Anonymous Reader writes, “In an effort to capitalize on favorable court decisions in the Napster case, the record industry again sent out cease and desist letters to several digital file-trading companies. Aimster is responding to this latest letter by fighting back.” The

story’s at MP3newswire.net.

Reuters offers its own take on reports that a Microsoft official will attack Open Source and Free Software today in a speech. It’s basically a condensed version of a New York Times report, without the free registration required.

Linuxgram has a short item saying Venezuela’s Banco Mercantil has “ripped out 30 NT servers and replaced them with an IBM S/390
mainframe running SuSE Linux.”

Alan Cox and the kernel team are in high gear. Here’s another release. It’s at ftp://ftp.kernel.org/pub/linux/kernel/people/alan/2.4/. Intermediate diffs are available from http://www.bzimage.org.

2.4.4-ac4
o Fix future domain scsi (Carlo Prelz)
o Merge Linux 2.4.5pre1
o Fix ipx without sysctl compile (Pavel Roskin)
o Revert fork changes to match Linus 2.4.5pre1
o Drop the threaded core dump code
| It can go back in when it works
o Drop pa-risc work – it’ll be easier to resync
just once as pa has moved on a lot
o Add spin_lock_prefetch to get_empty_inode (me)
| Experimenting
o Kbuild has moved (Keith Owens)
o Update kernel docs on memory barriers (Rusty Russell)
o Move es1370 pci_enable and do some cleanup (Marcus Meissner)
o Fix netfilter overuse of __exit (Rusty Russell)
o Fix alpha build bug (Michal Jaegermann)
o Fix tigon1 build (Olivier Galibert)
o Fix tmpfs deadlocks writing into a file from
an mmap of itself (Christoph Rohland)
o Fix missing (but harmless) return in vmtruncate (Al Viro)

2.4.4-ac3
o Fix hang on boot with SMP (Andrea Arcangeli)
| and fixes a few more uglies too
o freevxfs module name was wrong (should be
freevxfs.o) (me)
o Update alloc_etherdev docs (Erik Mouw)
o Remove dead funcs, put back ip_set_manually
in the ipconfig code (David Miller, Arnaldo Carvalho de Melo)
o Fix SA_ONSTACK standards violation (for x86) (Christian Ehrhardt)
| Other arch maintainers should check.
o Add another species of SB AWE 32 (Bill Nottingham)
o SE401 USB camera driver (Jeroen Vreeken)
o Correct MAX_HD and make stuff static in ps2esdi (Hal Duston)
o Fix inode-nr corruption (Al Viro)
o Fix pgd_alloc for user mode linux (Jeff Dike)
o Fix UML hostfs for get_hardsect_size (Jeff Dike)
o Tidy up APM options setting, add module opts (Stephen Rothwell)
o Fix acm open race (Oliver Neukum)
o Further bounce buffer fixes (Arjan van de Ven)
o ACPI updates (Andrew Grover)
o Move pci_enable_device earlier on via audio (Arjan van de Ven)

From Open Source advocate Eric S. Raymond: About an hour after I posted “Beware the Microsoft shell game!”, the
company that wants you to trust your digital identity and your vital
business data to its .NET application servers admitted that there is
an easy root crack in the standard build of Windows 2000 running the
IIS
web server. Code for this exploit has been sighted in the wild.

What this means is that unless a knowledgeable sysadmin has taken
explicit action to prevent it, any 15-year-old who can copy code off
the
Internet can use Microsoft’s IIS to bypass your firewall, bypass your
password system, and gain administrator-level access to the machine
that hosts your webserver. They can inspect, alter or delete files at
will no matter how you have them secured. They can also use root-level
access to that machine as a springboard for attacks on other systems
inside your firewall.

A writeup on this latest in the apparently unending stream of gaping
holes in Microsoft’s security is at:

http://www.eeye.com/html/Research/Advisories/AD20010501.html.

This is about bad as it gets, folks. It’s a big, nasty problem even by
Microsoft’s security-bug-of-the-month standards.

At Craig Mundie’s anti-open-source sermonette in New York tomorrow (Thursday),
I hope someone will have the temerity to ask him a few simple
questions:

1. Should Microsoft’s record on security inspire confidence in
customers considering entrusting their digital identities to
Microsoft’s Hailstorm system and their critical business
data to .NET?

2. Even the most cursory inspection of sites that specialize in
tracking security bugs (such as CERT and BugTraq) suggests that
open-source operating systems such as Linux and the BSDs have
a far better security record than Microsoft Windows, both in
having fewer vulnerabilities and in more rapid deployment of
fixes. How does Microsoft propose to close the technology gap
and catch up to the quality level of these systems?

3. How can potential operating-system customers with millions
(perhaps billions) of dollars riding on the security of their
computer systems form a rational estimate of their exposure
if they cannot inspect the source code of those systems?

4. If the answer to question 3 is “You can see the source code if
you’re a big enough company to pay us for the privilege”, then why
should customers have to pay for the privilege of doing the job
Microsoft’s own QA teams so frequently bungle?

5. How would you respond to the following statement: “Any engineer or
executive who, disregarding best practices, entrusts
security-critical functions to closed-source software is committing
an actionable breach of their responsibility to their employer?”

—
Eric S. Raymond

If a thousand men were not to pay their tax-bills this year, that would
… [be] the definition of a peaceable revolution, if any such is
possible.
— Henry David Thoreau

Wired News carries word of patent 6,219,045, issued to Worlds.com, and covering the use of avatars and other information within a three-dimensional virtual world. Considering the popularity of games like EverQuest and Asheron’s Call, the patent could prove to be a windfall for tiny Worlds.com.

From the New York Times (free registration still required): “Microsoft is
preparing a broad campaign countering
the movement to give away and share
software code, arguing that it potentially
undermines the intellectual property of countries
and companies. At the same time, the company
is acknowledging that it is feeling pressure from
the freely shared alternatives to its commercial
software … (A speech to be given Thursday) is part of an effort by Microsoft to
raise questions about the limits of innovation
inherent in the open-source approach and to
suggest that companies adopting the approach
are putting their intellectual property at risk.”

Bruce Perens writes, “I’ve written an essay on Software Patents vs. Free Software, and the danger that software patents pose for the Free Software developer. In addition, there are details about the summit meeting I’ve called on Free Software and The Law. Thanks! – Bruce“

“We selected Martin Baulig and Sander Vesik to take the lead on building
a Release Team and work with the folks who volunteered to put together a
GNOME 2.0 release plan. This will include a listing of all the top-level
tasks that need to be accomplished, along with preliminary due-dates…”

Minutes of the GNOME Board meeting 1 May 2001
From: Daniel Veillard 
To: foundation-announce@gnome.org
Cc: foundation-list@gnome.org,  gnome-hackers@gnome.org
Date: Thu, 3 May 2001 05:50:02 -0400


Minutes of the GNOME Board meeting 1 May 2001
          =============================================


Presents:
=========

    Havoc Pennington (chairing)
    Miguel de Icaza
    Raph Levien
    Daniel Veillard  (minutes)
    Dan Mueth               
    John Heard              
    Owen Taylor
    Bart Decrem
    Maciej Stachowiak (:15)

Missing:
========

    Federico


Regrets:
========

    Jim Gettys

Decisions:
==========

   - The board selected the Gnome-2.0 Release coordinators Martin Baulig and
     Sander Vesik, asking them to build the Release Team for Gnome-2.0 with
     the help of the others candidates
   - The GNOME Foundation membership proposal has been approved as the
     GNOME Membership Policy 1.0

Action Done:
============

  ACTION: Bart will follow the 'small conferences' meeting and will report in
          one month
     => Rebecca will be the Conference Master for Gnome
        She will double check that Guadec 3 can be done in Spain

  ACTION: Maciej will post to Gnome-Hacker to get people stepping in as
          Gnome-2.0 coordinator.
     => done

  ACTION: Havoc make sure that we get the 2.0 volunteers and what need to get
          done to start the release coordinator work
     => done

Action:
=======

  ACTION: Havoc send the AB list to the board looking for completion
          of the member liasons.
     => still pending


  ACTION: John try to get a Copyright assigment form and procedure for the
          GNOME Foundation

Discussion:
===========

- Fundation:

  not much to report, still some lawyer work needed.

- Release coordinators:

  Martin Baulig, Sander Vesik, George Lebl, Chris Lahey, Jonathan Blandford,
Peter Teichman and Dave Camp  expressed interest in helping with the 
GNOME 2.0 release, according to the discussions and plans that came out
of GUADEC. Also, Jody Goldberg wants to help on the office/apps part of it.

  We selected Martin Baulig and Sander Vesik to take the lead on building
a Release Team and work with the folks who volunteered to put together a
GNOME 2.0 release plan. This will include a listing of all the top-level
tasks that need to be accomplished, along with preliminary due-dates for
each of these and a full committee roster with specific responsibilities
assigned to each team member.

  We'd like to see quick progress on this, and have at least the committee
structure and responsibilities flushed out within 2 weeks.

  It is relatively clear that the work of doing the release coordination
for GNOME 2.0 will be larger than what was needed for GNOME 1.4. We hope
that Martin and Sander will be able build a strong team covering the
various tasks needed, the following ones were listed (but the list is far
from complete):
    - PR coordinator
    - documentation/QA coordinator
    - library freeze
    - porting
    - translation
    - UI freeze
   
- Membership policy:

  The community had many opportunities to review it. There were no negative
  feedback. So we adopt the proposal as GNOME Membership Policy 1.0

  Interesting points discussed:
    - we want the Gnome project to stay open to anybody who want to contribute
      to it
    - Opening to the ISV community is okay but people should not just use it but
      helping or contributing the project is still required to qualify.


Daniel

-- 
Daniel Veillard      | Red Hat Network http://redhat.com/products/network/
veillard@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

Kelly McNeill writes “In several articles published on the osOpinion.com site last year, I warned everyone about what was coming down the pike from Microsoft.

The articles warned that Microsoft’s .NET product strategy was just a faint whisper of what Microsoft actually intends for the long-term. That strategy is to get the consuming public completely dependent (in one way or another) on Microsoft, and to have us pay for that privilege. Prior to .NET, Microsoft enjoyed a relatively unchallenged position in the browser and development tools product markets.”