» There was an uptick in Novell news this week:

• The company announced an anti-trust settlement with longtime nemesis Microsoft that will net the company $536 million. Having kissed and made up, Novell announced it plans to be back in court with Microsoft next week over yet more anti-trust complaints centered around WordPerfect, which it owned until selling the software to Corel in 1996.
• Vice Chairman of the Office of the CEO Chris Stone departed the company late last week. Stone had a major hand in last year's SUSE acquisition. There's no real word on why he left, but reports indicate it boils down to a corporate culture issue: Stone was perceived as an aggressive executive, well-disposed toward the acquisitions kick Novell went on last year, perhaps not so well suited to quieter times.
• Groklaw reported that the company submitted the 1995 minutes from the corporate kit of a meeting of its board of directors that shows Novell believed it never gave up its copyright to Unix in the 1995 sale of Unix to SCO. This knocks a pretty large hole in SCO's slander of title suit against Novell, since it indicates Novell has made no knowingly false statements about its claim to hold those copyrights. This could get SCO's case against Novell chucked out of court in a summary judgement, which would go toward folding up some of the cottage industry in Unix litigation that SCO's suit against IBM spawned. Dream a little dream.

» SCO, speaking of litigation, has placed a $31 million cap on its legal fees. The company has already paid $12.6 million to lawyers to cover its outstanding legal fees and expenses, and it has agreed to pay a $2 million quarterly stipend through the end of next year.

» FreeBSD 5.3-RELEASE has been, well, released. According to the announcement sent out on Saturday, the new release marks "a significant focus on testing and bug-fixing [...] as well as the freezing of most kernel and userland APIs." A migration guide covers making the change from FreeBSD 4.x to FreeBSD 5.x "as FreeBSD 5.x is no longer considered a 'New Technology' release series."

» Open Source Risk Management (OSRM) announced a project designed to track down the the origins of more than 50 software patents European officials say may impact Linux deployments.

» The Fedora project released of Fedora Core 3, codenamed "Heidelberg." The release includes the latest versions of SELinux and Linux kernel 2.6.9. It also involves a step back from some of the more restrictive security policies introduced when the project adopted the SELinux extensions. With the more relaxed security settings, users will have less difficulty running certain services.

» Despite premature reports of its demise, SGI continues to hang tough. The latest ServerWatch Server Snapshot offers an overview of the company's offerings, including its Irix- and Linux-based systems.

» It was supercomputing week in Pittsburgh, where the annual Supercomputing Conference allowed companies to show off their truly high-end offerings:

• Sun announced a series of partnerships and initiatives.
• IBM and SGI returned supercomputing bragging rights to North America by staking the top two slots on the Top500 supercomputing list, knocking NEC's Earth Simulator out of the top spot.
• HP nd Dell made a series of announcements as well.

Security Roundup

• Several integer overflows in the PNG image decoding routines of the GD graphics library that could lead to the execution of arbitrary code on the victim's machine have been discovered. Fixes are in from Debian (1, 2), Gentoo, and Ubuntu.
• A bug in the zip command that could lead to a buffer overflow when a user tries to create a zip archive containing very long filenames has been found. So far it's been patched by Fedora (1 2) and Gentoo. A bug in the gzip program that may allow local users to overwrite files via a symlink attack has been patched by Debian.
• Debian and Ubuntu have patched a bug in the scripting language Ruby that could allow for denial of service attacks. The bug allows no possibility of privilege escalation or data loss, but it could be used to exhaust a server's total allowed number of parallel connections or place an undue drain on processor resources.

Tips of the Trade

This week's "Cool Tool" is CDargs, a browser and bookmark utility for all of you Unix command-line commandos. CDargs is an extension to the cd, or "change directory" command, that lets you quickly navigate to the farthest corners of your filesystem. As the author says, CDargs is for "... when even the almighty and wonderful tab-completion is too much typing." (And CDargs also supports tab-completion.)

To get started, first reference the path to examples/cdargs-bash.sh in your ~/.bashrc:

source /usr/share/doc/cdargs/examples/cdargs-bash.sh

Then, open the CDargs browser:

$ cdargs [. ] /home/carla 0 [1writin-g] /home/carla/1writing 1 [Desktop ] /home/carla/Desktop 2 [Mail ] /home/carla/Mail 3 [Maildir ] /home/carla/Maildir 4 [archive ] /home/carla/archive 5 [bin ] /home/carla/bin ...

Navigate with the arrow keys, and hit return to select. Toggle using the tab key to switch between Browse and List modes. List mode contains your own custom bookmarks, which you create in a plain text file, or by using CDarg's built-in commands.

CDargs also works with the tcsh shell. It is released under the GPL, so anyone who wishes to adapt it for other shells can go for it. Read all about it at the CDargs home page.

Carla Schroder writes the Tips of the Trade section of Enterprise Unix Roundup. She also appears on Crossnodes every Wednesday, and is the author of the site's popular Scripting Clinic, which deals with Unix/Linux scripting issues.