More Open Source at Microsoft: Earlier this week, it was revealed that stats.zone.com is running Linux and Apache. An anonymous reader dropped wrote in to let us know that ListBot, the Microsoft-owned mailing list service, is running Apache via Solaris. Oh, and Microsoft’s ad banner exchange service LinkExchange seems to prefer Apache and FreeBSD.

LynuxWorks, who sells LynxOS and BlueCat Linux, has withdrawn its IPO filing, citing general market conditions. Check out the FreeEDGAR listing.

Network World Fusion: “Attorneys generals from Iowa and Connecticut
Wednesday evening issued a short, sharp
statement denying they were actively
considering a second antitrust suit against
Microsoft over the Windows XP operating
system.

“We have no current plans for a second lawsuit.
We are entirely focused on the present case,”
read the statement from Iowa Attorney General
Tom Miller and Connecticut Attorney General
Richard Blumenthal.”

In comments made during a London visit on Wednesday, Intel CEO Craig Barrett said “The role of Linux is not so much in the
desktop but in the server or back office,” he said. “It is not made for
the general purpose PC.” ZDNet reports.

ZDNet UK: “Researchers have discovered a bug that could give hackers unlimited access to any machine
running Sun’s Unix operating system, Solaris.

The bug, discovered by security consultancy ISS X-Force, affects a utility designed to give remote
users access to a local printer. The line printer daemon (in.lpd), as it is called, contains a flaw in the
“transfer job” routine that could allow hackers to overflow an unchecked buffer, a common means of
gaining unauthorised access to a computer.”

Salon: “The CIA cannot predict computer attacks on U.S. systems before they happen, as
the agency is expected to do with political and military events, a top CIA official
told Congress on Thursday.

Despite a major increase in intelligence efforts dedicated to computer security,
attackers still develop new tools and techniques faster than the CIA can keep up,
Lawrence K. Gershwin said.”

LinuxSecurity.com: “Recently, Caldera found that when webmin starts a system daemon from
the web frontend it does not clear its environment variables. Since
these variables contain the authorization of the administrator, any
daemon would also get these variables.”

uLinuxSecurity.com: “w3m, a text file/Web browser which is similar to lynx, has
a buffer overflow vulnerability in a routine to parse MIME header.
If a user retrieves/downloads a malformed Web page with w3m,
a malicious Web server administrator may gain an escalated
privilege from the w3m user, which is run by w3m remotely.”

Linux Journal: “This article is an introduction to making your own Debian packages, both fake and real ones. For complete documentation, look at the Resources
section. The next (and last) article in this series will examine building a more complex Debian archive with debconf and debhelper.”

Linux Journal’s Phil Hughes reviews Fredick Lundh’s Python Standard Library: “Rather than the dry manual I expected, this book is filled with useful examples. It is comprehensive, with the exception of not covering Tkinter. This seems like a
reasonable decision considering that the majority of Python users will not use Tkinter, and it would take a lot of space to document. In fact, Fredrik is working on
a separate book on Tkinter.”