From LWN.net: A security hole has been discovered in the package vixie-cron. Please
update the packages in your installation as soon as possible. When a parsing error occurs after a modification operation, crontab will fail to drop
privileges correctly for subsequent modification operations.

KDE Dot News has an item about a gesture recognition project for KDE. “KGesture works as advertised, and is almost as fun as the now discontinued
KVoiceControl, but it does need a little more fuzzy logic before it becomes practical
enough. I did manage to get it to work for simpler gestures — I can draw an
L-shape on my desktop and a dot.kde.org window will pop up.”

David Sweet writes, Andamooka, the online open content library, is proud to make the
following books available for reading, annotation, and
discussion:

• Securing and Optimizing Linux – RedHat Edition (OpenDocs), the
  popular Linux Documentation Project guide by
  Gerhard Mourani.

• The Open Source PKI Book (Coriolis) by Symeon Xenitellis,
  featuring discussion of public key cryptographic algorithms and
  the architecture for distributing the keys.

• Debian
  GNU/Linux: Guide to Installation and Usage (New Riders) by John
  Goerzen and Ossama Othman. This is a great one for first-time Debian
  users and for Linux/Free Software newbies

• Starstrikers, Kenneth McConnell’s sci-fi novel — nay,
  “Space Opera” — set in the middle of a thousand-year galactic war.

About Andamooka

Andamooka is a collection of
support communities for open content books.

Andamooka’s public forum helps bring together people with common
interests — after all, they’re all reading the same book! — to
assist each other in studying, analyzing, or putting into practice the
content of the book.

The Open Content License, GNU Free Documentation License, and
similar licenses have the potential to dramatically change the way a
book is developed and is received by its readers, and Andamooka is
continually being improving to further explore and utilize the
freedoms granted by these licenses.

At Andamooka we want to get active readers together to discuss and
modify the work openly — in a public forum — so that issues of fact,
clarity, and content can be addressed and correct, useful additions
can be made to the main work. Because the licenses are relatively
unrestrictive, the modified work can then be redistributed so that
each reader can benefit from the work of the entire commmunity. In
this model, “open” books become dynamic and can be constantly current.”

It’s at ftp://ftp.kernel.org/pub/linux/kernel/people/alan/2.4/. Intermediate diffs are available from http://www.bzimage.org.

Cox writes, “This merges some of the pending changes. In terms of going through the
code audit almost all the sound drivers still need fixing to lock against
format changes during a read/write. Poll creating and starting a buffer
as write does and also mmap during write, write during an mmap.”

2.4.4-ac16
o Fix FAT crashes with 2K media (OGAWA Hirofumi)
o Fix scsi trace messages (Khalid Aziz)
o Fix hga module laod problem (Juan Quintela)
o Fix leak in wanproc (Akash Jain)
o ESS solo clean ups (Marcus Meissner)
o Update address for Jonathan Woithe (Jonathan Woithe)
o Fix the mess I made of the stradis driver (Francois Romieu)
o Port maestro to 2.4 PCI API (Marcus Meissner)
o Report shmem pages in /proc (Christoph Rohland)
| Im not sure this is the right approach – opinions ?
o Port toshoboe driver to 2.4 PCI api (Marcus Meissner)
o Update 3ware ide raid driver (Adam Radford)
o Update ncr/symbios drivers (Gerhard Roudier)
o Fix fealnx build on some non x86 platforms (Jeff Garzik)

2.4.4-ac15
o Merge Linus 2.4.5pre5
| Also fixes a dumb bug in my mmx fixups I
| managed to forget to test and spot
o Dump the ACPI changes – new ones are pending
and the old ones are better than this lot (me)
o Revert serial incompatibility pending nice fix (me)
o Move a few other oddments to match Linus
o Rip format conversion out of the pwc driver (me)
| It belongs in user space.

CNet reports that TiVo, whose devices allow consumers to digitally record television shows onto a
hard drive, has announced that it has won several patents for its technology. The patents could put a big dent in Microsoft’s competing UltimateTV.

From the BBC: “The net’s warning centre that alerts people to the activities of
malicious hackers has itself been attacked.

Since Tuesday, the Computer Emergency Response Team (Cert) has
been battling to keep its website alive in the face of a flood of bogus
data requests.” More from The Register.

A column at osOpinion suggests Linux needs to be a different experience than Windows, not a familiar one. “Gnome and KDE both are taking the wrong path. They are trying to build too much
into the desktop. In doing so, these UIs are getting slower, and are bringing bloatware
to Linux for all the wrong reasons.

One thing often said about Linux is that it performs well on older hardware. This
statement is true. It’s Gnome and KDE that don’t. This is not a good thing. Any
reasonable machine right now can perform basic computing tasks. Our desktop should
make sure this continues to be true.”

From Net-security.org: A vulnerability found by Marcus Meissner exists in Samba where it was
not creating temporary files safely which could allow local users to
overwrite files that they may not have access to. This happens when a
remote user queried a printer queue and samba would create a temporary
file in which the queue’s data was written. Because Samba created the
file insecurely and used a predictable filename, a local attacker
could cause Samba to overwrite files that the attacker did not have
access to. As well, the smbclient “more” and “mput” commands also
created temporary files insecurely.

BSDToday reports that a new clause has apparently been added to Darren Reed’s license for IP Filter, the software for providing firewall
services, packet filtering, and network address translation included with NetBSD, FreeBSD, and OpenBSD. The new clause, which seems to conflict with the rest of the Open Source license: “Yes, this means that derivitive or modified works are not permitted without the author’s prior consent.”

Rueters profiles Jiang Mianheng, the low-profile son of Chinese
President Jiang Zemin. Mianheng is dubbed the
“Prince of Information Technology,” and has ties to Red Flag Linux, China’s Linux distribution.