Other stuff:
Contact us
Archives/search
Links
Calendar
Daily Updates

Here is the permanent site for this page.

Leading items

The labs in question are intended for student use. They will give students access to the Internet, via the usual services (email, web). Students will have access to office tools for doing their homework. Their math curriculum includes exercises with spreadsheets. Thus, the tools they need include web browsers, word processors and spreadsheets. Netscape (or Mozilla/GTK), gwp, and gnumeric look set to fill the bill nicely.

Some work needs to be done to get these tools to where they need to be for Scholar Net's purposes. The gwp word processor has a ways to go yet before it's ready for prime time. Many of the GNOME tools need some basic work for user interface consistency. And, of course, everything needs to be fixed up to work in the Spanish language. Scholar Net intends to dedicate some resources to pushing forward some of these tools; in particular, they want to focus on gwp.

They are also asking for volunteers to help with some of the tasks. What they would like, more than anything else, is for the GNOME folks to work with their needs (consistency, stability, and multi-lingual capabilities) in mind. Since this isn't far from what GNOME wants to do anyway, they are not asking for a lot. They would also like help from those with Spanish skills in the translation of GNOME applications and documentation. Interested persons are invited to contact Mr. Espinosa; see the announcement for contact information.

So why did Scholar Net decided to go with the Linux/GNOME platform? According to Mr. Espinosa, the deciding factor was cost (though they certainly appreciate the other benefits of free software as well). The price for proprietary software for 140,000 labs (with an average of six workstations and one server each) is very high. Linux is also able to make better use of cheaper hardware, leading to more savings. For a project of this size, it is far cheaper to hire some programmers to fill in some gaps than to try to work with proprietary systems.

One could easily imagine that there could be difficulties in selling this approach to the Powers That Be. However, according to Mr. Espinosa:

"We thought there would be some resistance from the big bosses but, due to the attention Linux is being paid in the mainstream computing media, the University is now considering Linux as a valid option and we are being accepted because we do have something to show."

It would be hard to overestimate the importance of this project and the course that it has taken. Soon, a substantial portion of the Linux user base will be made up of Mexican schoolchildren. Mexico is raising a generation of Linux users. The visibility of this effort will be high; it will make it that much easier to justify the use of Linux in other situations. GNOME is getting more developers and a committed set of users. And, as if the project were not large enough already, Mr. Espinosa suggests that, if Scholar Net is successful, it is possible that it will be expanded through the rest of Latin America via the Instituto Latinoamericano de la Comunicación Educativa. Again, in Mr. Espinosa's words: "I would like to invite the Universities of other countries to consider Free Software as a real-world solution to the problem of bringing computers to every education level."

A web page is being put together to describe the Scholar Net project and to answer many of the questions that have been raised. It is not currently up, so, rather than hand out a dead link, we will ask interested readers to keep an eye on LWN. As soon as the Scholar Net page is available, we will let you know. [Update: the Scholar Net web page is now available.]

Scholar Net is important, and we wish them a great deal of luck and the best of success.

Finally, LWN is much indebted to Arturo Espinosa Aldama for quickly answering our many questions.

A couple of followup items to last week's discussion of Microsoft France's anti-Linux "open letter". The Association Francophone des Utilisateurs de Linuxput together a very well done response to that letter; thanks to Rick Moen we also have an English translation of this response.

One of Microsoft's claims was that there are no word processors with on-the-fly spelling checking for Linux. People who are not easily offended may want to check out this screen shot, wherein an "anonymous critic" responds to this claim by testing out his four-letter word vocabulary against Word Perfect 8.

We need more letters to the editor. Do you have something on your mind? Here is your chance to express your thoughts to thousands of Linux users. Please send letters to be published to editor@lwn.net.

The Atlanta Linux Showcase

See also: last week's Security page.

Security

• There is a new version of pam_smb available. This is a PAM module which allows Linux users to be authenticated from a Samba or NT server, for those who want to have a single authentication database for a mixed network.

• A patch for knfsd is also available. Knfsd is the kernel NFS daemon, which is currently only used with 2.1 kernels. If you're running kernel NFS under 2.1, you may want to have a look at this one.

Savetextmode, a script from svgalib, has security problem in some distributions due to its use of files under /tmp. Adrian Voinea reported the problem initially. Ben Collins confirms the potential problem, but indicates that it has been fixed in Debian 2.0. According to reports, it is not fixed in RedHat 5.1, svgalib-1.2.13-5. The problem appears to have been fixed in svgalib-1.3.1.

In another comment on the security of svgalib, Nergal posted a note to Bugtraq about problems in zgv These were reviously reported to Bugtraq by Paul Boehm, but believed to be unexploitable. Nergals' note describes the fallacies in this belief. He does not provide a patch, but instead recommends that zgv be installed non-suid if possible. Expect to see new svgalib advisories coming out in the near future, as a result. Patches for zgv have already been forwarded to the security-audit group.

Matt Watson and Brian Mitchell discussed problems with iplogger on the Bugtraq list this week. The upshot is that there are concerns about iplogger's use of a double fork, and an ident overflow in the latest version.

For anyone who picked up der Mouse's version of tar with his evil-archive paranoia code, this note from der Mouse points out a bug that has been found in his tar.

The topic of the Netscape browser "What's Related" button has come up. This button allows a user to look for sites "related" to the page they are currently viewing. This functionality is provided by a query which sends the URL of the current page to www-rl.netscape.com. However, depending on your browser's preferences, this information may be sent either only when you click on the button, or for every page you view once you have clicks on this button once, or even for every page you view whether or not you have ever clicked on this button. Flemming S. Johansen provided this description.

Depending on the version of Netscape you are running, 4.06 or later, the default setting is apparently either to always send the information or to send it after first use. The latter behavior has been confirmed for Linux running Netscape 4.5.

If you do not like this behavior, it is recommended that you check your preferences and set them to something more appropriate than the default behavior.

Here is a site that has been following this issue closely and has many pungent remarks to make about this feature. The privacy forum digest also contains comments from Lauren Weinstein who has opened a dialogue with Netscape about these issues.

Speaking of Netscape, here is their acknowledgement of the Buffer Overflow vulnerability in Netscape found by Dan Brumleve that we reported last week. Note that they mention that the vulnerability is only theoretically exploitable, but this is incorrect, as Dan points out.

On a more simple note, but thought-provoking, apparently under 4.07, your preferences may be ignored when a new Window is opened. Here is the report from Bill Becker. This has not yet been confirmed by any alternate source.

In a last comment on problems with Netscape this week, confirmation has been received that, in some versions of Netscape, Javascript may continue to be processed even when it has been disabled in your preferences. This is definitely a problem if you have turned off javascript in order to protect yourself against recently reported security problems. Here is a confirmation of this from Jukka Suomela.

Serge Orlov has announced the first release of his multi-stack allocator for C programs. This is a technique that helps prevent exploits for most bufferflows. He commented that it is not a complete solution. Several people asked him questions about multi-stack, particularly how it compares to StackGuard. He posted this followup.

See also: last week's Kernel page.

Kernel development

Of course, 2.1.127 may well be out by the time you read this.

Whither 2.0.36? It has now been some time since a couple of "release candidate" pre-patches went by. At the last minute a few problems turned up, so Alan Cox called off the release for the time being. Those problems are being fixed, and a new release candidate pre-patch should show up before too long. At that point, it has to go (again) to Linus, who will then decide whether it goes out as is or whether changes need to be made. So the real 2.0.36 release is probably a bit distant still.

Richard Gooch continues to press forward his devfs patch; it is currently up to release 74. Still no official word on inclusion in 2.2 from Linus; at this late date it could well be that the chances are fading.

What is the best way to export kernel information to user space? This discussion evolved out of the "jiffies" debate (see last week's issue). Currently there are a few ways of getting pieces of system information from the kernel:

• The sysctl() system call,
• information-specific system calls (i.e. getpagesize()), and
• from "files" in /proc.

At this stage in kernel development (i.e. code freeze) major changes are not going to happen. But that doesn't stop people from talking. Linus seems to favor adding new system calls; other kernel developers seem to prefer sysctl. Others like /proc (everybody seems to think /proc is needed for some information), but some folks still evidently run systems with /proc disabled.

There was some talk of trying to rationalize the contents of /proc. Currently data appears in different formats in different places, and, occasionally, it is dependent on the underlying architecture of the host system. The problem there is that if, for example, /proc is exported via NFS from a little-endian system to a big-endian system, the latter will not be able to make sense of what it sees.

The position taken by Linus, and readily agreed to by most, was that information in /proc should be formatted in unambiguous ways. IP addresses, for example, should be in the "dotted quad" notation. This sort of rule, consistently applied, could clear up a lot of problems. There was even a patch posted to clean up some of the files in /proc/net. Of course, (1) there is a code freeze in effect, and (2) actually changing the format of /proc files breaks all of the applications which use them. So it is not clear how far that patch will go.

A new version of ksymoops has been posted. Ksymoops, of course, is a little program which takes the output from a dying kernel and turns it into a symbolic form which can be interpreted by others. Here's the announcement for those who are interested.

Since we're a weekly publication, chances are we'll be behind a rev or two on the kernel release by the time you read this page. Up-to-the-second information can always be found at LinuxHQ.

See also: last week's Distributions page.

Distributions

Debian

The Debian Alpha group finally has a working version of dpkg, which should help their efforts tremendously.

The design of the apt GUI has changed. Here is the new design text, for those that want to check it out.

Red Hat

Slackware

S.u.S.E.

S.u.S.E. has issued a statement on how it is handling Y2K issues. S.u.S.E. Linux systems since version 5.2 have tested successfully with system dates after the year 2000.

0

See also: last week's Development page.

Development tools

Java

Steve's note also mentions how well the 1.2 port is coming along. With a couple of exceptions (audio, color matching), the system is working. JDK 1.2 looks to be a major turning point for Java on Linux and perhaps one for Java in general.

The question was asked on the java-linux mailing list whether or not a port of the JDK to the StrongARM architecture was planned. The response was that none of the Java porting team members have that hardware platform. If they did, a port would likely happen...

The latest edition of the JDC Newslettter is out. It covers the release of new products, a new on-line tutorial from MageLang Institute and various other tidbits.

Python

The first issue of the Python Journal is out. Here is the announcement. Evelyn Mitchell reports that it features an interview by Paul Everitt with Infoseek, a report on XML by Andrew Kuchling, and a article on Python as a rapid prototyping language by Sean Reifschneider.

An informal Python tutorial is being held in Toronto. Contact William Park if you are interested.

Guido is working on his speech for the Python Conference. If you have questions that you'd like him to answer, contact him personally.

• MxTools 0.9.0, additional builtin functions/objects for use in Python
• Facemail 1.0b1, A GUI Mail User Agent that displays the sender's face
• WebLog 0.99, a group of Web/proxy logfile parsing and manipulation classes

Tcl/tk

For those of you that haven't found the TCL-URL e-mail newsletter, you can check out the archives easily, and then see if you'd like to sign up.

Development projects

With the demise of Crack Dot Com, the company has chosen to release the data and source code for it's upcoming title "Golgotha" into the public domain. This is a really appreciated effort on their part, choosing to release their work to the world rather than let it moulder unused. It is obviously generating quite a bit of interest, since mirror sites, an FAQ, information on the script for Golgotha, and now precompiled binaries have popped up. If you are interested in more information, updates on Golgotha are available.

Nicholas Lee (Li Peng Ming) also pointed out that a mailing list (currently in initial post frenzy) has been setup and plans do seem to be shaping towards completing Golgotha in its entirety.

We hear that linuxconf 1.13r3 will be coming with bind 8 support. Maybe that will encourage adoption of bind 8 into the standard distributions ...

Meanwhile, on the alternative front, coas 0.13 has been released. It is primarily a maintenance release and was apparently delayed due to Caldera's effort to get 1.3 out the door. It now supports autoconf configure scripts, compiles with egcs and has initial support for SGML.

LSB

Mozilla

Oliver White expressed optimism that the Jazilla group will have an actual full working browser within a few months. We look forward to a full report on their progress in the near future.

WINE

See also: last week's Commerce page.

Linux and business

If you are not a subscriber to their services, obtaining a copy of this report will cost a cool $500; so most people will need to content themselves with seeing their press release. However, the author of the report (Brian Strachman) was kind enough to send LWN a copy for review.

Our impression: the report suffers from some minor technical inaccuracies. Cahners In-Stat evidently knows the telecom business better than it knows the Linux world. Nonetheless, they have clearly understood what the real benefits of open source software are. "It is this global community of millions of computer programmers making changes to Linux and sharing the results that have made it the advanced system it is today." The "free beer" aspect - no license charges - is mentioned in passing, but is not the main point. These people get it.

The telecom world is one that needs rock-solid reliability, and Linux is able to provide that. Cahners In-Stat thinks that the remaining obstacles to widespread Linux use ("legitimacy," applications) will be overcome shortly. As they say in their title, they believe that Linux is the operating system of the future for this field. It is a very strong endorsement.

Please contact Cahners In-Stat for further information, or if you are interested in obtaining this bulletin.

Corel has kept itself in the news this week with two separate announcements. First, Word Perfect 8 will be made available for free downloading, though for "personal use only." Interested people can preregister for the download on this web page.

Then, it was announced that Corel and Red Hat have formed a new partnership. Red Hat will produce a version of its distribution for the ARM processor, which will then ship with the Netwinder computer. Thus Red Hat becomes the official distribution for this machine. Happily, however, this is Linux, and the Debian distribution, at least, will also run on the Netwinder. Thus it is possible to buy this computer without being tied in to just one distribution.

For those interested in media coverage of the Corel events:

• News.com has a fairly straightforward article on the Red Hat partnership.
• A separate news.com article Talks about the Word Perfect giveaway. "The company's Linux strategy could be an effective way to boost its presence against Microsoft, which isn't likely to offer its products on a competing operating system."
• PC World also covered the Word Perfect announcement. "Already 10,000 users have preregistered online for the software..."
• The Register speculates on the possibility of a Corel / Red Hat / Intel triad. "A space worth watching".

Pacific Hitech is bringing their TurboLinux distribution to the U.S. Market. TurboLinux is currently the most popular distribution in Japan; they hope to do well in the corporate market on the other side of the Pacific pond. Here is their press release on the move. The distribution business is looking ever more competitive.

Opera Software's attempt to produce a Linux version of the Opera browser has failed, at least for now. In a way this is not entirely surprising; the Opera folks are evidently trying to get the port done with volunteer labor, but Opera for Linux remains a proprietary program. As Eric Raymond remarks in this Wired News article, that just is not the way to inspire volunteer developers. Nonetheless, Opera for Linux would be a nice thing to have available; here's hoping that they manage to get things together.

Cybersource has announced a Red Hat Linux support program in Australia. Here is their press release.

We got a note from another new Linux systems VAR. This one is called The Computer Underground. They specialize in custom-built systems, and offer a variety of distributions which can be preinstalled.

Kurt Wall has made available an FAQ for Informix on Linux.

Does your car radio run Linux? If not, maybe you want to check out the 'empeg' unit. There taking registrations from people who would like to buy one... (Thanks to Edwin Metselaar).

Some new newsgroups have been created for discussion of Oracle on Linux. For now you have to connect to a dedicated server to get these groups; if they take off the effort will be made to get the groups made an official part of the Usenet hierarchy. Here's the announcement if you would like to tune in.

Amos Shapira wrote in to report another commercial product that is supported on Linux: the EMANATE Run-time Extensible Agent System from SNMP Research.

Press Releases:

• Netbeans announced the release of NetBeans Developer 2.0
• Informix, their increased support for Linux.
• American Megatrends, Linux support on their "MegaRAID" controllers.
• Control Data, their "IntraStore 2000" large enterprise messaging system.
• Xybernaut/HP, a "wearable computer" which can run Linux.
• DMW, "HostScan" security scanning software.
• LMC, synchronous WAN adaptor, claims to have an open source driver.
• Xspeed, IDSL adaptor.
• Uniforum, "Linux boot camp" administration training.

See also: last week's Linux in the news page.

Linux in the news

The Guardian, continuing its recent interest in Linux, has this nice editorial on how the Microsoft trial isn't really one of the more important things going on now. "Linux clearly has considerable strengths as a server operating system, and if Microsoft falters and lets it in, its progress to the desktop would simply become a matter of nature taking its course. The DoJ case against Microsoft will barely affect these events, if at all."

For those who wish to be preached at, here is a sermon on Linux from Network World Fusion. "Brothers and sisters, there is another way . . . the way of Linux. Yes, this humble son of Unix is as a beacon in the darkness that is the lot of IT managers everywhere." (NW Fusion is a registration-required site).

Rex Baldazo at builder.com has put out an article correcting a couple of mistakes in his previous NT 5.0 vs. Linux column. Since then, he has discovered tools like PHP and linuxconf. He also mentions that he was subjected to the tender attentions of the Linux Flame Mob. This sort of behavior is unfortunate in any case, but Mr. Baldazo had written a very positive column. Why do we have to turn friendly people against us? (This one found in LinuxWorld).

Upside magazine covers Linux again; this time is more positive, however. The author went to a Bay area installfest to see what was up. "As I played with a computer, admiring the quick responses of the Linux desktop, I couldn't help but feel a bit like a reporter visiting a Barcelona cafe in late 1936, listening in on conversations about the upcoming spring offensive." (Found in Slashdot).

A giant killer called Linux in the Canadian "CNews" is a fairly standard sort of introductory article. "And it's flexible. Check out www.enlightenment.org for a look at some wild and wacky customized desktops and windows." Their staff listingincludes a "Linux guru". (Found in LinuxToday).

News.com ran a brief article about Informix's plans to ship their Dynamic Database server for Linux.

Internet Week interviews Sun's John McFarlane. "We actually think Linux is very complementary to our commitment to open systems, and unfettered innovation. As you know, we have made Solaris freely available for non-commercial use." (Found in OS News).

TechWeb covers the increasing number of applications available for Linux, touching on Corel, Informix, and even the possibility that SAP will make its R/3 port (alleged to already exist) available. "The Linux operating system is all about free or low-cost software, an area where the cost structures of SAP or enterprise-strength relational databases aren't going to fly."

Internet World has published some good letters to the editor. These are in response to a column from last week stating that Linux was more of a threat to Sun than to Microsoft.

The future of computing starts with an L in PC Week is a column inspired by the Atlanta Linux Showcase. "What I saw at the Linux Showcase was enthusiasm, the likes of which I haven't seen in the PC industry for a long time. Sure, some of it was from guys in ponytails and T-shirts, but it was also from guys in suits. Academics and scientists, but also businessmen." (Thanks to Jon Lasser).

Here's a fun one from InfoWorld's "security" column: "If you're an anxious security manager hesitant to deploy a Linux system for fear of its gaping security problems, two recently released Unix programs will give you a reason. These new Linux-based hacker tools enable TCP fingerprinting: a new way to scan your systems to decipher the the operating system type." One has to wonder what the fact that tools like "Queso" run under Linux has to do with any "gaping security problems."

Columnist Maggie Biggs also takes Linux to task for a lack of development tools. "But there is certainly more room for Linux tool offerings. I think there is a much broader market for Linux application development tools. And, I believe you'll see it evolve and mature during the next 12 to 18 months given the demand."

The Ottawa Citizen reports on various changes at Corel, including a switch of auditors and the departure of their "director of software sales" for Linux.

For German-capable readers, Hartmut Oldenbuerger pointed out this forum in Der Spiegel. It had well over 300 postings when we checked.

Here is an InfoWorld article about Oracle's position on Linux. Good stuff. "According to [Oracle VP] Miner, support from Red Hat, S.U.S.E., and Caldera -- all of whom who distribute Linux -- is faster and better than Oracle's own support, and he is looking to the Linux community for new ideas on how to replicate this high level of customer satisfaction." (Found in Slashdot).

This article in Performance Computing is cast as a comparison between Linux and FreeBSD, with an obvious bias (the author is a FreeBSD developer). The comparisons, though, are mostly in the area of development models and license terms - there is very little in the way of technical comparison. "These differences in organizational principles and licensing aside, however, it should be noted that Linux and FreeBSD don't really compete with one another all that much in the final analysis." Worth a read. (Thanks to Didier Legein).

Edson Pereira sent us a pointer to this article in Data Communications about the "Healthnet" global medical network. This net, which is deployed worldwide, uses Linux systems for some of its components. (The first explicit Linux reference is three pages in).

Web Review asks Can Microsoft Hurt Linux?. "If Microsoft perceives Linux as a potential threat in the desktop OS market, which is not impossible, it will unleash the nukes. But even the server market is too crucial for Microsoft to concede, and Linux is more than a threat there, it's the incumbent. So the only question is how Microsoft will meet the threat of Linux." Answers include FUD, closed hardware, and so on. An interesting column.

Peter Link sent us a pointer to this New York Times article which contains a quick Linux reference. It's about the U. S. Postal Service and its use of technology to get the snail mail to its destination. The USPS address recognition machines run "a stripped-down version of Linux". (The NY Times is a registration-required site).

More coverage of HP, but according to this article in The Register they are looking mostly at Linux for embedded systems. " This Web appliance concept provides a role for PA-Risc in the post-Merced world. Whether Linux will be the host OS, of course, remains to be seen, not least because of Microsoft's own plans to create an embeddable version of NT. However, it would offer clear price and performance advantages." Thanks to "mm" for the pointer.

HP tries Linux on for size in news.com confirms that HP is working on a PA-RISC port, and talks about the 2.2 kernel release. Its message is mixed. "Linux will top out at its 'high-water mark' in the commercial area soon, [HP marketing director] Wilson predicted, because the operating system doesn't have a formal support system and doesn't handle large-scale server computing tasks such as workload balancing or resource sharing." Thanks to Roy Stogner.

Linux's appeal compels large firms to respond appears in MSNBC, reprinted from the Wall Street Journal. "Linux, like Windows NT, is generally used on PC-style hardware and Intel chips, which tend to be cheaper than the more-specialized circuitry of most Unix machines. For these reasons, some market watchers say, companies such as Sun may be even more vulnerable than Microsoft. Sun's Mr. Andres conceded the Linux boom could be "a two-edged sword" for his company."

There was an interesting burst of articles in the electronics trade press. These include:

• 'Real' designers reject Windows NT in EDTN Network gives a fair amount of space to Linux. "From the EDA-vendor perspective, however, there are two problems with Linux. One is that most of the interest is coming from rank-and-file engineers, not the managers who sign purchase orders. Secondly, there's a support issue."

• Here is a somewhat confusing column in Control Magazine which seems to be saying that Linux bears watching. (Thanks to Jay Sigbrandt).

• Then, there is this long and absolutely positive article in Test & Measurement World. "Why have many engineers moved to Linux? Because of the freedom it provides."

• EE Times continues talking about systems for engineering desktops. this article talks about how NT isn't moving into this realm as quickly as expected, and it devotes a fair amount of space to why Linux won't get there either. "The multiple-OS problem is also why EDA vendors shy away from Linux. Although the port itself is almost painless, the support is a nightmare. One vendor offered tools on Linux and ended up with four orders. Unfortunately, all four customers had a different flavor of Linux."

• EE Times also has an interview with Linus Torvalds. "I think that perception-wise, we're in pretty good shape, and I think the major obstacle now is it's kind of hard to find cold, hard numbers of how many people are using Linux, because a lot of them are getting it over the Internet." (Thanks to "mm").

``We actually think Linux is very complementary to our commitment to open systems, and unfettered innovation.''
John McFarlane
(Sun Microsystems) Internet Week

``And as for the assertion that technical support for Linux needs to be equal to that available for commercial operating systems, the support would first need to drop a couple of notches in quality, since right now it is far superior to the support Novell or Microsoft provide.''
Ricardo Palma Internet World

``According to [Oracle VP] Miner, support from Red Hat, S.U.S.E., and Caldera -- all of whom who distribute Linux -- is faster and better than Oracle's own support, and he is looking to the Linux community for new ideas on how to replicate this high level of customer satisfaction''
Benjamin Keyser InfoWorld

``Whether or not Linux takes over the PC market, it is already beginning to show that some of the challenges facing the industry have a resolution.''
Erica Schroeder PC Week

See also: last week's Announcements page.

Announcements

Events

The Red Herring has put out a schedule of events for Comdex. Look for Jon 'Maddog' Hall at a forum on "the business platform of the future" on November 17, at 12:30. James Gosling will also be there.

Web sites

Matthew Tebbens sent us a note indicating that he's made some major changes to his Linux Applications site. It looks very nice. He's also hoping to find a few people interested in helping him add and update information on applications.

User Group News

Marc Christensen reported back to the caldera-users group about Kurt Wall's presentation on Informix which he gave to the Salt Lake Linux Group. As a result, Kurt has also promised to write up the information he presented and make it available on his web-site.

Software Announcements

0

See also: last week's Back page page.

Linux links of the week

Sanger's Review of Y2K News Reports is a daily-updated summary of news items about the year 2000 problem and efforts toward its solution. It is easy for Linux folks to think that y2k doesn't really matter to them; people thinking that way may find themselves surprised later on. An occasional look here is a good way to keep up to date with where things stand.

Letters to the editor

To: editor@lwn.net
Subject: Citing Linux in Microsoft court case
From: David Kastrup <dak@neuroinformatik.ruhr-uni-bochum.de>
Date: 22 Oct 1998 13:42:26 +0200


In my opinion the citation of Linux as a serious proof that Microsoft
is not monopolizing the operating system market by its desktop wars is
insane.

Just look at the situation:  here we have a stable, robust, open,
technically solid operating system used often for server tasks.  In
benchmarks it beats NT hollow.  There are still several soft spots
(like extensive GL support, other multimedia points and other stuff
important for game playing, the number one performance utilizator).

Yet it's an absolute minority player in the desktop market, and a main
reason is that the "standard" desktop stuff will not run on it.  How
is this counterproof to Microsoft levering its OS stuff via their
applications and vice versa?  Another wail is that Linux is too hard
to install for an average user.  So is Windows, but Microsoft
marketing has pressed vendors to equip their machines with Windows
from the start.

If Linux is to gain an important position, it means that there will
have to be a completely alternate line of desktop tools both developed
and deployed, since Microsoft will not lend a hand.  I am not saying
that these alternatives will have to be free in order to make Linux
take over the desktops, but they will have to provided by a party
which does not have destroying Linux (and other competition) as one of
its key strategies.  *If* (and that's a very big if) Linux one day
becomes convincing evidence that one has not to solely rely on a
Microsoft monopoly for the desktop, the market will probably avalanche
and bury Microsoft, because their "either it's us or the enemy" stance
does not make for good mixing of Microsoft products with that from
competitors.  This will require people to be willing to change.  But
Mirosoft itself has been training people to replace mostly working
software with something different which writes incompatible formats.

Of course there is a place for Microsoft in such a course of events if
they want to occupy it: it's the application sector where they have
always tried to excel.  But it might be that they will have to think
about their close coupling of app and OS development if they don't
want to hurt their app business in the long run.

-- 
David Kastrup                                     Phone: +49-234-700-5570
Email: dak@neuroinformatik.ruhr-uni-bochum.de       Fax: +49-234-709-4209
Institut für Neuroinformatik, Universitätsstr. 150, 44780 Bochum, Germany

Date: Sun, 25 Oct 1998 12:25:27 -0500
From: "Andrew V. Shuvalov" <andrew@ecsl.cs.sunysb.edu>
To: editor@lwn.net
Subject: Samovar awards

Dear LWN team!
    I don't know if this story is interesting, but i started the
"Samovar awards" project dedicated to nominate most interesting events
in computer industry in some humorous way. Linux and RedHat's Bob Young
are among nominees. The site is here:
http://www.ecsl.cs.sunysb.edu/~andrew/awards/

    Good luck!
Andrew Shuvalov

Date: Mon, 26 Oct 1998 22:15:12 -0600
From: Craig Goodrich <craig@airnet.net>
To: security_watch@infoworld.com
Subject: Security Itch ...

Your recent column on TCP fingerprinting is interesting in
its technical section, but I found it utterly incoherent
in both its introduction and implied conclusion.

For example, you begin:

"If you're an anxious security manager hesitant to deploy a 
Linux system for fear of its gaping security problems, two 
recently released Unix programs will give you a reason. 
These new Linux-based hacker tools enable TCP fingerprinting: 
a new way to scan your systems to decipher the the operating 
system type."

First, *what* "gaping security problems"?  The open-source
nature of Linux should frighten only those utterly incompetent
administrators who believe that system programming manuals
must be kept in the safe -- a nonsensical view rejected by
*all* professionals in this business for at least two decades
now.  Security comes from OS design and proper administration,
not from secrecy of program operations; otherwise every time
your bank fires a junior programmer, he could clean out your
account from a modem in Rio.

Moreover, Linux' open development model means that potential
security holes are both found and fixed much more rapidly 
than those in most commercial operating systems -- particularly
NT.  It also means that such holes are disclosed publicly,
so that Linux admins can take immediate stopgap measures until
a patch becomes available.  Ask your Microsoft support engineer
for a complete list of reported security holes in NT and see
what happens....

But in any case it is utterly opaque to me how the fact that
a program capable of identifying the OS of *other* machines
runs on Linux (or, as you say, nearly any Unix) could pose
a security problem for *the machine it runs on*.  If knowing
what OS is running on the machine I'm sitting at is a 
security threat, then perhaps we should just simply unplug
all our magic boxes from the wall.  Yet this is the only
possible interpretation of your opening paragraph.

More generally, I have a real problem with this assertion:

"Because the first major hurdle for any hacker is to find 
out what OS is running on a targeted system, these tools 
can cut the time it takes to do so."

Well, of course the cracker (not hacker) needs to know your
OS.  So do many normal utilities such as ftp.  Most web 
servers will provide version and OS information on request.
The cracker also needs to know your IP address.  Most 
heroin addicts started out on milk.  So what?  

If simply knowing that a given machine is running OS/400,
say, or that it's a Cisco router, poses a security threat, then
the thing to do is get rid of the machine, because that 
knowledge can't possibly be kept secret enough.  But this
is obviously ridiculous.

So, again, I'm afraid I find your column incoherent at
several levels.  What important point did I miss?

Sincerely,

Craig Goodrich
Rural Village Systems
somewhere in the woods near Huntsville, Alabama