPRng accepts jobs from any host.
Updated vulnerabilities Heap corruption vulnerability in at
Denial of service vulnerability in version 9 of BIND
DHCP remotely exploitable format string vulnerability
Ethereal packet handling vulnerabilities
Remotely-exploitable buffer overflow vulnerability in fetchmail
GNU fileutils race condition
Ghostscript arbitrary command execution vulnerability
Buffer overflow problem in glibc
Buffer overflow in groff
UW imapd remotely exploitable buffer overflow
Problem loading untrusted images in imlib
Cross-site scripting vulnerability in Horde/IMP 2.2.7 and 3.0
Mailman 2.0.11 fixes two cross-site scripting vulnerabilities
Mozilla XMLHttpRequest file disclosure vulnerability
String format bug in pam_ldap logging
OpenSSH 3.2.2 fixes multiple vulnerabilities
UTF8 interaction bug in the perl-Digest-MD5 module
Remotely exploitable vulnerability in pine
Sharutils potential privilege escalation using uudecode
Malformed NFS packet buffer overflow vulnerability in tcpdump
Multiple vulnerabilities in tcpdump
Multiple vendor telnetd vulnerability
Multiple vulnerabilities in SNMP implementations
Uucp authentication agent, in.uucdp, bad string termination
webalizer: reverse DNS buffer overflow vulnerability
Webmin/Usermin vulnerabilities
Problems with libgtop_daemon
xchat IC server based dns query vulnerability
zlib corrupts malloc data structures via double free
Resources Using tcpserver with Mandrake Linux (MandrakeSecure.net ) Tcpserver is a secure replacement for inetd. This article is of interest to anyone who wants to use tcpserver on Linux allthough the it is, of course, specific to Mandrake Linux.
Linux Security Week and Advisory Watch The June 10th Linux Security Week and June 7th Linux Advisory Watch Newsletters from LinuxSecurity.com are available.
Pine 4.44 privacy patch A patch is available for Pine 4.44 that closes user name and id leaks due to automatic header line insertion. The patch is intended for use by "help desks and other role accounts."
Next Generation Secure Remote Log Servers over TCP (LinuxSecurity.com) Eric "Loki" Hines has written a "Comprehensive Guide to Building Encrypted, Secure Remote Syslog-ng Servers with the Snort Intrusion Detection System."
Events HiverCon 2002 Announcement HiverCon 2002 is scheduled for 26 and 27 November, 2002 in Dublin Ireland. The call for papers closes 6 September 2002.
Black Hat 2002 Speakers Announced The event is being held 31 July through 1 August 2002 in Las Vegas, Nevada, USA. " Richard Clarke, Special Advisor to President Bush for Cyberspace Security, will be one of the keynotes headlining the event."
Upcoming Security Events
For additional security-related events, included training courses (which we don't list above) and events further in the future, check out Security Focus' calendar, one of the primary resources we use for building the above list. To submit an event directly to us, please send a plain-text message to lwn@lwn.net.
Page editor: Dennis Tenney
Kernel development Current kernel release status The current development kernel is 2.5.21, which was announced by Linus on June 8. Changes include a big S/390 patch, a number of networking fixups, more kernel build changes (see last week's LWN Kernel Page), more driver model work, an NTFS update, some USB updates, and more. The long format changelog is available for those wanting the details.Note that the IDE reworking process left a bug in 2.5.21 which can, apparently, send "format" commands to IDE drives. Said commands do not actually get run - nobody's drive has actually been formatted. But this is a good reminder that development kernels can always be a little hazardous, especially when fundamental layers (like IDE) are in a state of constant flux. Linus's in-progress 2.5.22 patch (in BitKeeper) includes a big X86-64 update, a fix for a potential X86 security bug, an ACPI update, a new set of VFS and block device cleanups from Alexander Viro, a number of fixes for problems found by the Stanford Checker (see below), more IDE reworking, another set of kbuild fixes (not from kbuild-2.5), and more. The latest prepatch from Dave Jones is 2.5.20-dj4; it brings in some fixes from the 2.4.19-pre series and the new CPU "frequency scaling" code ("Handle with care, still experimental"). The current 2.5 kernel status summary from Guillaume Boissiere was posted on June 12. The current stable kernel remains 2.4.18. There have been no 2.4.19 prepatches or -ac patches released in the last week. For followers of ancient kernels, David Weinehall has released 2.0.40-rc5, the fifth 2.0.40 release candidate.
The return of the Stanford Checker We first looked at the "Stanford Checker" back in March, 2001. The Checker is a system built on top of gcc which analyzes large amounts of source code and looks for obscure errors. In the past, it has been responsible for many kernel bug fixes. The Checker team has been quiet for a while; now, perhaps with the end of the academic year, the group has returned with a new set of error reports.So what has the checker group found this time?
The Checker code itself remains unreleased, unfortunately. The Checker group does the kernel a great service by performing this testing and passing on the problems for fixing. But there are no end of other development projects out there that could benefit from this code. One can only hope that, someday, the Checker code will be more widely available.
DMA, small buffers, and cache incoherence Roland Dreier reported on an interesting class of bugs which can affect drivers on some architectures. This particular source of subtle bugs is worth a look as an example of how hard it can be to really make things work on modern hardware.All modern systems, of course, employ one or more levels of cache in the processor to cut down on slow accesses to main memory. One challenge with in-processor caching has always been to avoid doing the wrong thing when something other than the processor changes memory. On SMP systems, for example, any processor can write anywhere in memory, and the other processors have to adjust immediately. For that reason, SMP systems have elaborate schemes for moving "ownership" of cached data between processors. This "cache line bouncing" is effective but expensive; modern operating system kernels try to minimize the need for such bouncing. Another possible source of cache confusion is DMA I/O. Peripheral devices doing DMA can change memory directly and leave the processor cache in an incorrect state. Some processors (i.e. the x86) have a coherent cache which notices changes made by peripherals and automatically updates itself. Other processors have incoherent caches which can be fooled by DMA I/O operations. The Linux DMA support code has been very carefully written to hide cache coherence issues from driver code. If you use the primitives provided and follow the rules regarding processor access to DMA buffers, you will not be bitten by cache problems. The DMA code takes care of invalidating cache contents as needed so that caches never contain incorrect copies of main memory. That is the idea, anyway. Roland has found a situation where this protection does not quite work. Consider a driver which is using a structure like this:
struct iostruct {
...
int ifield;
char dma_buffer[SMALL_SIZE];
...
};
If this structure is allocated properly (with kmalloc, for example), then using the dma_buffer field in DMA operations is a legal thing to do. The problem is that other fields in the structure (such as ifield in the example above) may share a cache line with part of the buffer. Consider, then, a sequence of things that can happen:
At this point, the data in the processor cache does not match what is in memory. If the driver accesses the data in dma_buffer, it may well find old data that was in memory before the I/O operation took place. If the driver changes ifield, the processor could write back the (incorrect) cache data, corrupting the data in main memory. If the kernel simply invalidates the cache again at the end of the operation, it could lose changes made to ifield. There really is no correct thing to do at this point. The only way to deal with this problem is to not let it happen in the first place. A number of possibilities are being considered. One way, suggested by Roland, is to create a __dma_buffer attribute which can be used in the declaration of small buffers; on non-cache-coherent systems, this attribute would force the size and alignment of the buffer such that it would not share cache lines with any other data. Another approach is to require that all DMA buffers be allocated separately; the kernel memory allocation primitives already ensure that even the smallest buffers are properly aligned and padded. Yet another approach could be to simply disable caching for the page(s) in question while the operation is in progress; most architectures support this in their page tables. This approach could create performance problems, however (if the page in question has heavily-used data), and it could be complex. David Miller, who wrote much of the current DMA code, has a different approach. He thinks that this kind of subtle cache issue is a trap for driver writers that should be simply avoided altogether. Rather than come up with new ways of working around incoherent caches, it's better to just change the rules and tell driver writers to allocate their small DMA buffers using the "PCI pool" interface. This interface, which was added in 2.4.4, was designed for just this purpose: allocating small buffers for DMA. Rather than make driver writers deal with this sort of cache coherence issue - and watch some of them get it wrong, David would bury it in the PCI pool code. While no real resolution has been proclaimed, this last option appears to be the likely outcome.
A new way of ordering kernel initialization The Linux kernel is made up of a very large number of mostly independent modules. In general, these modules can be linked together and initialized (at boot time) in any order. There are cases, however, where initialization order matters. The memory management system generally needs to be set up early in the process, filesystems generally need a functioning block system to be ready first, etc. Some years ago, initialization order was handled with a big set of explicit calls in a single source file. This big file inhibited modularization and created a clash point for patches, and it was (mostly) eliminated some time ago.The current scheme involves marking initialization functions with variants of the initcall attribute. At link time, these functions are marshalled together into a special section of the kernel executable; the kernel finds them there at boot time and calls them all. As an added bonus, the initialization calls can generally be flushed out of memory once initialization is complete. This scheme is far more modular and easy to maintain, but the initialization order problem remains. In recent times that problem has been handled through a combination of hardwired calls and variants on the initcall macro. So, subsystems whose initialization calls are marked with core_initcall are initialized before those using, say, fs_initcall. These macros give a coarse solution to the problem, but initialization order problems can still show up. Now Rusty Russell has posted a new mechanism which allows kernel hackers to make initialization dependencies explicit. If driver1 must be set up before driver2 can be initialized, driver2 can simply mark its initialization call as:
initcall (driver2_init, driver2, init_after(driver1));
There is also an init_before marker, of course, along with
init_as_part_of for complicated subsystems. A new
build_initcalls script has the job of sorting out the dependencies
and creating an ordered list at kernel build time. The patch looks simple
and straightforward; initialization order problems could soon be a thing of
the past.
Patches and updates The LWN.net kernel patch ticker Since it was easy to do with the new site: there is now a new page where you can see the latest kernel patches as they get fed into our system. It is currently just an unorganized stream. We would like to hear if this feature is useful to anybody; if so, we may develop it further.
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Kernel building
Networking
Architecture-specific
Miscellaneous
Page editor: Jonathan Corbet
Distributions News and Editorials Something Different This is difficult column for me. While it may not be my last, in some ways I hope that it is. You see, after just over 3 years with LWN.net, I find myself looking for gainful employment.Gainful? With all credit to the fine folks that have donated to LWN.net, it has not been enough to pay salaries. Now my financial situation demands that I find an income, even if it means leaving LWN. I may still be around in some capacity or another, after all, I'm a vice-president of Eklektix, but I need to focus more of my energy on securing an income. The ideal job of my future should make use of my writing and editing skills. I have grown very accustomed to working from home, so I would like to continue to do that, at least part time. The Linux box and the DSL line are already here. My next job could also draw on my experience as a software engineer, my knowledge of Linux, or something else entirely. I am an eclectic person with a little knowledge in many different fields. Please see my resume for additional details.
Thank you,
Distribution News Debian News Woody release manager Anthony Towns shares some information about the new security infrastructure. This new infrastructure is a critical component of the woody release.For more information about the release, see the [2002-06-11] Release Status Update. Unofficial woody MiniCD images updated. LordSutch.com MiniCD images are available for alpha, i386, m68k, and PowerPC; updated to the current state of woody. The main change is the upgrade of dpkg to 1.9.21. There is also ipppd added for the benefit of ISDN users.
Mandrake Linux Community Newsletter - Issue #45 This week's Mandrake Linux Community Newsletter looks at MandrakeSoft OEM Offers; More Details on LinuxTag 2002; MandrakeClub Activities; Business Case of the Week; Mandrake in the News; Website of the Week; What's New at MandrakeSecure.net?; Security-related Software Updates; and Headlines from MandrakeForum.
Red Hat Linux Red Hat reports that multiple kernel bugs were fixed, including generic kernel bugs, x86-specific bugs, and IA-64-specific bugs. Relevant releases/architectures include: Red Hat Linux 7.1, 7.1k, 7.2 - athlon, i386, i586, i686, ia64.Updated toolchain and glibc packages for s390 are now available which contain the latest recommended patches by IBM as well as several other bugfixes.
SuSE Linux - Supported Distributions SuSE announced that support for the SuSE Linux 6.4 distribution will be discontinued with the release of the SuSE Linux 8.0 i386 FTP version.
Slackware Linux Progress on Slackware 8.1 continues. The third release candidate became available for testing on June 10, 2002. Visit the change log for more details. We've also included a review of 8.1rc2 in the review section below.
Trustix Secure Linux The Trustix Newsletter for July 2002 is available. It includes information about Trustix Linux Solutions, the Trustix Mileage program, and much more.Trustix has released several bug fix advisories this week. There has been package cleanup in apache and in mutt; an updated samba package corrects a problem with winbind and the storing of the *.tdb files; there are minor security fixes for the GNU fileutils package and the bzip2 package; and a minor bug fix in the imap package.
New Distributions DMZS-Biatchux Bootable CD The DMZS-Biatchux Bootable CD is a relatively new distribution, first making a public appearance on February 28 of this year. Biatchux is a portable, bootable CDROM distribution which aims to provide an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. BiatchUX-Lite v.0.1.0.7a-45 was recently released, with major feature enhancements.
Minor distribution updates Astaro Security Linux Astaro Security Linux has released stable version 3.200 with major feature enhancements.
GENDIST GENDIST has released v1.4.0 with major feature enhancements.
Gentoo Linux Gentoo Linux has released v1.2. Changes include installation fixes and countless updates to the Portage tree, including full KDE 3.0.1 (20020604) and GNOME 2 support.
Mindi Linux Mindi Linux has released version 0.63-7 with major bugfixes.
Netstation Linux Netstation Linux has released development version 0.8 with major feature enhancements. Version 0.8.2 was released soon after, with more feature enhancements.
ShareTheNet ShareTheNet, a distribution that allows just about any network software to use the Internet, is no longer being sold or supported. It is still available for download. ShareTheNet has moved to the Historical section of our distributions list.
TA-Linux sparc pre-0.2.0-test TA-Linux has released sparc pre-0.2.0-test for your testing pleasure.
ttylinux ttylinux has released version 2.2 with minor bugfixes.
Distribution reviews Taking Up the Slack(ware) (LinuxPlanet) LinuxPlanet reviews Slackware 8.1rc2. "Slackware devotees won't be disappointed with this release because most of what you have come to know and love about Slackware is still present in this release. The pending release of Slackware 8.1 might interest users of other Linux distributions, too."
Feature: Hardened Linux Puts Hackers EnGarde (Network Computing) Network Computing reviews several secure Linux distributions. "EnGarde walked away with our Editor's Choice award thanks to the depth of its security strategy, which covers nearly all the bases. Everything from the low-level mechanisms (binary integrity checking and stack protection) to high-level usability issues (including an excellent patching interface) demonstrate the serious effort the Guardian Digital crew has invested in EnGarde."
Engarde Secure Linux Pro 1.1 Review LinuxLookup reviews Engarde Secure Linux Pro 1.1. "Most people who know me often tell me that I am paranoid. I say that I have good reason to be. Hacker attacks and malicious code are just a few examples of why I am cautious with my computer systems. Guardian Digital's Engarde Secure Linux Professional offers a lightweight, robust, and secure Linux Distribution for small and large networks. "
ServerWatch Listing (With Download) for OpenLinux (internet.com) Here's a review on internet.com of Caldera's OpenLinux Server 3.1.1. "The price of this package would be justified for many administrators for the mere fact that it elimintes the need to collect all of the components. However, it also offers many other benefits, including one of the best installation programs we've seen for any type of server (not just Linux), a documentation server that allows access to the 380-page documentation set from any browser, a browser-based administration console that provides a secure GUI management console for the server from any browser, and a 60-day evaluation of the Volution systems management product."
Page editor: Rebecca Sobol
Development Mozilla 1.1 alpha released Following last week's release of Mozilla 1.0, Mozilla 1.1 alpha is now available. This represents a new development branch for Mozilla, the 1.0 branch is now the stable branch.New features for version 1.1 alpha include:
System Applications Database Software Mini SQL 3.0 Pre 5 Version 3.0 pre 5 of the Mini SQL database has been announced. See the release notes for all of the details.
Education SEUL/Edu report #72 Issue #72 of the SEUL/Edu Linux in Education Report is available. Topics include troubles submitting software to the BECTa Educational Software Database, a K12LTSP party, Bob Young's Lulu Tech Circus project, and more.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||