[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Development
 Commerce
 Announcements
 Back page
All in one big page

Other stuff:
Contact us
Archives/search
Links
Calendar
Daily Updates

Recent features:
Alan Cox interview 1998 Timeline

Here is the permanent site for this page.

Leading items


The Linux Weekly News is one year old! Our first announced issue was January 29, 1998. It has been a great year, though it is probably good that we didn't know what we were getting into ahead of time. Many thanks to our readers who have made this exercise so rewarding. We intend to be here for you for many more years.

We thought about trying to interview Linus for the first anniversary issue, but he's a busy guy and that has already been done. So, instead, please have a look at this week's feature article: an interview with kernel hacker Alan Cox. We're pleased with the result, and hope you will be too.

Kernel 2.2.0, the first major stable release in two years, hit the net on Monday, January 25. No formal announcement has yet been made; the best to be found currently is this file in the distribution directory; it can not be accused of excess verbosity.

Much has been said about this kernel in LWN over the previous months; there is little to add at this point. Except, of course, that congratulations are due to everybody who had a part in getting this release out the door. It has been a long job, well done.

Congratulations are also in order for Ian Hay, winner of the Tummy.com kernel pool. He managed, back last fall, to peg the release time of 2.2.0 within 45 minutes. Not bad.

Hewlett-Packard and Silicon Graphics, Inc. will begin supporting Linux on their hardware. The news was initially broken in this Wall Street Journal article (reprinted also in MSNBC). HP has since confirmed the news with a press release describing their plans. Initially the "NetServer LPr" will be available with Red Hat Linux installed; other NetServer systems - including, eventually, Merced-based systems - will be made available in the future.

Silicon Graphics will apparently make the details of their plans available on Thursday, after LWN has gone to press. Please see our daily updates page for information from SGI as it becomes available. The word is that SGI will support their own version of Linux, rather than go with an existing distribution.

The importance of these moves can not be overestimated. There are certainly no plans to mothball HPUX or IRIX anytime soon, but the writing is appearing on the wall. Proprietary Unix systems are increasingly an anachronism, and will find it ever hard to compete. (The same can be said of other proprietary operating systems, of course, eventually). It is going to be an interesting ride. (See also: articles in ComputerWorld, InfoWorld, Reuters, and Wired News).

The news that the TCP Wrapper source code was temporarily replaced with a version containing a backdoor burst upon the Security community on January 21st, with this note from Wietse. TCP Wrappers is a widely-used security tool used to protect systems from unauthorized access to specific system processes. The incident generated this CERT advisory.

Tcp wrappers was not the only program doctored on this site. Just as serious, util-linux2.9g (not associated with Wietse) on the same site was also modified. Util-linux contains a large variety of low-level system utilities necessary for a functional Linux system, including fdisk and login. Code in login.c, for example, was modified to generate a message with information about the affected host and mail it to an account on Hotmail. Although the correct util-util2.9g has been restored, all files on ftp.win.tue.nl must be considered suspect for now.

The story gathered a lot of media attention, with the normal SlashDot coverage as well more mainstream articles in MSNBC (duplicated on Zdnet) and the San Jose Mercury News.

What was important about this incident? There are a few points we'd like to make. The first is the need for individuals to use the security mechanisms that are provided to determine whether or not a file is authentic. This point was hammered home in Bruce Peren's November article in the Linux Weekly News, The Trojan Horse. This incident is exactly what Bruce predicted. Sites will be broken into, files will be modified, but we can protect ourselves by verifying the software we download before we use it. However, the fact that people are not using the tools that have been provided is also an indication that the tools may not be sufficient. More automated, easy-to-use tools that are built into the Linux distributions would help make sure that newcomers learn how to download software safely. They would also help those of us with heavy work loads and severe time crunches (anyone not fit that category?).

The second point, and the good news, is that the modified files were caught very quickly. This incident was an excellent demonstration that open source software allows for the quick detection of security problems and their swift resolution.

This is only the beginning of the story. This problem was found quickly and resolved, but this style of attack is going to continue. Be careful, everyone!

The Windows refund movement is snowballing. The "refund day" plans have gotten a lot of press and interest; it is certain to be an interesting event. We have little to add beyond what other web sites are providing in the way of information. The closest thing to an "official" windows refund site is this one hosted by LinuxMall. Bay Area folks can check out the Bay Area refund page. And the definitive set of windows refund web links (including press coverage) can be found on The Open Directory Project windows refund page.

One interesting windows refund story comes from "Donna.", who managed to get a refund back in the good old days of 1997. See the story for the details. In all cases, persistence and time seem to be required. Of course, the amount of the refund is so small that many people choose not to spend the time, a fact on which Microsoft is likely counting. That makes the grass-roots effort to demand the refunds more important, to increase the number of refunds requested and hopefully received as well as to draw media attention to the effect Microsoft's policies have on the average person.


January 28, 1999

 

Next: Linux in the news

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds