From LinuxSecurity.com: “This week, advisories were released for secureweb, OpenSSH, passwd, sasl, libgtop server,
thhttpd, mailman, and postfix. The vendors include Caldera, Conectiva, Debian, FreeBSD,
Mandrake, and Red Hat.”

Anonymous Reader tells us of this copy of Matthew Szulik’s comments at Redhat.com: “I am here to affirm that, in the computer software marketplace,
competition, free from monopolistic practices, will deliver customer choice and access to affordable
alternatives. Members of the committee, through your actions, you can affect a remedy that many
members of the growing, global technical community hope will restore balance and inspire
competitiveness in a networked society free of monopolistic practices.”

– by Tina Gasperson –
There’s nothing fancy about YoLinux Information Portal, unless you count the Fonzarelli-lookalike Tux on the front page. I don’t usually like Tux incarnations, but this one is artsy, watercolor and charcoal rendered. Kind of unexpected considering the subject matter, but hey, we take our artistic pleasure where we can get it.But I digress.

The real reason YoLinux is worth checking out is the tutorials section. I counted about 70 tutorials, and some of these are huge lists, like the list of distributions with links to every site.

There’s a nice tutorial on creating MP3 files in Linux, with instructions for the command line and also using a GUI program called Grip. There’s also another artsy Tux on the page, this time a Beethoven playing the piano.

How about “HTML in two minutes?” or “audio streaming server set up,” “office suites for Linux,” with screenshots and detailed information on each one. You can also learn how to use DOS floppies in Linux, or how to update your kernel RPMs (if you really want to do that – most experts recommend that you compile your kernel from sources if you’re going to upgrade at all–and YoLinux has a tutorial on how to do that.) Or how about “using IRC chat to get Linux help and information.”

The tutorials alone would make a complete Web site. But there is much more, mostly in the form of links to outside sites. There’s “documentation and security,” “applications,” “links for the base install,” “peripherals, motherboards, etc.” and others, way too much to list here. Plus, there are links to the latest security information, over on the other side of Fonz.

Creative use of the medium: YoLinux has a list of search boxes for different Linux-related Web sites. You can search the Linux Documentation Project, Fatbrain, SourceForge, RPMFind, Red Hat, and others. There are also links to Linux newsgroups, commercial support, publications, and general search sites.

You have to see YoLinux to believe it. It’s like ESR, Linus, roblimo, and maddog tossed all their bookmark files together on one page, and regurgitated all their Linux knowledge on another.

PCWorld: “An attacker could trick a user of Microsoft Internet Explorer Web browser into downloading and running a malicious program by
disguising it as an innocent file, a Finnish security company has warned.

The file name as it appears in the IE file download dialog box can be faked by using certain URLs and HTTP headers on a Web
page, making the user think he is opening a media file when in fact he is installing a “back door” on his PC, according to Oy Online
Solutions. A back door is a program that can be used by hackers to enter a user’s PC.”

LinuxSecurity: “This week, advisories were released for secureweb, OpenSSH, passwd, sasl, libgtop server, thhttpd, mailman, and postfix. The
vendors include Caldera, Conectiva, Debian, FreeBSD, Mandrake, and Red Hat.”

NewsFactor Network writes: “Back when Microsoft purchased the free e-mail company Hotmail Corp. in 1998, not only did it get the wildly popular company’s huge base of users, it also got access to the mail technologies that allowed the service to continue running smoothly. Unfortunately for Microsoft, Hotmail relied heavily on the Free BSD open-source operating system — making the software giant something of a hypocrite. A spokesperson for Microsoft recently said that Hotmail still runs BSD Unix despite the company saying that it had long since removed it in the past..”

OnLamp: “FreeBSD is a powerful web server, but it has a few problems as a web client. The issue that annoys me most is
plug-ins. Plug-ins are not available for most Unix platforms. While most of the truly important content on the Web (such
as, www.sluggy.com) is still in basic HTML or standard graphics format, I keep stumbling across sites that present
information in some other manner.”

NetSecurity: “On default installation WebSphere installs itself to run with root-identity, and stores
root password as a clear text to a file $WASROOT/properties/sas.server.props. The file
has permissions 600, and therefore other users on system cannot access it.”

Puget Sound Technology, a provider of open source
and Unix training and administration services, recently announced its
Daily Maintenance Service, an outsourced management solution for
open source Unix servers. This continuous maintenance service allows
customers to focus on their strengths without worrying about keeping
their servers up-to-date.

“This past month, we’ve seen several exploits — most could have
been stopped if the systems were properly updated,” said Heather
Reed, Puget Sound Technology’s Director of Services Marketing.
“Usually, the servers were not maintained, due to a lack of time
or knowledge.”

The Daily Maintenance Service provides remote monitoring, security
audits, logfile analysis, software updates and other important
administration tasks. In addition, if the software vendor delays
important security fixes, Puget Sound Technology may provide their
own interim patches.

Puget Sound Technology recommends these maintenance and security tips:

• Use the latest stable release for your operating system and software.
• Uninstall or disable software and services that you do not use.
• Follow the security announcements and security discussion forums for
  your operating system and software.

• Continuously update your software for important fixes or other
  critical problems.

• Use periodic tools to detect security weaknesses, check file
  integrity, and to do ongoing system maintenance.

• Monitor and analyze your logs and traffic for preventive maintenance.
• Backup all important data for rebuilding the system from scratch —
  and test.

Pricing and Availability

The Daily Maintenance Service is available for systems running
a recent stable release of an open source GNU/Linux or BSD operating
system, such as Debian Linux 2.2 or NetBSD 1.5.2. The pricing starts at
$265 (U.S.) per month. For more information about the Daily Maintenance
Service, go to
www.pugetsoundtechnology.com/services/maintenance/ .

About Puget Sound Technology

Puget Sound Technology is an IT technical support, consulting,
training, and outsourcing company that specializes in BSD, Linux,
free software and open source solutions. Located in the north
Seattle, Wash. area, Puget Sound Technology provides professional
planning and designing, implementation, operations, training, and
maintenance services for computer systems and networks. For more
information, please visit
www.pugetsoundtechnology.com.

CNET: “Odell Guyton, 46, a former federal prosecutor, will become Microsoft’s director of compliance,
overseeing the company’s compliance assurance program, as required under the proposed
consent decree.

Guyton most recently served as a compliance officer at University
of Pennsylvania. He was a prosecutor for 12 years, five of them as
an assistant U.S. attorney with the Justice Department.

David Dadoun, 37, a former
Federal Trade Commission antitrust
enforcement lawyer, will serve as
internal antitrust compliance officer
to administer the company’s antitrust
compliance program.”