From a TechWeb story: ”
In her keynote, (Hewlett-Packard CEO Carly) Fiorina also said open systems, not
proprietary ones, are necessary for the evolution of the
Internet.

‘Proprietary systems commit an IT environment to become a
legacy environment,’ she said. ‘Openness is key to
flexibility in this new dynamic environment. We need to
embrace open-industry, standards-based technologies.’ ”

From Reuters: “iNoize.com on Wednesday became the latest company to announce a legal alternative to Napster by launching a
peer-to-peer service it says lets people share streamed music without infringing on copyrights.

‘Our goal was to create a system that is secure, easy to use and so convenient there would be no incentive for users to violate copyright laws,’ said Craig
Hamilton, president of privately owned iNoize.”

ZDNet reviews Red Hat 7, saying the version of its RPM and glibc cause problems with older versions of Red Hat. Also, Slashdotters discuss a now-fixed problem that causes Red Hat 7 to crash.

From a LinuxWorld column: “Joe Barr wasn’t just trying to outdo Miguel de Icaza when he wrote that Debian’s install sucks. In fact, he unwittingly
picked up an outdated version of Debian that VA Linux distributed at the LinuxWorld Expo. The Debian faithful were
not amused. So this week, Joe is back to give Potato a fair trial.” (Disclosure: VA Linux owns NewsForge.)

From an advisory at LWN.net: “A locally-exploitable security hole was found where a normal user could
trick root running GnoRPM into writing to arbitrary files due to a bug in
the gnorpm tmp file handling.”

From a 32bitsonline column:

“In the real estate racket you have to sign a ‘Sellers Disclosure Statement’ that ostensibly makes you compile a list of
everything you KNOW is wrong with your house. Too bad software monopolies aren’t made to do the same…

‘This product will cost you, in addition to the initial outlay of cash for licenses, mandatory upgrades and training, three
hundred and fifty dollars per year in lost productivity, per machine…’

LWN.net has posted an advisory about GNU cfengine: “GNU cfengine is an abstract programming language for system
administrators of large heterogeneous networks, used for maintenance
and administration. Pekka Savola has found several
format string vulnerabilities in syslog() calls that can be abused to
either make the cfengine program to segfault and die or to execute
arbitrary commands as the user the cfengine process runs as (usually
root).”

From an InfoWorld story: Big Blue has released its chip road map that will complement its newly released eServers, including its Unix-based pSeries servers.

LWN.net has an advisory: “There are two vulnerabilities in the Apache web server as shipped
with Conectiva Linux.

1) Under certain configurations, the mod_rewrite module could be used
to access any file on the server, provided that filesystem access
rights permitted that. Now the mod_rewrite module makes a one-pass
expansion and is no longer vulnerable to this.

2) The other vulnerability is regarding the handling of Host: headers
in mass virtual hosting configurations. The check for dot (“.”)
charactes in that header was not complete and could permit access to
a parent directory.”

Slashdot readers talk about an OLinux.com.br interview with Richard Payne, Alpha Processor’s tech support manager, about Alpha’s Linux strategy.