A not-so-anonymous Anonymous Coward asks: "Someone has suggested to make a UserBSD instead of a UserLinux. From what Bruce Perens' anonymous 1-million-$ backers seem to want (no GPL-/Commercial dual-licensed development toolkit like Qt in any library, but only gratis LPGL stuff), this seems to make a lot of sense. After all, only the kernel would be different, the rest of the stuff (including the KDE or GNOME desktops) runs pretty much the same on BSD as it does on Linux. Is it possible to get the legal problems solved with licenses and still create a usable enterprise Unix desktop system on *BSD?" The idea, in and of itself, sounds fine, but does the choice of kernel really matter? What advantages would BSD have over Linux in such a project, and vice-versa?

Dan Clough writes "I found Linux Power Tools to be a useful book, although it does have some shortcomings. It's a 644-page, well-written book that covers almost all aspects of managing, administering, and optimizing a working Linux system. The book's cover claims the target audience as intermediate to advanced users, but I think that beginner to intermediate would be more accurate. More advanced users may find Linux Power Tools a little beneath their level." Read on for the rest of Dan's review.

hsoom writes "Debian Planet is reporting that unofficial sarge-based ISOs using the Anaconda installer can be downloaded from here. The features developed so far include '...changed the code that installs software to use APT instead of RPM, removed Red Hat-specific configuration hooks, and written a new tool called picax that builds Anaconda-based installation CDs from a Debian repository'. However there are features that are not yet working and it is not recommended for use in a production environment."

costela writes "LWN points out that the Gentoo project fired out an alert about one compromised rsync server." From the message itself: "However, the compromised system had both an IDS and a file integrity checker installed and we have a very detailed forensic trail of what happened once the box was breached, so we are reasonably confident that the portage tree stored on that box was unaffected." Update: 12/03 22:54 GMT by T : One more damage report: gibson writes "The Free Software Foundation recently discovered that its software host site was compromised a month ago. The compromise appears to be the same as the recent attacks on the Debian servers. The site is shut down until Friday while they install replacement hardware and verify the authenticity of the hosted source code."

saintlupus writes "I've got a question for the rest of the Slashdot community. I'm using an old clamshell iBook at work with Debian/PPC on it. As any Apple site can tell you, the iBooks of that era had a maximum resolution of 800x600. Now, I use a 19" monitor and a 17" monitor running together with Xinerama on my machine at home, and I'm used to that much space. I use WindowMaker on that computer, but on an 800x600 screen those Dock icons look the size of buses. Can anyone recommend a window manager that uses a minimum of screen real estate so that I can fit a bit more on the iBook's LCD?"

mbanck writes "The cause of the recent Debian Project server compromise has been published by the Debian security team: 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific."

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

emgarf writes "Today, on the first anniversary of the MEPIS Project, MEPIS LLC announced the release of MEPIS Linux 2003.10 for Pentium processors. MEPIS Linux is a desktop Linux that is designed for both personal and business users. MEPIS Linux offers a live/installation/recovery CD, advanced automatic hardware configuration, XP/NTFS support, ACPI power management, WiFi support, personal firewall, KDE 3.1.4, OpenOffice 1.1, Mozilla 1.5, and much more."

FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."

Sean was one of many to pass along the bad news from the debian-announce mailing list: "Some Debian Project machines have been compromised. This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours. The archive is not affected by this compromise! In particular the following machines have been affected: 'master' (Bug Tracking System), 'murphy' (mailing lists), 'gluck' (web, cvs), 'klecker' (security, non-us, web search, www-master). Some of these services are currently not available as the machines undergo close inspection. Some services have been moved to other machines (www.debian.org for example). The security archive will be verified from trusted sources before it will become available again." They were going to announce 3.0r2 this morning; they've checked it and it's unaffected but obviously they're still postponing that release.

An anonymous reader writes "Over at LinMagAu There is an interesting look at the new beta version of the Next Gerneration Debian Installer. Putting aside the fuss around Ian Murdock, Progeny and Anaconda, this is how Debian is constructing the future of what is known to be it's Achilles heel. It's a well done beginning." While still not a graphical installer (and the article does a good job of explaining why that's not a priority) the installer now autodetects hardware, streamlining module selection, which was previously one of the more confusing parts of the install for newbies.

Rathumos writes "The network security world has been waiting patiently for a definitive study of internet worms and defenses against them. Defense and Detection Strategies against Internet Worms by Dr. Jose Nazario has arrived to fill that space with a clear and concise analysis of the current state of worm defense." Read on for the rest of Rathumos' review.

An anonymous readers writes "Infoworld is running a report on the Desktop Linux Conference, at which Bruce Perens suggested that in order to get Linux to the enterprise desktop, the Linux community should base their efforts on one single distribution... based on Debian. Perens went on to say that enterprises will be willing to pay Linux companies to engineer versions of Linux to suit their needs, but that the base distro should remain free. He suggested that by 2006, 30% of enterprise desktops will run Linux." Here is a wired story with more information about his proposed UserLinux project.

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

JoeBuck writes "According to this message from Ian Murdock on the Debian developer's mailing list, the Progeny folks have ported Red Hat's Anaconda installer to Debian. They have also written a tool that "facilitates the creation of Anaconda-based Debian installation CD sets". They are also engaged in other interesting unification work, and hope to be able to allow collections of managed RPM and .deb packages to coexist side-by-side." uberkludge points out an article with more details at Ars Technica.

Slashback brings you updates tonight on Diebold's attempts to bring undisclosed-source, unauditable black-box voting to a ballot box near you, John Carmack's search for (rocket-fuel, not hair) peroxide, AT&T's (withdrawn) request for its customers' mail server addresses, open source goings on at Comdex, and more -- read on for the details.

aws4y writes "Linux Journal is reporting the results of its readers choice awards, among the winners are Slashdot for favorite Linux web site, Debian for favorite distro, Evolution for favorite email client and VIM for favorite editor."

Anonymous Coward writes "A truck, a sat dish and a sunburnt country. When you absolutely positively need to connect to the Internet, why not carry your own broadband connection with you? One Aussie guy and his wife are doing just that -- packed up the lot and have gone on the road, so far roughly 3000km. He says 'Of course nothing is simple. The salespeople were convinced that I couldn't line up the dish -- it took me about an hour to figure out and now roughly takes about ten minutes each time I set up. They told me that the wireless gear wouldn't talk to the modem, they told me that my Debian workstation wouldn't be supported, they told me that the BOC wouldn't talk to me, they told me that I needed training, they told me that it wasn't done and it wouldn't work, they told me that I'd void my warranty, they told me so many stories..'"

RobotWisdom writes "Ibiblio's historic archive for Linux, linked recently, offers lots of old distros, but the dates aren't obvious. I went through and dug out what dates I could for my timeline, but couldn't find any date for several." Robot Wisdom managed to collect an impressive list; read on below for the result.

eugene ts wong asks: "Our company is planning on taking care of its own email, by setting up our own server. I've been given the task of researching what is out there. So far, I've got my heart set on an IMAP server that we can install on Gentoo. Unfortunately, email isn't our forte, and I really have no idea of where to start. I've made some google searches, browsed around on the IMAP site, and also found this email. According to the mutt documentation, Cyrus and Courier are the best choices." What IMAP servers have you used, and which ones would you recommend?