Slashdot Mirror

irix writes: "C|Net is reporting that Toshiba will ship a mini-notebook May 18th in Japan, coming to the U.S. later this year. The article also has some information about upcoming Transmeta CPUs." Hints and promises from Transmeta are that the next generation Crusoe will be smaller (half the size of current ones), faster (up to 800MHz) and consume less power (not quantified). U.S. notebook makers still seem reluctant to use them though -- so if Americans want a Crusoe in anything but a Sony Picturebook before the end of the year, we may have to watch dynamism.com and similar places. Update: 05/07 09:37 PM by T : OS24Ever also writes: "Linuxgram has an article about scooping RLX Technologies announcment of their new System 324 Web Server. At its optimum, the product will hold 336 Web servers running Linux or Windows (Windows costs $200 more). The Transmeta chip runs 80% cooler with 80% less power requirements, eliminating a lot of heat and need for fans, bringing single point of failure in the machine down to near zero."

pjones writes: "This just in! Open Source is bad for companies and countries too. In a New York Times article (registration required), John Markoff reports that: "In a speech defending Microsoft's business model, to be given on Thursday at the Stern School of Business at New York University, Craig Mundie, a senior vice president at Microsoft and one of its software strategists, will argue that the company already follows the best attributes of the open-source model by sharing the original programmer's instructions, or source code, more widely than is generally realized." Singled out for particular rebuke and scorn are IBM and the famous GPL and its author Richard Stallman. Who will be there to cheer Craig on?" See also ESR's dispatch on same. (Read below for update with time and place.)

Update: 05/03 01:55 PM by T : cananian points to this announcement on time and place. The upshot: from noon to 1:30 p.m, in room 1-70 of NYU's Kaufman Management Center (KMEC), 44 West 4th Street.

Joshua Strzalko writes: "Aparently, the match, so to speak, that lit the big bang has been discovered by some detectors down in Antarctica. What would be the megatonage of that explosion? Full story can be viewed here." As always, working hypotheses are just that, of course. Update: 04/30 07:12 PM by T : CodeWheeney writes: "The home page for the instrument that was used is located here."

Trepidity writes "The Opera web browser appears to be the first to add gesture-based navigation (made popular recently in the game Black&White) as a standard feature. You can perform a bunch of common actions with simple gestures, such as holding down the right mouse button moving left and releasing to go back, or moving up then down while holding the button to reload the current page. A list of the various implemented commands can be found on their site." I've been playing a fair amount of B&W lately - the interface took a bit to learn, but once you['ve got it done, it's actually a very efficent system of getting around - the use within the Web might finally take the Web beyond just a point and click interface. Maybe. Probably not. CT: Just don't try it with a thinkpad style nipple mouse. My wrist lost feeling. Update: 04/18 02:55 PM by T : Read more below for a software project that promises to spread some gestural goodness even further.

Mike Bennett writes with news of his "free software project. It's called wayV, and provides gesture recognition for X. Version 0.1 was released a while ago and let you start applications with gestures, version 0.2 will be released this week and also includes the ability to send keypress, e.g. make a gesture to change desktops, etc." This looks like a modestly conservative 0.1, too;)

Gord.ca writes: "Linuxprogramming has a preview of Qt 3.0. New goodies include database integration, multiple monitor, 64-bit support, their own component model an improved Qt Designer & international text display. Doesn't seem to be any reference to 3.0 on the Trolltech website, nor guestimates of release date." Update: 04/09 11:18 PM by T : Here's something on the Trolltech site about the new release -- sounds nice.

www.sorehands.com writes that yesterday, "in Texas, the Committee on Business and Industry heard testimony on HB1295. HB1295 is a bill which, if passed, would require PC sellers in Texas to include censorware on the machines they sell. Under this bill, if a "personal computer" incudes an operating system, the manufacturer would be required to provide fitering software. There are no exceptions for personal computers used for business, or for computers operating systems for which there is no censorware. This bill was prompted by SPAM to the author's, Garcia, AOL account popping up porn before being caught by the AOL parental controls. Garcia also said that downloading and installing the software over the net is too difficult for anyone over 30 years old to install. The committee seemed leary of the bill given that Texas B & C Code Sec 35.101 et seq requires that ISPs provide links to censorware." This lowers Texas on the list of "states to move to" when my lease runs out. Update: 03/21 06:10 PM by T : Jamie points to this earlier post at censorware.net as well.

Gary writes: "Nintendo begins shipping its next-generation handheld game in Japan this week. Nintendo estimates that it holds a 90 percent share of the portable game market, though some analysts believe that percentage to be even higher. It is the first to have a horizontal alignment, and it is 17 times faster than the Game Boy Color, which was released in 1998." This is the first portable gaming system I'm really tempted by -- horizontal alignment is The Way Things Should Be on such things;) Update: 03/21 03:53 AM by T : And Prabhjeet "The One" Singh writes: "According to Gamespot, Activision will be releasing a version of DOOM for Nintendos upcoming Game Boy Advance. No game has given me more sleepless nights. Now its time for sleepless plane rides, mall trips, etc. I can't wait."

An anonymous user wrote in to tell us (and Timothy called RH and confirmed, this change was made a few weeks ago) that you no longer can Freely and Anonymously use Red Hat's Update Agent to download updated package DBs, and update packages. You must register, and pay $9.95 for the service. Of course you can still update manually, but how long before other services pop up to take its place? And Debian still does apt without me having to tell them where I live. This is unfortunate, but not unsurprising. I want RH to make a buck too, but this seems like a pretty crappy way to do it. Update: 03/19 03:21 PM by T : An unnamed reader points to this FAQ on the change, too.

OdinHuntr writes: "Newsforge has an article detailing Eazel's layoff of over 50% of its workforce. Quite a day, eh?" And GrokSoup writes: "According to News.com, Eazel laid off 40 employees today -- or more than half of its staff. The company says it is trying to get its "... burn rate and business plan in line with the more sober economic environment," but we all know what that means. Don't we?" Update: 03/14 03:20 AM by T : And on a slightly more positive note, Dan Gillmor writes: "Hey, I stopped by Eazel today and Andy H showed me a nifty (but as yet unreleased) RSS viewer that's an intelligent icon on the Nautilus desktop ... I posted a screen shot in today's weblog."

jasonripp writes: "Seems those wacky scientists have discovered a method to use light to easily move tiny particles of matter with a high degree of precision. This has applications in biotech, computers and more. The article is here." It's one of those cool low-tech inspirations, too -- the "light tweezers" these scientists have devised were inspired by cheap laser-pointer accessories. Update: 03/06 10:00 PM by T : We have compensated for the Dark Side moving that URL around.

lpontiac writes: "People have been making noise about the new Australian copyright laws making web caching and Playstation mod chips illegal ... and now, the Australian attorney-general has come out and stated that the new laws also make it illegal to forward email without the explicit (ie written) permission of the person who wrote the email. (Just as surprising to me is that the article claims to know who Claire Swire is :)" Update: 03/04 11:22 PM by T : kipling writes "Regarding the Australian e-mail copyright story, the ABC news site says that the Australian Attorney-General has dismissed these claims. Looks like another news ltd beatup." Update: 03/05 02:55 AM by T : And thanks to downunderrob, here is the AG's press release calling the idea "ridiculous."

lpontiac writes: "People have been making noise about the new Australian copyright laws making web caching and Playstation mod chips illegal ... and now, the Australian attorney-general has come out and stated that the new laws also make it illegal to forward email without the explicit (ie written) permission of the person who wrote the email. (Just as surprising to me is that the article claims to know who Claire Swire is :)" Update: 03/04 11:22 PM by T : kipling writes "Regarding the Australian e-mail copyright story, the ABC news site says that the Australian Attorney-General has dismissed these claims. Looks like another news ltd beatup." Update: 03/05 02:55 AM by T : And thanks to downunderrob, here is the AG's press release calling the idea "ridiculous."

Well, it's here -- the KDE 2.1 final version. You can find the official (and lengthy) press release here as well as the locations to download the various packages. I have been playing with this version for a week (took the tagged version which went to packagers) and I can definitely say that it is very stable and fast. You can also read a small review here. Good work, KDE team.Update: 02/27 12:05 AM by T : Check out the change logs, as provided by seanr, and enjoy the "major improvements" pointed to by Andrew Coles in Konqueror and KMail, as well as "the addition of the excellent IDE KDevelop, as well as the modular new multimedia player noatun."

Jason Bennett, frequent reviewer of books, now regales you with this great piece on the background and development of the new encryption standard to replace the pretty-good-till-now DES. It's full of linked information you'll want to digest, too. Update: 02/23 12:32 AM by T : Note: The links I borked are better now; mea culpa (and beware copying in Mozilla).

Since it was officially approved by the U.S. Government in November of 1976, most of the world's sensitive commercial traffic has been secured through the use of the Data Encryption Standard (DES). In its twenty-five year lifetime, it has become the most widely used, most widely trusted, and most widely studied encryption algorithm in existence. Alas, in the same way that your Atari 2600 ^[?] is currently sitting on the floor of your closet, DES' lifetime has come to an end as well. This was most dramatically demonstrated in the three DES Challenges sponsored by RSA Labs between January of 1997 and January of 1999, with a DES-encrypted message eventually being broken in less than 24 hours. This challenge also witnessed the birth of a DES-specific cracking computer, a machine widely theorized about, but never before (publicly) built. Although variants of DES (most notably Triple DES) are still widely used, it became clear that a new algorithm would be needed for the next twenty-five years.

Thus was born the Advanced Encryption Algorithm Development Effort. Beginning in January, 1997 (just before the RSA challenges finally broke DES), the National Institute of Standards and Technology announced its intent to begin the Advanced Encryption Standard (AES) process. The initial AES workshop was held in April, with the official call for algorithms going forth in September. Importantly, this call specified that the algorithms submitted have a key length of 128 bits, and be free of intellectual property constraints. Algorithms would be accepted from domestic and international submitters, and the resulting algorithm would be completely public. The con test would also consider both the hardware and the software implementation -- a divergence from DES, which was specifically designed for use in hardware. Importantly, the hardware that the AES had to operate in could vary from the largest supercomputer to a ROM-based smart card or other embedded ed environment. A candidate algorithm might well be optimized for one or the other, but had to perform at least reasonably well on all to have a real chance of being selected. Finally, this algorithm would be designed from the ground up to use the long key length, and thus would be faster and more secure than Triple-DES is at that length.

Thus came the warriors to the joust. On August 20-22, 1998, the first AES conference was held, with fifteen different algorithms being presented. Over the next seven months, these algorithms were tested in laboratories around the world to probe for weaknesses and to test the their speeds. There is a huge selection of papers on these tests at the AES1 site for your perusal, so I will not try and detail those tests here. Suffice to say, several of the algorithms had serious problems identified, while others came through with flying colors. The next March, the second AES conference was the forum for the presentation of these results, and a subsequent discussion of which algorithms should thus advance to the final round. These finalists were announced in August of 1999, thus beginning the second round of competition. NIST subsequently issued an excellent report detailing their rationale about each algorithm, including the problems and benefits associated with each.

The AES finalists were:

• MARS (IBM) (their case)
• RC6 (RSA) (their case)
• Rijndael (their case) (how to pronounce it)
• Serpent (their case)
• Twofish (Counterpane) (their case)

Obviously, each candidate comes to the conclusion that their cipher is the best. Nevertheless, there are some shared criticisms of the various ciphers that show patterns in each one. Serpent, for example, is universally named the slowest algorithm (in software), even by its creators. Nevertheless, they make their case based on being the most secure algorithm of the bunch. RC6 and MARS are both very fast on certain processors, but terrible on others. As noted above, any serious AES candidate had to perform well across all platforms, and thus this variable performance tended t o compromise these candidates. None of the algorithms were ever broken by a practical attack, however, and all should be considered secure enough for serious encryption work. Thus was held the third AES conference in April of 2000. This was the final conference before the official AES selection, and the last chance for each algorithm to make it s case. The statements above were presented at the end of this conference in an effort to make that case. Once the conference ended, it was up to NIST to make its selection. The candidates could only wait.

Finally, on October 2, 2000, NIST released their final decision, that R ijndael was to be the AES selection. Simultaneously, NIST released a paper detailing their rationale for the selection. In sum, this paper says that any of the finalists could have been selected (an opinion echoed by man y in the industry), but that Rijndael proved to have the proper balance necessary between speed in hardware, speed in software, and security. To quote from NIST's statement:

Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. Rijndael's very l ow memory requirements make it very well suited for restricted-space environ environments, in which it also demonstrates excellent performance. Rijndael's operations ons are among the easiest to defend against power and timing attacks. Additionally, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with th some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require e further study and are not being considered at this time. Finally, Rijndael's internal round structure appears to have good potential to benefit from instruction-level parallelism.

At this point, it's all over but the shouting. At some point later this year, the Secretary of Commerce will officially designate Rijndael the Advanced Encryption Standard, and a new era will have begun. AES was specified (and is expected) to remain a standard for at least as long as DES, and to protect data for even longer, and barring a major development (such as faster-than-forseen developments in quantum computing), this standard will likely be met. No one expects research into new algorithms to die, however. There will continue to be parallel algorithms developed and used, just as there are today. Thanks to be combined efforts of NIST and the community, however, there will always be the bedrock of AES available.

In conclusion, I'd like to point out the positive role that the U.S. Government, as represented by NIST, has played in this process. The Free Software/Open Source community has taken its share of shots at the government over patents, copyright and crypto export over the past several years, and deservedly so. The AES process, however, was lauded throughout the encryption community as a fair and open process that brought together the best minds available to select the algorithm for the next century (as NIST likes to say). Making an algorithm a FIPS standard gives it a legitimacy that cannot be obtained in any other way, especially given the way that this standard was arrived at. The algorithm is completely free of any IP hurdles, as was specified at the beginning of the process, and since the code is open, it can be downloaded by anyone in the world (and since it was designed outside of the U.S., any attempt to regulate its export from the U.S. would be silly). It is reasonable to criticize when a situation is bad, but it is only fair to praise when something is good.

Bibliography

I used a great number of sources from print and the web, so it's only fair to list them here. I also put many links in the body itself, most of which go into much more detail than I did.

• NIST's main AES site is the place to start. It links to most of the technical information I linked to above.
• RSA's crypto FAQ has been around for many years, and the latest edition only gets better. Covers all sorts of ground on cryptography, both general and specific. If you're trying to learn more about crypto, this is the definitive place to go.
• SANS InfoSec has a good overview of the process and the finalist algorithms.
• A Cryptographic Compendium has a good AES section
• SecurityPortal has an excellent perspective on what AES means
• Everyone's favorite IT rag The Register has a solid overview of the process
• Bruce Schneier publishes a crypto newsletter through his company, Counterpane Internet Security. See especially the issues from May 15, 1998, March and August 15, 1999, and April and October 15 of 2000.
• Simon Singh's The Code Book provided some excellent background

jordan (one of the founding developers of Napster), writes: "As the rumour mill churns over Napster's future, many folks see Gnutella as the next best hope for the music loving file sharing community. Problem is, Gnutella can't scale . [Note: if that URL doesn't work, try this mirror.] Almost all research on Gnutella up till now has been based on observations of the system in the wild, but this paper discusses the technical merits of that statement through a detailed mathematical analysis of the Gnutella architecture." The kind of numbers that you may not like to read if you figure networks expand to accomodate traffic at a never-ending pace. Update: 02/15 12:24 AM by T : Jordan also points to this mirror for your reading pleasure.

jordan (one of the founding developers of Napster), writes: "As the rumour mill churns over Napster's future, many folks see Gnutella as the next best hope for the music loving file sharing community. Problem is, Gnutella can't scale . [Note: if that URL doesn't work, try this mirror.] Almost all research on Gnutella up till now has been based on observations of the system in the wild, but this paper discusses the technical merits of that statement through a detailed mathematical analysis of the Gnutella architecture." The kind of numbers that you may not like to read if you figure networks expand to accomodate traffic at a never-ending pace. Update: 02/15 12:24 AM by T : Jordan also points to this mirror for your reading pleasure.

assbarn writes: "The title pretty much says it all, but LWN daily is reporting that SuSE is laying off almost all of its US staff. What does this mean for their English distribution? The details are short (and sketchy), but the link is at LWN. " I've tried reaching both the U.S. and German branches: SuSE has yet to return a call placed to the U.S. office, and at the German branch it won't be business hours for a while. I've left that message at the SuSE American office, though, and will update with any confirmation/denial. Update: 02/08 12:03 AM by H :A couple people have sent in the LinuxToday piece. SuSE's PR agency has denied it, but LWN is standing by it, and several other readers have substantiated it to LinuxToday and LWN, including the original source on LWN. As well, SuSE did say that a number of positions were being relocated. We'll keep the story updated. Update: 02/08 04:38 AM by T : LinuxGram has some great information -- with real details! Skeleton crew of 12 to remain in the U.S. What's also interesting is that it confirms that the PR agency had "bad communication," which is an interesting statement to say the least.

woggo writes: "I just got the Vita Nuova newsletter for February. It appears that they are planning a port of Plan 9 and Inferno (the recently open-sourced operating systems from Bell Labs) to the Hitachi SH3 and SH4. I quote: "It would be good to hear from readers that have a suitable board to target for a reference port. Failing that, we have got our own ideas!)" Guess it's time to vote for everyone's favorite $99 MIPS computer...." According to the Vita Nuova site, "First, we are working on a port of the compiler suite to generate code for the SH series [of Hitachi chips]. Once that is done, we can start on an Inferno port (it being easier to port Inferno than Plan 9)." Update: 02/07 04:15 PM by T : Mitch Davis of the Linux on SuperH team wrote:"[this] article called the DreamCast "everyone's favorite $99 MIPS computer". Just so you know, the DreamCast is powered by a Hitachi SuperH processor, not a MIPS." Thanks for the correction, Mitch.

John Brown writes: "[T]oday I called 1-888-Shop-IBM and talked to a representive about the possibility of buying a Thinkpad X20; I wasn't too happy with the fact that it lacks an internal floppy drive, so the guy told me that during the next week IBM will be releasing a storage device called 'USBKey' which basically looks like a (guess what...) key (it is even meant to be kept in your key-ring), but fits into a USB port, allowing you to store up to 8MB of data in it. Amazing! You may very well live in a world in which 100Mbits/s is a common thing, but for the rest of us a highly portable and universally accepted data medium which allows you to store 5 times more than 1.44MB is good news." I would also like to see AOL start sending out (rewriteable) 8MB USB keychains. Note: no reason that such things should be limited to 8MB, either -- we featured a similar toy a while ago; I wonder if IBM is licensing it. Update: 02/06 04:39 AM by T : Thanks to PongoX11, who writes: "It looks like the drive you heard about already exists. I work in a computer retailer and remember seeing these on the shelves."

An unnamed correspondent writes: "Looks like Linuxgruven has been making offers that if you pay them a few grand for them to train and Sair certify you, they will hire you on for a $45,000/yr entry level position. Besides that fact that this smells like a scam, it seems that Sair is now in legal proceedings against Linuxgruven. Here is a link to an e-mail from Sair [Director of Courseware & Instruction Ross E. Brunson] posted on a users group mailing list." (Read more, because it gets more complicated.)

"Here are other links to mailing list discussions about those offered positions at Linuxgruven:

• [Email from Ronald Boney and Paul Berlin]
• [Email from jiin@jiin.org]
• [Email from tmservo@pitton.com]"

Sair GNU/Linux provides certification and testing materials for personal or corporate use intended to show proficiency with various GNU/GPL software. Eric S. Raymond, Jon "maddog" Hall, Bruce Perens, Richard Stallman and other luminaries of Free software sit on the board of Sair, which lends an air of credibility that few organizations can boast.

In an economic niche somewhere near that of Sair, Linuxgruven also focuses on GPL software, by providing training courses and materials and certification, but also provides professional services. They currently have offices in eight U.S. cities, and plan on opening an equal number soon, according to their CEO.

I exchanged email and telephone calls with representatives of both Sair GNU/Linux and Linuxgruven yesterday to find out what each had to say about any legal entanglement between the two companies, and about the uncomplimentary descriptions online of Linuxgruven's hiring practices. If you read the links above, you'll find accounts by Linuxgruven course applicants, who claim that they were offered well-paid entry-level jobs -- in advance, prior to taking any course -- in exchange for paying up-front for the training courses offered by Linuxgruven.

Lenny Sawyer, Sair's Vice President of Operations, was the first to respond to my email, but could offer little information. He said "[w]e (Sair Linux and GNU) feel it would be inappropriate for our company to comment publicly on any possible legal proceedings or an investigation by an outside agency. Sair Linux and GNU Certification has stated it will always take the necessary and proper steps to protect its copyrighted training and certification materials, but we can not comment on any possible individual situations."

Shortly after this, I reached by telephone a Linuxgruven employee named Alex White, who told me that I needed to talk to Matt Porter, the company's CEO. Porter, he said, was on another phone call at the time, but would be able to call me back later in the day. I asked whether I could have Porter's email address in addition, but White said that he had been told not to release email addresses.

While he was on the phone, I asked White (in Linuxgruven's St. Louis office) a little bit about Linuxgruven and his experience there. Was he a Linux user? Did he take a Linuxgruven training course? White answered Yes to both of those questions, and described the 4-week training course as "very comprehensive -- about 80 hours of classroom instruction." White, though, said he was unaware of any legal action either active or in the works involving Linuxgruven, and that I'd have to wait to talk with Porter. White also said he'd never heard of anyone being offered a job at Linuxgruven contingent upon pre-payment of course fees.

I asked White if when he had taken the Linuxgruven course he had been asked or required to pay in advance. "I don't recall," he said. When I expressed surprise at not remembering at what point he'd had to hand over the thousands of dollars the four-week course costs, he explained, "I had relatives who paid for it, and they went through that whole [payment] process." He saw the training course as a route to a better job, after a stint in tech support for another company. What is his job at Linuxgruven now? "Basically, I set up interviews," said White.

A few hours later, Porter called me back, and promised an email with some information (it arrived a few minutes later), and provided his cell phone number; we both agreed that I should read his email and then we would talk again.

During a second telephone call, I asked Porter whether anyone was offered employment at Linuxgruven on a quid pro quo basis, as the user-group emails above indicate, and Porter flatly denied that anyone was ever offered a job based on prepayment for Linuxgruven's training course. "That's never been the case," he said. "That's not how we operate."

"There is absolutely no requirement that any job applicant take our training course and, in fact, we have many employees who have passed either our own examination or the Sair examination without ever taking our training course," reads part of his e-mailed response. "If someone wishes to take our training course in order to prepare for either our own examination or the Sair examination, we offer a discount on our course and we offer to employ the person if he or she subsequently passes one of the two examinations. We do not offer employment in return for simply enrolling in the course, and we do not guarantee that anyone who takes the course will pass one of the two examinations."

Porter told me by phone and in his email that he was aware of the Ross Brunson email cited above, but that he knew of no active legal action involving his company and Sair, or anyone else. Rather than the (singular) "ongoing Better Business Bureau investigation" mentioned in that email, Porter said that he is aware of two BBB investigations, one apiece from the St. Louis and Kansas City bureaus. "We are currently working with both Better Business Bureaus to explain the correct nature of our employment practices," according to his email.

But what is the status of Sair's relationship with Linuxgruven, and why the talk of legal action? According to the email linked above, which Porter says he "assumes is genuine," Sair has "suspended operations with [Linuxgruven] due to non-compliance" with Sair's contracts regarding instructor qualifications.

Porter puts it slightly differently, allowing that Sair and Linuxgruven are no longer parters, but according to him this is because the two companies could not agree on terms for contract renewal. He said via email, "We have not received any word from Sair Linux asserting that it believes that we have misappropriated any of its copyrighted materials. Of course, it is not our company's policy or practice to misappropriate anyone's copyrighted materials."

"The whole stuff about Sair confuses me, because we look at that test, and we have complete respect for what Sair and those guys are doing," said Porter. "We have the utmost respect for the Linux community,and we owe a lot to the community." Porter pointed out that his company accepts Sair-certified applicants, and said this was a good indicator of how much respect Linuxgruven holds for the worth of Sair's training, whether or not the two companies are currently working together.

On the telephone, Porter also seemed slightly taken aback by the disappointment and skepticism expressed online by the people behind the links above, saying "We're a legit company ... We have happy customers," pointing to the testimonials and case studies featured on the Linuxgruven web site. Porter, in fact, is chairperson of the St. Louis LUG, and seems genuinely interested in spreading the idea of Open Source software.

With eight offices open at present, and plans to open eight more in the works, there's no doubt that that aggressive hiring practices are the natural result of Linuxgruven's growth. But why do several people claim to have been offered jobs in exchange for paying for the Linuxgruven training course, if that's "never been the case," as Porter says? The answer to that is likely to come out soon.

If courtroom action is initiated, we're sure to hear more about both Sair and Linuxgruven; anyone with experiences of any kind as a Linuxgruven applicant or employee, or with thoughts on the Sair certification, is encouraged to post comments below.

Update: 01/31 02:04 AM by T : Thanks to Matt Porter for this clarification: Alex White, the Linuxgruven employee I spoke to on the phone, has not yet received certification from Linuxgruven, and his current position is one which allows him to work toward that certification. Any implication otherwise was in error.

Several people wrote in to point out that SuSE appears to be the first big Linux vendor to have announced a distro to be shipped with the still-cute 2.4 Linux kernel as default. Here's their announcment in English, and in German. Since they'll also be including a 2.2 kernel "in parallel," this isn't totally earthshaking (some other distros have been shipping 2.2 stock and 2.4 optional for a little while), but it certainly is welcome news that SuSE is willing to reverse that order. Update: 01/26 05:04 PM by T : SuSE's Lenz Grimmer wrote to correct this, saying "Even though we ship with the 2.4 kernel, it is _not_ the default kernel, the user has to explicitly select the kernel during the installation." Thanks for the correction, Lenz.

Rurik writes: "Over at MCV, a UK based site, they have a front page article about the death of the DreamCast. It seems Sega is losing too much money off the DreamCast, and are halting all production." An unnamed reader also points out this feature on cex.co.uk on same. Patrick Lewis writes of the move: "... and this time they mean it. Yahoo/Reuters says so." And of course, there's also coverage at Daily Radar, too. Update: 01/23 10:21 PM by T : Note that many of these stories prominently feature the denial by Sega representatives of the quitting-hardware reports; according to both the Nikkei news service and the Nihon Keizai Shimbun, though, sales will halt once the current inventory is gone. Sure sounds like quitting to me.

Weyoun writes "All those who play Diablo2 know that their characters on the battle.net 'Realms' servers are supposedly secure and unhackable. This has been the case up until a few days ago, when a group of crackers discovered a method whereby they could log on as any character. Since then, they have reigned over a virtual apocalypse as hundreds of the top ladder players have seen their items stolen (including that of one well-known Blizzard employee). Even worse, beginning last night one of the hackers began systematically murdering the top hardcore ladder players, by logging in as them and getting them killed (death is PERMANENT for them). As of yet there has been no official reaction from Blizzard, but the entire community is in a state of shock over this situation." Update: 01/02 04:30 AM by T : It appears that Blizzard has now corrected the problem. See below for more.

Gaile - DiabloII.Net sent this update: "Blizzard has posted their response to the Diablo II Realm Character losses on their Realm Status Forum. The losses have been stopped (as of this morning), and characters are secure once more on the Realms. In addition, dead Hardcore Characters will be restored automatically, on January 8th, as outlined here:

[On] Monday, January 8, we will be reviving all hardcore characters who died between December 19th and January 1st. The restored hardcore characters will be revived with the experience, skills and items possessed as of Tuesday, December 19th. This restore will be automatic and players do not need to contact Blizzard to request that their character be restored. Note: Only dead hardcore characters that died between December 19th and January 1st will be revived.

In addition, a mechanism is in place for the retrieval of items, as well. The Blizzard post is on the Blizzard Site. We'll have more soon in the DiabloII.Net Bug Bytes section, which is an overview of the current game build."

Ben De Luca pointed out that CNN has a headline story about losing contact with the unmanned Mir space station. Hmmmm. So much for a "controlled descent." Update: 12/26 06:37 PM by T : Contact has been regained (thanks, Nennon) -- so, no Skylabs worries, yet.

guido_sst writes "Richard Silverman, co-author of O'Reilly's SSH, The Secure Shell: The Definitive Guide , has written a response to Kurt Seifried's article entitled 'The End of SSL and SSH?' at at Security Portal written after the release of dsniff 2.3. You can read the original article at SecurityPortal, the original Slashdot coverage on Slashdot, and Silverman's response at O'Reilly.." We had link to the story as well.

Matthew Moyle-Croft wrote to us regarding a very important development concerning the consumption of beer in space. I'm going to sleep easier knowing this *grin*. Update: 12/22 06:07 AM by T : Thanks to alert reader toad (who was not drinking within sight) for the updated URL.

Josh Baugher writes " A 100 megabit ethernet card with a TCP/IP stack built in. They claim to be able to do 9 megabytes/second with only 2% CPU load (compared to 4.5 megabytes/second at 98% receiving CPU load using Windows NT TCP/IP ( read about this on "geeks" mailing list.) "

Kevin Postlewaite writes "This web page describes a modified gcc that protects against stack-smashing attacks by appending a character to return addresses that it pushes to the stack. The program then checks to make sure that the character hasn't been changed, which it must be (though possibly undetectably) in order to overwrite the return address with a buffer overflow. " You can read Some discussion here or some more here. and a project with a similiar goal, to Bounds Checking to C. "

Kevin Postlewaite writes "This web page describes a modified gcc that protects against stack-smashing attacks by appending a character to return addresses that it pushes to the stack. The program then checks to make sure that the character hasn't been changed, which it must be (though possibly undetectably) in order to overwrite the return address with a buffer overflow. " You can read Some discussion here or some more here. and a project with a similiar goal, to Bounds Checking to C. "