Microsoft Insecurity

Submitted by jbreland on Wed, 08/06/2003 - 18:33

Most readers should hopefully be aware of the severe RPC vulnerability announced a couple weeks ago that affects all versions of Windows NT, 2000, XP, and 2003. The U.S. Department of Homeland Security just released a second advisory about the flaw, urging users to install the appropriate patch ASAP. More details can be found here, and the patch itself (along with technical details) can be found here.

A new vulnerability in IE has also been reported. According to this article, "Notepad popup windows can be displayed from an HTML email message or Web page regardless of browser security settings. In addition, Notepad popups can access files on a hard disk, possibilly causing stability problems in a Windows saystem." A followup post on Bugtraq points out that this IE flaw also affects many other mimetypes and protocols. For now, the only fix is to switch to another browser.

Gentoo Linux 1.4 Released

Submitted by jbreland on Wed, 08/06/2003 - 13:26

Yeah, baby! After over 1 year in the making, Gentoo Linux 1.4 has finally been released. Features include:

  • Support for x86, PowerPC, UltraSparc and Alpha processors
  • Latest stable KDE and GNOME
  • Various optimized Linux kernels (2.4.20, 2.4.21_pre)
  • Very modern GNU development environment (glibc 2.3, gcc 3.2.2)
  • Excellent filesystem support: ReiserFS, XFS, ext3, EVMS, LVM
  • Excellent hardware support: NVIDIA, Creative Labs Live! and Audigy
  • New "hardened" Gentoo security initiative
  • 4000+ packages of the latest and greatest software

This release also marks the first official release of the Gentoo Reference Platform. Unlike the traditional Gentoo installation method (compile everything you want from source), the GRP is a full, compiled distribution, optimized for various hardware architectures. As of this posting, it's currently available via tw disc sets for i686, Pentium 3, Pentium 4, and Athlon XP.

Please see the list of official mirrors to download. Additional, you'll want to refer to the Gentoo Installation Guide, and also perhaps my own unofficial installation and configuration guide. Enjoy!

SCO Announces Intellectual Property License for Linux

Submitted by jbreland on Tue, 08/05/2003 - 20:59

More on the SCO drama:

The SCO Group ... today announced the availability of the SCO Intellectual Property License for Linux®. The run-time license permits the use of SCO's intellectual property, in binary form only, as contained in Linux distributions. By purchasing a SCO Intellectual Property License, customers avoid infringement of SCO's intellectual property rights in Linux 2.4 and Linux 2.5 kernels. Because the SCO license authorizes run-time use only, customers also comply with the General Public License, under which Linux is distributed.

The price? Introductory $699 per CPU through October 15. How gracious!

Press release

Red Hat sues SCO to stop FUD; SCO responds

Submitted by jbreland on Tue, 08/05/2003 - 13:40

For the latest news on this continuing drama, check out these two press releases:

Red Hat Takes Aim at Infringement Claims

Statement Regarding Red Hat Lawsuit

The first is a press release by Red Hat in which they state that they have sued SCO to prove that their products (and Linux/OSS in general) do not infringe upon any of SCO's copyright claims. They also announced that they have setup a community fund to defend against these accusations, called the Open Source Now Fund.

The second is a press release by SCO in response to Red Hat's suite, which basically claims that they were specifically not trying to spread FUD, and instead just wanted to educate end-users.

Now hmm..., who should I believe....

Linux (KDE) nears Windows XP usability

Submitted by jbreland on Tue, 08/05/2003 - 13:24

A study on ease-of-use between Windows XP and Linux (with KDE 3.1.2) returned some interesting results:

The study findings suggest that it's almost as easy to perform most major office tasks using Linux as it is using Windows, which has a long history in the consumer market.

Linux users, for example, needed 44.5 minutes to perform a set of tasks, compared with 41.2 minutes required by the XP users. Furthermore, 80% of the Linux users believed that they needed only one week to become as competent with the new system as with their existing one, compared with 85% of the XP users.

This sounds about right to me. KDE has come a long way, but it's still easier to to do some stuff in Windows (GUI file management, desktop settings, etc.) than in Linux.

Full article

Opie GUI/PIM project releases version 1.0

Submitted by jbreland on Tue, 08/05/2003 - 13:07

Sorry for the severe lack of updates over the last couple of months. Been busy with some work for LOULUG. Here's a fresh batch of news, though, beginning with...

The Opie (Open Palmtop Integrated Environment) Project has announced version 1.0. Opie originated as a fork of of Trolltech's Qtopia, but based on these screenshots, seems to already have surpassed it.

Opie is designed to run on all Linux PDA's, and already includes packages for Zaurus, iPAQ, and SimPad.

More information can be found on Opie's home page.

Two Security Articles

Submitted by jbreland on Fri, 06/13/2003 - 09:15

I recently came across a couple good security-related articles that's well worth reading.

The first is an introduction to firewalls and backdoors, describing each type, listing examples, and providing tips. Also contains links to some very useful external resources.

The second article disusses real-time alerting with snort, the most popular open-source IDS (Intrusion Detection System). It does not cover installation or initial configuration, however; check out the snort documentation for details on this.

AMD Researchers Detail New High Performance Transistors

Submitted by jbreland on Fri, 06/13/2003 - 08:31

Researchers at Advanced Micro Design released details on new high-performance transistors that will be used as a building block for future microprocessor designs.

Using a combination of two new technologies, metal gates (made from Nickel Silicide) and fully-depleted silicon-on-insulators (FDSOI), researcher were able to demonstrate up to a 30% performance gain over today's transistors.

Much more information can be found in the Full story.