andrew writes "Anthony Towns, Debian's Release Manager, posted this message regarding the status of the expected May 1st release of Woody made reference to in this slashdot story. In short, he says: "So, it's April 30th (for most of the planet, anyway), which probably means folks are beginning to get mildly curious about whether woody'll actually be ready for release tomorrow. The answer is a definite 'kind-of'. Which is to say, 'no'.""

Tonight's Slashback includes updates on the state of MPlayer, Google's API release, DIY backyard transportation, and (thanks to politech) the "hidden camera" bill. Oh, and apparently, Mars is not the lush, green paradise you thought it might be. Read on for the details.

Nat Friedman often seems to live in the shadow of his famous coworker, Miguel de Icaza, but today it's his turn to shine. You asked Nat questions last week. This week he answers, in detail, with lots of links, touching on subjects ranging from Gnome's future directions to how Microsoft is dealing with Linux as a competitor to Windows.

isdale writes: "Charmed Technology, founded by MIT Media Lab graduates, announced what it claims is the fastest available wearable computer -- 800Mhz Crusoe TM5800 processor. The CharmedIT comes standard with a 266 Mhz Pentium MMX for about $2k. The Crusoe upgrade costs another $500. The OS is extra ($250 for RedHat or Debian), as is the display, input device, carrying case, battery, charger, usable application ... if that isn't enough options, you can also get a DIY kit."

Lisa writes "An Apple iBook turns out to be a great choice for running Debian GNU/Linux. Edd Dumbill, the editor of XML.com explains why." This could also be an argument for why to use Mac OS X instead of Linux in the first place, but if you do want to use Linux, then a Mac is a good choice. :-)

Daniel Stone writes "In results released by Project Secretary Manoj Srivastava today, Bdale Garbee was elected Project Leader ahead of Raphael Hertzog and Branden Robinson. Congratulations Bdale! And no CmdrTaco, the debs are not (quite) yet ready, but they *are* very close." The elections page has more information.

Anonymous American (Sherman Boyd) writes: "I was looking for a flexible, powerful distribution that makes it easy to build a 'custom' Linux box that meets my exacting specifications. I think I found it. Gentoo Linux has just released version 1.0 of their innovative meta-distribution and to celebrate I decided to throw it on my laptop and write this article based on my experiences." And good news for anyone interested in trying Gentoo: yesterday, Daniel Robbins announced the release of version 1.1a. Read on for AA's detailed look at putting Gentoo on his machine -- Gentoo has a different style than today's typical distributions, and it bears some explanation.

dex@ruunat noted that this morning, in a message to the debian-devel-announce mailing list, Anthony Towns, Debian's Release Manager, wrote: "I'm becoming increasingly confident in woody's release readiness. So, to go out on a limb: Debian 3.0 (codenamed woody) will release on May 1st, 2002." Congrats to all the debheads putting this thing together. I have a blank CDR waiting ;)

Emilio Hansen noted that KDE 3.0 is on their site. There is no official announcement yet, but this looks like the real deal. No debian packages yet, but you can snag RPMs from various distros or src for the do it yourself. Updated by HeUnique:Here is the announcement, enjoy.

F1re writes "Linux User mag in Germany has decided to include Debian on the mag and wants to make a more user friendly installer. They are looking for help from Debian developers. More info here Linux User"

Erich writes "Debian Developer Simon Richter announced in this posting to debian-devel that he Intends to Package (ITP) a R00tk1t for Debian Linux. The rootkit will make use of debian mechanisms such as diversions to divert the original /bin/ls commands and replace them cleanly by the modified versions. Even reinstalling or upgrading the file-utils package (containing /bin/ls) will then not remove the modified /bin/ls and the rootkit will stay active, being probably the first upgrade-resistant rootkit! This rootkit will then be easy to install by doing "apt-get install rootkit" - a major useability aspect for our fellow wannabe-hackers, making Debian the premier choice for them."

robstah writes: "Bart Bunting, a Debian developer has won two gold medals in the 2002 Paralympics games. This story at Debian Planet has more information. I think we should commend Bart for his excellent achievement and wish him luck for the future."

evil_one writes: "Debian Planet is reporting that the official announcement has gone out regarding Debconf 2002. It's going to be held July 6-8th , making it rather convenient for anyone who wants to attend the Ottawa Linux symposium this year."

Cine writes: "James Troup and Sam Hartman recently sent a note to all debian mirror maintainers, to inform them about the current situation and future plans. Sometime after March 8th, crypto software like OpenSSH, SSL support, and many other enhancements will be integrated into the debian main archive. This is in accordance to legal advice the Debian project received."

GlobalEcho writes: "Developers associated with Darwin are beginning to think about package management and source building. At issue is whether something like dpkg, RPM or *BSD's ports could suffice, or whether they are all just way too mid-90's. Jordan Hubbard himself (now of Apple) weighed in with his opinions (user and passwd 'archives'). Apparently he thinks it is time for something more advanced, and he gives some ideas about what that might look like. Does anyone else have good ideas?"

robstah writes: "Vintage Alpha based systems, such as the DECstation are often available going cheap at auctions or free from a skip as companies 'upgrade' to PCs. As many goverments now want to prevent computers from ending up in landfill one solution is for us geeks to recycle. How? Installing Debian of course. Debian Planet has a great article on installing Debian on vintage Alphas."

evil_one writes: "The end is finally here for Corel, who released a Debian based linux distro a couple years ago (now owned by Xandros) Has announced that they are shutting down their Open Source Development web site as of March 1st. As many readers already know, Corel has helped the community on a huge scale, providing the Linux world with versions of Corel Draw and Corel WordPerfect. It's sad to see this, especially with the amount of work that Corel has put into Wine and their other projects, which include add-ons to KDE." Guess I can retire this topic icon ;)

willybur submits word of this Debian Planet story on the upcoming release of its next stable version. The article says: "According to Anthony Towns (our beloved Release Manager), woody is nearing release. All but three RC base bugs are fixed now, and the bugsquashing party is working through the RC bugs in standard. It's not all good news though. The bad news is that this means we're probably releasing soon, and that of the hundreds of less important packages with RC bugs (eg, bugzilla, craft, crossfire-{client,server}, epic4, fvwm95, gmc, gnome-admin, intuitively, kdepim, moon-lander, tkdesk, wine, and xosview) will be getting randomly ripped out of testing ... Check the stuff that's important to you and get it fixed before it's too late." Says willybur: "See the announcement on debian-devel-announce."

Dare Obasanjo contributed this followup to an article entitled The Myth of Open Source Security Revisited that appeared on the website kuro5hin. He writes: "The original article tackled the common misconception amongst users of Open Source Software(OSS) that OSS is a panacea when it comes to creating secure software. The article presented anecdotal evidence taken from an article written by John Viega, the original author of GNU Mailman, to illustrate its point. This article follows up the anecdotal evidence presented in the original paper by providing an analysis of similar software applications, their development methodology and the frequency of the discovery of security vulnerabilities." Read on below for his detailed analysis, especially relevant with the currency of security initiatives in the worlds of both open- and closed-source software.

polymath69 asks: "Living on the edge of Debian unstable means that updates sometimes break stuff, occasionally to an extent that is difficult to recover from. This got me thinking about treating the entire set of mounted filesystems as a transactional database. Mark state, try something which might be dangerous, test, and approve (commit) or panic (rollback). Obviously some filesystem support would be required, but with ext3 and reiserfs available, maybe the potential is already there. And such a system would need lots of disk space, but these days that's a demand easily granted. There's lots out there on process-level checkpointing, and even some stuff about system-level checkpointing, but all I've found on that was in the context of saving and restoring processes for a system freeze and restore. But I couldn't find anything on Google or SourceForge about doing this sort of temporary branching in the filesystem. Is this idea feasible? Is anyone working on it?"