Matt2000 asks: "With the growing number of package updates that cross my inbox for my redhat systems, and with the vast majority being buffer overflows, or overflows of some kind doesn't it strike anyone that there must be a better way? Instead of spending time auditing every piece of software for mechanically preventable bugs, why isn't there a common, audited virtual machine that people can build net facing services on? I would guess that sshd, httpd, and sendmail would be good candidates to start, as they are the most common and the most exploited. And please don't freak out performance junkies, if you run a website that serves 70,000 people a second and need to run native apache, then do so. Just accept that it will be less secure."

petabyte writes "Now that RedHat 9 is out, here's something for the rest of us. OpenSSH 3.6 has been released today. Is has several new features including a progress meter for sftp and bandwidth limiting for scp. I haven't installed it yet but I'm sure the packages will be hitting mirrors soon enough. There's even a new T-shirt."

Red Hat Linux 9 is out, and as of today the ISOs are officially available to Red Hat Network subscribers ($60/yr). Or, as of right now, you can grab the same ISOs using BitTorrent. For those unfamiliar with this free/Free P2P download protocol, an introduction follows, written by ololiuhqui. Update: 03/31 23:45 GMT by J : After roughly four hours, BitTorrent has transferred over 500 full copies of all 3 ISOs, and a total of over 1.5 TB, at 170 Mbytes/sec. Thanks to the more than 3000 people who helped each other download the data, and especially to the more than 200 who got full copies and still have their clients open, to keep serving data to everyone else :)

Garfunkel writes "Looks like Red Hat is breaking tradition and skipping 8.1 and 8.2 and jumping directly to 9.0 RHN subscribers get it a week ahead on March 31st. Available to the rest the world a week later (April 7)." The website refers to the upcoming release simply as "9" -- which doesn't rule out future point releases, but could it be?

Dman33 writes "Redhat Linux seems to be gaining an even stronger share in the server and workstation market as HP is announcing worldwide sales and support of the popular distro. Infoworld has a writeup on the announcement and the press release straight from HP is a good read regarding the initiative."

OldBen writes "RedHat has announced the product stable to replace the mainstream releases for enterprise use. RedHat Enterprise Linux AS replaces Advanced Server (with quite a price hike to go along), ES is targeted at "entry-level" servers, and WS is for workstations. See the details at RedHat's website."

mackman asks: "I was wondering if anyone has ever though about using their DNS servers to provide mirror information? A specially formated TXT-record could easily provide a DNS-cache-friendly mirror listing. A TXT-record would just need a list of servers and paths, or perhaps a more complicated mapping for servers which only mirror a subset of the original site. This would allow for much more flexibility than a basic round-robin A-record scheme. For example, instead of pounding the Red Hat web server to get a mirror listing (or relying on Slashdot posts for that matter), why not do a 'dig -t txt mirrors.redhat.com'? Of course we could build this into download managers like wget."

randal writes "A security vulnerability in the Sendmail Mail Transfer Agent (MTA) has been identified by ISS. This bug can give an attacker the ability to gain remote root access to the targeted system. There is no known exploit code of this vulnerability in the wild at this time, but everyone should upgrade immediately. This issue affects all versions since 5.79. Open Source sendmail users can get source for the newest version (8.12.8) as well as patches for 8.9, 8.11, and 8.12 from sendmail.org. Commercial Sendmail customers can find patches at sendmail.com/security. Most major OS vendors will be releasing patches immediately." Update: 03/03 19:23 GMT by T : Reader Patchlevel points out that RedHat and OpenBSD have already issued patches.Update: 03/03 20:45 GMT by T : Reader Claude Meyer links to an update from SuSE, too. Update: 03/03 22:52 GMT by T : djcatnip points out that Apple has released a software update to patch OpenSSL and Sendmail for Mac OS X 10.2.4, and the Slackware site says they have updated to 8.12.8 as well.

Dan writes "Matthias Scheler has imported XFree86 4.3.0 into NetBSD current, it is only tested under NetBSD-i386 at the moment. Also, as part of updating the toolchain, Matthew Green has imported the latest GNU binutils (2.13.2.1) into NetBSD-current. The new GNU binutils adds support for hppa and x86_64, improved support for existing architectures and is known to work for almost all CPU types NetBSD currently supports. Updates of gdb and gcc will follow."

Mark writes "As this news.com article states, 'Red Hat and Oracle plan to announce on Thursday that the companies have teamed to get Linux evaluated under the Common Criteria, a certification that could open doors for the broader use of open-source software by government agencies.' It looks like this will be an important step in getting Linux to be more widely adopted in governments around the world."

doom writes "There seems to be some interest just now in technical books based on freely licensed content, so I thought I would discuss the Dossier series from Rich Morin's Prime Time Freeware project." Doom has provided an overview of this series; read on below to find out for yourself why he says man pages and other free documentation are worth paying for in dead-tree format.

Frank Caviggia writes "The Inquirer has a story up about Red Hat providing educational institutions with the ability to certify students as Red Hat Certified Technicians (RHCT) and Red Hat Certified Engineers (RCHE) how this will relate to Microsoft's MSCE program. You can find the story here. Red Hat has more information on the program here."

An anonymous reader submits "Competing infrastructures may foster improvement in each desktop, but the Gnome and KDE hackers still know how to work together when needed. The Free *nix desktop has been improving quickly. Red Hat's unified desktop was controversial, but obviously the right decision for regular users. Now that KDE and Gnome have decided to combine their Human Interface Guides, it can be done right--by the developers themselves. Note: they also want to involve 'people working on other non-KDE non-GNOME HIGs.'" Update: 02/03 20:19 GMT by T : Apparently not everyone's browser can read http://freedesktop.org, so the initial link up there now sports a "www" as well. And it's .org -- sorry.

BrunoC writes "Looks like Red Hat is getting a little Microsoftish and is quietly introducing its brand new 12-month-only Errata. Quoting The Reg: 'Red Hat's current death list EOLs RH 7.1-8.0 at the end of this year, while 6.2 and 7.0 get theirs as of the end of March.' You can read the whole article here." I don't see how this is "Microsoftish" -- the code Red Hat creates or includes is still GPL, and you can pay anyone willing to fix it. They're not required to support it forever :)

Most of the questions we got for LinuxWorld exhibitors were pretty general, with no specific exhibitor attached to them. I did my best to get appropriate people to answer them. Here are the results. (And for those who wonder... Kevin Mitnick emailed - he's been traveling and busy, but hopes to get his answers to us shortly.)

Slashback updates tonight on sky-diving cars, Microsoft's new code Glasnost (guess who's signed up to see the code?), the fate of the PCI-SIG list, the SCO and Linux licensing brouhaha, music royalties in Finland, and more. Read on for the details.

We ran the "Call for questions" Monday, January 13, under the headline, Discuss BIOS and Palladium Issues With an AMIBIOS Rep. Note that Brian Richardson, AMI sales engineer, is a real engineer, not just a salesperson, and is also a staunch Slashdot reader who knows we have low tolerance for PR whitewashes around here. Brian's answers are real, not laundered, and he responded not only to the 10 questions we sent him but also to some he felt deserved answers even though they weren't moderated all the way up. Please note that in much of this interview he is speaking as "Brian Richardson, individual," and that his opinions do not necessarily reflect those of AMI's management. With that said, be prepared to learn a lot about the BIOS business, and how TCPA and Palladium relate (and don't relate) to it.

arb writes "The Age has an interview with Shawn Gordon, president of theKompany.com where he discusses such issues as RedHat's focus on Gnome and the relegation of KDE 'to second best', other Gnome vs KDE issues, distributions including proprietary bits and so on."

BladeMelbourne asks: "As a web developer with a healthy love of Linux, I was wondering which fonts look great in Linux web browsers (particularly Mozilla/Netscape). Using 'Arial,Helvetica,sans-serif' just doesn't look nice. Do different distro's have different fonts? Which fonts resemble Arial/Helvetica? Which fonts are anti-aliased? Speaking of anti-aliased, does anyone know concisely how to get AA fonts with Mozilla on RedHat 8.0? I have my TTFs working, but don't seem to display correcly and look rather ugly on my display."

Alkini writes "Red Hat just announced a new beta, codenamed Phoebe. Their highlight list includes Mozilla 1.2.1 with Xft antialiased fonts and glibc-2.3.1. The new beta can be downloaded from RH's FTP site or one of the mirrors."