Enterprise Unix Roundup — Anti-Spam Warriors Get New Weapon Page 2

By Michael Hall (Send Email)
Posted May 20, 2004


Main     Open Source Silly Season     In Other News     Security Roundup     Tips of the Trade

In Other News

» So what did SCO do that's so good? It released Vintela Authentication 2.2. The product replaces SCO Authentication 2.1 for Active Directory and centralizes secure authentication within Microsoft's Active Directory. The product is available for SCO OpenServer, HP-UX, Solaris (8 & 9), and Unixware.

» Oh! SCO was also named to the Software Development Times 100. SCO said it was proud to be recognized. SD Times said the nod went to SCO for inspiring "fear, uncertainty, and doubt" in the computer industry. Maybe next year it will be for selling stuff people can use. Baby steps.

» Novell is pushing its Linux offerings, hard. The company is offering NetWare users free copies of SUSE Linux Enterprise Server 8 and Novell Nterprise Linux Services 1.0 as a way to build familiarity and comfort with its upcoming Open Enterprise Server. The offer is limited to customers with active Novell upgrades or maintenance agreements and provides the same license terms as the customer's existing agreement.

» Continuing its efforts to show it's serious about Solaris x86, Sun announced a dozen new OEM partners that will provide the OS on systems ranging from embedded telecom gear to notebooks and supercomputers. According to Sun, it has doubled the hardware compatibility list for Solaris x86 in the past six months. Will it all make a difference? We've been watching Sun dither on the Solaris/Linux question for a few years now, so it seems fair to take a wait-and-see approach regarding its recently rekindled enthusiasm for its once-neglected product.

» If you want to get a handle on IBM's Unix offerings, there's no better place to start than the Hardware Today IBM Server Snapshot.

Security Roundup

  • Apple's OS X has a hole that could be used to run malicious code by causing users to visit a Web site that exploits a bug in the operating system's HTML-rendering component. Apple says it's addressing the bug, but some of the most useful information we've found on dealing with it was on an enthusiast site that shows how to patch the bug in the meantime. It also provides a link to a disturbing proof of concept page that launches a terminal and runs a shell command. (Remember our recent tip on how to embed shell scripts in AppleScript? This flaw puts the full power of the Unix command line in the hands of someone willing to write a malicious AppleScript and embed it in a Web page. It will run with just the privileges of the user executing it, but that might be quite enough to ruin your day.)
  • A bug in CVS is the focus of patches from several vendors: Slackware, Red Hat (1,2), OpenPKG, Mandrake, FreeBSD, SUSE, and Debian.
  • Another revision control tool, subversion, is also the subject of patches from OpenPKG and Red Hat (1, 2).

Tips of the Trade

If you have Web servers with a large community of designers working on them, there's a decent chance you've got WebDAV running on a few of them. WebDAV is a protocol that allows users to treat Web servers like remote filesystems. Support for it exists in OS X (where it can be used to mount network drive-like shares or upload iCal calendars for sharing with others) and Windows (where it's referred to as "Web Folders").

WebDAV is a useful way to bridge the gap between more common network filesystem protocols, like SMB/Samba or NFS, and less simple options like, FTP or SCP, because it's well-adapted to presenting an integrated tool for users (they just open folders on their desktop, same as they would for a local file). WebDAV is particularly well-suited for an enterprise that has a distributed work force or remote servers and doesn't want to go to the hassle of working out the challenges of network file systems over the wider Internet. WebDAV also works with SSL-enabled Web servers, making it a slightly more secure proposition in terms of data security.

Information on WebDAV is found at webdav.org, where there's also a page providing some information on implementing it in Apache. A ServerWatch tutorial about implementing WebDAV on Apache is also available.

If you have WebDAV in use and would to integrate it into your broader scripting environment, one tool to consider is cadaver. Cadaver is a command line program that handles a wide array of WebDAV operations, including copying, moving, and (important in development environments) locking files.

The best way to learn it is to by using it: Get a copy, install it, and run it. The basic command line syntax looks like this:

cadaver http://your.server.com/your/WebDAV

cadaver prompts for a user name and password, then plops the user into a largely FTP-like environment. Much of the help for cadaver is available by typing help. Just don't count on the man page or the traditional --help switch to do much good for cadaver.

You might be wondering how to script in a situation like the one cadaver provides. Well, that's why we told you about expect a few months ago.

>> To Main
>> To Open Source Silly Season

Page 2 of 2


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.