Slashdot Mirror

linumax writes "Users will be free to comment on the upcoming complex and technical draft versions of the GNU General Public License 3.0 in an easy way, according to Eben Moglen, general counsel for the Free Software Foundation. However, Moglen said Wednesday, speaking at the Open Source Business Conference here, the rewrite of the GPL is not an election and there will be no voting on its clauses. In a session entitled GPL 3.0: Directions, Implications, Casualties, Moglen said that when GPL 2.0 was promulgated some 14 years ago, very few people cared about it. On the advice of a few dozen people and a couple of lawyers, it was written and released. "That was a fine system then. It is not a fine system now. I expect the process around GPL 3.0, when it begins in some 60 to 90 days' time, to collect a great deal of comment from people on the draft documents... ", He said."

thursnick writes "eWeek is reporting that Cisco has finally issued a comprehensive fix for a critical IOS vulnerability that set off a firestorm of controversy at the Black Hat Briefings earlier this year. The patches come more than three months after former ISS researcher Michael Lynn quit his job to present the first-ever example of exploit shellcode in Cisco IOS (Internetwork Operating System), a presentation that landed him in legal hot water. Cisco's advisory effectively confirmed Lynn's summer warning that the flaw could be exploited by remote attackers to execute arbitrary commands or cause a denial-of-service on compromised routers."

nanycow writes "The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks. Researchers say the stage is set for a worm writer to use an unpatched buffer overflow in an IM app to unleash a worm that is capable of infecting millions or users without the use of malicious URLs that require a click."

DIY News writes "Red Hat is aggressively pushing to get Xen virtualization technology included in the Linux kernel as quickly as possible. This move comes as Microsoft is pushing its own virtualization products and recently relaxed some of its licensing requirements around Windows Server 2003 to facilitate more pervasive adoption and use of those technologies."

buckethead writes "eWeek is running a story about a security patch from Microsoft that failed to adequately address a denial-of-service flaw on CSRSS (Client/Server Runtime Server Subsystem), the user-mode part of the Win32 subsystem. It stems from a research paper from Argeniss that discusses how Microsoft only patched one path to the vulnerable function, but they forgot to do proper research to identify all the paths." From the article: "The problem was that Microsoft didn't patch the vulnerable function; they just added some validation code before the call to the vulnerable function, but what Microsoft missed was that the vulnerable function can be reached from different paths and the validation code was added on just one of them"

linumax writes "While Microsoft Corp. has publicly said it has no immediate plans to submit its newest Shared Source licenses to the Open Source Initiative for approval, the company met with the OSI board this week to discuss the matter. Ronald Mann, a law professor at the University of Texas in Austin, said two of the new licenses, the Microsoft Permissive License, which is modeled on the existing BSD license, and the Microsoft Community License, based on the Mozilla Public License, appeared to satisfy the Open Source Definition administered by the OSI."

linumax writes "For the second year in a row, Microsoft Corp. invited a small number of hackers onto its Redmond, Wash., campus to crack the company's products for all to see.Blue Hat V2 was held on Thursday and Friday and teamed noted "white hat" hackers with Microsoft employees to break into and expose security weaknesses in the company's products. Over 1,000 Microsoft developers, managers and security experts attended, including Microsoft brass Jim Allchin and Kevin Johnson, co-presidents of the company's Platforms, Products & Services Division."

UltimaGuy writes to tell us eWeek is reporting that Microsoft will be reducing the number of licenses that it will use for its Shared Source Initiative. Instead of more than 10 different licenses they are aiming for just three core licenses. The first license format, Ms-PL (Microsoft Permissive License), is similar to the BSD license while the second, Ms-CL (Microsoft Community License), is based on the Mozilla Public License. The third format, Ms-RL (Microsoft Reference License), "has no open-source alternative and is a reference-only license that allows licensees to view source code in order to gain a deeper understanding of the inner workings of Microsoft technology."

grabbag writes "Dave Aitel is pitching new technology to create "nematodes," or beneficial network worms for use in large businesses. The idea is to set up a new language and structure to create "strictly controlled" good worms on the fly. A research-type demo was given as the Hack in the Box conference where Aitel talked about a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings."

UltimaGuy wrote to mention an eWeek article that seemed topical, given the recent discussions about the OpenDocument format. They're running a piece discussing StarOffice 8's killer position as an alternative to Office. From the article: "However, whether StarOffice 8 can succeed as a wholesale or partial replacement for Microsoft Office will depend on the organization thinking about making the switch. Several improvements in StarOffice 8 are aimed directly at improving compatibility with Microsoft Office-formatted documents, but converting complex documents between the two suites' formats will in some cases require tweaking to preserve document appearance. In addition, while StarOffice 8 can be extended through macros and scripting, much like Microsoft Office can, these extensions won't migrate to Microsoft Office without being rewritten. However, StarOffice ships with a Macro Migration wizard that will aid in the migration of Microsoft Visual Basic macros to the StarOffice Basic macro language. There's also a Document Analysis wizard that helps determine where trouble spots might lie in the transition to a StarOffice format."

JDStone writes to tell us eWeek is reporting that claims of OpenSSH not being an 'enterprise-class product' by SSH Communications, the creators of SSH, is being met with a great deal of resistance. Theo de Raadt, of OpenBSD fame and a member of the OpenSSH development team was quoted saying "OpenSSH is built into all Unix and Linux vendor operating systems, and is also built into almost all larger managed network switches, from Cisco through Foundry. It comes on Linksys and D-Link wireless and security routers too."

Onymous Hero writes "The amazing thing isn't that Windows beat the pants off Unix; it's that so many of the Unix companies survived until today. An article from eWeek looks at why Linux has been so successful where Unix failed." From the article: "While the Unix companies were busy ripping each other to shreds, Microsoft was smiling all the way to the bank. Because the Unix businesses couldn't settle on software development standards, ISVs (independent software vendors) had to write not a single application to get the whole Unix market, they had to write up to a half-dozen different versions. Which would you rather do? Write a single application that would run on all Windows systems, or six different ones, each with its own unique quality assurance and support problems? "

linumax tells us eWeek is reporting that Microsoft, for the first time, has included open source code in the release of one of their products. The Complete Cluster Edition of Windows Server 2003 will be including the Message Passing Interface (MPI) library. From the article: "MPI is key middleware that was designed by a consortia of all the supercomputing vendors in the 1990s to allow the easy portability of code. It abstracts away things like low-latency interconnect, and our focus is making it super easy for ISVs to move their code."

christchurch wrote to mention an Eweek column about Microsoft's decision to stop using DES, MD4, and MD5 for encryption in Vista. From the article: "All three algorithms show signs of 'extreme weakness' and have been banned, Howard said. Microsoft is recommending using the Secure Hash Algorithm (SHA)256 encryption algorithm and AES (Advanced Encryption Standard) cipher instead, he said. The change is part of a semi-yearly update to Microsoft's Secure Development Lifecycle policies by engineers within Microsoft's Security Business & Technology Unit."

2old2rockNroll writes "In more news from Microsoft's Google lawsuit, it appears that Ballmer's 2003 trip to China may have had as much to do with Microsoft moving jobs as selling software. It seems that the Chinese are not pleased with the number of jobs being moved to China, and one of Lee's duties was to identify jobs for export. Although hiring in Redmond has slowed, a Microsoft spokesperson admits they are "growing their work force" in China. Is it possible that Bill Gates' recent lament over the decline of US CS graduates and research spending was merely crocodile tears?"

lilrowdy18 writes "According to a recent article, Microsoft will stop releasing any new versions of Services for Unix. SFU 3.5 will continue to be supported until 2011 and will have extended support until 2014. From what the article hints at, Microsoft wants Unix interoperability integrated into the OS. Microsoft says that this integration couldn't be done with past architectures."

lilrowdy18 writes "Eweek reports that T-Mobile is offering free Wi-Fi to areas affected by Hurricane Katrina. This relief will be free until Sept 2 and an evaluation will be done to see if it will continue after that. The hot spots are only available to residents of Alabama, Louisiana and Mississippi and does not include phone service. The article also includes a link to a map of T-Mobile hotspots. At least we can use some form of communication to get in touch with loved ones."

An anonymous reader writes "The Washingtonpost.com is reporting that two men have been arrested for allegedly authoring and releasing the "Zotob" and "Mytob" worms. The first Zotob, released Aug 14 - just 4 days after Microsoft released a fix for the hole it exploited, infected systems at many major news outlets. Mytob remains one of the most pervasive worms on the 'Net today." From the article: "Moroccan authorities, working with the FBI, arrested Farid Essebar, 18, a Moroccan national born in Russia who went by the screen moniker 'Diabl0.' Arrested in Turkey was Atilla Ekici, aka 'Coder,' age 21. Both individuals will be subject to local prosecutions, the FBI said." Update: 08/26 20:56 GMT by Z : Nana Mous wrote to mention an eWeek blow by blow account of Microsoft's response to the worm. Very interesting read.

turnitover writes "According to eWEEK, "Intel Corp. will port its software developer tools to Mac OS X and will ship its first beta later this year, the chip maker told developers on Tuesday at its first-ever session on Mac OS X at the Intel Developer Forum in San Francisco." This, as Apple is working on its first Intel-based Macs, due sometime in 2006. Will the promise of the same feature set and the same tools (for Windows, Mac and Linux) mean the future of cross-platform development is here?"

turnitover writes "According to eWEEK.com, Microsoft has proposed to work with OSDL for a 'facts-based analysis of Linux and Windows.' Could this just be a case of the fox contracting security for the hen house?" Martin Taylor, Microsoft's general manager of platform strategy, declined to comment on the specifics of what was discussed when he met with OSDL's CEO Stuart Cohen, only to say that they met.

2Stupid2KnowIt writes "eWeek has a cool review of Xirrus' XS-3900 Wireless LAN Array. The unit consists of 16 Integrated Access Points and a wireless switch....all in one device. According to their website, Xirrus can achieve 800+ Mbps of bandwidth and handle 1000+ users. Finally enough bandwidth for us all to cut the cord?"

richi writes "eWEEK has a review of Linux-based alternatives to MS Exchange: Group Where? Almost Anywhere. Focusing on how well they integrate with Outlook, it looks at Bynari Insight 4.2, CommuniGate Pro 4.2, Gordano 11 and Scalix Server 9.2.1."

Shalendra Chhabra writes "Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003, and has now released a full-on technical book, Ending Spam, on spam filtering. Ending Spam covers how the current and near-future crop of heuristic and statistical filters actually work under the hood, and how you can most effectively use such filters to protect your inbox." Read on for the rest of Chhabra's review. Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification author Jonathan A. Zdziarski pages 312 publisher No Starch Press rating 8 reviewer Shalendra Chhabra ISBN 1593270526 summary Very Good Book Covering Statistical Models and Techniques Implemented in Current Spam Filters

Spam (unsolicited commercial email) and phishing (fraudulent emails) are causing losses of billions of dollars to businesses. Many initiatives are currently underway for fighting this challenge. On the legal front, a Virginia court recently sentenced a prolific spammer, Jeremy Jaynes, to nine years in prison, and a Nigerian court sentenced a woman to two and a half years for phishing. Michigan and Utah have both passed laws creating "do-not-contact" registries in July/August 2005, covering e-mail addresses, instant messaging addresses and telephone numbers. Technical initiatives to fight spam include server- or client-side spam filtering, using Lists (Blacklists, Whitelists, Greylists), Email Authentication Standards (IIM, DK, DKIM, SPF, SenderID), and emerging sender reputation and accreditation services.

Ending Spam is the first book explaining the fine details of the theoretical models and machine-learning algorithms implemented in these filters. The book is divided into three parts: introduction to spam filtering, fundamentals of statistical filtering, and advanced concepts of statistical filtering.

The first section of the book discusses the history of spam, spam kings, different approaches for fighting spam such as blacklisting, whitelisting, heuristic filtering, challenge response, throttling, collaborative filtering, Authenticated SMTP, Sender Policy Framework and SenderID, spammer fingerprinting, etc. However, the author omitted any mention of locally-sensitive hash functions (such as Nilsimsa Hash) to counter spammers' random insertion of words, the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart), Greylisting, Identified Internet Mail, and Domain Keys (now Domain Keys Identified Mail).

In the next chapter, the author clearly explains various components of a Language Classifier Pipeline, including the Historical Dataset (aka wordlist, database, dictionary, filter memory), Tokenizer, and the Analysis Engine with its feedback loop. However, the process flow of a language classifier could have been more generalized, e.g. incorporating an initial text-to-text transformer. This chapter also covers the advantages and disadvantages of various training modes for filters, such as Train Everything (TEFT), Train-on-Error (TOE), and Train Until No Errors (TUNE). This part concludes with the description of Paul Graham's famous spam-filtering technique using Bayesian classification (as described in "A Plan for Spam"), Gary Robinson's Geometric Mean Test, Fisher-Robinsons Inverse Chi Square (including the source code for the inversion function), and some other tricks for optimizing spam- filtering accuracy.

The second part of this book deals with the fundamentals of statistical filtering. The author explains HTML and Base64 encoding, followed by a detailed description of tokenization techniques (e.g. Sparse Binary Polynomial Hashing). Then there's a discussion of the various tricks that spammers use for penetrating filters. Although these tactics are mentioned in John Graham-Cumming's "Spammers Compendium," Jonathan has very elegantly explained why some tricks work for spammers and some don't. This part concludes by addressing some of the resource, storage and scaling concerns raised by the large number of features generated from tokenization techniques.

The third part of this book deals with advanced concepts of statistical filtering. This includes the testing criteria for measuring accuracy of an email filter, and some advanced tokenization concepts, e.g. chained tokens (taking word-pairs and phrases into account, instead of individual words) generated using a sliding 5-byte window as mentioned in Sparse Binary Polynomial Hashing. The next chapter describes the Markovian Model implemented in the CRM114 Discriminator, but the author fails to describe different weighting schemes for features implemented in the Markovian-based version of CRM114. The author then describes the Bayesian Noise Reduction Technique for purging "out of context" data from the mail text. This chapter concludes with a very nice summary of collaborative algorithms and techniques, such as Message Innoculation, Streamlined Blackhole List, Fingerprinting, Automatic Whitelisting, URL Blacklisting, and Honeypot email addresses for snaring spammers' address harvesting bots.

The most interesting part of this book is the appendix, where the author presents interviews with John Graham-Cumming of POPFile, Brian Burton of SpamProbe, Marty Lamb of TarProxy, Bill Yerazunis of CRM114 Discriminator, and Jonathan Zdziarski of DSPAM (himself). I loved this section.

The salient points of the book: it's very easy to read; each chapter begins with a very thought-provoking introduction, and concludes with a crisp "final thoughts" section. The number of technical errors are very few in this print, and the illustrations are of good quality. Since the book is geared more toward the Bayesian and statistical generation of spam filters, the absence of certain spam-busting technologies is acceptable. However, a noticeable omission is the lack of discussion about measuring spam-filter accuracy, and what impact this has on setting filtration thresholds. A section on the economics of tradeoffs, and the use of a Receiver Operating Characteristic curve (ROC) would have been very helpful.

Overall, by putting together Ending Spam, Jonathan Zdziarski has made another significant contribution (after DSPAM) to the anti-spam community. Whether you are a system administrator, anti-spam researcher, engineer or a newbie interested in fighting spam, this book is a great reference.

William S Yerazunis and Richard Jowsey also contributed to this review. Shalendra Chhabra is a Graduate Student in Department of Computer Science and Engineering at University of California, Riverside. He is on the development team of CRM114 Discriminator and has presented his work at MIT Spam Conference 2005, Cisco Systems, and Stanford University. You can purchase Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Avery writes "Several sites are reporting that Google has announced in their blog today that they will provide RSS and Atom feeds in their news section. Previously the only way to get RSS/Atom feeds from Google news was through third party scrapers. Now, you can get feeds for any of Google's news areas as well as feeds for a news search. (The news search is basically the same concept as Google news alerts, only in RSS.)"

turnitover writes "And here I thought their revenue was all based on projected lawsuit returns. But no, The SCO Group actually has turned out something that does something -- or does it? In any case, looks like eWEEK has reviewed OpenServer 6. From the review: though the company 'seems like an unlikely outlet for open-source software, the company has extended OpenServer with updated versions of Samba, Perl, PHP and other key components.'"

Anonymous Coward writes "Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device." From the article: "The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics."

lilrowdy18 writes "In an interesting article from Eweek, Microsoft chairman and chief software architect Bill Gates talks about how the lack of spending in research and development is 'kind of a crime'. He also talks about future problems that are facing the computer industry including outsourcing and the speed of upcoming processors." From the article: "Microsoft taps both native-born talent and foreign talent, but Gates said he is frustrated that more U.S. students are not going into computer science. 'The fastest growing major is physical education,' he said. 'The Chinese are going to wake up and say we missed this opportunity,' he joked."

Mike Savior writes "Eweek has a story stating that Microsoft is telling web site developers to prepare their sites for IE 7. From the article: 'One area that Microsoft has clearly articulated as being one in which developers can start work now to prepare for IE 7 involves the UA (user agent) string. First discussed in the company's Weblog in April, the code change prompted a reminder on Wednesday to developers, telling them that Microsoft continues to run across Web sites that are not expecting Version 7 of the browser, and urging them to test their UA strings. '"

An anonymous reader writes "Why did Apple really switch to Intel? Larry Loeb thinks that it has everything to do with the Trusted Computing Group's TNC (Trusted Network Connect)." From the article: "The Trusted Computer Group is a multivendor association that grew out of Microsoft's pre-emptive Trusted Computing Platform effort. Microsoft realized it couldn't force this down the manufacturers' throats, so it formed the TCG to give it the veneer of respectability and 'open standards.'"

terap writes "Microsoft has acknowledged that it is working on a patch for a potentially serious security hole in the 'Remote Desktop' feature. It affects fully patched versions of Windows XP Service Pack 2, even with the integration firewall turned on. There is a possibility this could lead to code execution attacks."

yggy writes "It's been a hectic day on the security patching front. Microsoft's bulletins for July include patches for three critical vulnerabilities on the same day that Mozilla releases new security updates for Firefox and Thunderbird. Not to be left behind, Apple fixed two Tiger flaws while Oracle issued a critical database server update." (See these separate stories on today's release of Firefox 1.0.5 and the 10.4.2 update from Apple, too.)

aneroid writes "eWeek has a story on Microsoft allowing a third party to present a 'hands-on lab' that allowed attendees to play with a range of Linux desktop software at its annual worldwide partner show in Minnesota this weekend. It was run by Don Johnson (not the actor), who explained in true MS style how the things that are considered wrong with Windows are planned or an advantage. Whether it's for the desktop or server, wasn't clear. People did get to 'see the Apache Web server in action' and a KDE desktop.Is this more of a preemptive strike where the Linux experience is so bad (slow machines, old software) they wouldn't bother to check it out in the future, thus securing an existing partner/client? Or are they that confident people won't stray if they're invited to sample the competition? According to the Register, 'Microsoft is unlikely to stop developers moving to Linux and open source so its best hope lies in articulating a strategy of co-existence to limit the 'damage' to its business.'"

arkanoid.dk writes "Sources close to Progeny, Mandriva and Turbolinux report that a new Enterprise Linux distribution is on its way. Apparently, the distribution will be based on Debian 3.1 Sarge and will form the foundation of the next server distributions from the three companies. The three companies hope that the new distribution will enable them to compete with the market leaders Red Hat and Novell Inc's server distributions. An interesting part is that the new system should support both DEB (Debian package) and RPM (Red Hat Package Management) to enable better cross-compatibility with other Linux flavours. The vendor said: 'It will have a nice, Web-based front end for service management, which Sarge lacks. It's basically oriented toward edge-of-the-network type applications, such as ISP software.'"

davidwr writes "Reuters and eWeek report on how the British Banks' emergency chatroom and web site helped them cope with Thursday's terrorist bombing." From the article: "The Bank of England, the Treasury and the Financial Services Authority switched on a secure section of their Financial Sector Continuity Web site to talk to major banks in the City of London's financial hub about how they were coping. A Bank of England spokeswoman said this was the first time the secure site had been used in an actual crisis situation since its creation in the wake of the Sept. 11, 2001 attacks on the World Trade Center in New York."

accihap writes "A week after word leaked out that Microsoft was negotiating an acquisition deal with Claria (See recent /. coverage), spyware researchers have noticed that the Windows antispyware application has downgraded Claria's Gator detections and changed the recommended action from 'quarantine' to 'ignore.' Screenshots of the new default settings."

An Anonymous Reader wrote in with a story on the Eweek site, reporting that the Federal Government is going to keep control of the Domain Name System rather than handing it over to ICANN. From the article: "...the United States is committed to taking no action that would have the potential to adversely impact the effective and efficient operation of the DNS, and will therefore maintain its historic role in authorizing changes or modifications to the authoritative root zone file..."

dMill writes "There has been a lot of discussion about Microsoft's decision to bake RSS into Longhorn (see previous Slashdot coverage) but the obvious security implications seem to be on the back burner. eWeek has a story discussing the risks and Don Park is also warning about the potential for abuse and exploitation. For example, the primary mechanism behind podcast, RSS enclosure, can be used to deliver worms and worse to the desktops. If there are any vulnerabilities in iPod (or any MP3 player hooked up to podcast sync client) codec, then podcasting is a good way to deliver overflow inducing content."

blankify writes "eWeek is running a story about the least-privilege, no-admin option available in Windows (2000/XP/2003) that has been mostly ignored by end users. From the article: '"To the average user, the notion of non-admin is abstract and obscure," said Michael Howard, a senior security program manager in Microsoft Corp.'s security business and technology unit. "Most users just don't know they can set up least-privilege accounts in Windows today, and that's just a sad reality."'"

An anonymous reader writes "At Gnomedex this year, Microsoft is excited about the new RSS integration into Windows Longhorn and Internet Explorer 7. Screenshots of Internet Explorer 7 reveal how Microsoft has added a search tool to the top right of the browsing window similar to the one found in Safari/Firefox. Also, Microsoft revealed that RSS will be integrated into the heart of Longhorn."

imatt writes "From eWeek's article on MS Office Alternatives for Mac: 'Major milestones were recently announced for two Mac OS X-compatible software suites that could provide an alternative to the near-ubiquitous Microsoft Office...NeoOffice/J uses a standard Mac OS X installer, presents native Aqua menus, does not require Mac OS X users to install and use X11 software, uses Mac OS X fonts and has native printing support.' Most [options] seem to be open source, which is good for the programming community and better for the Apple user."

Uky writes "Convinced that the recent upswing in virus and Trojan attacks is directly linked to the creation of botnets for nefarious purposes, a group of high-profile security researchers is fighting back, vigilante-style. The objective of the group, which operates on closed, invite-only mailing lists, is to pinpoint and ultimately disable the C&C (command-and-control) infrastructure that sends instructions to millions of zombie drone machines hijacked by malicious hackers." From the article: "Using data from IP flows passing through routers and reverse-engineering tools to peek under the hood of new Trojans, Thompson said the researchers are able to figure out how the botnet owner sends instructions to the compromised machines."

solareagle writes "Public peer-to-peer networks have always been associated with adware program distributions, but BitTorrent, the program created by Bram Cohen to offer a new approach to sharing digital files, has managed to avoid the stigma. Not any more, anti-spyware advocates warn. According to Chris Boyd, a renowned security researcher who runs the VitalSecurity.org nonprofit resource center, the warm and fuzzy world of BitTorrent has been invaded by a massive software distribution campaign linked to New York-based adware purveyor Direct Revenue LLC."

per1176 writes "Microsoft has released 10 advisories to cover a dozen security vulnerabilities, including a "critical" cumulative update for the Internet Explorer browser. The IE fix corrects a remote code-execution vulnerability that exists due to the way the browser handles PNG (Portable Network Graphics) files."

devonshire writes "Officials at the Microsoft Security Response Center have provided a detailed look at the process used to create security patches. From the time the first vulnerability data is received from grey hats to the time a bulletin is shipped, it's a pretty interesting look at how they handle the information flow and patch testing and why it takes so darn long to release an IE update."

esavard writes " If Linux enthusiasts don't want Mac OSX on Intel to become a threat for the future of Linux Desktop, they must rethink the concept of Desktop as we know it today. Symphony OS did exactly that and propose some fresh concepts about how a desktop should and should not be. If you want to know more about Symphony OS, a good starting point is a Wikipedia article describing the innovations proposed by this new desktop OS. The Linux Desktop Community must encourage such initatives massively to compete against Mac OSX and Windows."

blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."

Ant writes "An article on eWeek discusses Microsofts plans to ship a Windows 2000 Update Rollup, the final security patch for the 5-year-old operating system. The Update Rollup, which replaces Windows 2000 SP5 (Service Pack 5), is a cumulative set of hot fixes, security patches and critical updates packaged together for easy deployment. The Update Rollup will contain all security-related updates produced for Windows 2000 between the time SP4 was released and the date the update ships. It will also feature a small number of important, non-security updates. The Update Rollup comes just one month before mainstream support for Windows 2000 client and server releases expires on June 30."

turnitover writes "We've been waiting for Longhorn before we really get on the .Net train, but should we bother at all? According to Mary Jo Foley at Microsoft Watch, Longhorn won't be based on .Net at all. Foley, who's usually right on target, calls this MS's 'dirty little secret'." From the article: "We're guessing that Microsoft will maintain that nothing has changed-that no one ever promised that the .Net Framework 2.0 would be the foundation for Longhorn. But developer types we've been chatting with seem to find this update a newsworthy revelation."

suezz writes " Eweek is running a story that Redhat is releasing Netscape Directory (LDAP) under the GPL - this is huge at least from my point of view. I know of at least two huge companies that have standardized on Netscape Directory for their web applications."

MxTxL writes "EWeek is reporting here about a plugin for Visual Studio.Net, called Grasshopper, that allows web applications that once only ran on IIS to be run on Tomcat or other J2EE platforms. The Mainsoft Developer Zone has more details on how it works but basically it converts the MS Intermediate Language into Java bytecode. The developer is also a supporter of the Mono Project."