The BBC reports on some artists’ support of Napster, inluding pop star Dave Stewart, who says it starts to put artists back in control of their music.

From LWN.net: ” There is a problem with versions of the boa web server prior to
0.94.8.3 that make it possible to access files outside of the server’s
document root by the use of properly constructed URL requests.”

Posted at LWN.net: “Our next major announcement should be revolving around a build
milestone we’ve targeted for later this month. The build will include
updated user interfaces (JDK 1.3 support), the SCM, the events
subsystem, some updates/fixes to jSNMP, database utilities, and some
build scripts. We’re closing in on some significant functionality, but
still have miles to go before we sleep.”

From a TechWeb story: ”
In her keynote, (Hewlett-Packard CEO Carly) Fiorina also said open systems, not
proprietary ones, are necessary for the evolution of the
Internet.

‘Proprietary systems commit an IT environment to become a
legacy environment,’ she said. ‘Openness is key to
flexibility in this new dynamic environment. We need to
embrace open-industry, standards-based technologies.’ ”

From Reuters: “iNoize.com on Wednesday became the latest company to announce a legal alternative to Napster by launching a
peer-to-peer service it says lets people share streamed music without infringing on copyrights.

‘Our goal was to create a system that is secure, easy to use and so convenient there would be no incentive for users to violate copyright laws,’ said Craig
Hamilton, president of privately owned iNoize.”

ZDNet reviews Red Hat 7, saying the version of its RPM and glibc cause problems with older versions of Red Hat. Also, Slashdotters discuss a now-fixed problem that causes Red Hat 7 to crash.

From a LinuxWorld column: “Joe Barr wasn’t just trying to outdo Miguel de Icaza when he wrote that Debian’s install sucks. In fact, he unwittingly
picked up an outdated version of Debian that VA Linux distributed at the LinuxWorld Expo. The Debian faithful were
not amused. So this week, Joe is back to give Potato a fair trial.” (Disclosure: VA Linux owns NewsForge.)

From an advisory at LWN.net: “A locally-exploitable security hole was found where a normal user could
trick root running GnoRPM into writing to arbitrary files due to a bug in
the gnorpm tmp file handling.”

From a 32bitsonline column:

“In the real estate racket you have to sign a ‘Sellers Disclosure Statement’ that ostensibly makes you compile a list of
everything you KNOW is wrong with your house. Too bad software monopolies aren’t made to do the same…

‘This product will cost you, in addition to the initial outlay of cash for licenses, mandatory upgrades and training, three
hundred and fifty dollars per year in lost productivity, per machine…’

LWN.net has posted an advisory about GNU cfengine: “GNU cfengine is an abstract programming language for system
administrators of large heterogeneous networks, used for maintenance
and administration. Pekka Savola has found several
format string vulnerabilities in syslog() calls that can be abused to
either make the cfengine program to segfault and die or to execute
arbitrary commands as the user the cfengine process runs as (usually
root).”