The Berkeley LUG has a neat aggregation of many different places where you can acquire a desktop, laptop, or even netbook with Linux pre-installed. The list starts with a link to Dell's Linux offering, includes many independent vendors, and many updates from user comments, almost all of whom seem to be drinking the Ubuntu kool-aid. "Over the last couple of years, Linux has come a long way in terms of hardware support, and these days it is relatively rare that an installation of ubuntu/fedora will be lacking any drivers for your machine. However, installing any OS can still sometimes be a tedious task and one that scares the wits out of the average computer user. And, for the expert users out there, it's just more fun to buy a computer with Linux already on it and not have to pay the Microsoft tax."

theodp writes "Ever get a workaround for a bug from a vendor that's so rigoddamndiculous that there has to be a clueless MBA or an ornery developer behind it? For example, Microsoft once instructed users to wiggle their mouse continuously for several minutes if they wanted to see their Oracle data make it into Excel (yes, it worked!). And more recently, frustrated HP customers were instructed to use non-HP printers as their default printer if they don't want Microsoft Office 2007 to crash (was this demoed in The Mojave Experiment?). Any other candidates for the Lame Workaround Hall of Fame?"

Elektroschock writes "Wine attempts to implement the Windows API layer on Linux. There are some limitations and an important one is the missing DIB engine, bug 421. Chris Howe comprehends the dissatisfaction of core developers with the arbitrary project governance: 'Sorry to sound like a stuck record but the Wine website still lists "write a DIB engine" as a requirement, and every time someone does, the patches disappear down a hole because they're "not right." Someone document what "would be right," or take "write a DIB engine" off the list. I'd love to have a go at documenting it myself, but I don't have the time to reverse engineer it from a few years' worth of rejected solutions.' The latest attempt of Massimo Del Fedel satisfied all requirements set previously for the long standing bug 421, and his optional engine seems to work fine by all Wine quality standards. He seems to be extraordinary stubborn and insusceptible to mobbing. Usually it is extremely frustrating for developers when the goalpost is constantly moved. When is the right time for project members to fork when their chief maintainer does not respond anymore or pursues an adverse commercial agenda?"

Guanine writes in with a follow-up to our discussion a few months back on the SheevaPlug: 1.2-GHz ARM-compliant processor, 512 MB DDR2, 512 MB flash, USB 2.0, gigabit ethernet, in a package the size of a wall wart, for $99. Saul Hansell's Bits Blog in the NY Times talks about a few applications for such a device, whose price point Hansell claims will drop to $40 before too long. "The first plausible use for the plug computer is to attach one of these gizmos to a USB hard drive. Voila, you've got a network server. Cloud Engines, a startup, has in fact built a $99 plug computer called Pogoplug, that will let you share the files on your hard drive, not only in your home but also anywhere on the Internet. ... [Marvell's CEO said] 'Eventually you won't see the plug. We want this device to be in your TV, your stereo system, your DVD player.'"

alimo20 writes "Researchers at the Royal Holloway, University of London have discovered a flaw in Version 4.7 of OpenSSH on Debian/GNU Linux. According to ISG lead professor Kenny Patterson, an attacker has a 2^{-18} (that is, one in 262,144) chance of success. Patterson tells that this is more significant than past discoveries because 'This is a design flaw in OpenSSH. The other vulnerabilities have been more about coding errors.' The vulnerability is possible by a man-in-the-middle intercepting blocks of encrypted material as it passes. The attacker then re-transmits the data back to the server and counts the number of bytes before the server to throws error messages and disconnects the attacker. Using this information, the attacker can work backwards to figure out the first 4 bytes of data before encryption. 'The attack relies on flaws in the RFC (Request for Comments) internet standards that define SSH, said Patterson. ... Patterson said that he did not believe this flaw had been exploited in the wild, and that to deduce a message of appreciable length could take days.'"