Thursday, March 31, 2005

Adobe 7.0 For GNU/Linux

Adobe has made a download of the Linux version of Adobe Reader 7.0 available on its ftp site. The newly renamed utility handles portable document files (PDFs) deftly, and additionally now allows users to collaborate on projects and provides additional file security at the server-level, according to Adobe.

Adobe briefly offered a pre-release of the Linux version of Adobe Reader 7.0 early this year through its beta program, but the download was soon discontinued once the company determined it had engaged with enough beta testers to meet its development requirements.

Thankfully, Version 7.0 for Linux of Adobe Reader is now available for download in tar and rpm format from Adobe's ftp site. Both downloads are nearly 40MB in size.

Adobe notes that enterprises desiring greater power and flexibility -- including the ability to view, change, copy, print, forward a PDF document via email, and authenticate files -- can opt for the $50,000 "LiveCycle Policy Server," which runs on Red Hat Linux, Sun Solaris, Windows, and other operating systems. The package also allows users to jointly participate in document reviews, includes search tools based on Yahoo!'s toolbar, and enables the manipulation of 3D objects in PDF files. It will support Novell's SuSE Linux by mid-2005, Adobe says.

A "Professional" version of Acrobat 7.0 is also available, priced from US $449. Registered users of previous versions of Acrobat can upgrade to Acrobat 7.0 Professional for US $159. The standard version is priced at US $299 and upgrades are available from US $99.

Linux support is not a new initiative within Adobe. Adobe had previously offered support for Linux with Acrobat Reader 5.0, but discontinued Linux support with version 6. Late last year, the company joined OSDL.

These days, no computer is complete without a PDF file reader. In fact, Adobe claims that over half a billion copies of Adobe Reader have been downloaded since its debut in 1993.

Source: Desktoplinux

Wednesday, March 30, 2005

Gentoo 2005.0 Has Arrived

Gentoo Linux is proud to bring you the long awaited Gentoo Linux 2005.0 release!

This release has had a few setbacks including a complete security rebuild, but with the help of the many teams within the Gentoo developer community, we believe that this release will be one of the best that we have ever had.

This release includes new installation media from Alpha, AMD64, PPC, PPC64, SPARC, and x86 and includes stages for IA64 and SPARC32. Please check out our mirrors to find the closest one to you. As with 2004.3, you will be able to download optimized PackageCD images for x86 and PPC via our bittorrent server, and also our "unofficial" secondary bittorrent server, provided by Friends of Gentoo e.V. in Germany.

As usuall, you can use emerge to update your Gentoo packages to the latest build, so you don't have to install it again from stratch.

Tuesday, March 29, 2005

New Roadmap to "Longhorn"

While the information is still hard to find out, i found a great link about the roadmap for the next Windows version, called Longhord. Here is the next Windows Longhorn roadmap :

2005
Windows XP Professional x64 Edition: April 2005
Longhorn Client Beta 1: H1 2005
Longhorn Client Beta 2: H2 2005

2006
Longhorn Client RTM: H1 2006
WinFS Beta: H1 2006
Virtual PC 2006: H1 2006

2007
Longhorn SP1: H1 2007
Longhorn Server: H1 2007

In order to build excitement about Longhorn, Microsoft will disclose information about this next generation operating system in stages. First, Microsoft will use the Windows Hardware Engineering (WinHEC) conference to prepare the market, and discuss the "essence of Longhorn" as it now stands. WinHEC attendees will receive a pre-Beta 1 build of the operating system. Then, Microsoft will utilize a disclosure approach it calls "rolling thunder," which will build up to a crescendo by the Longhorn launch. The company hopes to position Longhorn as a major, must-have upgrade for both business and consumer customers. It will build excitement with enthusiast consumers starting with Beta 2 (see below).

Not specific enough? Here's the exact Longhorn delivery schedule, as of now:

Longhorn Beta 1 Milestone 9 (Beta 1 M9) and platform code complete*
March 16, 2005
Note: The "platform code complete" designation does not mean that the Longhorn feature set will in any way be finalized by this point in time. Instead, this term refers to an internal "quality gate" that Longhorn builds must pass in order for the project to be moved into the main build labs for wider distribution.

Longhorn Beta 1
May 25, 2005

Longhorn Beta 2
October 12, 2005

Longhorn Client Release Candidate 0 (RC0)
February 22, 2006

Longhorn Client Release Candidate 1 (RC1)
April 2006

Longhorn Client release to manufacturing (RTM)
May 24, 2006

Longhorn Launch (widespread public availability)
Summer 2006 to October 2006, depending on release schedules for other Longhorn wave products.

Longhorn Server RTM/Longhorn Client SP1 RTM
Second half of 2006/first half of 2007 (Client RTM + 6 months)

Notice the inclusion of a RC0 build, which is unusual. The last time Microsoft shipped an RC0 build of a Windows product, I believe, was with Windows Millennium Edition (Me). RC0 releases are typically designed to give Microsoft's hardware and software partners enough time to develop drivers and compatible software in time for the final release of a product.

Microsoft briefly considered having only one beta release, but the company is now "firm" on two betas.

Here's what we can expect from the major milestones:

Longhorn Beta 1
Longhorn Beta 1 will be targeted at Microsoft's select group of beta testers, most of whom previously beta tested Windows XP/2000 and Windows Server 2003. Unlike the alpha releases, which were designed primarily for developers, Longhorn Beta 1 will be accessible to Microsoft's PC maker, hardware, and software partners, Microsoft MVPs, and the like. It will also be made available to users through MSDN Professional and up, TechNet, and potentially to attendees of developer-oriented trade shows such as WinHEC 2005, TechEd, and/or Professional Developers Conference (PDC) 2005.

Longhorn Beta 1 will be distributed on DVD (and not CD), and will be downloadable by testers in ISO format. Only the Longhorn Premium Edition will be made available to testers in the Beta 1 timeframe, Microsoft reports. English, German, and Japanese languages will be available.

Longhorn Beta 2
Longhorn Beta 2 will be more widely distributed than Beta 1. At this time, enthusiasts and other users will be able to download a public beta version through the Customer Preview Program (CPP).

Longhorn RC0+
The Customer Preview Program will continue throughout the release candidate phase, and Microsoft expects more general customers to begin evaluating these public pre-release builds as the final release date gets closer and closer.

New product editions
Though these plans could change, Microsoft is currently planning to ship an amazing array of product editions, or SKUs, in the Windows Longhorn family. These are the currently-scheduled versions that will ship in May 2006:

Longhorn Starter Edition
Analogous to Windows XP Starter Edition.

Longhorn Home Edition
Analogous to Windows XP Home Edition.

Longhorn Media Center Edition
A superset of Home Edition that includes the Media Center functionality. Analogous to XP Media Center Edition.

Longhorn Professional Edition
Analogous to Windows XP Professional Edition.

Longhorn Small Business Edition
A new product edition aimed at the small business market. Currently very similar to XP Professional Edition.

Longhorn Mobility/Tablet PC Edition
Analogous to Windows XP Tablet PC Edition.

Longhorn Premium Edition
A new product edition that bridges the consumer and business versions and includes all of the features from the Home, Premium, Pro, Small Business, and Tablet PC Editions (but not Starter Edition). The new Premium edition will also add value to Microsoft's business-oriented Software Assurance (SA) customers.

None of these product names are final, of course, and all versions except Starter Edition will ship in both 32-bit (x86) and 64-bit (x64) variants. One of the problems with this approach is that Microsoft will have a hard time communicating the differences between each SKU, in my opinion. It will be interesting to see how this develops. My advice would be to cut back on the SKUs and offer only consumer and business versions. The consumer version should include everything from Home and Premium/Media Center Editions, while the business version should include the features from Pro, Small Business, and Tablet PC Editions.

Also, though Microsoft briefly considered not shipping retail versions of Longhorn at all, and would have required users to acquire the OS with a new PC purchase, those plans were cancelled. As with Windows XP, the various Longhorn editions will ship in retail and OEM (PC maker) versions.

Longhorn investments
Given the seemingly never-ending nature of Longhorn's years-long development time, Microsoft has a bit of a sell-job on its hands when it comes to promoting the product to consumers and business users. In this section, I'll focus on some of the Longhorn features that Microsoft will highlight to its customers. Some of these features are well-known already, while some are less well known. But all of them are considered by the software giant to be key technological investments that will pay off with a spike in customer adoptions.

Powerful, Reliable & Secure
Microsoft hopes to make Longhorn what it calls a "high performance, robust, and safe operating system." To accomplish this, it will need to overhaul the way user accounts work in Windows. Today, Windows XP supports Limited User accounts, administrator accounts (and others, in XP Pro and newer), but few people use anything but administrator-level accounts because the Limited User account is almost useless.

In Longhorn, Microsoft will introduce the new least privileged user account (LUA), which is basically a secure code compartment in which most application code will typically run. When trusted applications need administrator-level access, they can temporarily run in Protected Admin mode. This feature will help sidestep most of the problems home users now face with Limited User accounts, but administrators in businesses can turn it off.

As with Windows XP SP2, Longhorn will provide strong security warnings and guidance when it detects errant actions. However, Longhorn's warning notifications can occur because of local code as well, and not just because of Internet-based communications, as in XP SP2. The idea is that users will feel safe, and they will be able to undo any action, further strengthening the security aura.

Overall, the security and management advancements in Longhorn will be evolutionary when compared with Windows XP with Service Pack 2. For example, the new security policy features in XP SP2 will be expanded dramatically in Longhorn, but will work the same way. So administrators will face a shorter learning curve with understanding how Group Policy works in Longhorn.

Longhorn will support a new updating model called hot patching, through which Microsoft will be able to apply updates to any non-kernel code, including drivers, without requiring a reboot. Longhorn will still need to be rebooted after certain patches, of course, but there will be much fewer than with Windows XP SP2 or Windows Server 2003: 70 percent less is the goal.

Additionally, Longhorn will feature a new instant-on capability that will see Longhorn-savvy systems resume from Standby in 2 seconds or less. And cold boot time should be 50 percent less than with XP on the same system, Microsoft claims.

IT Operational Efficiency
For businesses looking at deploying Longhorn on the desktop, Longhorn will offer a number of advantages over Windows XP, reducing the costs of deployment, management and support.

Longhorn will be able to detect and eliminate spyware and malware, using next-generation versions of the Windows AntiSpyware and anti-virus products that Microsoft is now developing. Administrators will also be able to scan PCs and the network for vulnerabilities.

Longhorn will include technology, presumably a new form of the Encrypting File System (EFS), that helps prevent data exposure from lost or stolen laptops. You'll be able to forward event logs to a central location.

In Longhorn, applications will launch and load files 15 percent faster than with Windows XP.

Longhorn will feature new image creation and management tools that will make deployment much simpler. Longhorn's componentized underpinnings will reduce the number of install images corporations are required to maintain. A new version of the User State Migration Tool (USMT) will further improve state migration by taking advantage of Longhorn's native scripting environment. Additionally, Longhorn will feature a new version of Remote Assistance.

Work Smarter
Longhorn will offer more natural ways to access, organize and use information, and is designed to improve Information Worker (IW) productivity. The key to this, of course, is the new Fast Search feature, which many people incorrectly assumed was being removed from Longhorn when Microsoft delayed WinFS to a post-Longhorn release. That's not the case. Longhorn fast search will provide near-instant searching of your PC, the local network, and the Internet. And it's designed to be intuitive to existing Windows users.

Fast Search will feature new ways to organize data, including Lists, AutoLists and filters (Figure). Search results will include data from different store types (documents, email messages, pictures, etc.), and can be sorted by custom meta-data. And Longhorn's new shell windows, which will feature a handy "breadcrumb" navigation feature, will also include instant view filtering based on Fast Search technology and file preview (Figure).

Another Fast Search feature, called Stacks (Figure), will help aggregate content by such things as authors, keywords, type, and so on. You can then group Stacks by various properties, such as name, size, modified date, type, or authors, in order to provide multiple relevant views on the same data.

Microsoft believes that Fast Search will reduce the time users spend searching for files on their PC by 80 percent. And re-directed folder synchronization will be 50 percent faster than with Windows XP.

(Speaking of WinFS, Microsoft will ship a preview of that relational storage technology when the Longhorn client is released in mid-2006. WinFS, when it ships, will enable even more powerful search than does Fast Search. However, Microsoft has not yet determined when it will ship WinFS or how it will package and distribute the technology.)

Longhorn will more reliably resume from crashes, and include better application management and back-up and restore functionality.

With Longhorn, creating ad hoc networks based on peer-to-peer technologies will be simple and seamless, opening up new avenues for group collaboration. Microsoft sees information workers creating these ad hoc networks in meetings so they can share presentations and collaborate on documents. A new domain-like networking scheme called a castle will replace workgroups for home users. In a castle type network, user credentials can move from machine to machine without a centralized server.

Stay Connected
Longhorn's ability to synchronize data between PCs and various portable devices will be unsurpassed. It will also be a wireless networking wunderkind. Or, as Microsoft puts it, Longhorn will let you "work together and accomplish more anytime, anywhere." There you go.

Alpha Longhorn builds have hinted at what's to come: A universal synchronization manager called SyncManager will manage the connections between software and hardware.

And the new wireless networking stack will support Anywhere Remote Access and a more seamless way to transition between networks, and, in the case of multiple available networks, automatically utilize the one with the most bandwidth.

Next Generation Platform
Conceptually, the Longhorn platform will be based on Avalon (presentation subsystem), Indigo (messaging and Web services), and the WinFX programming model, which is based on .NET managed code. Last August, Microsoft revealed that these technologies would be provided "down level" to users running Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1. It would seem, peripherally, that Longhorn doesn't have a lot of unique technology to offer developers. That's not quite true.

First, by providing these technologies to existing users, Microsoft is dramatically expanding the markets for applications and services based on Avalon and Indigo, giving developers incentive to adopt these technologies more quickly. In this way, WinFX will perform the same role the Win32 API did over a decade ago. Second, Longhorn will include unique new features that are not available to XP SP2 users, making that platform more valuable to Longhorn adopters. The most obvious of these, of course, is the Aero user interface, which will make video-quality 3D effects a natural part of the PC experience.

One thing users should be aware of is that Longhorn will include a new kernel and will thus not offer the same level of compatibility with legacy 16-bit and 32-bit code that Windows XP does today. For business users, Microsoft believes that Virtual PC 2007 will help broaden corporations' compatibility options. But the company will also ship an early release of the Longhorn Compatibility Toolkit in 2005 to get users ready for the changes.

Longhorn hardware recommendations
When it comes to Longhorn, the single most frequently-asked question I get is, "What are Longhorn's hardware requirements?" To date, Microsoft hasn't yet answered that question, though arguably even the eventual answer will be useless anyway, since the minimum requirements for Microsoft operating systems are usually hopelessly weak. However, I can present the next best thing today for the first time: the hardware Microsoft will recommend for Longhorn. That is, this level of hardware should present users with an acceptable Longhorn experience, complete with all the bells and whistles.

A few preliminary comments. First, Microsoft believes that the majority of Windows XP machines purchased in 2005 will be Longhorn capable. That doesn't mean that they will be Longhorn-savvy, however. Instead, all 2005-era XP machines should at least provide an XP-like experience in Longhorn. In order to get the full meal deal, so to speak, however, you'll want to ensure that your hardware purchases this year meet certain requirements.

Second, because of the advanced graphics technology in Longhorn, you will need a graphics card that is supported with a Longhorn Display Model Driver (LDDM). In mid-2004, Microsoft described these cards as being DirectX 9 compliant, though it's unclear whether the requirements will increase. Microsoft will provide clearer graphics card guidelines during the Longhorn Beta testing cycle, according to documentation I've viewed.

Microsoft's Longhorn hardware recommendations:

Desktop CPU: 3 GHz Intel Pentium 4 processor with HyperThreading Technology 530 (or higher) or 3 GHz Intel Xeon processor with 2 MB L2 cache, or AMD Athlon 64, Sempron, or Opteron 100, 200, or 800 processor, single or dual-core versions.

Mobile CPU: 1.86 GHz Intel Pentium M processor 750 (or higher), or AMD Turion 64 Mobile Technology, Mobile Sempron, or Mobile Athlon 64 processor.

RAM: 512 MB of RAM or more, all platforms.

Source: SuperSite

Monday, March 28, 2005

Another Security Alerts

Noel Davis has written another great security alerts which discus about KDE Problems, MySQL, Perl, Ximian Evolution, GnuPG, OpenSLP, Ringtone Tools, LuxMan, and Ethereal. Here are the details :

KDE Problems
Problems have been found in KDE's DCOP server, Konqueror, the dcopidlng script, and KPPP. The desktop communication protocol authentication daemon in KDE, dcopserver, is reported to be vulnerable to a locally exploitable denial-of-service attack.

The Konqueror web browser is reported to be vulnerable to a phishing-style attack called a homograph attack. A homograph attack uses a web site with a domain name created from international characters that resemble English letters to trick the user into believing the website is a known and trusted one.

The dcopidlng script is supplied with KDE and used during the build process of KDE and some KDE applications. Under some circumstances, the dcopidlng script could be vulnerable to a temporary-file, symbolic-link race condition that could result in arbitrary files being overwritten with the victim's permissions.

KPPP is a telephone dialer and graphical front end for the pppd daemon. By exploiting a file descriptor leak in KPPP, an attacker may be able to control the system's domain name resolution by modifying the content of the /etc/hosts and /etc/resolv.conf files. The problem in KPPP is reported to affect all versions of KDE through 3.1.5. Some Linux distributions execute KPPP (and other X Window applications that require root permissions to run) using a wrapper that protects from these types of attack by closing file descriptors safely. Red Hat Linux is one example of a distribution that uses a wrapper.

The KDE maintainers recommend that all users of KDE upgrade to KDE 3.4 or newer as soon as possible. A possible work around for the KPPP problem is to remove its set user id bit until it has been upgraded.

MySQL
The MySQL database is reported to not properly filter the input of users who have DELETE and INSERT permissions. Under some conditions, this can be exploited to execute arbitrary code on the server with the permissions of the user running MySQL. In addition, a user with CREATE TEMPORARY TABLE permissions may be able to exploit a temporary-file, symbolic-link race condition to write to arbitrary files on the system.

Users should consider upgrading to MySQL 4.0.24 or 4.1.10a.

Perl
A race condition in the Perl programming language's rmtree function in the File::Path module may, under some circumstances, be exploitable by a local attacker to remove or gain read access to arbitrary directories and files. This race condition is reported to affect Perl 5.6.1 and 5.8.4.

Ximian Evolution
The Ximian Evolution email and groupware client will crash when it is used to read certain messages. This problem could be exploited by a remote attacker in a denial-of-service attack by sending the user a carefully crafted message. This problem is reported to affect versions of Evolution through version 2.0.3.

Users should watch their vendors for a patched version of Ximian Evolution.

GnuPG
A problem in GnuPG, the Gnu Privacy Guard, may result (under some conditions) in portions of the plain text of a file encrypted with symmetric encryption being recoverable by a remote attacker. Successfully completing this attack would require a large number of attempts using a source that has the decryption key and will report to the attacker if the integrity check fails. In other words, the attack is only feasible if the victim has an automated system that will respond back to the attacker when an encrypted message fails the integrity check. Also, the attack would only recover the first two bytes of each encrypted block. It is possible that other software that uses the OpenPGP protocol may be vulnerable to this attack.

Concerned users should watch their vendors for a modified version of GnuPG that provides protection against this type of attack.

OpenSLP
OpenSLP is an open source implementation of the Service Location Protocol (SLP). SLP provides information about the existence, location, and configuration of networked services and devices. An audit of OpenSLP by the SuSE Security Team found multiple buffer overflows that could be exploited by a remote attacker using improperly formed
SLP packets.

Users should watch their vendors for patched and repaired versions of OpenSLP. SuSE and Mandrake have released repaired versions of OpenSLP.

LuxMan
Buffer overflows in LuxMan, an SVGA console-based Pac-Man clone, can be exploited by a local attacker to gain root permissions.

It is recommended that if the game is not being used its set user id root bit be removed. In addition users should watch their vendors for a repaired version.

Ethereal
Ethereal, a powerful and flexible network protocol analyzer with a graphical interface, is reported to contain several remotely exploitable vulnerabilities. These vulnerabilities may be exploitable by a remote attacker using specifically constructed packets, and could result in arbitrary code being executed with root permissions. The vulnerabilities affect versions of Ethereal earlier than 0.10.10 and include problems in the Etheric, 3GPP2 A11, IAPP, JXTA, and sFlow dissectors; and a problem in the GPRS-LLC if the "ignore cipher bit" is enabled. Code to automate the exploitation of the CDMA A11 dissector has been released to the public.

All users of Ethereal should upgrade to version 0.10.10 or newer as soon as possible. If users are unable to upgrade, they should turn off the affected dissectors.

Source: LinuxDevCenter

Sunday, March 27, 2005

Mandrakelinux Project Finished

Mandrakelinux Translation Project has finally finished today. I thank to all contributor that helped me out finishing this project in time (before the final release of the upcoming 10.2 version of Mandrakelinux). You can view the progress in the translation page. Please note that the project itself is not 100% completed, since we still have to review all translations and make sure that it will be updated in the future.

Right now, i will concentrating on third chapter of my final project reports.

Saturday, March 26, 2005

Firefox 1.0.2

After releasing Mozilla 1.7.6, Mozilla Foundation quickly released an update to Firefox, called 1.0.2 which fixed 3 vulnerabilities :

- MFSA 2005-32 Drag and drop loading of privileged XUL : A malicious page that could lure a user into dragging something (such as a fake scrollbar) can bypass the restriction on opening privileged XUL. The startup scripts in the XUL will run with enhanced privilege, though the actions taken upon merely opening most XUL are benign. So far no way to run arbitrary code supplied by the attacker has been found, but this could be a stepping-stone to future attacks.

- MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel : If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it.

- MFSA 2005-30 GIF heap overflow parsing Netscape extension 2 : An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.

This vulnerabilities has been fixed in 1.7.6 which released earlier.

Friday, March 25, 2005

More on Friendster

I received another email notification about another Friendster's update. It has a lot of interesting new features. First of all, they reported a new photos being uploaded from my friends. Second, they add photo quota to 12 from the previous 6. Third feature is Profile View Counter, where you can view how popular you are by viewing how many times your profile has been viewed by other people. Fourth feature is New Improved Search, which can be used to find friends by name, hometown, company, favorite music and more.

But the most interesting feature available is the ability to create blogs and also album. Unfortunately, this is not a free services (expect if you want some ads on your blog). Here are the details:

- Friendster Blogs Pro: $14.95/month or $149.50/year
Expert control over HTML, archive types, and unlimited weblogs. Perfect for advanced users.

- Friendster Blogs Plus: $8.95/month or $89.50/year
Build photo albums, maintain up to three blogs, customize your design, and use other advanced features.

- Friendster Blogs Basic: $4.95/month or $49.50/year
Get your ad-free weblog up and running quickly, and take advantage of more storage and bandwidth.

- Friendster Blogs Free (Ad-Supported)
Pick from an assortment of Friendster Blogs templates and share your life and photos with your friends.

Here is my blog URL : http://willysr.blogs.friendster.com/my_blog/

Thursday, March 24, 2005

New Mozilla Version

Mozilla Foundation has released a new version of Mozilla, all-in-one internet application suite, which should be synced with Firefox trunk, including security updates and also bug fixes. This version will be used as a loop for the next Mozilla product, 1.8.x series. Right now, it has reached Mozilla 1.8 beta 1.

Few hours after the official announcement, i tried to download it, but the file hasn't been placed on the download page, but now it has. As usuall, you can get it for three different platform:

Windows

Linux

Mac OS X

Wednesday, March 23, 2005

New Features

Friendster has launched a new feature, called SuperFriendster Member Account, where you can promote your friendster's account and provide a link to be used in your web page, email signature, blog page, etc.

From your promotion available in text and graphical through primary photo and Friendster's logo, you can redirect it to friendster's join page, so they can join friendster quickly. You'll receive a new friend notification every time someone becomes a member of Friendster through your link. If the person clicking through is already a member, they'll be able to access your profile directly and send you a friend request.

Tuesday, March 22, 2005

New Bandwidth

My campus is evaluating a new Internet provider for future use. We had used Indosat for more than 5 year (i think) and right now, we are trying to evaluate Telkom and if it has no problem for the next one month, there is a possibility that we migrate to the new ISP. Some of the lab has been using the new bandwidth and the result was excellent. I can download a huge file only in minutes, rather than hours. Our lab speed increased from 256 Kbps into 1 Mbps.

But the main problem is located on the DNS. Telkom's DNS sometimes can't locate a site which can be found on the Indosat's DNS server. So i have to keep changing the proxy's IP address in order to browse a site. Let's just hope that it will be solved in the future.

Monday, March 21, 2005

Finishing DrakX

After finishing my mid test, i want to concentrate on finishing my first phase of my Mandrakelinux project, which is finishing unfinished translation. Right now, there is only 1 file left to be translated, which is DrakX and it has 26736 lines, so it would take a while to finish it. Until now, i have finished 12000 lines and still counting. I hope this week, all translation will be completed and we can continue to our second phase, which will be verifying all old translation.

We should do this, because we are not the first person who has translate the PO files, and in each version, the PO files were updated, so we have to update the old files to reflect changes to the latest version of Mandrakelinux. You can see our translation progress at L10n Project.

If you wish to join us, please join our mailing list at mdk-id@yahoogroups.com.

Sunday, March 20, 2005

Google Open-Sources Code

SAN DIEGO—Developers who are curious about how Google's engineers compile and debug their code are getting a chance to use some of the search company's internal tools. Google Inc. introduced a developer Web site called Google Code during a presentation here Thursday at the O'Reilly Emerging Technology Conference. As part of the launch, it has contributed source code from four software development libraries and tools to the open-source community.

The libraries focus on compiling and debugging code and include tools for the C++ and Python languages. Google has made them available through the BSD open-source license, which means developers can use the code for commercial and non-commercial applications, said Chris DiBona, Google's open-source program manager. Google Code marks the first time Google has formally released code to the open-source community, though Google engineers themselves are well known as contributors to many open-source projects, DiBona said. "This is a new channel for us," he said. "These are all actively used libraries within Google."

Google is hosting the source code on the SourceForge.net open-source development site. Along with information on the contributed code, Google Code provides a directory of Google's existing developer APIs, which include APIs for Web search, Google's AdWords advertising system and Google Desktop. It also offers developers an online forum for sharing ideas.

The Google Code program is the latest in a string of developer-focused announcements from the major search providers. Yahoo earlier this month opened search APIs to developers and this week unveiled a research project for predicting search-term popularity.

While the four initial contributions only reach a targeted set of developers, DiBona said they are only the beginning of source code releases coming from Google. DiBona joined Google about eight months ago to oversee its open-source efforts. He coordinates with Google engineers, many of whom are anxious to open code from the tools they are creating during their infamous "20-percent time," he said. Google engineers devote 20 percent of their time, or an average of one day per week, working on projects of their own interest.

The four Google Code releases include a library called CoreDumper, which developers can compile to create core dumps of the running program, and a Python library called Goopy Functional for bringing functional programming aspects to Python, Google announced. Also provided are a project called Sparse Hashtable, containing hash-map implementations being used at Google, and PerfTools, a set of tools for creating robust applications, especially when developing multithreaded applications in C++ with templates, according to Google.

Source: eWEEK

Saturday, March 19, 2005

New Linux Driver

NVidia has released another driver for GNU/Linux platform, version 1.0-7167. Here is the release highlights from their website:

# Support for GeForce 6200 with TurboCache™ GPUs

# Improved OpenGL workstation performance.

# Added support for XRandR rotation; see Appendix W in the text README.

# Added ExactModeTimingsDVI X config option to give explicit control over the mode timings used on Flat Panels.

# Added Xorg dlloader support.

# Changed driver behavior such that PAT (Page Attribute Table) is used where possible instead of MTRRs.

# Added a workaround for an X server bug with PCI-E GeForce 6800 and GeForce 6600; a fix has been provided to XFree86 and XOrg.

# Fixed stability problems on x86_64 PCI-E systems.

# Fixed 2D rendering corruption on certain older GPUs.

# Improved compatibility with Linux 2.6 kernels.

# Fixed compatibility problems with some SWIOTLB em64t systems.

# Fixed a bug that triggered error messages of the form: "ioctl32(doom.x86:6747):Unknown cmd fd(16) cmd(c0384642){00} arg(ffffc75c) on /dev/nvidiactl"

# Fixed NvAGP incompatibility with recent Linux 2.6 kernels.

# Improved interaction with the udev filesystem.

# Improved performance of PCI cards on Linux 2.6 systems.

# Updated documentation. Please see the text README file.

Download Driver

Friday, March 18, 2005

GnuPG 1.4.1 Released

GnuPG, a complete and free OpenSource replacement for PGP has been renewed with the latest version 1.4.1. I don't know what changes has been made, since there is no official changelog at the time i write this blog. I just finished downloading it and soon it will be installed on my Linux box, replacing my 1.4.0 version.

You can download the GnuPG 1.4.1 from their FTP

Thursday, March 17, 2005

New Java Applet Trojan

I read a shocking news about a new Java Applet trojan which can infect Internet Explorer even when run in Firefox. Christopher Boyd from Vitalsecurity.org has found a Java trojan that is capable of downloading and infecting Internet Explorer with Spyware/Adware, even is you are running another browser that supports Java such as Firefox.

It is a new hit for Java community. I hope that Sun Microsystem will release a quick patch to solve this problem. Don't forget to update your browser and also AntiVirus database.

You can find more information in the F-Secure's weblog

Wednesday, March 16, 2005

Waiting For OOo 2.0 Final

Have you ever tried the latest build for OpenOffice.org? It's 2.0 beta version, or for Developer's view, it is called build 1.9.79. It will reflect some major features that will be available on the 2.0 final version which should be released in this month (if it is not delayed). It has a new graphical startup screen, better user interface, and also lots of improvement on the functionality of an Office Suite.

While you are waiting for the final version, the Documentation project has been busy preparing the SETUP GUIDE for the OOo 2.0 version and also making new HOWTOs and also manuals for the next 2.0 version, because it has some difference with the previous 1.1.x version. If you are OpenOffice.org's users, you can contribute by joining the Documentation project, or visit OOOAuthors, a place where OOo Authors meet and contribute to make great documentations and manuals for the OOo application.

Tuesday, March 15, 2005

Indonesian L10n Project

I started a new OpenOffice.org's project for Indonesian, which was localization project (l10n). I have been accepted for Observer role, so i can submit an issue regarding the l10n project. Currently, i have a few friends from Indonesian OOo user's mailing list who will help me out to finish the Indonesian localization. I hope more people will come and contribute to this project.

For now, i will consentrate on my final project report, finishing one delayed translation for the Documentation project (maybe i will finish it today) and also editing 1 PO files for Indonesian Mandrakelinux project, since i'm also the coordinator. For the Mandrakelinux project, maybe it will took few days, since it has a lot of lines to be editted. After it finished, i will start concentrating on this l10n project. Hopefully everything goes well as planned.

Monday, March 14, 2005

Nero Burning for Linux

The German company Nero, developers of the award-winning Nero Burning ROM suite for Windows, now release a free version for Linux called NeroLINUX a CD/DVD Burning Software, and include many features from the Windows version. This software is proprietary but free if you registered." The OEM versions of Nero that come with many CD burners aren't sufficient, though; NeroLINUX is free-as-in-beer only if you've registered "a full version of Nero software version 6 or higher," or a "retail version or downloaded version."

Sunday, March 13, 2005

JpGraph

Yesterday i read my RSS Collection using FeedReader and find an interesting PHP library, called JpGraph that can be used to create Graphs in a simple ways. It was easy to install and it has a good documentation also. Here is the summary of JpGraph from it's website :

JpGraph is a fully OO (Object-Oriented) Graph creating class library for PHP >= 4.3.0. The library can be used to create numerous types of graphs on-line. JpGraph makes it easy to draw both "quick and dirty" graphs with a minimum of code as well as complex graphs which requires a very fine grained control. The library assigns context sensitive default values for most of the parameters which minimizes the learning curve. The features are there when you need it - they don't get in your way!

Features :
- Web-friendly, average image size for a 300*200 image is around 2K and images are seldomly bigger than 4-5K

- Support for both GD1 and GD2 The library will autodetect which library is installed.

- Automatic generation of client side image maps to make it possible to generate drill-down graphs.

- Advanced interpolation with cubic splines to get smooth curves from just a few data points.

- Supports several plot types,spider-plots, pie-charts (both 2d and 3d), scatter-plots, line-plots, filled line-plots, accumulated line-plots, bar plots, accumulated bar plots, grouped bar plots, error plots, line error plots, box plots, stock plots

- Support for alpha blending

- Has over 200+ built in Country flags

- Supports advanced Gantt-charts (ex1, ex2)

- Flexible scales, supports integer, linear, logarithmic, text (counting) scales and any combinatino thereof on x/y axis

- Supports multiple Y-axises

- Support various layout with a background image behind the plot

- More than 400 named colors

- Extensive documentation with both a > 150 pages tutorial and an extensive class reference.

- Supports internal caching (with timeout) of generated graphs to lessen burden of a HTTP server.

For complete feature, please refer to Feature Page

Saturday, March 12, 2005

Tekken 5

Yesterday, my cousin bought Tekken 5, the latest version of Tekken, the best fighting game in PS2 platform, made by Namco. It inherited gameplay in Tekken 4 and Namco has added new characters, new fighting styles, new backgrounds, and new stories that makes it an interesting game to be played.

You can collect money and buy some items for the characters or changing their attribute, for example hair colors, skin colors, etc. There are also a new degree level in the character, starting from beginner to Lord. This game is a must have for a true gamers. Try it and you won't regret it.

The final bos, Jinpachi Mishima is very hard, even though you play it in Easy mode. He has great damages and also unblockable moves. It's a great character to train with. I wonder what it will be in Hard mode?

Friday, March 11, 2005

SuSE 9.3 Coming Soon

HANNOVER, Germany, CeBIT, Novell (Nasdaq: NOVL) today announced the availability of its latest Linux offering, SUSE(R) LINUX Professional 9.3, due to ship mid-April, 2005. Including a complete Linux operating system, over 3,000 open source packages and hundreds of open source applications, productivity software and home networking capabilities, SUSE LINUX Professional 9.3 provides the functionality, reliability and security that today’s new and experienced Linux* user needs for home computing and computing-on-the-go at an affordable price.

SUSE LINUX Professional includes a stable and reliable Linux operating system plus a complete set of desktop applications — office suite, Web browser, e-mail and instant messaging clients, multimedia viewers, photo organizers, and other popular open source applications. It also features the latest tools for setting up a secure home network, running a Web server, developing applications and more. SUSE LINUX 9.3 also provides a sneak peak into upcoming server-based Linux, including the XEN virtualization environment and intuitive search engines. The complete SUSE LINUX distribution delivers the latest Linux technology for standard 32-bit PC processors as well as for AMD Athlon* 64 and Intel* Extended Memory 64 Technology. With the convenience of installation media, comprehensive documentation, and installation support, SUSE LINUX Professional delivers reliability and security in one of the most complete Linux distributions available to the retail market today.

“SUSE LINUX Professional has always been popular among new Linux users and technical enthusiasts who gain access to the latest enhancements to Linux and open source with a cost effective and easy-to-use Linux operating system,” said Markus Rex, vice president of SUSE LINUX for Novell. “SUSE LINUX Professional also provides corporate Linux users a preview of the technologies in Novell’s future enterprise Linux and a means of growing their skills to remain competitive in today’s IT market.”

SUSE LINUX Professional 9.3 Features and Benefits
SUSE LINUX Professional is designed to meet the needs of both Linux newcomers and experienced technical users, and contains the latest versions of leading open source software, including:

— A complete Linux Operating System: SUSE LINUX OS built upon the Linux kernel 2.6.11

— Multiple intuitive desktop environments: Latest KDE 3.4 and GNOME* 2.10

— A comprehensive set of Internet tools: Firefox* 1.0 Web browser; e-mail and instant messaging clients (supporting AOL, Yahoo!, MSN, Novell(R) GroupWise(R) Instant Messenger, and more)

— A complete office suite: OpenOffice.org 2.0 (works with Microsoft* Office documents)

— Leading graphics and multimedia applications: F-Spot photo organizer, the GIMP 2.2 and Inkscape graphics programs, multimedia viewers, CD/DVD burners and more

— Fully integrated system security: integrated firewall, spam blocker and virus scanner

— World class advanced networking services: Apache Web server, SAMBA, CUPS, DHCP, DNS and popular open source databases

— Cutting edge new Mobility Support: Improved Wifi connections and Bluetooth devices, PDA and phone synchronization

— Robust Virtualization: based on XEN

— Voice over IP support

— Multiple development Tools: Mono(R) 1.1.4; KDevelop 3.2; Eclipse 3.0.1

Availability and Pricing
SUSE LINUX Professional is offered globally via major retail channels and online shops. SUSE LINUX Professional 9.3 will be available mid-April at the suggested retail price of euro 77.54 (ex. sales tax). Customers of earlier versions can purchase an update edition for euro 51.68 (ex. sales tax); students providing proof of eligibility will be able to purchase the entire offering for the upgrade price. US pricing will be announced in mid-April.

Thursday, March 10, 2005

Traveling to Semarang

I came back from Semarang, my mother's home town today, after went there in Wednesday mourning (10 AM) for one night. I didn't have a spesific purpose, but my mother did. She wanted to meet his little brother (my uncle) who lives in America and in this week, he went to Semarang to join his relatives (my mother was one of them). In friday, he will go to Jakarta to have fun and in Saturday, he will go to Bandung with some of my relatives. Too bad i can't come along, since i have a mid test to do :(

Well, i'm back and have to get back to work. There are still a lot works to do waiting for me.

Wednesday, March 09, 2005

New Role in L10n Project

I requested a new observer role in the l10n (localization) project to start working on the Indonesian translation of the OOo. I hope that in the next release (after 2.0 final), the Indonesian translation will be complete and can be used by many Indonesian people. Right now, i'm starting to learn how to participate on the l10n project and hoping that i don't forget about my primary duty on the Indonesian documentation project.

Tuesday, March 08, 2005

OOo Upgrades

Continuing from my last blog, i have downloaded and installed OOo 2.0 beta. It has a new great splash screen, that was picked after the OOo held a splash screen contest few months ago. I also picked this splash screen, because it was cool and i must admit that i love the graphics. It was so smooth and perfect. OOo 2.0 beta actually was 1.9.79 version, so it's not for production use. You should wait for OOo 2.0 final that should be released this month (if no other delays).

OOo 2.0 has many improvements that you should try. Some of the facility wasn't active in the beta version, but it will be soon ready in the 2.0 final. Some were also delayed into 2.0.1 release, because the developer doesn't have time to make it finished in 2.0 final. But, still, OOo offers a big improvements over 1.1.x version. If you are curious about the features that OOo offers, please refer to OOo Feature Page (summary) or OOo Feature Page (complete)

Besides OOo, i also upgrades my Tomcat (again) to 5.5.7, after downloading it in my lab yesterday. I also download the Linux version of Tomcat and will install it on my linux box when i log in into my Linux system.

Monday, March 07, 2005

Java Upgrades

Few days ago, i downloaded Java 1.5.0 Update 1 (1.5.0_01) from the official website for Java for Windows platform and also for Linux platform from my lecturer's FTP server, since he also uses Java, so i don't have to download it again. I want to upgrade my Java version installed on my computer to the latest version of Java.

For Linux, i usually use the rpm.bin package, but my lecturer downloaded the .bin package only, so i have to configure the placement for the JDK manually, but it was no big deal, since i have used to do such things like that. After finishing the installation process, i tried to run NetBeans, an OpenSource Java based Development and IDE tools. It didn't responding and i have expected that, since they can't find the Java executable or it was different with the value that was saved on the profile. So, i uninstalled the Netbeans, and reinstall it again and everything goes to normal. Unfortunately, i forgot to upgrade the Apache Tomcat. I just remember it today. I'm planning to download the latest version Apache Tomcat for Linux and removed the 4.1 version from my PC.

In Windows, the situation is the same. After upgrading Java (by uninstalling the previous version and install the new version), i have to uninstall NetBeans and reinstall it again and it worked. I tried to run Apache Tomcat 4.1, but the services failed to start, so i uninstalled it and tried to install the Apache Tomcat 5.5.x version, the latest version of Apache Tomcat. I have a little problem configuring the Apache, since it has a small difference than the 4.1.x version. But finally i managed to register a new web apps and running the servlet smoothly.

My next upgrades will be OpenOffice.org 2.0 beta, since i want to help other developer to make a SETUP GUIDE for the OOo 2.0. The document will be in .oot, OOo's new format which somehow can't be read by the previous OOo 1.1.x.

Sunday, March 06, 2005

Preparing For Compiling

Few days ago, Linux Kernel 2.6.11 was released and i have been waiting for this version, since i want to try to install new kernel from source (compiling and building from scratch). I am looking for the tutorials, since i'm not used to compile this by myself. Let's hope nothing will goes wrong during the build process. One of the best tutorial that i have found was Kwan Lowe's Kernel-Build HOWTO. It explains the steps with an easy description and also included an image to gives you a screenshot what the display should look like.

Can't wait to compile a new kernel and see it works like a new baby who has just born. I can't do this in this week, since i have a mid test for two weeks until third week of March.

Saturday, March 05, 2005

Last Weekend Before Mid Test

Next week, i will face my mid test, so this weekend is my last weekend before the mid test that will be held in two weeks. I only took three classes this semester, so i don't think there will be many problems with that, but what makes me concerns is my final project reports. I have do my best to keep the reports updated every day, but i'm stuck in the second chapter. I hope i can finish this final project before June, because my lecturer will left UKDW and i will get another lecturer, which i doubt that he/she knows about my topics.

Friday, March 04, 2005

Problem After Upgrading

phpBB, the well known bulletin board application written in PHP has launched another updates and then in the next six days, they released another updates to fix some small but dangerous vulnerabilities. You can view them in the phpBB websites.

Indonesian Linux Forum has been updated to 2.0.13, the latest version of phpBB, but after the upgrade, i couldn't post to the forum and it displayed a message about missing table (.MYD). I just hope that it can be fixed in no time, since many users depends on that forum to solve that problems.

Thursday, March 03, 2005

Slow But Still Hurts

While Mozilla Firefox has slowed its growth pace, the open-source browser still is making enough inroads to knock Microsoft's Internet Explorer below 90 percent user share for the first time in three years.
Web browser user-share data released Monday show that Firefox's rate of growth has dropped slightly since its Version 1.0 release. The browser had been increasing about one percentage point a month since November, but the pace has fallen this month, reports Web analytics provider WebSideStory Inc.

For the five weeks that ended Feb. 18, Firefox usage had jumped 0.74 percentage points to 5.7 percent. That growth was enough to hurt Microsoft Corp.'s IE, which dropped 0.43 percentage points to 89.9 percent, WebSideStory reported. The last time IE dropped below 90 percent in WebSideStory's surveys was in early 2002.

"Maybe the biggest story of it all is that Firefox isn't going away," said Geoff Johnston, a WebSideStory analyst. Since WebSideStory began tracking Firefox usage separately in November, the browser has risen 2.7 percentage points while IE has fallen 3 percentage points. IE had commanded a 95.5 percent share in June before it began to drop.

WebSideStory, of San Diego, Calif., tracks U.S. browser usage based on the percentage of unique browsers hitting its network of sites. The network consists of between 20 million to 30 million Internet users each day. Johnston attributed Firefox's tempered growth to the typical slowdown in interest in a new software release as time passes.

Firefox also has battled recent security issues, including an Internationalized Domain Name spoofing flaw affecting non-IE browsers. Mozilla last week issued a Firefox update to fix the problem.

Meanwhile, Microsoft appears to be getting ready to more directly battle Firefox. The company shifted it strategy this month by announcing plans to release IE 7.0, an update focused on security and to be launched outside of a general Windows release.

"There are a lot of ifs with Microsoft's new browser, and it may affect Firefox," Johnston said. "But I would not at all be surprised if we see sometime in the fall that 10 percent of all browsers in the U.S. are using Firefox rather than IE."

Mozilla Foundation leaders have set a goal of reaching a 10 percent share in 2005.
At its earlier pace of growth, Firefox appeared on track to reach that milestone by midyear.

If it continues to grow between a half and three-quarters of a percentage point every month, it would reach 10 percent usage by late fall, Johnston said. The use of other Web browsers has dropped slightly. When taken together, Mozilla's non-Firefox browsers and America Online Inc.'s Netscape browser recorded a 2.5 percent user share, while all other browsers such as Apple Computer Inc.'s Safari and Opera Software ASA's browser posted a 1.9 percent share.

Source: EWeek

Wednesday, March 02, 2005

Looking For Troubles?

If you are curious about troubles happened in Open Source application, then you should visit Security Alerts from LinuxDevCenter, where in this page, you will get the latest security alerts by Noel Davis. In this page, you will look at problems in the Linux kernel, VMware, PostgreSQL, Squid, MySQL, mailman, Apple OSX HFS+, movemail with GNU Emacs or XEmancs, KStars, typespeed, awstats, and synaesthesia.

Linux Kernel Problems
Several problems in the Linux kernel have been reported, including: an authorization problem in the shmctl() function call that could result in unauthorized access to data; a buffer overflow in nls_ascii.c that could cause a kernel panic; a race condition in the setsid() function; and a flaw in the netfilter and iptables code that could be used to crash the machine or to bypass a firewall rule.

User should consider upgrading to the latest production release of the Linux kernel.

VMware
Under some conditions, VMware can load shared libraries from a world-writable directory. Exploiting this vulnerability can allow the attacker to execute arbitrary code with the permissions of the user running VMware.

All users of VMware should upgrade to the latest version. As a workaround, users can create a file named /tmp/rrdharan to prevent the exploitation of this vulnerability.

PostgreSQL
Several buffer overflows have been reported in the PL/PgSQL component of the PostgreSQL database that may, under some conditions, be exploitable by an attacker to execute arbitrary code with the permissions of the PostgreSQL user account.

It is recommended that users watch their vendors for a patch or upgrade to PostgreSQL version 8.0.1-r1 or newer. Debian has released a updated version of PostgreSQL for Debian GNU/Linux 3.0 (alias woody) that they identify as 7.2.1-2woody8.

MySQL mysqlaccess Script
The mysqlaccess script distributed with MySQL is reported to be vulnerable to an attack based on a temporary-file, symbolic link race condition that may be exploitable to overwrite arbitrary files on the system with the permissions of the user running the script (often root).

The mysqlaccess script is reported to have been repaired in the latest available release of MySQL.

Mailman
A directory traversal vulnerability has been reported in the Mailman mailing list manager that may result in an attacker gaining access to the mailing list account and password information of users. Systems running Apache 2.0 are reported to not be vulnerable. This problem is reported to affect Mailman 2.1 versions through version 2.1.5.

Users should upgrade to version 2.1.6 of Mailman as soon as possible and should execute the reset_pw.py script to reset their users' passwords. After running the reset_pw.py script, users should run the cron/mailpasswds script to mail the new passwords to their users. A temporary workaround that will break private archives is to remove the mailman/cgi-bin/private executable.

Apple OSX HFS+
Under certain conditions, Internet-based applications, such as web servers, that provide remote users access to files and data residing on an Apple OSX HFS+ filesystem may be manipulated into disclosing unauthorized information, such as the source code, from server-parsed files, such as PHP pages. This problem affects Mac OS X version 10.2 and earlier.

All users should apply the available fixes from Apple.

GNU Emacs and XEmacs movemail
When using the movemail utility with GNU Emacs and XEmacs, a buffer overflow can be triggered by a remote attacker who controls the POP email server from which the victim is downloading mail. Successfully exploiting this buffer overflow would allow the attacker to execute arbitrary code with the permissions of the user and the mail group.

Users should watch their vendors for a repaired GNU Emacs and XEmacs package. Repaired packages have been announced for Red Hat Linux, Debian GNU/Linux, Mandrake Linux, and Ubuntu.

Squid
Squid is a free, open source Web proxy cache server that provides proxying and caching of HTTP, FTP, and other URL types; HTTP server acceleration; proxying for SSL; transparent caching; caching of DNS queries; and extensive access controls. Several problems in Squid have been announced, including: when using LDAP, unauthorized users may be able to connect by using a variant of an authorized user's login name; a buffer overflow in the code that handles a response from a gopher server that can result in Squid crashing if a response is too long; a cache-poisoning-based vulnerability; and a buffer overflow in the code that handles WCCP packets that may be exploitable to crash Squid or to execute arbitrary code with the permissions of the Squid user.

It is recommended that users apply the available patches for Squid and recompile, or that they watch their vendors for an updated version.

KStars
KStars, a desktop planetarium for KDE, contains a buffer overflow in the fliccd daemon that may be exploitable under some conditions to execute arbitrary code with increased permissions. fliccd is only reported to be vulnerable when it is run in daemon mode.

Affected users of KStars should watch their vendors for a repaired version. Repaired versions have been released for Gentoo Linux.

typespeed
The touch-typing training game typespeed is vulnerable to a format-string-based attack that may be exploited by a local attacker to gain (in most cases) group games permission.

Users should watch their vendors for a updated version and should consider disabling typespeed or removing the set group id bit until it has been repaired.

awstats
awstats, a web-based, web server log analyzing tool, is vulnerable to an attack that can be exploited by a remote attacker to execute arbitrary commands with the permissions of the user account running the web server.

It is recommended that users upgrade to awstats version 6.4 or newer as soon as possible.

synaesthesia
The sound visualization utility synaesthesia does not properly drop its privileges when it accesses its user-owned configuration and mixer files, and can be abused to read arbitrary files on the system.

Affected users should watch their vendors for a repaired version.

Source : LinuxDevCenter

Tuesday, March 01, 2005

CVS Presentation

In Sunday, 27 February 2005, i conducted a CVS presentation in JEMUAH, a bi-weekly meeting for Jogja Linux User Group. I made the material with Fathir's help. He helped me capturing the screenshot on project he joined into (OpenKore), because he can use anonymous user, while i have to provide username that can be abused, so i didn't want to risk that. He uses Cervisia, a GUI-based CVS Client that is available on KDE package.

The meeting was held in a new place, Jogja Academy, in Babarsari. Unfortunately, it was raining hard, so many people couldn't join the meeting, but there was a new guest from Solo (STMIK Sinar Nusantara) that came here just to join the meeting. Welcome aboard to Jogja Linux User Group.

The material had some revision and now, it has been updated to reflect changes that should be made after the presentation.

Source File :
CVS file (BZ2 format)