I normally wouldn't forward this to a list server but those of us who are working with Debian ( and linux in general) have expressed some serious concerns lately over the Debian server hack incident. In the 6th atricle down from the top, there is an atricle about Debian and how the hack happened. In all reality we can relax to some extent. Goose Begin forwarded message: Date: Fri, 5 Dec 2003 18:00 -0500 From: newsletters@xxxxxxxxxxxxxxxxx To: osdn-update@xxxxxxxxxxxxxxxxxxxx Subject: OSDN Update THE OSDN UPDATE December 05, 2003 ==================================================== Save Time & Money Download Free Tools and Whitepapers Visit DevChannel Development Tools Click to Go There Now! http://tools.devchannel.org/ ==================================================== NewsForge - http://www.newsforge.com ************************************ Top Stories ----------- Early results from embedded Linux dev survey -- more inputs needed http://newsvac.newsforge.com/article.pl?sid=03/12/05/1824226 The ongoing MIT/Munich Survey we reported on two weeks ago -- about the development of embedded Linux -- is off to a good start, but needs more respondents to achieve the best data quality. Meanwhile, survey author and administrator Joachim Henkel has sent us some interesting -- and in some cases, surprising, he says -- result tidbits. Half of IT suppliers will soon be dead, says Gartner http://newsvac.newsforge.com/article.pl?sid=03/12/05/1748209 Half of all technology suppliers will be dead by the end of 2005, according to the latest doom-saying report from Gartner. NHS to begin Sun desktop Linux trials http://newsvac.newsforge.com/article.pl?sid=03/12/05/1743249 The NHS is to begin trials of a desktop Linux software suite in a move it says could free up money for the frontline health service and save taxpayer millions of pounds. The health service will evaluate Sun Microsystems' Java Desktop System package, which includes the SUSE Linux operating system, a browser, StarOffice and Ximian email. NHS director general of IT Richard Granger, said in a statement: "Our evaluation of the Java Desktop System holds the promise of allowing a greater share of NHS funding to flow directly towards improved levels of Patient Service. If this solution were to prove effective we could save the NHS and the Taxpayer many millions of pounds whilst at the same time using rich and innovative software technology." SCO, IBM Dispute Headed for Hearing http://newsvac.newsforge.com/article.pl?sid=03/12/05/1741205 A federal court judge is expected to hear arguments Friday in SCO Group's (Quote, Chart) contract dispute over whether IBM (Quote, Chart) allegedly breached a contract with the company by contributing unauthorized portions of Unix-based (define) AIX code to the open source movement. SCO claims that, as a result, Linux is an unauthorized derivative of its UNIX intellectual property. On Friday in SCO's home state of Utah, U.S. District Court Judge Brooke Wells is expected to hear from lawyers representing SCO and IBM, each with motions to compel the other side to provide more information for discovery. The hearing could help move along the eight-month-old dispute that has roiled the open source movement over which copyrights were allegedly violated and distributed for free in the Linux kernel. More SCO fud, this time insulting the constitution http://newsvac.newsforge.com/article.pl?sid=03/12/05/1649217 I apologize for the silence, but we've been in Japan this week announcing iCommons in Japan. (More on that soon). But after reading this extraordinary document by Darl McBride of SCO infamy, I could resist canceling this morning meetings to respond. From the start of this pathetic lawsuit, Eben Moglen of the Free Software Foundation has argued that there was nothing behind the SCO claims. His arguments are persuasive. But if you want a clue of just how clueless this case is, consider the constitutional arguments made by SCO. McBride's argument is grounded in the Constitution. (Well, close to the constitution. He quotes the text of the constitution to be: Congress shall have Power [t]o promote the Progress of Science and useful Arts, open-source advocates argue against copyright and patent laws, and whatever measures they take to by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries. Actually, the framers didn't say anything about "open source advocates.") Debian's Response http://newsvac.newsforge.com/article.pl?sid=03/12/05/1635231 Things got pretty exciting in the Linux world recently, when the Debian Linux distribution announced that a cracker had broken in to four debian.org machines, escalated privileges to root, and installed rootkits on several of the servers. The method? The cracker used keylogging software to sniff the password of a user authorized to log in to one of the servers on Wednesday, 19 November 2003, then logged in and took advantage of a vulnerability in the Linux kernel to escalate to root. After that, it was a short time before the other machines were compromised as well. Further details about the exploit are available in a number of places, including Linux Today and wiggy.net. Let's cut to the question many readers probably have: if you use Linux, should you be worried? Well, yes and no. The vulnerability used in the privilege escalation affects all versions of the Linux kernel prior to 2.4.23 (or 2.5.69 if you're running that series of the kernel, or 2.6.0-test6 if you're using the absolute latest and greatest). And that's from all vendors, including Debian, Red Hat, Mandrake, Slackware, and SUSE. However, in order to exploit the vulnerability, the cracker first must have a local account on the machine, with shell access. In other words, the bad guys can't just force their way into any old Linux box, unless they first can login as a user onto that box. Why is SCO suing BSD? http://newsvac.newsforge.com/article.pl?sid=03/12/05/1629253 Anonymous Reader writes "Lawsuits against BSD don't seem very logical, even for SCO. But in a recent press release SCO has announced they would be going after BSD and challenging a 9 year old settlement. Chris Coleman explains what he thinks they are really up to." Parecel Cyclone Cluster Giveaway http://newsvac.newsforge.com/article.pl?sid=03/12/05/1557212 Ken Farmer writes "Paracel, Inc., in association with LinuxHPC.org, is giving away an AMD Opteron(TM) cluster. The cluster will include two AMD Opteron(TM) based nodes, each with 2 GB memory and 60 GB hard drive, and SuSE Enterprise Edition 8 operating system. This cluster will be granted to an educational, government or commercial organization or research project in the United States." Sharp's Zaurus: Linux Enters Handheld Platform Wars http://newsvac.newsforge.com/article.pl?sid=03/12/05/1528252 For those who thought Linux had no chance in mobile devices, Sharp clearly begs to differ. With its latest Zaurus handheld, the SL-C860, Sharp could have a product with legs. Sharp, along with Casio, owned the PDA space a few years back, but it virtually vanished as a player once Palm and Microsoft entered. Then a little over a year ago, Sharp made a comeback with its Zaurus SL-C760, which ran an embedded version of Linux and had a number of interesting applications. The handheld wasn't particularly reliable, and synchronization was ugly, but the hardware design (with a sharp screen--pun intended--and keyboard implementation that would have made Research in Motion Ltd. jealous) created a very mixed-value proposition. Limited choice for Linux virus protection http://newsvac.newsforge.com/article.pl?sid=03/12/05/151217 Boxall's CC, the South African distributor of Norway's Norman data security products, says Norman Virus Control (NVC) is the only locally supported anti-virus solution specifically for Linux.The company has just launched a strong marketing drive to target the local market.Consultant Peter Boxall says Norman has developed a new command-line scanner for Linux that is compatible with all major distributions. NVC for Linux is a powerful tool for a Linux administrator, enabling full control deployment of scans within the native Linux management. To view the rest of the top stories: http://www.newsforge.com Today's Column -------------- Linux Advisory Watch - December 5th 2003 http://www.newsforge.com/article.pl?sid=03/12/05/1337255 This week, there are several serious vulnerabilities that need to be addressed. Advisories were released for bind, rsync, the Linux kernel, xboard, and gnupg. The distributions include Caldera, Conectiva, Debian, Guardian Digital's EnGarde Secure Linux, Fedora, FreeBSD, Gentoo, Mandrake, Red Hat, Slackware, SuSE, Trustix, Turbolinux, and Yellow Dog Linux. OSDN PriceCompare **************************************************** Computers --------------- Combo Drive DVD+RW/+R DVD-RW/-R 4.7GB INT EIDE 4X-DVD+RW+R 24X-CDRW (Sony) http://osdn.pricegrabber.com/search_getprod.php?masterid=781816 Lowest Price: $139.00 Dual DVD+RW/+R DVD-RW/-R (16x/10x/40x CDRW) - OEM (NEC) http://osdn.pricegrabber.com/search_getprod.php?masterid=841488 Lowest Price: $96.00 DVD+/-R/RW 8X/4X/12X DVD WRITE/DVD RE-WRITE/DVD READ (Plextor) http://osdn.pricegrabber.com/search_getprod.php?masterid=997834 Lowest Price: $190.99 Tungsten T3 PDA (palmOne) http://osdn.pricegrabber.com/search_getprod.php?masterid=1255173 Lowest Price: $330.00 FP557 15'' LCD Monitor (BenQ) http://osdn.pricegrabber.com/search_getprod.php?masterid=651079 Lowest Price: $308.00 Electronics --------------- TH-42PWD6UY 42" Plasma TV (Panasonic) http://osdn.pricegrabber.com/search_getprod.php?masterid=992724 Lowest Price: $2595.00 KF50WE610 50'' Wega LCD (Sony) http://osdn.pricegrabber.com/search_getprod.php?masterid=1246845 Lowest Price: $2939.79 iPod 10GB MP3 Player (Apple) http://osdn.pricegrabber.com/search_getprod.php?masterid=814155 Lowest Price: $291.00 KDF-70XBR950 70" Plasma TV (Sony) http://osdn.pricegrabber.com/search_getprod.php?masterid=1556523 Lowest Price: $5500.00 KF-42WE610 42" LCD TV (Sony) http://osdn.pricegrabber.com/search_getprod.php?masterid=1180921 Lowest Price: $2477.79 Software --------------- SUSE LINUX 9.0 PROFESSIONAL EDITION BY SUSE INC. (Global Marketing Partners) http://osdn.pricegrabber.com/search_getprod.php?masterid=1269157 Lowest Price: $65.35 Red Hat Linux 9 Personal (Full Product) (Red Hat) http://osdn.pricegrabber.com/search_getprod.php?masterid=703377 Lowest Price: $33.72 SUSE LINUX 9.0 PERSONAL EDITION BY SUSE INC (Global Marketing Partners) http://osdn.pricegrabber.com/search_getprod.php?masterid=1271535 Lowest Price: $34.95 Linux 9 Professional (Red Hat) http://osdn.pricegrabber.com/search_getprod.php?masterid=707935 Lowest Price: $128.88 Mandrake Linux Standard ...... (Pearson Education) http://osdn.pricegrabber.com/search_getprod.php?masterid=560790 Lowest Price: $9.90 Windows XP Pro(Full Product) (Microsoft) http://osdn.pricegrabber.com/search_getprod.php?masterid=477480 Lowest Price: $127.00 Nero 6 Ultra Edition CD/DVD Burning Suite (Full Product) (Ahead Systems) http://osdn.pricegrabber.com/search_getprod.php?masterid=894660 Lowest Price: $5.00 Windows XP Home (Full) (Microsoft) http://osdn.pricegrabber.com/search_getprod.php?masterid=477483 Lowest Price: $82.93 Call Of Duty PC (Ful Prod) (Activision) http://osdn.pricegrabber.com/search_getprod.php?masterid=774724 Lowest Price: $39.90 Windows 2000 Pro (Full Product) (Microsoft) http://osdn.pricegrabber.com/search_getprod.php?masterid=217635 Lowest Price: $88.50 ThinkGeek **************************************************** Featured Items --------------- Computing: DoubleSight Dual 15" LCD Display http://www.thinkgeek.com/computing/display/lcd/6665/?cpg=wnrdf Cube Goodies: R/C Shooting Battle Tanks http://www.thinkgeek.com/cubegoodies/toys/6279/?cpg=wnrdf Computing: Cantenna Wireless Network Antenna http://www.thinkgeek.com/computing/accessories/666e/?cpg=wnrdf Gadgets: Forever Flashlight http://www.thinkgeek.com/gadgets/lights/5a9f/?cpg=wnrdf Gadgets: USB Memory Pen http://www.thinkgeek.com/gadgets/electronic/635f/?cpg=wnrdf Gadgets: Guardian Rechargeable Lantern http://www.thinkgeek.com/gadgets/lights/61d0/?cpg=wnrdf Other Apparel: Geek Work Shirt http://www.thinkgeek.com/apparel/golfshirts/6616/?cpg=wnrdf Other Apparel: Hacker Work Shirt http://www.thinkgeek.com/apparel/golfshirts/6620/?cpg=wnrdf Other Apparel: 31337 Work Shirt http://www.thinkgeek.com/apparel/golfshirts/6628/?cpg=wnrdf Caffeine: Caffeine Candy Sampler v4.0 http://www.thinkgeek.com/caffeine/candy/6672/?cpg=wnrdf Caffeine: Chargers Caffeinated Espresso Beans http://www.thinkgeek.com/caffeine/candy/5f75/?cpg=wnrdf Computing: Sniper Boomslang 2100 Gaming Mouse http://www.thinkgeek.com/computing/input/gaming/6689/?cpg=wnrdf PC Mods: ZEROtherm CPU Cooler http://www.thinkgeek.com/pcmods/cooling/6580/?cpg=wnrdf Electronics: Panasonic SD Digital Video Camera http://www.thinkgeek.com/electronics/video/660f/?cpg=wnrdf Cube Goodies: Despair, Inc. 2004 Calendars http://www.thinkgeek.com/cubegoodies/toys/65de/?cpg=wnrdf Cube Goodies: Achievement http://www.thinkgeek.com/cubegoodies/posters/despair/65c7/?cpg=wnrdf Cube Goodies: R/C Mars Detector Stunt Vehicle http://www.thinkgeek.com/cubegoodies/toys/6458/?cpg=wnrdf Cube Goodies: Invaders Surface/Wall Graphics http://www.thinkgeek.com/cubegoodies/toys/6425/?cpg=wnrdf Cube Goodies: Teamwork http://www.thinkgeek.com/cubegoodies/posters/despair/65d7/?cpg=wnrdf Cube Goodies: Potential http://www.thinkgeek.com/cubegoodies/posters/despair/65b7/?cpg=wnrdf ==================================================== Save Time & Money Download Free Tools and Whitepapers Visit DevChannel Development Tools Click to Go There Now! http://tools.devchannel.org/ ==================================================== ---------------------------------------------------- To unsubscribe from the OSDN Update, go to: http://newsletters.osdn.com/wws/signoff/osdn-update Copyright (c)1999-2003 OSDN. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of OSDN is prohibited. To post to the list send email to <frgeek-michiana@xxxxxxxxxxxxxx> You may unsubscribe or change your list settings by going to the list website at <//www.freelists.org/webpage/frgeek-michiana>