From a LinuxWorld column: “Joe Barr wasn’t just trying to outdo Miguel de Icaza when he wrote that Debian’s install sucks. In fact, he unwittingly
picked up an outdated version of Debian that VA Linux distributed at the LinuxWorld Expo. The Debian faithful were
not amused. So this week, Joe is back to give Potato a fair trial.” (Disclosure: VA Linux owns NewsForge.)

From an advisory at LWN.net: “A locally-exploitable security hole was found where a normal user could
trick root running GnoRPM into writing to arbitrary files due to a bug in
the gnorpm tmp file handling.”

From a 32bitsonline column:

“In the real estate racket you have to sign a ‘Sellers Disclosure Statement’ that ostensibly makes you compile a list of
everything you KNOW is wrong with your house. Too bad software monopolies aren’t made to do the same…

‘This product will cost you, in addition to the initial outlay of cash for licenses, mandatory upgrades and training, three
hundred and fifty dollars per year in lost productivity, per machine…’

LWN.net has posted an advisory about GNU cfengine: “GNU cfengine is an abstract programming language for system
administrators of large heterogeneous networks, used for maintenance
and administration. Pekka Savola has found several
format string vulnerabilities in syslog() calls that can be abused to
either make the cfengine program to segfault and die or to execute
arbitrary commands as the user the cfengine process runs as (usually
root).”

From an InfoWorld story: Big Blue has released its chip road map that will complement its newly released eServers, including its Unix-based pSeries servers.

LWN.net has an advisory: “There are two vulnerabilities in the Apache web server as shipped
with Conectiva Linux.

1) Under certain configurations, the mod_rewrite module could be used
to access any file on the server, provided that filesystem access
rights permitted that. Now the mod_rewrite module makes a one-pass
expansion and is no longer vulnerable to this.

2) The other vulnerability is regarding the handling of Host: headers
in mass virtual hosting configurations. The check for dot (“.”)
charactes in that header was not complete and could permit access to
a parent directory.”

Slashdot readers talk about an OLinux.com.br interview with Richard Payne, Alpha Processor’s tech support manager, about Alpha’s Linux strategy.

From the tech humor site Segfault: “A small group of the local sect of Hasidic Linux
users, who have been using Linux to perform numerology on the Bible, Torah and other religious texts, decided to
use their analysis skills on the source code to the Linux Kernel. Aftering use wc to analyze various portions of the
code, adding and subtracting the results, multiplying it by the time, and gzipping it, they received the hexadecimal
equivalent of hourly snapshots of Microsoft’s stock price from their IPO in 1986 to sometime in the year 2067.”

The latest release of Suneido (Oct. 10) includes a new “Getting Started” guide that leads you through creating an application and deploying it both standalone and client-server.

Suneido is an open source integrated object-oriented language, client-server relational database, and application framework. — Submitted by Andrew McKinlay

Atipa Corporation, a leading provider
of end-to-end Open Source and Linux technology solutions, is pleased to
announce that it has joined The Linda Club, a new partnership initiative
for Beowulf resellers sponsored by Scientific Computing Associates, Inc.
(SCA), a leader in high-performance computing software, from PRNewswire.