NetFlood: “Session hijacking. What a powerful name. For me personally, the name conjures up mental pictures of airplanes with masked gunmen and bomb-laden buses. In actuality, session
hijacking is far less physically dangerous and way more financially rewarding. The risk of a SWAT team shooting you while you are hijacking a session is also extremely low as
opposed to hijacking airplanes. When people complain about the problems with the TCP/IP protocol suite, this attack method is one of the reasons. This attack is also one of the
reasons client/server (host-to-host) communication encryption schemes should be used even in internal network communications. Session Hijacking is nothing new. In fact, the
attack itself was first conceived and discussed in 1989 but unfortunately it is an attack that is just as dangerous now as it was back then. Without further ado (or sensationalism); here’s the story.”

DallasNews: “Acknowledging that it must change its business practices, Microsoft Corp. announced Wednesday that it would give personal computer makers more freedom to choose what software and services they offer on the machines they sell.”

AntiOffline.com: “Halting denial of service attacks: a quick and dirty primer on settings and commands
to stop or slow down most Denial of Service attacks when you’re under the gun. Some of
the commands were gathered around the net, others I have implemented and tested along
the way in the midst of attacks as well as in labs. This is not a document that will
describe attacks, what they do, nor how they work. Its merely a doc for the sysadmin
or security admin to implement along their networks for better protection.”

PostNuke: “You may be wondering why on Earth do we need a fork from PHP-Nuke? There are
several reasons behind our insanity. The time is right for a developers version of
PHP-Nuke. It wasn’t a simple decision, but so far it has been very rewarding.

There were many factors in our decision for forking off. Below are some of the more
rational reason, and some of the more irrational ones as well.”

LinuxSecurity: “The gnupg port, versions prior to gnupg-1.0.6, contains a format
string vulnerability. If gnupg attempts to decrypt a file whose
filename does not end in ‘.gpg’, the filename is copied to the
prompt string, allowing a user-supplied format string. This may allow
a malicious user to cause arbitrary code to be executed as the user
running gnupg.”

LWN: The newest issue of Linux Weekly News is now online for your reading enjoyment.

PCWorld has a cheerleader type story about the upcoming XP: “Windows XP, Microsoft’s next operating system, is shaping up as one of the
most exciting–and controversial–products ever put out by the Redmond,
Washington, technology behemoth.

The controversy over the OS formerly code-named Whistler, and now in Beta
version 2, stems from Windows Product Activation, a new and stringent copy
protection scheme that requires upgrade customers to contact Microsoft for an
ID number (a procedure separate from the usual registration process). This
feature, which could hinder some installations, isn’t the only potential upgrade hurdle. Microsoft already
anticipates that XP may conflict with some system BIOSs, hardware, and applications. As a result,
installing the new OS could be a real hassle for people who don’t have state-of-the-art PCs. You’ll also
need a gigabyte of free disk space.”

Kelly McNeill of OSOpinion writes: “Apple Computer’s 1984 Super Bowl advertisement has been routinely hailed as the greatest television commercial of all time. It was successful primarily because it dramatically portrayed how the Macintosh broke away from conformity and liberated users from the stifling environment imposed by “Big Brother” IBM. Ever since Apple’s sledgehammer plowed into that big blue telescreen, Mac users have identified themselves as nonconformists who insist on doing things their own way.”

Kelly McNeill writes “There is a war going on, whether we in the open-source community want to admit it or not. In the last couple weeks, Microsoft has fired several warning shots across the bow of the free software and open-source communities. First, it has modified the license for a software toolkit, which disallows all use of open-source software (with the exception of software under a BSD license). Second, Microsoft has chosen FreeBSD, for migrating and developing Windows software (specifically .NET issues) because of its more lenient open-source license. And, lastly, the slanderous claims about open source, Linux and the GPL (General Public License) from Microsoft executives make it clear that the company has declared war upon the open-source community.”

– By Jeff Field –

When I reviewed the Mambo-X MP3 player, I wasn’t
very impressed. It did the job, but it was lacking a lot of features I thought were pretty obvious. It’s been a few
months since that review, and newer players are out, with better features. The Rio line of MP3 players has been around since the beginning, and it
is no surprise that Rio parent company Sonicblue has a CD-MP3 player. So, how does it stack up?
The unit
The first thing I noticed out of the box was how sleek the Rio Volt unit was. The Mambo-X looked like my clunky old Discman, while
the Rio looks very compact and modern; in fact, it even fit in my pocket rather well. On the face of the unit are the controls for play,
stop, skip/search, program, mode, equalizer, volume, navigate and +10 (which skips along 10 tracks). To be
fair to the Mambo-X, there has been a new model since my review, but the difference in design between the Mambo-X and the Rio is amazing. On the Rio, there is a hold switch on the side of the unit and on the underside is a switch you use to set the length of shock protection on CDs. Regardless of this setting, MP3s always have 120 seconds of shock protection. I was unable to get the unit to skip under MP3 or AudioCD use when shock protection is set to 40 seconds.

Battery life on the unit is advertised as up to 15 hours on two AA batteries. In my experience,the actual battery life is 13 or 14 hours, but it is still plenty of juice for two AA batteries. One feature I find interesting about this unit is that while playing songs, it will spin the CD down and play from the buffer, meaning it will not skip and it does not have to use power for the motor. This greatly helped Sonicblue increase battery life on the unit, and I would suspect other players will copy this feature soon.

The remote
The remote on the unit, while not an Ir remote like on the Mambo-X, is quite good. It attaches as a pass-through between the player and the headphones. The remote has play, stop, search and skip functions, as well as its own hold and equalizer buttons. This is nice when used with the included carrying case, which has a hole in it for the remote and headphones to fit through, letting you use the remote (which is clip-on) while you jog or do anything else where you can’t access the player directly. What is missing from this remote is the skip 10 button (which would be so much more useful than an equalizer) or direct-digit access to tracks. The remote is useable, but not as convenient as it could be.

Included accessories
Included in the box were an AC adapter, the getting started guide, earbud headphones (not very good earphones, but they are earphones nonetheless), Windows and Mac “audio management software,” two AA batteries, the remote, the carrying case, and the unit itself. The carrying case can slide onto your belt and is made of a flimsy material. If you want actual protection for the unit, rather than just something to hold it, you will need to look elsewhere, but for someone who is just going to jog, bike or walk with the unit, the carrying case is adequate.

Limitations
The limitations on the Rio Volt are significantly less than those on the Mambo-X I reviewed. The Rio Volt can read multisession CDs and can handle bit rates up to 320Kbps, two functions the Mambo-X could not do. The Rio Volt supports several audio formats, including MP3, WMA (Windows Media, not something relevant to Linux users), and AudioCD, with the ability for more formats in the future with upgrades.

Upgrades
This is another feature on the Rio not found in the Mambo-X — with the Rio, you can download Firmware updates. The unit I got had Firmware version 1.08f, and I went to see if there were updates. As it turns out, the latest update is 2.00, which adds new features and fixes issues with the player.

I downloaded the Firmware update, but the problem is the Firmware update is a self extracting Windows EXE, so you either need to run it through WINE, or find a Windows machine. Once you do get to the file needed (IMP-100.HEX), you burn it to a CD-RW (burning it to a CD-R would be wasteful because you need only use it once), put the CD in the unit, and hit play. The unit will start upgrading the Firmware, and then shut off. Remove the CD (and erase it so it doesn’t try to upgrade every time you insert that CD) and play as normal. The only thing to be careful of is power interruptions. I recommend you use the AC adapter because if the batteries die while upgrading, you can render the player inoperable.

Sound quality
Using my own headphones, rather than the ones included with the player, I got good sound quality playing back 128Kbps and 192 Kbps MP3s. I could not notice the difference between the same track on a CD and the MP3 file. I was quite impressed by this — I fit 150 songs in place of the usual 10 to 15 on a CD, and I did it with no noticeable reduction in quality, at least to my ears.

Conclusion
While I was hesitant to recommend the Mambo-X to people, I feel no such reservation with the Rio Volt. I am purchasing one, and I feel justified recommending it to others. With excellent features and a good design, it is a player you should consider buying. It is a little more expensive than some other players, such as those that use flash memory to store data, but in the end I think it is a better deal, especially when compared to flash storage devices, which do not hold nearly as many songs. The RioVolt can be found for around $150 on Pricewatch.