Monday, February 28, 2005

Free Software Magazine Volume 2

The second volume of Free Software Magazine has been released. Here is the articles included in the second volume :

Editorial
Your part-time job by Tony Mobily
"The trials and tribulations of being a “computer person”"

Focus
The history and future of SMTP by Kirk Strauser
"SMTP's adaptations to a hostile internet"

Filtering spam with Postfix by Kirk Strauser
"Effective ways to reduce unwelcome mail"

Mail servers: resolving the identity crisis by John Locke
"How to get Dspam, Postfix, and Procmail to play well together"

Tech world
Poking at iTunes by Chris J. Karr
"A developer's guide to the iTunes platform"

Why free IT management tools are gaining traction by Will Winkelstein
"Enterprises are increasingly receptive to free software alternatives for IT management"

Case study: Mythic Beasts by Tony Mobily
"A small company specialised in Linux servers and amazing support"

Interview with Bernhard Reiter at aKademy by Tom Chance
"What we can do to promote the future of free software"

Hard passwords made easy by John Locke
"Creating strong memorable passwords using mnemonic devices and word lists"

Word world
The FUD-based Encyclopedia by Aaron Krowne
"Dismantling fear, uncertainty, and doubt, aimed at Wikipedia and other free knowledge resources"

Guerrilla marketing by Tom Chance
"Part one: promoting community projects in the marketplace"

A law for free software by Maureen O’Sullivan
"Don’t we have enough laws already?"

The Libre Culture Manifesto by David M. Berry, Giles Moss
"A manifesto for free/libre culture"

Richard Stallman’s blog by Richard Stallman
"Selected entries from Richard’s blog, from November 2004 to December 2004"

You can download the PDF version

Sunday, February 27, 2005

Mozilla Firefox 1.0.1

After delaying the next 2.0 release until June 2005, Mozilla Foundation quickly responded the user's wish that they release another version of the Firefox Browser quickly to reflect changes or updates that should be applied in the next version of the most well-known browser around the world right now.

The Firefox security update is available for the 27 million users who have already downloaded the free browser. The Mozilla Foundation encourages all users to download the update, which is available now on all platforms at Mozilla's Website.

You are encouraged to download and install the Mozilla Firefox in your computer.
Windows User
Linux User
MacOS User

Saturday, February 26, 2005

phpBB 2.0.12

phpBB Group are pleased to announce the release of phpBB 2.0.12 the “Horray for Furrywood” release. This release addresses a number of bugs and a couple of potential exploits. It also adds a new feature in the form of an ACP based version checker (maintainers of language packages please take note of the need for the additional localised string!).

Please note, the exploits of which we’ve been notified and which are addressed in 2.0.12 are in absolutely no way to blame for the loss of www.phpbb.com which we are still extremely confident was the fault of an outdated awstats and kernel.

However one of the potential exploits addressed in this release could be serious in certain situations and thus we urge all users, as always, to upgrade to this release as soon as possible. Mostly this release is concerned with eliminating disclosures of information which while useful in debug situations may allow third parties to gain information which could be used to do harm via unknown or unfixed exploits in this or other applications.

As with previous releases three different packages are available:

* Full Package : Contains entire phpBB2 source and English language package
* Changed Files Only : Contains only those files changed from previous versions of phpBB. Please note this archive contains changed files for each previous release
* Patch Files : Contains patch compatible patches from the previous versions of phpBB.

Select whichever package is most suitable for you. Please ensure you read the INSTALL and README documents in docs/ before proceeding with installation or updates!.
Note to 2.0.3 users intending to use the patch file version. Users of 2.0.3 intending to use the patch version may (but not necessarily will) need to run fixfiles.sh (found in the contrib/ directory with the downloaded archive) before patching.

We recommend that all 2.0.3 users do a “dry run” patch first to see whether this you need to use this fix. To do this append –dry-run to the patch command, e.g. patch -cl -p1 –dry-run < phpBB-2.0.3_to_2.0.12.patch. This will prevent any permanent changes being made to your installation. If you experience numerous (literally dozens and dozens) of hunk failed messages this applies to you.

To correct this problem go to your phpBB root directory, copy the fixfiles.sh to this location, chmod u+x fixfiles.sh and type ./fixfiles.sh. This will strip windows style carriage returns present in the 2.0.3 source

What has changed in this release?

The changelog (contained within this release) is as follows:
* Added confirm table to admin_db_utilities.php
* Prevented full path display on critical messages
* Fixed full path disclosure in username handling caused by a PHP 4.3.10 bug - AnthraX101
* Added exclude list to unsetting globals (if register_globals is on) - SpoofedExistence
* Fixed arbitrary file disclosure vulnerability in avatar handling functions - AnthraX101
* Fixed arbitrary file unlink vulnerability in avatar handling functions -AnthraX101
* Removed version number from powered by line
* Merged database update files to update_to_latest.php file
* Fixed path disclosure bug in search.php caused by a PHP 4.3.10 bug (related to AnthraX101’s discovery)
* Fixed path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug - matrix_killer

Source : phpBB

Unfortunately, until now, the file isn't ready in the mirror site, even though it has been two days since the release date.

Friday, February 25, 2005

GNOME 2.8.3 Released

Another release of GNOME 2.8.x
Here is the email messages from GNOME Developers :

Hi.

I'm pleased to announce the immediate availability of the latest stable
release of The GNOME Desktop and
developer platform, 2.8.3.

This is the third and last maintenance release of the stable 2.8.x
series of GNOME and it contains a huge amount of bugfixes and other
improvements since the last release. Thanks to everyone involved in
making GNOME software better.

Detailed information about the changes in this release is attached.

Source:
http://ftp.gnome.org/pub/gnome/bindings/2.8/2.8.3/
http://ftp.gnome.org/pub/gnome/desktop/2.8/2.8.3/
http://ftp.gnome.org/pub/gnome/platform/2.8/2.8.3/

Bugs should be filed in bugzilla:
http://bugzilla.gnome.org/

Cheers
Kjartan Maraas


For Updated Packages, please refer to LWN, since it is too long to be displayed here.

Thursday, February 24, 2005

Task For Internet and Multimedia

I took Internet and Multimedia class this semester, while it should be taken last year, but i skipped it. My first task was to make a papers and to present an overview about streaming protocol (RTCP, RTP, RCP). I have found the material, downloaded from the RFC-Editor, a special website that holds a database for RFC documents. These protocol has been standarized, so it was easy to search for them.

The Requests for Comments (RFC) document series is a set of technical and organizational notes about the Internet (originally the ARPANET), beginning in 1969. Memos in the RFC series discuss many aspects of computer networking, including protocols, procedures, programs, and concepts, as well as meeting notes, opinions, and sometimes humor.

The second task is creating a small tutorial using Flash or making a presentation using SMIL (Synchronized Multimedia Integration Language). I have never used SMIL before, so i have no idea what is this about, but here is the summary taken from W3C website :

The Synchronized Multimedia Integration Language (SMIL, pronounced "smile") enables simple authoring of interactive audiovisual presentations. SMIL is typically used for "rich media"/multimedia presentations which integrate streaming audio and video with images, text or any other media type. SMIL is an easy-to-learn HTML-like language, and many SMIL presentations are written using a simple text-editor.

Based on that summary, i can get an image of what is about. Until now, i still don't have the topics to be made with that SMIL. We will see in the next few days.

Wednesday, February 23, 2005

IPv6 Firewall in Linux Kernel

Firewall features already available in IPv4 will be added to IPv6 protocol in Linux, but not until later in the year. Version 2.6.12 of the Linux kernel is likely to include packet filtering that will work with IPv6, the latest version of the Internet Protocol.

Netfilter/iptables, the firewall engine that is part of the Linux kernel, already allows stateless packet filtering for versions 4 and 6 of the Internet protocol, but only allows stateful packet filtering for IPv4. Stateful packet filtering is the more secure method, since it analyses whole streams of packets, rather than only checking the headers of individual packets -- as is done in stateless packet filtering.

Harald Welte, a developer on the Netfilter project and maintainer of the packet filter subsystem in the Linux kernel, said last week that a considerable amount of work went into adding IPv6 functionality, as parts of the code needed to be rewritten to create a plug-in architecture which would allow the packet filter to work with either IPv4 and IPv6.

This plug-in architecture also means that developers can write plug-ins for older network protocols such as IPX, the protocol used by old versions of the Novell NetWare operating system and DECnet, the Digital Equipment Corporation's network protocol.

The IPv6 packet filter will not be available in the next stable release of the Linux kernel, 2.6.11, but is expected to be available in the subsequent version of the kernel, said Welte.

"The kernel development team are still stabilising 2.6.11," said Welte. "Nobody would accept a big patch like this when they are stabilising the release. As soon as 2.6.11 is out we will submit the IPv6 packet filter."

Before being accepted into the Linux kernel, the packet filter must be accepted by David Miller, the maintainer of the IP networking layer, who will then pass it on to Linux founder Linus Torvalds, who is the lead maintainer of the Linux development kernel.

The 2.6.12 kernel is likely to be available in May or June, although it is difficult to anticipate the timing, according to Welte.

"The kernel release schedule is like the stock market -- you can never tell when things will happen," said Welte.

The IPv6 packet filter, known as nf_conntrack, is available for testing from the Netfilter Web site.

Tuesday, February 22, 2005

8051 Micro Controllers

This semester i took Embedded Class with Mr. Hendro Setiadi as the lecture. He taught me Robotic class last semester and i'm interested in his latest class, Embedded System. In this class, i studied about 8051 micro controller and assembly programming language. It was quite fun and also confusing, since i'm not used to make a program in assembly language. The bad thing is assembly language is some kindda dangerous if you make a fatal error while you are dealing with hardware.

I have borrowed his books and made a copy of it. It was quite a simple and good book. I will read them more tonight. It's fun to learn new things.

Monday, February 21, 2005

Downgrade Again

After testing my web application after i upgraded MySQL into 4.1.10, i found everything works fine, but that's only the start of a new problem. Even though the PHP files can connect to the MySQL server, it wouldn't allow you to login (perhaps because i convert them with the fix_privileges_table scripts), so i couldn't update any data from my application, except for PHPMyAdmin. This is bad, since i couldn't make a web-based application that uses a login form.

So, i decided to downgrade my MySQL installation into 4.0.23, as my previous installation, since MySQL 4.1.x does not suit me. It is way to complicated and not suitable for me who only need a simple Database Server to make a web-based application. I stopped the MySQL services, remove the service, uninstall the MySQL, and install the previous MySQL Version 4.0.23, copy my databases, restart MySQL, and it came back to normal activity. Maybe i'll stick with MySQL 4.0.x for a while, since it also a production ready.

If you build your own database from scratch, perhaps MySQL 4.1.x is the best option for you, but if you have an existing application, or you runs a production server, upgrading to MySQL 4.1 is not the perfect way unless you have think about the risk and the preventions.

Sunday, February 20, 2005

Bad Day

Yesterday i had an awful day. I went to my campus lab at 8 AM and downloaded MySQL 4.1.10 and it took me three hour to finish the download, since it was so crowded and many students also download so many programs and browsing to many web sites. Luckily, i use Internet Download Manager that boost up my download speed rate. After that, i had a training for a database class at 12 PM and then continued by helping my friend to watch a test for digital class.

In the evening, i tried to upgrade my MySQL 4.0.24 into MySQL 4.1.10 and got stuck on the authentication problem. phpMyAdmin was unable to load, every web application stucked and won't even connect to database. Unfortunately, i couldn't fix it because i was out of time, since i have to go to my girlfriend's house and we went somewhere to have a date. When i want to go home, i had a flat tire and i have to fix it for a moment. It took me about 15 minutes, since it was quite dark and i had to do it alone.

The good news was i was able to fix my MySQL installation by looking at MySQL's support page. Now i'm running the latest MySQL database version, 4.1.10. It's worth to upgrade, but please backup your database and be prepared for the worst scenario like i did yesterday.

Saturday, February 19, 2005

WordPress 1.5

One of the well-known Blog System, WordPress has released their latest version, 1.5 on Febaruary 17 2005. This release is named “Strayhorn” in honor of Billy Strayhorn the pianist and sublime composer who worked closely with Duke Ellington and wrote tunes like “Take the A Train” and “Lush Life.” Here are the key areas in Strayhorn taken from their announcement page:

Templates and Site Customization

In the past the template system was simple to grasp but complicated to extend, especially if you wanted to create different templates for different sections of your site. In 1.5 we have created an incredibly flexible theme system that adapts to you rather than expecting you adapt to it. You can have your entire weblog run through a single file, just like before, or you can literally have a different template for every single different category. It’s as much or as little as you want. We’ve also broken common site elements like headers, footers, and sidebars into their own files so you can make a change in one place and see it everywhere immediately. As a quick example of how easy the new system is, let’s say that you ported your old template to a 1.5 theme and then decided that you wanted your permalink pages to work differently than your front page, simply drop a file called single.php into your directory and WordPress will automatically use it instead of the main template when on a permalink page. That’s it.

Of course we wanted to showcase the new flexibility with a new theme that took full advantage of it and was aesthetically pleasing to boot, so the new default theme for WordPress is the beautiful Kubrick by Michael Heilemann. For people who want to get their feet wet but not build a theme or design from scratch, Kubrick provides a fantastic foundation that has already inspired quite a bit of creativity. You can switch between themes with a single click.

Control Your Comments

For many comments are the best part of weblogging, they enable easy and transparent interaction to take place between you the author and your audience. However some unsavory characters have made this open interaction more of a burden than a blessing. WordPress 1.5 aims to bring the joy back to comments. First we’ve made everything much more secure by default using a new option we call “emergent registration” or “automatic whitelisting.” What it does is the first time someone comments they are automatically held in moderation unless you’ve approved something from them before. This means that your regular visitors don’t have to wait for you to manually approve each comment they make, thus slowing down the conversation, but you still can ensure that a drive-by comment vandal will never show up on your site. This is enabled by default, so that also means if you forget about your blog for a little while you won’t come back to find your domain a nest of spam (which begets more spam). This works for trackbacks and pingbacks too, and we even go the extra step of whitelisting domains that are in your blogroll.

Everything In Moderation

Many of you let us know that the moderation feature of WordPress was working great in catching your spam, but you still had to deal with spam even though it never got on your site. Well first we streamlined the comment management tools so it’s really easy to deal with hundreds or thousands of comments, trackbacks, and pingbacks at once, but we also added a blacklist option. There has been some really disgusting spam going around, and most of us can be certain that under no circumstances would we want some terms on our website, unlike moderation which is for things that may be risque but may also occur in a normal conversation. When something hits your blacklist you never even have to see it. (Even though we do save it for later analysis.) We’ve also added code for checking for insecure proxies, which how the large majority of spammers leave comments while hiding their identity, which we now block by default.

Conversation Registration

Finally we’ve integrated our user system and comment system much closer. You can now specify that you only want comments from people that have verified their email and registered on your weblog, without any dependencies or having to share any data with third-party external systems. We revamped the registration and login system to make this as seamless and easy as possible. When someone is logged in we also tweak the comment form just for them. You could combine this with something like the plugin that hides posts from lower-level users and have a very well-protected weblog.

Manage More Than Your Blog

Another thing we observed and heard was that you wanted to use the elegant WordPress interface to manage more of your content than just your blog. In other systems people would get around limitations by making everything a post and playing with templates in bizarre ways, which you can do with WordPress too, but sometimes you don’t want a template or another post—you want a page. In 1.5 we added the “pages” feature which allows you to run your entire site through WordPress, if you want. For example, you could create a page called “About” and it would be automatically added to your sidebar and the link would be example.com/about/ and then you could create a sub-page of that called “My Dog” which would live at /about/my-dog/. You can have two pages or a thousand, manage your blog and a few photo pages or an entire corporate intranet 20 levels deep.

Keep Up With the Latest

The new Dashboard feature in your admin panel keeps you up to date with the latest happenings on your blog and the most important news from around the WordPress world, keeping you connect to the latest developments, updates, news, and enhancements.

There’s More Still…

There are tons of things that for whatever reason just aren’t right for the core WordPress distribution, but that’s okay. You want us to stay small and fast and we want you to have every feature you could possibly imagine, which is why we’ve expanded the internal API for plugin developers to use by hundreds of “hooks” into the very deepest parts of WordPress. Plugins can now integrate with the rest of the administration interface easily and do more then they ever could before. We’ve also created a great collaborative enviroment for plugin developers to create plugins just like WordPress is developed, and moving forward we’ll be creating an easy user interface for you to find and use the hundreds of plugins available for WordPress.
Under the Hood

In addition to all of the features above, we made significant improvements and optimizations to core pieces of WordPress code, following our “Code is Poetry” mantra. Amazingly, if you remove the extra templates we ship with now, this release of WordPress is actually smaller than 1.2, despite adding dozens of new features. Our testing team gave the code a thorough workout too — hundreds and hundreds of bugs have been fixed since 1.2.2. WordPress is now leaner, faster, and more secure then ever before, and we’re committed to continuing that trend.

Friday, February 18, 2005

CVS to SubVersions?

I have been using CVS (Concurrent Versions System) for several months, since i joined the Indonesian OOo Documentation Project and my role in the OOo was upgraded to Developer so i can manage the Indonesian page by myself via CVS. I also use CVS to manage the Indonesian Mandrakelinux translation project. But now, i was curious about Subversion, the compelling replacement for CVS that was recommended by many developer or sites in the Internet.

Well.. here is the Subversion's description :
The goal of the Subversion project is to build a version control system that is a compelling replacement for CVS in the open source community. The software is released under an Apache/BSD-style open source license.

Subversion's Features

Most current CVS features.
Subversion is meant to be a better CVS, so it has most of CVS's features. Generally, Subversion's interface to a particular feature is similar to CVS's, except where there's a compelling reason to do otherwise.

Directories, renames, and file meta-data are versioned.

Lack of these features is one of the most common complaints against CVS. Subversion versions not only file contents and file existence, but also directories, copies, and renames. It also allows arbitrary metadata ("properties") to be versioned along with any file or directory, and provides a mechanism for versioning the `execute' permission flag on files.

Commits are truly atomic.

No part of a commit takes effect until the entire commit has succeeded. Revision numbers are per-commit, not per-file; log messages are attached to the revision, not stored redundantly as in CVS.

Apache network server option, with WebDAV/DeltaV protocol.

Subversion can use the HTTP-based WebDAV/DeltaV protocol for network communications, and the Apache web server to provide repository-side network service. This gives Subversion an advantage over CVS in interoperability, and provides various key features for free: authentication, path-based authorization, wire compression, and basic repository browsing.

Standalone server option.

Subversion also offers a standalone server option using a custom protocol (not everyone wants to run Apache 2.x). The standalone server can run as an inetd service, or in daemon mode, and offers basic authentication and authorization. It can also be tunnelled over ssh.

Branching and tagging are cheap (constant time) operations
There is no reason for these operations to be expensive, so they aren't. Branches and tags are both implemented in terms of an underlying "copy" operation. A copy takes up a small, constant amount of space. Any copy is a tag; and if you start committing on a copy, then it's a branch as well. (This does away with CVS's "branch-point tagging", by removing the distinction that made branch-point tags necessary in the first place.)

Natively client/server, layered library design

Subversion is designed to be client/server from the beginning; thus avoiding some of the maintenance problems which have plagued CVS. The code is structured as a set of modules with well-defined interfaces, designed to be called by other applications.

Client/server protocol sends diffs in both directions

The network protocol uses bandwidth efficiently by transmitting diffs in both directions whenever possible (CVS sends diffs from server to client, but not client to server).

Costs are proportional to change size, not data size

In general, the time required for a Subversion operation is proportional to the size of the changes resulting from that operation, not to the absolute size of the project in which the changes are taking place. This is a property of the Subversion repository model.

Choice of database or plain-file repository implementations
Repositories can be created with either an embedded database back-end (BerkeleyDB) or with normal flat-file back-end, which uses a custom format.

Versioning of symbolic links
Unix users can place symbolic links under version control. The links are recreated in Unix working copies, but not in win32 working copies.

Efficient handling of binary files

Subversion is equally efficient on binary as on text files, because it uses a binary diffing algorithm to transmit and store successive revisions.

Parseable output
All output of the Subversion command-line client is carefully designed to be both human readable and automatically parseable; scriptability is a high priority.

Localized messages

Subversion uses gettext() to display translated error, informational, and help messages, based on current locale settings.

After reading Subversion's version, what is you opinion? Which one is better? Please write down you answer on the comments page. In my opinion, Subversion will be a good replacement for CVS, but unfortunately, the migration is not that simple for those who has conducted CVS for a long time. It will be suited for new big project who is looking for a versioning system.

Mozilla Firefox Downloaded 25.000.000 Times

Mozilla Firefox has hit the 25 million download mark. By the end of yesterday, 99 days after the release of Firefox 1.0, the browser had been downloaded 25,105,560 times. In the Mozilla Foundation press release about the 25 million milestone, Mitchell Baker says, "Firefox is being rapidly adopted by the mainstream, with this audience embracing Firefox as a more user-friendly web browsing solution." Asa Dotzler has published some download charts and we're assured that Spread Firefox will have something later.

Update: Spread Firefox has announced a series of celebrations to mark the 25 million downloads. Until 11:59pm EST on Thursday (4:59am UTC on Friday), several items at the Mozilla Store will be available for 25 percent off (disclosure: MozillaZine has a commercial partnership with the Mozilla Store). In addition, Coins for Anything has donated 100 special commemorative coins: 25 will be awarded to the most active members of the Spread Firefox community (full details on the site) and the other 75 will be "distributed according to a different set of criteria".

Thursday, February 17, 2005

New Standalone IE for XP

In a complete about-face, Microsoft Corp. has decided to deliver a new, standalone version of its Internet Explorer browser in order to stem potential customer defections due to security and feature concerns. But the news that IE 7.0 will be available only to Windows XP SP2 (Service Pack 2) customers isn't likely to sit well with security experts who argue that the threat from the Firefox browser is at the center of Microsoft's aggressive anti-spyware and anti-virus plans.

On Microsoft's IE group blog, company officials acknowledged they had received some requests for an IE refresh for older versions of Windows, including Windows 2000. The response? "Right now, we're focused on XP SP2. We're actively listening to our major Windows 2000 customers about what they want and comparing that to the engineering and logistical complexity of that work," wrote Dean Hachamovitch, the head of the IE team. Hachamovitch added that Microsoft is now discussing its plans for an IE 7.0 release "because our customers and partners have asked us, with increasing urgency, what our plans are. We want to convey our intentions to our customers and partners clearly and in a timely way. "

Gates told keynote attendees that the company plans to launch a first beta of its Microsoft Update patching service in March. Microsoft Update is the successor to Windows Update, and will allow users to patch not only Windows, but also Office 2003 and Exchange Server 2003. Gates also announced during his keynote address that Microsoft will deliver the personal version of Windows AntiSpyware for free. He added that Microsoft released to manufacturing the enterprise edition of its Internet Security & Acceleration (ISA) Server 2004 product, and that a second version of the Microsoft Baseline Security Analyzer tool for identifying common security misconfigurations should be available by mid-2005. And Microsoft is working to release the final version of Service Pack 1 for its Rights Management Services technology by mid-year, a company spokeswoman added.

Microsoft officials for months had been telling customers and partners that Microsoft had no plans to upgrade IE until the company rolled out its Longhorn client operating system in 2006. At the most, Microsoft might introduce some minor downloadable IE add-ons before then, officials said last year. In justifying its decision against upgrading, Microsoft had argued in antitrust cases in both the U.S. and Europe that IE was an inextricable part of the Windows operating system, and no longer a standalone product. But with the numerous viruses, worms and other security problems that have become an increasing plague for IE users, Microsoft decided to change its course. The fact that Firefox has been making steady market share gains on IE over the past few months no doubt also helped Microsoft to deliver an updated IE release. According to the latest market data from WebSideStory, IE has about 92 percent of the browser market, and Firefox now has more than 5 percent.

Three weeks ago, Microsoft began informing selected partners that it was rethinking its self-imposed ban on doing a new standalone version of IE. According to sources close to Microsoft, the decision to refresh IE came none too soon, with some major Microsoft customers threatening to move to Firefox if Microsoft failed to do so.

During his keynote, Gates said that Microsoft has distributed worldwide more than 170 million copies of the XP SP2 Windows operating-system update since it first began shipping it in August 2004. Microsoft customers also have downloaded more than six million copies of Windows AntiSpyware, since Microsoft released a first beta of that technology on January 6 of this year, according to the company.

That's the good news. The bad news is it's not yet clear if IE 7.0 will include nonsecurity enhancements that Web developers have been demanding. Those include fixed positioning in CSS (Cascading Style Sheets) and improved support for PNG (Portable Network Graphic).

Wednesday, February 16, 2005

Mandrakesoft's Itanium 2 services

As a new testament to its commitment to Open Source, Mandrakesoft is giving back to the community the experience it has acquired on Itanium 2 architecture through the 2-year european project (ITEA HYADES).
Mandrakelinux for Itanium 2 Beta is available for download as a DVD iso file at:
http://www.mandrakelinux.com/en/itanium2.php3.

This beta version includes more than 3000 packages compiled for Itanium, including several cluster oriented programs, as well as a specific installation process for this architecture. Given its beta status, this release is likely to have several bugs.

Mandrakesoft's consulting department conducts made-to-mesure developments building upon Mandrakelinux for Itanium 2. Areas of applications are unlimited, including:

* Serialization on clusters using the "clic" technology
* Certification for your hardware
* Realtime computing

Please contact consulting@mandrakesoft.com for more information.

Tuesday, February 15, 2005

Wonderfull Valentine Celebration

Yesterday i went to Blue Beach to celebrate Valentine day with my girlfriend. I went to her house at 7 PM, a little bit late (usually i came at 6.30 PM) because i had to pick up my mother first. When we reached in place, there was some changes made to it and they also invite some local band group to perform a live music on a small stage. The band group was quite dissapointing in my personal opinion, since the sound was beaten by the music, so i couldn't hear it clearly.

They have prepared a special menu for the Valentine day, and that wasn't expected by my girlfriend, since she had her own plan to order a special menus for us. She was quite dissapointed and a little bit upset, but i managed to calm her down. When we finished our eating, we left, but the band group sang one of the popular song from Peterpan. I love it, but i already left that place. Too bad..

We drove to Malioboro Mall to do some hang out and she took her order in one of the shop, which was a card and also a photos. Finally, we went to book rental and borrow some comics book.

Well.. it was a wonderfull Valentine Celebration with my girlfriend.

Monday, February 14, 2005

Happy Valentine

For they who celebrate a Valentine day with their boy/girl friend, i wish you had your best Valentine day ever. Don't forget to buy a chocholate and also a beautifull flower for your girlfriend. Give your couple the warmest hug and also romantic kiss (if you are up to 17 years and older).

For they who don't have a boy/girl friend, don't worry, Valentine can be celebrated with everyone, including your parents, friends, or even your enemy. You can solve many problems on the Valentine day, since it is all about love and carrying.

Sunday, February 13, 2005

Interesting Meeting

Today is the first official meeting after new boards were agreed in the latest MUBES. This mourning, as usuall in the KPTU UGM, we held a new bi-weekly meeting called JEMUAH and suprisingly, today's attendant was much more than normal. We usually had 5-7 person who came to the meeting, but today, it was more than 20 i guess.

The meeting started at 10 AM (from 9 AM in the schedule) and in the first section, we had an introduction, since there were some new guy who has joined us, so it's important to introduce ourselves to them and what we do. After that, we shared a lot of things, mostly about our internal organization and also activities in the future. In the last section, our leader, Iwan Setiawan presented a LVM (Logical Volume Manager).

Next two week, i will do a presentation about CVS (Concurrent Version System) along with Fathir that will help me doing the screen capture. Let's hope that the presentation works well.

Saturday, February 12, 2005

Spammer In WordPress

Lately, our website (Jogja Linux User Group) has received a huge amount of spam related to sex by a bunch of spammers around the world. The IP address is changing all the time and they changed the trackback entries, but they all related to sex. Luckily my friend has set a plugin that will block a trackback if they matches any bad word. He set all bad word from the previous trackback and change the URL into http://www.google.com, and put them in the moderation status, so we can approve or reject it (we usually delete it, since it is out of the topic).

We are using WordPress in our website and i think that they (the spammers) are using robots or automated scripts to fill in the trackback entries. I wish that there were a plugin that automatically detects a spammer and block their IP address. Just wishing....

Friday, February 11, 2005

Double Dragon

I replaced my father to attend the SanMob show this evening, after i finished my Internet and Multimedia class at 6 PM. I went to my girlfriend's house to picked her up and i got there at 6.40 PM. The show started at 7.30 PM and finished about 9.30 PM. It was a good show and good place also. The show was held on the Pasific Hall, the newest multi purpose building, such as for wedding and meeting.

The food was good, the singer was great, and the best of all was the Chinnesse dragon 'Liang Liong' and Chinnesse tiger 'Siam Si' show, presented by Naga 9 Indonesia. It was the best show in all of the SanMob event today. There were three Chinnesse tigers and a double dragons on the final show. It was really great show. The dragon was filled with phosfore, so they glow in the dark. They performed a wonderfull attraction that amazed a lot of people who came and stayed until the last show began. We couldn't gave them a standing applause, since it's not usuall for Indonesian people to give a bigger appreciation of traditional culture. It is so pitty.

Thursday, February 10, 2005

New FreeBSD Daemon Logo

The FreeBSD core team has announced a public competition to design a new logo to replace the current BSD daemon logo. The new logo will be used on the FreeBSD website, software media labels, printed media, hardware equipment, and more. The winner of the contest will receive $500." It's too early for an April Fool's Joke; according to the contest page, "this daemon character seems cute from somebody's point of view, but somebody may think which does not suit for the professional products to indicate that are using the FreeBSD inside."

If you have experience sense of arts and capable of using imaging software like Adobe Photoshop, GIMP, or CorelDraw, you can join this contest and win $500 for your account. For now, you can visit http://logo-contest.freebsd.org/ for more information (it soon will be FreeBSD's official website for the new logo contest).

Wednesday, February 09, 2005

Happy Chinnesse New Year

Today is the chinnesse new year that reflects a new year in Chinnesse Calendar. It is not the same calendar that we used in normal day, since the new year date is changing every year. This year will be chicken's year. I wish you had a great year and full of prosperity blessed from the Lord. Don't forget to share with others who needs our help.

I had a great dinner last night with all of my family on my house after i got back from teaching the database lab class. After that, i continued by playing billiard with my uncle until 9.30 and i started to boot up my computer and continued my Mandrake project by revising a po file (used for translation/localization). It wasn't finished yet, since i still have to finish about 6000 lines again (it will be finished today or perhaps tommorrow). You can the progress on the Indonesian Mandrakelinux Translation Page

Tuesday, February 08, 2005

Slackware 10.1 Released

After Patrick J. Volkerding recover from his mysterious ill early this year, he started to work on Slackware and here is the result : Slackware Linux 10.1, the latest version of Slackware. Here is the official announcement :

Announcing Slackware Linux 10.1!

The first Slackware release of 2005, Slackware Linux 10.1 continues
the long Slackware tradition of simplicity, stability, and security.

Among the many program updates and distribution enhancements, you'll
find two of the most advanced desktop environments available today:
Xfce 4.2.0, a fast and lightweight but visually appealing and easy
to use desktop environment, and KDE 3.3.2, the latest version of the
award-winning K Desktop Environment. GNOME 2.6.1 with several
upgrades and bug fixes compared with Slackware 10.0 is also included.

Slackware uses the 2.4.29 kernel bringing you advanced performance
features such as the ReiserFS journaling filesystem, SCSI and ATA RAID
volume support, SATA support, and kernel support for X DRI (the Direct
Rendering Interface) that brings high-speed hardware accelerated 3D
graphics to Linux. Additional kernels allow installing Slackware
using any of the journaling filesystems available for Linux, including
ext3, ReiserFS, IBM's JFS, and SGI's XFS. For those Slackware users
who are anxious to try the new 2.6.x kernel series, it is fully
supported by the system. A precompiled Linux 2.6.10 kernel, modules,
and source code are provided (along with complete instructions on how
to install the new kernel).

From the beginning, Slackware has offered a stable and secure Linux
distribution for UNIX veterans as well as an easy-to-use system for
beginners. Slackware includes everything you'll need to run a
powerful server or workstation. Each Slackware package follows the
setup and installation instructions from its author(s) as closely as
possible, offering you the most stable and easily expandable setup.

Here are some of the advanced features of Slackware 10.1:

- Runs the 2.4.29 version of the Linux kernel from ftp.kernel.org.
Special kernels were prepared to support hardware such as SCSI
controllers, SATA controllers, USB keyboards and mice, parallel-port
IDE devices, IBM PS/2 machines with the Microchannel bus, and even
speech synthesizers providing access to Linux for the visually
impaired community. The performance of the 2.4.x kernel series
along with Slackware's track record of careful attention to system
security make it the perfect choice for running your production
servers.

- As an alternate choice, Slackware 10.1 includes Linux 2.6.10
source, kernel modules, and binary packages, along with the
mkinitrd tool and instructions on using it to install the
new kernel (see /boot/README.initrd). When running a 2.6
kernel, Slackware supports udev. This is a system for
creating devices in /dev dynamically, greatly reducing device
clutter and making it easy to see what devices are actually
present in the system.

- System binaries are linked with the GNU C Library, version 2.3.4.
This version of glibc also has excellent compatibility with
existing binaries.

- X11R6.8.1
This is the current release of the X.Org Foundation's X Window
System. The 6.8.1 version is a new release that includes
additional hardware support, functional enhancements and bug fixes.
Font rendering is improved yet again with recent versions of
fontconfig and freetype. Through the generosity of Bitstream,
Inc., the Vera truetype font family is included as well providing
pleasing default fonts out of the box.

- Major enhancements to the printing system include new versions
of CUPS (1.1.23) and LPRng (3.8.28). Two IJS servers (printer
driver suites for Ghostscript) are available in this release:
HPIJS, which supports more than 230 HP Inkjet printer models
(compared with 200 supported in Slackware 10.0), and Gimp-Print,
offering support for hundreds of printers from Canon, Lexmark,
HP, Epson, and other manufacturers.

- Installs gcc-3.3.4 as the default C, C++, Objective-C, Fortran-77,
and Ada 95 compiler. gcc-3.4.3 is available as an alternate choice.

- Support for fully encrypted network connections with OpenSSL,
OpenSSH, and GnuPG.

- Apache 1.3.33 web server with Dynamic Shared Object (DSO) support,
SSL, and PHP.

- PCMCIA, CardBus, and APM support for laptops. (pcmcia-cs-3.2.8).
Slackware also now includes hotplug support. This locates and
configures most hardware automatically as it is added (or removed)
from the system. It also loads the kernel modules required by
sound cards and other hardware at boot time.

- New development tools, including Perl 5.8.6, Python 2.4, and
graphical tools like Qt designer, KDevelop, and Glade.

- Updated versions of the Slackware package management tools make it
easy to add, remove, upgrade, and make your own Slackware packages.
Package tracking makes it easy to upgrade from Slackware 10.0 to
Slackware 10.1 (see UPGRADE.TXT). The slackpkg tool in /extra can
also help update from an older version of Slackware to a newer one,
and keep your Slackware system up to date. In addition, the new
slacktrack utility (in extra/) will help you build and maintain
your own packages.

- Web browsers galore! Includes Netscape Communicator version 7.2,
Konqueror 3.3.2, and Mozilla 1.7.5 (with anti-aliased font support
and built-in junk email filtering).

- The complete K Desktop Environment (KDE) version 3.3.2, including
the KOffice productivity suite, networking tools, GUI development
with KDevelop, multimedia tools, the Konqueror web browser and
file manager, dozens of games and utilities, international language
support, and more.

- A collection of GTK+ based applications, including abiword-2.0.12
(upgraded from version 2.0.6 in Slackware 10.0), gaim-1.1.2,i
gimp-2.2.3, gkrellm-2.2.4, gxine-0.4.1, and pan-0.14.2.91.

- Large repository of extra software packages compiled and ready to
run. This includes various window managers, support for 3Dfx gaming
cards, OpenMotif-2.2.2, the K3b CD burning application for KDE,
the Java(TM) 2 Software Development Kit Standard Edition,
libsafe (advanced buffer overflow protection for additional
security), ISDN support, additional 802.11 drivers, and much more
(see the /extra directory).

- Many more improved and upgraded packages than we can list here. For
a complete list of core packages in Slackware 10.1, see this file:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/PACKAGES.TXT

- Another Slackware exclusive: Slackware's ZipSlack installation
option is the fastest, _easiest_ Linux installation ever. ZipSlack
provides a basic text-based Linux system as a 48 megabyte ZIP archive.
Simply unzip on any FAT or FAT32 partition, edit your boot partition
in the LINUX.BAT batch file, and you can be running Linux in less
than five minutes. The ZipSlack installation includes everything you
need to network with Linux (including Ethernet, token ring, and
PPP), and extend the system with additional software packages such as
X. A ZipSlack system will even fit on a Zip(TM) disk, so you can
carry a personal Linux system with you to run on any PC with a
Zip(TM) drive.

Monday, February 07, 2005

Analysis Finds MySQL Code Low on Bugs

Just in time to counter security taints from last week's MySpooler worm, which spread via weak MySQL passwords on Windows installations, MySQL on Friday got a clean bill of health from code analysis firm Coverity Inc.

The five Stanford University researchers at Coverity, who analyzed the security of the Linux kernel over a period of four years, this month are planning to release an analysis of the security and quality of MySQL code that found the database to have an "excellent" bug density. ADVERTISEMENT

Coverity did the analysis at the request of MySQL AB, the company that markets and develops the code for the open-source database under a dual-licensing structure.

Coverity researchers analyzed MySQL Version 4.1.8 in January. The types of defects discovered were crash-causing defects, performance degradation and security vulnerabilities.

Out of 425,000 lines of code analyzed, Coverity identified 97 bugs, which included Deadcode, or unused code due to logic flaws, which can lead to improper system function; forward null, which can cause system crash; negative returns, static overrun and overrun dynamic, all of which can cause data corruption, possible crash or possible malicious attack; resource leak; reverse null; uninitialized variable; and unused value.

The company has used the same code-checking technology on source code from customers including Oracle Corp. and Veritas Software Corp., among others.

PointerIn the wake of the MySpooler worm, users criticized MySQL for not hardening the database. Read more here.

For comparison's sake, Coverity found more than 1,000 defects in the Linux kernel Version 2.4.1 in 2001, at a time when the source code contained 1.6 million lines of code.

Coverity CEO Seth Hallem said the relative cleanliness of MySQL code is likely attributable to a few things: First, it is shepherded by MySQL AB, the Uppsala, Sweden-based company that markets and develops the database under a dual-licensing structure. "They're putting their necks on the line," he said. "They're certainly more interested than a project with less industry penetration or less of a profit motive."

Sunday, February 06, 2005

Power Down

Last night, when i was watching television, suddenly everything became dark, because the power was down from the central. It happened during the Arsenal vs Aston Villa match (about 1 AM in the mourning) but i was watching another movie. Almost everybody on my house woke up. It was off for about 1 hour, so it went up again at 2 AM. The only problem is my father's waterpumps that need to be restarted when there is no power. There are two pumps that got stucked and i wasn't able to fix it. I called my father because he is in Jakarta right now, but i still didn't make it.

This mourning, i tried to fix one of them and it worked perfectly, but the other one still being down. My father will be coming home later at 8.30 PM from Jakarta. He will fix it since he is the only one who knows how to fix it.

Saturday, February 05, 2005

ATutor

ATutor is one of the FOSS software recomendation for education purpose. If you haven't met ATutor before, here is the small description from their official website:

What is ATutor?
ATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. Administrators can install or update ATutor in minutes, and develop custom templates to give ATutor a new look. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their courses online. Students learn in an adaptive learning environment.

Why ATutor?
ATutor is the first fully inclusive LCMS, complying with the W3C WCAG 1.0 accessibility specifications at the AA+ level, allowing access to all potential learners, instructors, and administrators, including those with disabilities who may be accessing the system using assistive technologies. Conformance with W3C XHTML 1.0 specifications ensures that ATutor is presented consistently in any standards compliant technology.

ATutor has also adopted the IMS/SCORM Content Packaging specifications, allowing content developers to create reusable content that can be swapped between different e-learning systems. Content created in other IMS or SCORM comformant systems can be imported into ATutor, and visa versa.

They have added new features in their latest version (1.4.3). See the Changelog for details

Friday, February 04, 2005

Advanced SQL Injection in Oracle DB

Oracle Corporation said the they want to make their product is "unbreakable" and they did realize their promise as they release their well-known database product, Oracle Database 10g and heading for their next release, Oracle 11. But is it true that they are unbreakable? Some mailing list that i subscribed to has discussed some vulnerability that exists on one of the Oracle products.

I recently found an advanced SQL Injection in Oracle Database tutorial on this page via RSS News. Here is a small note on the page:

"This presentation is about new ways to exploit SQL Injection vulnerabilities in Oracle Databases. It shows, with working examples, many ways in that the Oracle database security could be bypassed and how to protect from these threats. It is based on the presentation that Esteban Martínez Fayó gave at G-con III conference (Mexico City), with new material and larger explanations."

You can download the file (312 KB). The zip file includes the presentation (in PDF format) and the example files. Or, you can download individual file by visiting their page

Thursday, February 03, 2005

Invitation Blooming

I don't know what happen, but when i login to my GMail account, they gave me 50 invitations and they have designed a new small form in the left side to write down email address to send your invitation to. It's a quite improvement by the Google Development Team, because we don't have to open a new pop up window just to invite our friends.

As Google is updating their services all the time, we shall wait and see what's Google next action to compete with the other free email services, such as Yahoo or Hotmail.

Wednesday, February 02, 2005

Fantastic Game

This mourning, Manchester United against their eternal rival, Arsenal in their home base, Highburry stadium, and it was broadcasted at 3 AM in the mourning. I woke up at 1 AM because of a nightmare (sadly), and i slept again until 3 AM when the game was just started. I predicted that the game would be tight, and it does.

Arsenal took the lead with Viera's heaader in the 8th minutes, but Giggs replied them ten minutes later. Arsenal were back in front when Bergkamp, the Deutch striker passed his ball under Carroll's legs and this score was maintained until first half finished. During the second half, United added three more goals from Christiano Ronaldo, left side winger from Portugal (he added two goals) and the last goal was from John O' Shea who scored last saturday against Middlesbrough. So the final score was 2-4 for United's victory. This is United's second victory against Arsenal after they were beaten also by United 2-0 in Old Trafford stadium last year.

Graham Poll, the refree has to give a lot of yellow card on the game and one red card for Silvestre. He had to do a lot of work this mourning, but the result was great. It was truly a fantastic game to see. If you missed it, you can see the full time report on Soccernet

Tuesday, February 01, 2005

OpenOffice.org Web Buttons

As you wait for the next release of the best Office suite in the Open Source community, OpenOffice.org, you can help them to promote the OpenOffice.org by downloading the web button from their marketting page and publish it on your web page or any other web pages that you have access to. The button are given in 36x13 | 80x15 | 88x31 | 110x32 | 120x60 | 125x50 | 180x60 resolution, so it will be quite small to be put on the web pages. It was made by Nicu Buculei and it has PDL license.

Here is my favourite icon :
 Use OpenOffice.org

What's yours?