Armin Herbert writes: "According to this mail from Rafal Wojtczuk and a german article on Heise Online, there's a new severe bug in all Linux Kernels, from 2.2.0 up to 2.4.10, which allows users to become root on your system. Kernel 2.4.12 fixes this problem, and RedHat, Caldera and other distributors already supply patches for their Kernels. See Bugtraq for more information." Important notes for anyone running a multi-user system. Update: 10/19 16:12 GMT by J : If I'm reading Nergal's writeup correctly, 2.4.10 is still vulnerable to the local DoS, but not to the local root exploit. Separate issues. And as pheared points out, there is one unverified report of a custom 2.4.12 being vulnerable as well; please try the exploit on your system and let us know what you find. This is a big one, you can expect the kiddies have already added this to their rootkits. Update your systems now!

the_2nd_coming writes "Red Hat has announced a legislation alert for the SSSCA. They are collecting comments to hand to lawmakers. Get those comments in while you can, but make sure you give them some thought."

beton asks: "We've all come to the point where we feel the need to change distros. A friend of mine has been a loyal Red Hat user for over 4 years now, but now he'd like to try Debian. He's trying to accomplish this with minimal effort so I was wondering if there are any tools around that allow to change from Red Hat to Debian without having to start from a 'clean' PC and reconfigure everything to fit your needs. Such a tool should e.g. reinstall all your programs and should try to configure them using your current config files. I did some searching on Sourceforge and Freshmeat but I didn't find anything useful. Do any of you know such a tool or is the whole idea just impossible to accomplish?" Even limiting such a tool to the larger distributions out there, it would be a bear to implement such a tool and iron out all of the wrinkles. Of course, if all Linux distributions could agree on a file system standard, then such a tool may even be unnecessary, but I doubt that will happen in the near future. So how do you all weigh in on this issue? Would a distribution conversion tool be useful or would we all be better off with a file system standard that works across multiple distributions?

Søren Schmidt was browsing through the 2.4.10 linux kernel source when he saw something that looked a bit familiar. Too familiar in fact. Søren is the principle developer of FreeBSD's ATA drivers, including FreeBSD's support for ATA RAID cards, and as he looked through the linux/drivers/ide/ files the sense of deja vu was overwhelming. Read on for more.

Reader Bob Johnson wrote this detailed review of Hacking Exposed followup Hacking Linux Exposed -- especially in light of the various color-coded Windows viruses still on the loose, this might be a good present for your your local Windows administrator as well, but both Bob and the authors are clear: GNU/Linux systems may be more resistant, but are not immune to cracking.

DrInequality writes: "For those of you out there who admire the portability of Java but want something faster or open source, the answer to your prayers is finally here. The Internet Virtual Machine is open source, fast and supports C, C++, Java and ObjectiveC. There are some cool demos for Linux (requires Redhat 6.0 or above, and OpenGL 1.2 or Mesa 3.41) here (1.5MB) and for Windows (requires glut32.dll, here) here (1.5MB)." We mentioned this last year; perhaps it has improved. I'm sure a lot of people would be interested in a language as portable as Java but speedier.

Readers have sent in quite a few links to stories wrapping up this year's LinuxWorld. The most interesting thing I saw was the HP MP3 stereo component which looks a lot like a tivo, but for sound. I'm not sure if they're going to get it right, but it looks close. Hopefully the code will be available. If it is, I'm buying one. Hit the link to read a bunch of other links related to the show compiled by Timothy.

rstewart writes: "The NSA has released a new version of SELinux for public consumption. It is based on the 2.4.9 kernel and the utilities patches are known to work on Redhat 7.1. More information and the source can be found at the NSA SeLinux site." You can read the what's new for more information.

RedLeg wrote with this poser: "So, looking at the changelog for the 2.4.9 kernel release, I see a few '- Alan Cox: driver merges' entries. Intelligent consumers of (or those of us who modify them for our own uses) RedHat Kernel src.RPMs look at the patches in the RH kernel builds. Alan's (and other persistent RH) patches don't seem to be integrated into Linus' 'mainstream' kernel trees on any kind of a predictable basis, and this frequently causes projects like freeswan to have difficulty merging their patches (not intended for kernel inclusion) with kernels that appear 'in the wild' like the kernel RPMs from RedHat. Often, kernel patches for obviously older kernel versions continue to be applied (in the RPMs) to newer kernel versions. Alan is a RedHat-er, so he obviously has an inside track to RedHat kernel builds, but he's also Linus' Right-Hand man, but his patches are not (apparently) consistently making it into the 'mainstream' kernel. What am I missing?" Who better to answer this question than Alan Cox? Alan was kind enough to write an explanation of the (still complicated) process of merging -- and it's not as simple as who works for what distro maker ;)

Last week you asked Sam Lantinga , developer of the Simple DirectMedia Layer (SDL) about SDL and other issues related to gaming. He's responded with answers about the SL port to Sony Playstation, game audio, DirectX, his new job at Blizzard, and more. He even drops some hints about some interesting gaming developments to watch out for.

mz001b writes "There is an interesting article from RH posted on LinuxToday discussing why they chose ext3 over the other available journaling filesystems (ReiserFS, xfs, jfs,...) for RH 7.2"

bc90021 writes: "CNET has this story about Hewlett Packard's new secure version of Linux. Using 2.4.2, it can supposedly detect attacks as they happen. (At $3,000, I think it should counter-attack, too.) It will be available on HP servers (duh), or on servers that pass the RedHat 7.1 server qualification tests."

rsd writes: "I have been searching the web for a few days looking for old rpm based distributions ISOs for a study with libc5. All I could find so far is some loose packages, but not a downloadable ISO image. For RedHat 4.2 and older, Conectiva Linux 1.0, ... it is impossible to find. So I ask myself is there a centralized place taking care of this, for public use and even preservation of the Linux History and evolution? We have lots of places with ISO images, like linuxiso, however these sites just keep with recent distributions."

Juraj Bednar writes: "I have done two interviews: one with Bero from RedHat and one with Richard Stallman, the GNU and FSF founder. I usually write in my native language, but since these interviews were done in English, I asked myself why not to share them" Readers may want to also visit Bero's shared-source.com, and bookmark it as a FUD antidote.

LinuxNews.pl writes: "Few days ago RedHat uploaded new Beta release of their distro - Roswell. If you want to find out more about it just go to the LinuxNews.pl" And I won't even make a snide comment about how I haven't run Red Hat in 2 years!

More information below to update recent stories about MandrakeSoft's IPO, CDs designed to thwart the evil and insidious practices of convenient listening and fair use, and He-Man's favorite GNU/Linux distribution.

Last week, you asked Shawn Gordon questions about his venture TheKompany, an outfit which has been (fairly) quietly working on a small flotilla of software for GNU/Linux systems, and some cross-platform applications as well. His responses are below; you might be surprised at a few of them. (And some lucky Debian hacker might even pick up a job.)

toughguy asks: "I've got a single phone line with three numbers attached to it. The three numbers make three different rings when they are called ("Distinctive Ring Service"). I'm trying to get a Linux machine (RedHat) to answer only on one of the distinctive rings so that it can receive faxes on that line. So far I haven't had any luck. I'm wondering if anyone has been able to get a Linux machine answering distinctive rings. If so, what modem hardware were you using and what software package as well?"

ahde asks: "I tried to install Ximian Gnome 1.4 on a customized Redhat 6.1 box that their Red Carpet installer didn't like. No big deal, I thought I'd just download Gnome and install it myself, only to discover that there is apparently no such thing. Gnome.org tells you to download from Ximian, which only allows installs through their Red Carpet. I have nothing against Ximian, but is there another way to get Gnome without downloading a hundred separate RPMs and then going through dependency hell?"

Okay, here's a nice "behind the curtains" peek into the way tech industry analysts (who are not the same as stock analysts) get and interpret their data, courtesy of IDC analyst Dan Kusnetzky, in the form of answers to the insightful questions you asked him last week.