With yesterday’s announcement that Oracle would begin distributing and supporting Red Hat, we saw yet another big win for open-source in the enterprise. Keeping that in mind, here’s a question that’s worth asking: Are open-source projects secure enough for large corporations to deploy? According to Red Hat employee and British open-source icon Alan Cox, the answer may be “no.” “There is a …

Is there trouble with a capital T in Linux? Yes, according to Linux 2.6.x.y co-maintainer Greg Kroah-Hartman. Despite scores of satisfied customers, from Novell to Red Hat, problems with the enterprise Linux kernel include infrequent updates, terrible power management, insufficient communication between vendors and the kernel braintrust and shutdown problems specific to mobile devices. There’s also the big issue of whether Linux knowledge is too centralized–what if something happens to …

Linux’s Morton jumps to Google
Andrew Morton, best known as Linus Torvald’s top assistant in maintaining the Linux kernel, is now working at Google. He previously worked at Digeo Interactive, in a role sponsored by the Open Source Development Labs; however, Digeo’s internal changes made a chance necessary. Article

Symantec confirmed the stack overflow hole found last week in its enterprise anti-virus products. They posted an advisory notice along with intrusion-detection updates to find and stop any exploits. Actual patches don’t yet seem to be available; perhaps they will follow in a few months as researchers predicted last week. However, Symantec deserves credit for jumping on this problem before it became a widespread IT (or PR) nightmare.

For more on the flaw:
– read this eWeek …

The non-profit Free Standards Group will soon release Linux Standard Base 3.1. This version combines the LSB’s previously separate server and desktop versions, and it’s supported by major open-source companies like IBM, Red Hat, Novell and others. Efforts to standardize desktop Linux have been tried–and have failed–many times before. The announcement is expected at the Linux Desktop Summit next week in San Diego. Perhaps this time the wide support will lead to success.

For more …

The current Linux kernel 2.6.15 isn’t good at handling temporary network disconnections with clients linked to dynamic host configuration protocol servers. So a developer is working on a revised DHCP for the 2.6.17 kernel (2.6.16 is already in beta.) However, critics say the revised software requires other updates by users, it might have other catches, too, and that what’s needed for the current DHCP is a fix, not a total re-write. Look for more once 2.6.16 settles in.

For more on …

The second beta version of the Fedora Core 5 Linux distribution is now available. This distribution is important because it’s the basis of Red Hat Enterprise Linux. There are updates to the development tools (such as Microsoft .Net support), the graphical interface (such as search tools), and the systems management tools (such as Xen virtualization). Look for this version of Fedora to be common by the end of this year, although Red Hat’s exact plans are not clear.

For more on the …

> Did Yahoo decline Microsoft’s $80 billion? Article

> D-Day arrives in SCO lawsuit. Article

> CES gadget fest is biggest ever. Article

> New year, new …

What’s a fuzzer? It is software designed to sift through your code and find the bugs. There are always some bugs, about 5 to 10 per 1,000 lines, because no programmer (and thus no program) is perfect. Writing more intelligent fuzzers is the key to more secure software, experts say. The problem is that fuzzers are used by good hackers and malicious hackers alike. Use them before the bad guys do.

For more on secure code:
– check out this InfoWorld …