Kelly McNeill writes “The following is a possible way that an unscrupulous company can bypass the restrictions of the general public license (GPL). I’d love to hear from anyone that can find a flaw in the argument. Let’s assume that Acme software takes a GPL Neural Network program and starts working on a modified, improved version. Acme intends to make money from its software. Next, new employees of Acme are asked to sign a non-disclosure agreement (NDA) preventing them from discussing the new program or, in particular, publishing, redistributing or releasing the work before the company’s embargo release date. Then …”

ZDNet’s Jason Brooks checks in with his LinuxWorld wrapup, citing Ximian and Eazel as “two of the major players working to (make) GNOME the great free hope of desktop computing,” and proclaiming “Linux is now approaching the status of just good enough.”

LWN.net has details of the latest Linux kernel release, straight from the keyboard of Alan Cox. Look forward to a rebalancing of the 2.4.1 VM from Rik van Riel, and an update to the i82365 driver to add locks, delays, and ‘bouncing’ on card dectects from Arjan van de Ven.

A heap-corruption vulnerability in slocate 2.3-1 and earlier can compromise the program’s ability to maintan a complete filesystem index. The bug affects TurboLinux 6.1 WorkStation, and all versions of TurboLinux 6.0.5 and earlier. More at LWN.net.

“There are two security problems in 2.2 and 2.4 kernels. By passing a negative offset to sysctl(), an attacker can read large parts of Linux kernel memory. In addition, a race condition has been discovered that allows an attacker to attach via ptrace to a setuid process, allowing him to modify the running process.” Get the full details at LWN.net.

LinuxDevices takes a look at the embedded side of Linux at this year’s LinuxWorld Conference and Expo held last week in New York. In short: “Embedded has arrived — a common theme just about everywhere was the growing
importance of Linux in “devices” and embedded systems.”

CNET News.com reports: “Security-software maker Symantec on Wednesday notified rivals that it owns a pair of patents
covering its method for updating virus software and definitions incrementally. It was unclear why Symantec waited until now to reveal the patents, which were granted last year.” Slashdot readers discuss this latest software and Internet related patent.

TechWeb previews the close of the deal for Caldera to buy SCO.
“Linux vendor Caldera (stock: CALD) plans to buy Unix
lines from SCO, which makes two popular versions of Unix
for the PC. Caldera will pay $129 million for the Unix
business, leaving SCO with its Tarantella thin-client
software. The deal, announced in August, will likely close
by next month.”

Linux Journal has a column on banks considering Linux. “Linux isn’t here to run some little web server–banks and other financial institutions are
one good proposal and a couple of meetings away from rolling it out in their data centers. Strangely enough, they don’t mind saying they’re
using Linux for development or testing, but nobody wants to be the first to say to a customer, ‘Your account is on a Linux box.’ ”

At LWN.net: “I’m glad to announce that SURFnet in the Netherlands agreed on
providing the service to host the mailing list for crypto-related
Python development:

PYTHON-CRYPTO@NIC.SURFNET.NL.

The reason for this new mailing list is that the situation regarding
export regulations for cryptographic code from the U.S. is still not
clear enough. IMHO we can avoid a problems with crypto code posted
to the mailing list by hosting in a country known to be very liberal
in this field.”