The Toronto Globe and Mail has a story kind of introducing Linux to non-believers and describing how its moving ahead these days. ” But Linux’s availability — and cost — also present problems. Companies are less likely to invest in developing something that is free and widely available and therefore may carry little market value. Jack O’Brien, a marketing manager for Sun Microsystems, says Linux players need to provide products with unique applications and distinct differences so that buyers are willing to pay for them.

LinuxDevices.com writes, “This is Part 2 of an ELJonline technical series about Brian’s Own Embedded Linux (“BOEL”), a small embeddable Linux distribution that can boot from disk, CDROM, or the Net. Brian Finley developed BOEL as part of a project to create a tool for distributing live updates to client systems, which required that the client machines be booted in such a manner that their hard disks were not in use so that they would be available for manipulation. Much of the focus is on creating a system as small as possible — the complete BOEL system must fit on a single 1.44MB floppy. The first article showed how to create an initrd and discussed issues such as libraries, shells, filesystems, and inodes; in this installment, Finley covers the kernel configuration and boot process. Read it here.”

Linux Today: “In response to the needs of
its customers, Lycoris has begun distribution in the retail space.
Their flagship products, Desktop/LX Personal and Desktop/LX Deluxe,
are now available at Fry’s Electronics retailers. Desktop/LX has also
enjoyed continued publicity with reviews in Forbes, The Washington Post and Personal
Computer World among others.” Read the rest of this press release.

LinuxNews.com: “The Training Camp… today announced plans to
deliver an advanced Linux Training Camp…’As Linux has moved from fad to fact in the business world, it is being
considered and implemented by the complete range of companies and
organizations…'”

CRN: “Linux, the open-source operating system with an outsider mystique, is now proliferating on powerful government computer systems in the United States and abroad with technology giants increasingly providing support.”

“GreyMagic Security found[1] a vulnerability[2] in mozilla prior to
version 1.0rc1 which allows a hostile site to read and list user
files. The vulnerability was related to the XMLHTTP, a component that
is primarily used for retrieving XML documents from a web server.”

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : mozilla
SUMMARY   : Mozilla vulnerabilities
DATE      : 2002-05-29 17:03:00
ID        : CLA-2002:490
RELEVANT
RELEASES  : 6.0, 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 Mozilla is an open-source web browser designed for standards
 compliance, performance and portability.
 
 GreyMagic Security found[1] a vulnerability[2] in mozilla prior to
 version 1.0rc1 which allows a hostile site to read and list user
 files. The vulnerability was related to the XMLHTTP, a component that
 is primarily used for retrieving XML documents from a web server.
 
 This update also solves other vulnerabilities:
  - IRC Buffer Overflow Vulnerability[3]
  - Local File Detection Vulnerability[4]
  - JavaScript Interpreter Denial Of Service Vulnerability[5]
  - Null Character Cookie Stealing Vulnerability[6]*
 
  * Conectiva Linux 8 is not vulnerable.
 
 The packages included with this update are of Mozilla 1.0rc2, which
 fixes all the problems listed above.

 These vulnerabilities also affect the Galeon web browser, since it
 uses the Mozilla engine. There will be no updated Galeon packages for
 Conectiva Linux 6.0 and 7.0. Galeon in these versions of the
 distribution was in its early stages of development and will not work
 with the new Mozilla packages. A new version of Galeon for these
 distributions would need many other updated packages and will not be
 provided.


SOLUTION
 All mozilla and galeon users should upgrade. Galeon users on
 Conectiva Linux 6.0 and 7.0 should consider upgrading their
 distribution or choosing another browser.
 
 
 REFERENCES:
 1.http://sec.greymagic.com/adv/gm001-ns/
 2.http://bugzilla.mozilla.org/show_bug.cgi?id=141061
 3.http://online.securityfocus.com/archive/1/270249
 4.http://online.securityfocus.com/archive/1/270249
 5.http://online.securityfocus.com/archive/1/262994
 6.http://online.securityfocus.com/archive/1/251788

DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-1.0rc2-1U60_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/mozilla-devel-1.0rc2-1U60_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mozilla-1.0rc2-1U60_1cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-devel-static-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-irc-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-mail-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/mozilla-psm-1.0rc2-1U70_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mozilla-1.0rc2-1U70_1cl.src.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-devel-static-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-irc-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-mail-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/mozilla-psm-1.0rc2-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-1.2.1-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/galeon-devel-1.2.1-1U8_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/SRPMS/mozilla-1.0rc2-1U8_1cl.src.rpmftp://atualizacoes.conectiva.com.br/8/SRPMS/galeon-1.2.1-1U8_1cl.src.rpm

ADDITIONAL INSTRUCTIONS
 Users of Conectiva Linux version 6.0 or higher may use apt to perform 
 upgrades of RPM packages:
 - add the following line to /etc/apt/sources.list if it is not there yet
   (you may also use linuxconf to do this):

 rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(replace 6.0 with the correct version number if you are not running CL6.0)

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br

LinuxPR: “The long-awaited fourth release of Phat Linux has finally hit FTP servers. With updates such as XIMIAN GNOME and a 2.4.18 kernel, users are sure to be pleased.”

IDG.net notes that Red Hat is countering news of an alliance to create a super distro with news of its own. Executives from Oracle, Dell and Red Hat are scheduled next week to launch what the companies dubbed “Unbreakable Linux,” although details are still hazy.

Jason Spisak writes: In response to the needs of
its customers, Lycoris has begun distribution in the retail space.
Their flagship products, Desktop/LX Personal and Desktop/LX Deluxe,
are now available at Fry’s Electronics retailers. Desktop/LX has also
enjoyed continued publicity with reviews in Forbes, The Washington Post and Personal
Computer World among others. The next few months promise to be
exciting, as Lycoris prepares to release Update 2 for its popular
operating system and launch its ProductivityPak, a full office suite
based on Open Office.

Desktop/LX was given 4 stars by Barry Shalliday
of Britain’s Personal Computer World, and Stephen Manes,
writing for Forbes magazine, gives Desktop/LX the edge over Red Hat,
stating, “Desktop/LX made it simple to access Windows systems on
my network; Red Hat never managed that feat.” With the
continuing publicity, and more on the way, Lycoris is quickly
establishing itself as a new player in the operating system software
market.

The increasing sales of Desktop/LX have prompted Lycoris to bring
on more staff to accommodate demand for
fulfillment. Desktop/LX sales have already outpaced the cumulative
first quarter numbers in the first two months of the second quarter.

“We are thrilled with the wide acceptance of Desktop/LX and with the reviews we have recently received.
As we prepare for the release of Update 2, our next version of Desktop/LX, as well as our Productivity Pak,
we will continue to make Linux easier, more usable, and more accessible for regular people.
We see the launch of our retail channel as the next step in that progression
,” states CTO and Founder, Joseph Cheek.

As more end users make Desktop/LX their choice for desktop
operating system, the Desktop/LX community grows in parallel. Lycoris
has also had to increase the capacity and bandwidth for its Community
Website, lycoris.org to accommodate for
more Desktop/LX users.

With an eye on the future, Lycoris sees retail distribution as a
key to wider acceptance of Desktop/LX as the new choice of desktop
operating system. To that end, Lycoris has secured the first retail
outlet to carry Desktop/LX, Fry’s Electronics. With six stores in
Northern California and seven stores in Southern California, four
stores in Texas, two stores in Arizona, and one store in Oregon,
coupled with a dedicated technology market focus, Fry’s is a perfect
match for Lycoris as it starts its retail exposure.

About Lycoris

Lycoris, located in Redmond, Washington, was founded in 2000 with
a vision of making Linux simple enough for anyone to use. Lycoris
makes open source applications easy to use and integrates them into
Desktop/LX, their Linux desktop.

About Fry’s Electronics

Fry’s Electronics, Inc. was founded in 1985 in Sunnyvale,
California in a 20,000 square foot location by the three Fry
brothers, John, Randy, and Dave, and Kathryn Kolder. Fry’s is a
closely held private company, and all of the founders are actively
involved in the daily operation of the business. Fry’s was founded as
a Silicon Valley retail electronics store in order to provide a
one-stop-shopping environment for the Hi-tech Professional. Fry’s has
been keeping Hi-Tech Professionals supplied with products
representing the latest technological trends and advances in the
personal computer marketplace for over 17 years. Fry’s retails over
50,000 electronics items within each store.

For Additional Information

Web: http://www.lycoris.com
Sales:sales@lycoris.com
MediaRelations: press@lycoris.com
General Information: info@lycoris.com

Lycoris
PO Box 2313
Redmond WA 98073-2313
USA

+1 425 413-9521 Corporate

+1 805 579-0444 Sales

+1 425 671-0504 Facsimile

CNet reports that Red Hat said has launched a program aimed at strengthening relationships with other technology companies. In Red Hat’s “Alliance” program, premier partners will work with Red Hat to make their products compatible with its Linux enterprise products.