Moshe Bar writes: “In my latest article at Moelabs.com, I speak out my opinion on why these are probably the most trying times for the Linux kernel community in the 10 year history of its development. I also touch on the pros and cons of – what I call – boutique kernels (personal kernel trees, such as the mc, aa, ac trees.)”

Bill Kendrick writes “Results are in for the SDL Game Contest which was held by No Starch Press, Loki Games and Linux Journal. The results are in. Check Linux Game Tome and the libSDL website to find links to the submitted, and winning, games.”

Linux PR has a press release from Royal Consumer Information Products announcing the release of a Linux-powered PDA called the “Royal Lin@x”.

– By Jack Bryar –
I’ve been reading with amusement a series of pronouncements by Microsoft
executives about how they have targeted Linux for extinction. The sales and
marketing machine at Microsoft is going to go into high gear, we are told, to
kill off Linux the way the company extinguished Netscape, Novell and a host of
other competitors. The only problem with Microsoft strategy is that the
competition is coming from a lot of sources, some of it is really, really
good, and, most importantly, another set of Microsoft policies is stimulating Linux sales across the globe.

According to documents leaking out all over the place from Redmond, beating
Linux is to become the number one focus of competitive efforts over the next
year. According to Paula Rooney of the Computer
Reseller’s News, sales people encountering Linux-based competition will
have access to an escalation team headed by Brian Valentine. Valentine’s name
is significant, because he heads the enterprise and parent group, the
branch of Microsoft that deals most closely with VARs and system
integrators.

The reason that beating Linux is the highest priority at Redmond is that unlike,
Novell, Netscape, Corel, Lotus or any of Microsoft’s previous targets, there
has been no obvious company to blow away, no means to starve the competition
into submission. And, unlike these other targets, Microsoft is not winning. Linux has grown in influence, and things look to get worse, not better, for Microsoft in the short term.

Corporate sponsorship of Linux from firms such as IBM is one factor. So is the emergence of entire families of superior, Linux based tools. One good example is
the network optimization package recently announced by IP Metrix Software. Another is a
credible, arguably superior desktop environment from OEone recently
reviewed by our own Robin Miller.

But by far the biggest reason Redmond is being threatened by Linux has to do
with another priority of the company — eliminating bootleg software code.

Over the last 18 months, Redmond has accelerated its efforts to combat
piracy of Microsoft products. Microsoft has beefed up funding for its
anti-piracy PR efforts and has made every effort to generate U.S. political support
for its campaign. Earlier this winter, Microsoft went so far as to claim that
piracy of Microsoft products was impeding
the U.S. economic recovery. The Office of the U.S. Trade Representative has been continuously engaged in a series of hard bargaining
sessions with governments it accused of turning a blind eye to a thriving
bootleg industry.

Over the years, many of these governments, particularly China and Korea, have
been accused of being among the biggest consumers of illegal software in
their countries.

This is a hard issue for a lot of less developed countries. In some of the
world’s poorest states, where government agencies have been dependent on
donated equipment, officials have an understandable lack of curiosity about
whether they had, strictly speaking, a legal right to the software that may
have come with the machine. In other countries, particularly those awash in high-quality bootleg software disks, it takes a particularly conscientious purchasing manager to spend the equivalent of a week’s salary on registered code when the same thing is available on the street for anywhere between $3 and $15. As a result, surprisingly few machines in China, Nigeria, Korea, Malaysia or India are running legal copies of Microsoft code. In China, for example, less than 30% of new desktops feature legal copies, according to some estimates.

While government agencies in those countries may have difficulty policing
what private firms are buying, they have a far harder time explaining away
bootleg code on government machines. Government-to-government negotiations
have resulted in government after government taking an anti-piracy pledge.

These campaigns have had an effect, but it may not have been the one people
like Microsoft’s anti-piracy chief, Richard LaMagna, had in mind. A recent
decision by the Korean government to migrate a large chunk of its workforce to
Hancom Linux is only one of a number of similar decisions being contemplated
by government offices around the world trying to eliminate bootleg Microsoft products from their offices. These governments are facing enormous, “quit or buy” decisions. Many of them are poised to make the same decision as Korea.

In India, the state of Goa has finally addressed the issue of illegal code on classroom computers by distributing Linux. Linux enthusiasts from local colleges have pledged to help the government conduct a mass migration of PCs to a localized version of Linux based on the Red Hat distribution.

In China, because of government sensitivity to criticism from the United States about bootleg code on government machines, and eagerness to show compliance with WTO
regulations, Chinese regulators are on a campaign to eliminate bootleg code from
government offices. Unlike previous efforts, the campaign is getting results. The Beijing municipal government, along with similar government organs in Shanghai and Guangdong province, recently pledged to eliminate illegal software, according to the China Daily. However, these
agencies have opted to use home grown or Open Source products instead. Politically connected Red Flag Linux has won the bulk of those deals.

Not all these efforts are likely to succeed. A widely publicized effort by the
Mexican government to substitute Linux for Windows on classroom machines came
to nothing. The widely publicized flirtation by the Malaysian government with Open Source came to a similar dead-end about 18 months ago.

However, the problems faced by these governments are very real, and the lack of an intelligent market response by Redmond is a puzzle. As long as Microsoft insists on a forcing an artificially high price point on these government agencies, and as long as the company fails to develop a intelligent marketing response to address their legitimate price concerns, Microsoft is likely to force many other governments around the world to choose Linux, breathing new life into the platform it is trying to kill off.

CNet reports that the “faster version 2.0 of the Universal Serial Bus connection technology, the center of some controversy with Windows, has been incorporated into the latest test version of Linux.”

From ZDNet: “In the latest twist in Microsoft’s trademark lawsuit against Lindows, the Linux start-up has been compelled to hand over all of the personal information it has collected on users of its Web site, according to Lindows.”

NewsFactor Network writes “Despite its reliance primarily on the honor system to stay afloat, the plethora of programs for PCs and Macs known as shareware — software that is free for download but requires users to pay a registration fee if they decide to keep it — continues to grow. Users can visit file transfer protocol (FTP) and other file-sharing sites to download the software from small and independent developers — but does anyone actually pay for the programs they keep and use?”

From Advogato: “We are now seeking paper proposals for [Ottawa Linux Symposium] 2002. The submission process has changed. You may submit your proposal online by registering at https://secure.linuxsymposium.org/ as a speaker. Deadline for proposals is March 1st, 2002.”

“[T]his release does fix the majority of problems in the sudo bugs database and adds features a number of people have asked for. I hope to make more frequent releases in the near future (it has been quite a while since 1.6.3 was originally released).”

 Date: Mon, 14 Jan 2002 07:44:02 -0700
 From: Todd C. Miller 
 To: sudo-announce@courtesan.com
 Subject: Sudo version 1.6.4 now available
 
 Sudo version 1.6.4 is now available (ftp sites listed at the end).
 
 There are some thing I had promised for the next release that are
 not in 1.6.4 due to the large changes in the parser that these
 changes require to work properly.  Nonetheless this release does
 fix the majority of problems in the sudo bugs database and adds
 features a number of people have asked for.  I hope to make more
 frequent releases in the near future (it has been quite a while
 since 1.6.3 was originally released).
 
  - todd
 
 Major changes since 1.6.3p7:
 
  o Visudo now checks for the existence of an editor and gives a sensible
    error if it does not exist.
 
  o The path to the editor for visudo is now a colon-separated list of
    allowable editors.  If the user has $EDITOR set and it matches
    one of the allowed editors that editor will be used.  If not,
    the first editor that actually exists is used.
 
  o Allow special characters (including '#') to be embedded in pathnames
    if quoted by a '\'.  The quoted chars will be dealt with by fnmatch().
    Unfortunately, 'sudo -l' still prints the '\'.
 
  o Added the always_set_home option.
 
  o Strip NLSPATH and PATH_LOCALE out from the environment to prevent
    reading of protected files by a less privileged user.
 
  o Added support for BSD authentication and associated -a flag.
 
  o Added stay_setuid option for systems that have libraries that perform
    extra paranoia checks in system libraries for setuid programs.
 
  o Environment munging is now done by hand.  The environment is zeroed
    upon sudo startup and a new environment is built before the command
    is executed.  This means we don't rely on getenv(3), putenv(3),
    or setenv(3).
 
  o Added a class of environment variables that are only cleared if they
    contain '/' or '%' characters.
 
  o Use stashed user_gid when checking against exempt gid since sudo
    sets its gid to SUDOERS_GID, making getgid() return that, not the
    real gid.  Fixes problem with setting exempt group == SUDOERS_GID.
 
  o Regenerated configure script with autoconf-2.52 (required some
    tweaking of configure.in and friends).
 
  o Added mail_badpass option to send mail when the user does not
    authenticate successfully.
 
  o Added env_reset Defaults option to reset the environment to
    a clean slate.  Also implemented env_keep Defaults option
    to specify variables to be preserved when resetting the
    environment.
 
  o Added env_check and env_delete Defaults options to allow the admin
    to modify the builtin list of environment variables to remove.
 
  o If timestamp_timeout  (Los Angeles, California, USA)
     http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
     http://www.c0r3dump.com/sudo/ (Edmonton, Canada)
     http://sudo.cdu.elektra.ru/ (Russia)
 
 Master FTP sites:
     ftp.sudo.ws:/pub/sudo/
     ftp.cs.colorado.edu:/pub/sudo/
 
 FTP Mirrors:
     ftp.cs.colorado.edu:/pub/sudo/ (Boulder, Colorado, USA)
     ftp.stikman.com:/pub/sudo/ (Los Angeles, California, USA)
     ftp.uu.net:/pub/security/sudo/ (Falls Church, Virginia, USA)
     ftp.tux.org:/pub/security/sudo/ (Beltsville, Maryland, USA)
     coast.cs.purdue.edu:/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
     ftp.uwsg.indiana.edu:/pub/sudo/ (Bloomington, Indiana, USA)
     sudobash.com:/pub/sudo/ (Ypsilanti, Michigan, USA)
     ftp.tamu.edu:/pub/mirrors/ftp.courtesan.com/ (College Station, Texas, USA)
     ftp.rge.com:/pub/admin/sudo/ (Rochester, New York, USA)
     mirage.informationwave.net:/sudo/ (Fanwood, New Jersey, USA)
     ftp.wiretapped.net:/pub/security/host-security/sudo/ (Australia)
     ftp.tuwien.ac.at:/utils/admin-tools/sudo/ (Austria)
     sunsite.ualberta.ca:/pub/Mirror/sudo/ (Alberta, Canada)
     ftp.csc.cuhk.edu.hk:/pub/packages/unix-tools/sudo/ (Hong Kong, China)
     ftp.eunet.cz:/pub/security/sudo/ (Czechoslovakia)
     ftp.umds.ac.uk:/pub/sudo/ (Great Britain)
     ftp.tvi.tut.fi:/pub/security/unix/sudo/ (Finland)
     ftp.lps.ens.fr:/pub/software/sudo/ (France)
     ftp.crihan.fr:/pub/security/sudo/ (France)
     ftp.rz.uni-osnabrueck.de:/pub/unix/security/sudo/ (Germany)
     ftp.win.ne.jp:/pub/misc/sudo/ (Japan)
     ftp.st.ryukoku.ac.jp:/pub/security/tool/sudo/ (Japan)
     ftp.eos.hokudai.ac.jp:/pub/misc/sudo/ (Japan)
     ftp.tokyonet.ad.jp:/pub/security/sudo/ (Japan)
     ftp.kobe-u.ac.jp:/pub/util/security/tool/sudo/ (Japan)
     ftp.cin.nihon-u.ac.jp:/pub/util/sudo/ (Japan)
     ftp.fujitsu.co.jp:/pub/misc/sudo/ (Japan)
     core.ring.gr.jp:/pub/misc/sudo/ (Japan)
     ftp.ring.gr.jp:/pub/misc/sudo/ (Japan)
     ftp.ayamura.org:/pub/sudo/ (Japan)
     ftp.iphil.net:/pub/sudo/ (Makati City, Philippines)
     ftp.icm.edu.pl:/vol/wojsyl5/sudo/ (Poland)
     ftp.assist.ro:/pub/mirrors/ftp.courtesan.com/pub/sudo/ (Romania)
     ftp.sai.msu.su:/pub/unix/security/ (Russia)
     ftp.cdu.elektra.ru:/pub/unix/security/sudo/ (Russia)
     ftp.mc.hik.se:/pub/unix/security/sudo/ (Sweden)
     ftp.sekure.net:/pub/sudo/ (Sweden)
     ftp.edu.tw:/UNIX/sudo/ (Taiwan)
     ftp.comu.edu.tr:/pub/linux/prog/sudo/ (Turkey)
 ____________________________________________________________
 sudo-announce mailing list 
For list information, options, or to unsubscribe, visit:
 http://www.sudo.ws/mailman/listinfo/sudo-announce
 

Help Net Security: Pi3Web Webserver v2.0 has a buffer overflow vulnerability. The server crashes after sending very long cgi parameter a few times. Read more here.