Rami Kassab writes “Designtechnica.com has just reviewed the Innogear MiniJam. A clip from the review: “The Innogear MiniJam MP3 player is a Springboard Module designed for use as an add-on for Handspring Visors. All in all, I was satisfied with the Innogear MiniJams overall performance. Its pros definitely outweighed its cons. It is very expandable and user friendly but its control buttons are a bit on the cheap side. The module itself is a little large but includes a lot of quick access buttons.”

Read the full review at:
http://www.designtechnica.com/reviews.php?op=showc ontent&id=10”

Business Week asks if Mac OS X is worth its $130 price tag, and discusses why it just might be to some people.

The Globe and Mail reports that the .biz domain has gone live and that Canadian registrar Internic.ca is being flooded with requests for the new domains.

The Register discusses the potential side-effects of Alan Cox’s decision not to publish security fixes in the kernel changelog, for fear of prosecution under the DMCA.

From ZDNet: “Researchers from Griffith University in Queensland, Autralia, have developed a smart image sensor that may provide the base technology for the development of artificial eyes.”

Martin (Mayhem) writes. You can now download 2.4.15-pre1 from here (at kernel.org), changelog follows:

pre1:
– me: fix page flags race condition Andrea found
– David Miller: sparc and network updates
– various: fix loop driver that thought it was part of the VM system
– me: teach DRM about VM_RESERVED
– Alan Cox: more merging

Reuters (via CNET): “Brazil plans to set up 4,000 Internet kiosks in the country’s post offices next year that will offer 10 minutes of free Web access to Brazilians looking to check their taxes or e-mail their congressman. The stalls will be set up in cities of more than 10,000 residents in Brazil, Latin America’s largest Internet market, with about 10 million of its 170 million people regularly surfing the Net.”

From SecurityFocus (via The Register): “Many in the community complain that Cox is just trying to make a point about the DMCA, and is hurting U.S.-based Linux developers in the process. But the Felten and Sklyarov cases demonstrate that developers are in genuine legal peril. Is it likely that Cox or Linux kernel overlord Torvalds would be prosecuted for posting an accurate changelog? Absolutely not. Is it certain that they would not be prosecuted? No.”

– by Tina Gasperson –
InterSect Alliance says it has developed the first C2-style auditing and event logging subsystem for Linux, called System iNtrusion Analysis and Reporting Environment or SNARE. The source code and binaries for SNARE are freely available at the Intersect Alliance Web site.

According to the U.S. National Security Agency, even that government agency’s ultra secure Linux distribution, SELinux “doesn’t address important … features such as security auditing,” which is the basic function of SNARE. NSA says it hopes to leverage the work of others when it comes to adding an auditing module to SELinux in the future.

InterSect Alliance director Leigh Purdie and his partner George Cora queried the NSA early on in the development of SNARE, says Purdie. “At that stage they were concentrating on the core SELinux features. We’ll probably be contacting them on the mailing list and suggesting some form of integration.”

But Purdie has his sights set on bigger things for SNARE. “Although it’s not something that every Linux user will take advantage of, auditing is used pretty widely on servers,” he says, and that means SNARE could end up included in some major distributions like Red Hat, SuSE, and Mandrake.

And SNARE will not add to kernel bloat because it is dynamically loadable in a module format. “It doesn’t have to be built into the kernel, for those users who aren’t interested in auditing,” says Purdie.

One of the key selling points for SNARE’s adoption is the belief that lack of auditing and event logging has kept many businesses from adopting the Linux OS until now. “The lack of such security functionality, and the fact that it exists in commercial operating system rivals such as Windows NT and Solaris, has been reported as a significant reason why organisations and government departments have been reticent in taking up Linux, despite the significant cost savings that would otherwise have resulted,” according to a press release announcing SNARE’s availability.

Purdie feels confident that many companies and even the U.S. government will regard this as the final hurdle to moving away from IIS and towards Linux adoption. “We’ve … performed a bit of research within our core consultancy customers, and several of them have identified auditing as a critical changeover factor,” he says.

How does SNARE work?

SNARE is different from network-based signature analysis tools that run tabs on port scanners. Because it is host-based, it keeps an eye on internal processes to ensure a secure environment. Purdie shared this illustrative analogy:

“Network ‘signature-based’ intrusion detection is a little like posting a
guard outside the bank, and giving them pictures of all the known crooks
in the world. He scans the faces of the people walking past, and if he
sees a known crook, he signals an alarm.

“Host-based intrusion detection is like someone watching the gold bars in
the vault to make sure they’re still there.”

Purdie says that an auditing subsystem will tell the sysadmin when someone attempts to read the authentication database, or when someone successfully SU’s to root, and will sound a critical alert if anyone deletes anything in /etc.

“George and I have a tradition of playing tricks on each others’ computer systems — just to keep ourselves sharp,” says Purdie, “and I can tell you, having SNARE installed on our systems has made it a bit more difficult to get away with things.”

From IDG (via CNN), Sun COO on Microsoft Passport vs. Liberty Alliance: “If they win fair and square, that’s fine. But history tells us that Microsoft hasn’t built anything in 20 years that has been innovative or [demonstrated] leadership. I mean, Mac OS is still a better operating system than Windows, and I can go down the path on any piece of technology and show you better implementations that haven’t made it because of the [Microsoft] lock-in. So that’s it. That’s the pitch.”