In today's open source roundup: LinuxBSDos.com reviews PC-BSD 10.1. Plus: The dangers of the Less command for Linux users, and can a Redditor get an entry level sys admin job with no degree? PC-BSD 10.1 review Systemd has caused some Linux users to look around for alternative operating systems. PC-BSD is one such option, and the newest version has just been released. LinuxBSDos.com has a full review of PC-BSD 10.1. LinuxBSDos.com LinuxBSDos.com spent four days with PC-BSD 10.1 and notes some serious problems with the Cinnamon desktop: PC-BSD 10.1 comes with some very cool features and very good graphical management applications. And many have been much improved since the version 9.1 edition. A PC-BSD 10.1 KDE is the only one worth using. But even then, the default settings could be better, much better. A default installation that uses the Cinnamon desktop is worse than anything that Microsoft has ever produced. And we know that Microsoft has produced some very bad stuff. PC-BSD obviously brings a lot to the table, but what happened to the Cinnamon desktop? For now, that’s one desktop that I will not recommend that you install for normal use. For bug-hunting purposes, sure, but for anything else, try the KDE desktop. That’s what I am writing this from and I’m loving it. It just requires more time to customize than should be necessary had the default settings been better. More at LinuxBSDos.com The dangers of the Less command for Linux users ITworld has a disturbing report about the use of the Less command to view file contents. Malware authors are using it to go after some Linux users. Lucian Constantin of the IDG News Service reports on the Less exploit in Linux: Less is frequently used to view text files, but on many Linux distributions, including Ubuntu and CentOS, it supports many more file types, including archives, images and PDF. That’s because, on these systems, less is extended through a script called lesspipe that relies on different third-party tools to process files with various extensions. For the moment, users can protect themselves by removing the LESSOPEN and LESSCLOSE environment variables if they are set on their Linux systems, Zalewski said. These variables automatically call lesspipe when less is run for files with supported extensions. More at ITworld Michal Zalewski at Seclists.org also shares details about the problems with the Less command: Many Linux distributions ship with the ‘less’ command automagically interfaced to ‘lesspipe’-type scripts, usually invoked via LESSOPEN. This is certainly the case for CentOS and Ubuntu. Unfortunately, many of these scripts appear to call a rather large number of third-party tools that likely have not been designed with malicious inputs in mind. On CentOS, lesspipe appears to include things such as groff + troff + grotty, man, and cpio. On Ubuntu, there’s isoinfo (?!), ar from binutils, and so on. Ancient and obscure compression utilities and doc converters crop up, too. More at Seclists.org Redditors react to the news about the Less command being exploited by malware authors: “‘Raw’ less is pretty secure, it doesn’t do much funky stuff. The problem is that less can be configured to make use of auxiliary programs to extract relevant information from a variety of binary formats. There can be bugs that are security issues in these programs, and they could be triggered when paging a file.” “You can view it without any issues, just provided that you don’t have LESS highlight options (env variables LESSOPEN, LESSPIPE) enabled.” More at Reddit Can a Redditor get an entry level sys admin job with no degree? The Linux job market has been on fire over the last few years, but a Redditor wants to know if he can get an entry level sys admin job with no degree. Bamcomics asks if a lack of a degree will hurt his chances of finding a Linux job: “I’m not going to go into details but it’s nothing that would affect an employer’s decision. Basically, I’m out of school with a ton of loans and no degree. My coursework is in Physics and Computer Science and I held an internship with the NASA Space Grant. I was offered a job as a laborer in a Power Plant. The hours suck, but the pay will keep my head above water. is there anything I can do with Linux Skills but NO degree to show for it?” More at Reddit Jhansonxi responds: “Get a certification, get involved with some open source projects that are enterprise-related, and volunteer for anything computer-related (tech support, technician) that requires some Linux skills.” More at Reddit Mrjaguar 1 responds: “Sure you can , I would suggest applying with hardware vendors for support positions most of them you can move up to engineering or Sr positions or even as an admin . I am Senior support at a big hardware vendor for enterprise support with no degree and a majority of the people I work with dont have a degree either and I get paid pretty well . Best part i got the job in the first place because of my linux skills ( slackware at home mostly ).” More at Reddit What’s your take on all this? Tell me in the comments below. Open Source