CentOS Pulse #0903 - 16th July 2009
This issue of Pulse contains some general and security releated news, an interview with CentOS developer Ralph Angenendt and information about 'The Definitive Guide to CentOS' which is a book available in both print and e-book format.
- Featured Articles
- Community Threads
- Jokes and Funny Stuff
- CentOS Errata
- CentOS in the Spotlight
- Upcoming Events
- Contributing to this newsletter
Welcome to the CentOS Pulse Newsletter. One of the largest European Linux events, the LinuxTag 2009 is over. The CentOS booth was crowded (even if no CentOS personnel was there on Friday, before 10.00AM) and hopefully a bunch of new users/contributors are won.
With this issue of Pulse some changes will come. We are moving to a monthly schedule, claiming mid-month as release date.
A new section for interviews with CentOS developers and contributors has been added, starting off with Ralph Angenendt (aka. range) who is a member of the CentOS team since fall 2006.
2.1. Break-In Attempt on www.CentOS.org
On July 3rd evening(UTC) RalphAngenendt announced that a few suspicious files has been found on the webserver hosting www.centos.org. It was possible to put them there due to a an administrative error in the XOOPS CMS which has now been corrected.
It seems that neither data or binary has been injected into nor sensitive information has been taken from the system. The machine hasn't been used as a source for sending spam (in the widest possible meaning) either.
The source of the attacks has been identified, but it is still unclear if the files have been put there through a compromised user account in the XOOPS system.
This is why a password expiry has been enforced on all XOOPS accounts. In consequence, all users having an account on www.centos.org need to acquire a new password through the "lost password" system of XOOPS. This does not affect wiki.centos.org and bugs.centos.org accounts.
3. Featured Articles
This Newsletter section keeps you informed about the CentOS project and enables sub-projects, SIGs and external contributors to announce new initiatives and describe what they are doing and where they're heading. If you are interested in contributing ideas or articles, get in touch with the CentOS Pulse Team
3.1. The Definitive Guide to CentOS
At the beginning of this month The Definitive Guide to CentOS has been published by Apress. It is a dedicated book about CentOS (see Books for other books) and was written from scratch to meet the needs of the CentOS community. So it's not just another Fedora or RHEL book with a new cover
The book starts at the very beginning and talks about Enterprise Linux and why CentOS is a fantastic choice to run mission critical applications. It then moves on to cover installation, some basic commands and how to install and manage software using yum. The next part contains chapters that cover specific areas such as how to set up a web server, a DNS server and a mail server. Last but not least, the book is rounded off by some more advanced topics, namely core builds, network monitoring and high availability.
Apress will be offering the eBook version of The Definitive Guide to CentOS for $10 through their Deal of the Day promotion Friday, 7/17.
4. Community Threads
This section of the Newsletter dives into interesting contributions inside the CentOS community. We make the distinction between contributed documentation on the Wiki, support-related contributions on the mailing lists and forums and development-related topics on centos-devel.
4.1. Web Environment
We are currently working hard on an updated Web infrastructure for CentOS.org and all subsites. Alain has already added customizations for Mailman, phpBB and Apache error messages. There is also a script available for migrating the XOOPS accounts to LDAP and XOOPS forums to phpBB. So stay tuned
4.2. OS Protection
4.3. Is there an openssh security problem?
There where some rumors going around about a potential SSH security flaw in OpenSSH Version 4.3, which is a release that contains several backports from current versions and is commonly used on distributions like RHEL/CentOS and others.
In conclusion it seems to be a brute force attack and no security flaw has been confirmed.
4.4. Better CentOS hardware support
This last month a specialized repository ELRepo to improve hardware support, for those people that need it, was publicly announced. The ELRepo team consists of valued members from the CentOS and Scientific Linux communities: AlanBartlett (burakkucat), NedSlider, StephenTindall, DagWieers and AkemiYagi (toracat).
The ELRepo project already consists of 30+ kernel modules adding support for thousands of hardware devices, improving existing drivers or adding functionality lacking from the main kernel. The repository is devised in such a way that it should work well with other repositories.
The repository consists of important drivers for nvidia, webcam and TV drivers, more sound drivers, thermal drivers, wireless drivers and firmware (eg. atheros or ndiswrapper) and drivers extending functionality, like fuse, ntfs or xfs. But the project is looking for more Linux drivers to adopt, so if you are struggling with some hardware, contact the ELRepo team on the ELRepo general mailing list
Few of the many announcements at:
In this section we will interview a developer or someone who is affiliated with CentOS so the community gets to know the people that bring them this amazing OS.
This month I interviewed Ralph Angenendt:
First can you say something about yourself? (Job, where do you live, etc ...)
I'm a "professional" systems administrator for a large TV and radio station in Munich - and that's where I do live, too, despite of the (well, for Germany at least) absurd renting costs.
I am there to keep the "Internet" running for the youth radio of afore mentioned station, and I'm doing a bit of infrastructure work here and there, too.
So sysadmin at daytime, CentOS team member at nighttime (or whenever I have some free time for it)!
What was your first Computer?
Same manufacturer as one of the last machines I got: An Apple (II+). Yes, dear readers, that was ages ago - but that machine still runs when I turn it on. Reading of the disks is a bit shaky, though. But sometimes it does read 25 year old floppy disks.
How did you start with *NIX?
I got my first *NIX account around 1991 - which was an account on a large unix machine at University in my home town. After that I used the machine pool at TU Berlin, which consisted of Sun machines. So moving to Linux at some time was only natural - and that (partially) happened around 1995.
How did you come to be a CentOS developer?
By helping more than asking around on IRC / Mailinglists / Bug Tracker.
We began to use CentOS at work in Summer 2004 - so I went and subscribed to mailing lists and began to hang around on the IRC channels.
Then some day I was asked if I would be interested to do more things from the inside than from the outside of CentOS. Well, how could I have said no?
What are your main areas of contribution?
At the moment coordination of documentation in the wiki, I'm running the mailing lists and I'm doing infrastructure work. No packages from me yet.
What would you like to dig into in the future?
More infrastructure work? Well, I am a systems administrator. Oh, and go to more open source events again, this year wasn't a good year for that
What is your favorite program?
Umm. Hmmm. Depends. Let me name a few: irssi, which (with bitlbee and twirssi) is the swiss army knife for instant online communication and mutt, which just helps to read *large* amounts of mails. Gimp (well, there really isn't any alternative to it, is there?) is one of my favs too. And at home I'm running an instance of xbmc, which has to be the most impressive media center out there.
What do you do if you are not looking at a screen?
The same things I do *while* I look at a screen: Communicate with people. Or look at some dead trees. Music has to be there in each of those cases. If weather and time permits, I'm also looking through the lense and try to take some fine pictures with my camera - I should do that more often, though.
What is your favorite drink?
I live in Germany. Is that a trick question?
6. Jokes and Funny Stuff
6.1. How could he ?
A computer science student is studying under a tree and another pulls up on a flashy new bike. The first student asks, “Where’d you get that?”
The student on the bike replies, “While I was studying outside, a beautiful girl pulled up on her bike. She took off all her clothes and said, ‘You can have anything you want’.”
The first student responds, “Good choice! Her clothes probably wouldn’t have fit you.”
6.2. Comment your code
// // Dear maintainer: // // Once you are done trying to 'optimize' this routine, // and have realized what a terrible mistake that was, // please increment the following counter as a warning // to the next guy: // // total_hours_wasted_here = 16 //
7. CentOS Errata
This section highlights the most severe security updates for each supported CentOS release while providing a summary and short links to reference of the security issue.
- 2009:1066 Squirrelmail fix for CVE-2009-1581, CVE-2009-1579, CVE-2009-1578
Currently no updates are being released as CentOS 4.8 is prepared for general availability.
- 2009:1066 Squirrelmail fix for CVE-2009-1581, CVE-2009-1579, CVE-2009-1578
- 2009:1068 vsftpd bugfix to support usernames longer than 32 chars
- 2009:1069 net-snmp memory leak fix's
- 2009:1075 httpd fix for CVE-2008-1678
8. CentOS in the Spotlight
The following articles mention CentOS and are a good resource to understand how the media (and public) looks at CentOS.
Linux-Magazin Online (German Video)
9. Upcoming Events
The CentOS Promo SIG organizes CentOS presence (booths, presentations) at various conferences and tradeshows. Here we highlight upcoming events. If you are interested to help out, join the Promo SIG.
10. Contributing to this newsletter
We are always on the look-out for people that are interested to help report on CentOS community activity, maintain a section in the newsletter, write an article or hint us an interesting topic, thread, article or person to talk about. If you want to appear in the newsletter, you have to contribute positively to the CentOS community and hopefully get noticed by one of our reporters
We have a special page with more information about contributing !