ftobin writes “Internet News reports reports that a judge has ruled against an injunction to stop Lindows from using its name.”

shockzor writes “mod_protection is an apache module that integrates basic function of an IDS
(intrusion detection system) and of a firewall (just an emulation for now).
Your apache administrators have only to install mod_protection and define
rules.
Obviously you see that a normal NIDS can’t check SSL tunneled stuff and that
mod_protection can.
When a malicious client sends a request that matches on your rules the
administrator will be warned and the client gets a user defined page or a error
or something that notifies that now he will be persecuted or …
The warning system just write on a socket, so you can put on the other side
of the socket an application that send you a mail, an SMS, a message in your
favourite IM or a notify in your IRC client, or why not open a message box on
your usual box.”What’s new? 0.0.2 ->

introduction of three new directives:

BlockTime and PairAlert PairAlertMatch.

BlockTime introduce a partial emulation of firewall.

Test with CGI scanner.

A little more documentation.

Rules in an external file.

Changed in GPL because Apache license doesn’t make sense for this module.

DIRECT DOWNLOAD HERE (always avaliable in file archive -> security -> monitoring)”

PR Newswire: “Inc. announced today the
release of four high-performance graphics drivers for the Dell Latitude C400
laptop that uses the Intel i830 graphics chip. The drivers differ in feature
sets and in 2D or 2D+OpenGL 3D capabilities. Each driver is available in demo
mode for download from the Xi Graphics Web site, http://www.xig.com , for
compatibility and performance testing.” Read more in this press release.

From The Register
“A vulnerability involving an obscure UDP protocol might permits crackers to obtain remote control of Unix workstations, security experts have warned.
Security firm ProCheckUp has issued an advisory warning that anonymous XDMCP connections allow remote attackers to obtain a remote console identical
to a local X-Windows session, using a command enabled by default on most Unix boxes.”

There will be a SELinux Panel at FOSE in Washington DC, Thursday March 21 between 2:15-3:00. Check at FOSE for room location.

The Panel includes:

• Peter A. Loscocco, Security-enhanced Linux Project Leader, National Security Agency
• Mark Westerman, Westcam Inc., SELinux community developer
• Martin R. Dean, PhD Candidate in Computer Science at George Washington University, responsible for the Cyberspace Policy Institute’s SELinux Distribution project.

Moderator is:

Tony Stanco, Senior Policy Analyst, Cyberspace Policy Institute, George Washington University

About SELinux:

Security-enhanced Linux incorporates into Linux a strong, flexible
mandatory access control architecture that enables threats to system
security to be effectively addressed. The NSA’s Information Assurance
Research Group has long been interested in the problems associated with
creating secure systems. SELinux draws from the results of that
research. The release of SELinux to the open source community has
proven to be an effective strategy for achieving many research and
technology transfer goals. However, participation in this community is
a new endeavor for NSA that has presented a number of challenges that
needed to be overcome. This presentation will give an overview of
SELinux and how its security features enable systems to be configured
more securely than is currently possible using mainstream operating
systems. In addition. it will touch upon the benefits, as well as the
challenges, of the federal government working in the open source
arena.

About the Participants:

Mr. Loscocco is a senior research scientist with the Information
Assurance Research Group of NSA where he has studied problems
associated with computer and network security since 1985. Since 1990,
he has concentrated in the area of operating system security where he
has helped develop a series of prototype secure operating systems. He
currently leads NSA’s operating system research program. Mr. Loscocco
and his team developed SELinux, the secure variant of Linux that NSA
released in December 2000 to help influence the direction of security
in mainstream operating systems.

Mark Westerman Managing Partner for Westcam, Inc.,
has over 15 years of experience in all phases of computer network design,
network security, encryption technology, and firewalls as well as
UNIX, Windows NT, and Windows 2000 expertise. Mark has designed AIS level
3 security systems and network security systems for NASA.
He was the head security designer of one of NASA’s AIS 3 network
development environments. For the last 2 years he has been implementing SELinux
systems for use in connecting single computers to multiple security level
system for NASA. SNARE background at
http://www.intersectalliance.com/projects/Snare/Documentation/index.html#SNA
RE=5Finstallation

Martin R. Dean represents the Cyberspace Policy Institute’s Security-Enhanced
Linux project. The project’s goal is to create, maintain, and continually
improve a secure Linux version and to develop a community of
Security-Enhanced Linux support to eGovernment organizations. Mr. Dean holds
a BS degree in Computer and Information Science, an MS in Information
Systems Management and currently pursues a Ph.D. in Computer Science at The
George Washington University. Mr. Dean specializes in computer security in
his academic endeavors. Mr. Dean is a principal engineer with SAIC and has strong experience in
systems engineering, software engineering and computer networking. At The
George Washington University, Mr. Dean has taught three times the operating
system lab, where he has guided his students in writing kernel modules and
device drivers using the Linux operating system.

Tony Stanco is a Senior Policy Analyst of the Cyberspace Policy Institute (CPI) at The George Washington University, where he advocates both the commercial and philosophical advantages of Open Source/Free Software around the world. Before joining CPI, Tony worked at the Securities and Exchange Commission in Washington, DC as a senior attorney in the Internet and software group. Tony is a listed speaker on behalf of the Free Software Foundation and GNU Project.

JigSaw writes, “Lycoris Desktop/LX (formerly known as ‘Redmond Linux’) is viewed by many as the new big distribution in the “Linux on the Desktop” arena. OSNews features an extensive review of the latest Lycoris and outlines the good and the bad things of the distro. In short, Lycoris seems to suffer from the general GNU/Linux situation to not be ready to power a true desktop-oriented, easy to use distribution yet.”

– By Grant Gross –

The big news this week came from an exclusive NewsForge/Linux.com report saying AOL is planning to dump the Microsoft Internet Explorer for the core of the Open Source Mozilla browser. Robin “Roblimo” Miller also reported March 11 that AOL was talking with Red Hat about supporting AOL’s wholesale switch to Linux servers.

By late in the week, several other news organizations were reporting the same information. After we outed AOL, The Register and others noted a beta test switch at AOL to the Mozilla Gecko rendering engine. Salon.com wrote about Mozilla’s revenge.

Reuters reported the Red Hat angle, although that story seemed oddly similar to Roblimo’s, and Red Hat’s stock jumped after the news got out.

Mandrake: Please sign up for our club

The news wasn’t quite so rosy for MandrakeSoft, the maker of the popular Mandrake Linux distribution. The company asked individuals and corporate users to sign up for the Mandrake Club, which provides some additional benefits in exchange for a subscription. The company says it’s got a short-term cash flow problem, but The Register asked: “Would you pay $5 to save Mandrake?” The story didn’t provide its own answer.

However, NewsForge columnist Jack Bryar suggesting it was unbecoming of a for-profit company to “beg for money.” That column prompted a lot of discussion, on both sides of the issue.

Loki bankruptcy gets ugly

Early reports on the bankruptcy proceedings of Linux gaming company Loki Software have the company owing more that $2 million total and more than $560,000 in payroll.

New look NewsForge and Linux.com launch

It’s been about as painful as birthing a baby, at least what I’d imagine that’d feel like, but new versions of NewsForge.com and Linux.com are launching this week. Please let us know what you think by contributing to the discussion in the linked story above.

Security issues

We reported that a vulnerability in zlib could affect Linux, Netscape and other Open Source software, and other reports alerted users of the Jac virus in Linux. But some analysts say new bugs won’t hurt Linux in the long run.

Meanwhile, a, Open Source programmer in Austria has released “the Linux virus writing howto,” for educational purposes.

In other news …

SuSE may consider charging license fees, a new step for Linux distributions. The company also announced SuSE Linux 8.0.

The Free Software Foundation talked of plans to release a Linux-free GNU operating system by year’s end.

The U.S. Air Force told Microsoft to improve its security or it would look elsewhere. Come on over to the light side, all you Air Force people.

Newly released

BrowserG! 1.02, a browser written in Java/JFC and Mozilla has been released.

JGraph 1.0 is now available. “The open-source component offers a 100 % stable, fully standards-compliant API to display and edit graphs (networks).”

Mozilla 0.9.9 was release, on the way to the browser suite’s 1.0 launch.

Success story of the week

Oreillynet.com describes how to set up an “Open Source household.”

Even John Dvorak is suggesting that Linux might be your next desktop OS.

New at NewsForge and Linux.com

Other stories that NewsForge and Linux.com reported first this week:

We reported that a vulnerability in zlib could affect Linux, Netscape and other Open Source software.

Russell C. Pavlicek reviews Memtest86, an Open Source program that allows you to test your computer’s memory.

Stock news

The Nasdaq ended last week at 1,868.30, down from 1,929.67 March 8. Today, the Nasdaq was running about 5 points lower as of 1:30 p.m. EST. On our list of 11 Open Source-related stocks, it was a mixed week, with eight of the stocks falling, including Caldera’s, which started the week at .67 before a four-for-one reverse stock split and ended the week at 2.05. Seven of the stocks were down in early Monday trading.

Caldera’s reverse split was called successful by company leaders, but Steven J. Vaughan-Nichols reported that analysts have other questions about the company’s future.

Here’s how Open Source and related stocks ended this past week:

Company Name	Symbol	3/8 Close	3/15 Close
Apple	AAPL	24.66	24.95
Borland Software Int’l	BORL	14.05	12.26
Caldera International	CALD	0.67	2.05 (after reverse split)
Hewlett-Packard	HWP	20.59	19.05
IBM	IBM	105.09	106.79
MandrakeSoft	4477.PA	e3.95	e2.89
Red Hat	RHAT	6.75	7.10
Sun Microsystems	SUNW	10.00	9.06
TiVo	TIVO	6.39	5.32
VA Software	LNUX	1.98	1.89
Wind River Systems	WIND	14.47	13.73

Anonymous Reader tells us that two keynote presentations from the March 12, 2002 Embedded Linux Consortium meeting are now available online, including “The Future of Embedded Linux (and the evolving role of the Embedded Linux Consortium).”

It’s at LinuxDevices.com.

Bradley M. Kuhn writes, “The Free Software Foundation is offering resources, including an staff organizer, to the Digital Speech Project. This project seeks to organize people against technology control laws, like the DMCA and the proposed SSSCA. The Digital Speech Project has a website here.”

Zontar The Mindless writes: “It seems that word is starting to get around: there’s a viable alternative to Internet Explorer. America Online has begun testing a beta version of its software that uses the Gecko rendering engine, the core of the OS Mozilla browser, in place of MSIE’s. Meanwhile, response to the recent Mozilla 0.9.9 release has been very good, so much so that additional servers had to be set up to accomodate the increased traffic on ftp.mozilla.org. Over 150,000 downloads were recorded in the first 48 hours that the latest milestone was available. The full text of the email sent to the AOL Beta Team can be read in full here. Users (including this one) are reporting considerable performance improvements over previous Mozilla milestones, particularly with regard to the Win32 version.”