Sections: Main page Linux in the news Security Kernel Distributions Ports Development Commerce Announcements Back page All in one big page See also: last week's Back page page. |
Linux links of the weekOn everybody's list of useful web sites should be, of course, the GNU project page. Here you'll find the full set of software made available by GNU, their news bulletins, and, perhaps most importantly, the full set of writings describing the philosophy behind the GNU movement. Much of what is there should be considered required reading. Sanger's Review of Y2K News Reports is a daily-updated summary of news items about the year 2000 problem and efforts toward its solution. It is easy for Linux folks to think that y2k doesn't really matter to them; people thinking that way may find themselves surprised later on. An occasional look here is a good way to keep up to date with where things stand. |
October 29, 1998 |
|
Letters to the editorLetters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: editor@lwn.net Subject: Citing Linux in Microsoft court case From: David Kastrup <dak@neuroinformatik.ruhr-uni-bochum.de> Date: 22 Oct 1998 13:42:26 +0200 In my opinion the citation of Linux as a serious proof that Microsoft is not monopolizing the operating system market by its desktop wars is insane. Just look at the situation: here we have a stable, robust, open, technically solid operating system used often for server tasks. In benchmarks it beats NT hollow. There are still several soft spots (like extensive GL support, other multimedia points and other stuff important for game playing, the number one performance utilizator). Yet it's an absolute minority player in the desktop market, and a main reason is that the "standard" desktop stuff will not run on it. How is this counterproof to Microsoft levering its OS stuff via their applications and vice versa? Another wail is that Linux is too hard to install for an average user. So is Windows, but Microsoft marketing has pressed vendors to equip their machines with Windows from the start. If Linux is to gain an important position, it means that there will have to be a completely alternate line of desktop tools both developed and deployed, since Microsoft will not lend a hand. I am not saying that these alternatives will have to be free in order to make Linux take over the desktops, but they will have to provided by a party which does not have destroying Linux (and other competition) as one of its key strategies. *If* (and that's a very big if) Linux one day becomes convincing evidence that one has not to solely rely on a Microsoft monopoly for the desktop, the market will probably avalanche and bury Microsoft, because their "either it's us or the enemy" stance does not make for good mixing of Microsoft products with that from competitors. This will require people to be willing to change. But Mirosoft itself has been training people to replace mostly working software with something different which writes incompatible formats. Of course there is a place for Microsoft in such a course of events if they want to occupy it: it's the application sector where they have always tried to excel. But it might be that they will have to think about their close coupling of app and OS development if they don't want to hurt their app business in the long run. -- David Kastrup Phone: +49-234-700-5570 Email: dak@neuroinformatik.ruhr-uni-bochum.de Fax: +49-234-709-4209 Institut für Neuroinformatik, Universitätsstr. 150, 44780 Bochum, Germany | ||
Date: Sun, 25 Oct 1998 12:25:27 -0500 From: "Andrew V. Shuvalov" <andrew@ecsl.cs.sunysb.edu> To: editor@lwn.net Subject: Samovar awards Dear LWN team! I don't know if this story is interesting, but i started the "Samovar awards" project dedicated to nominate most interesting events in computer industry in some humorous way. Linux and RedHat's Bob Young are among nominees. The site is here: http://www.ecsl.cs.sunysb.edu/~andrew/awards/ Good luck! Andrew Shuvalov | ||
Date: Mon, 26 Oct 1998 22:15:12 -0600 From: Craig Goodrich <craig@airnet.net> To: security_watch@infoworld.com Subject: Security Itch ... Your recent column on TCP fingerprinting is interesting in its technical section, but I found it utterly incoherent in both its introduction and implied conclusion. For example, you begin: "If you're an anxious security manager hesitant to deploy a Linux system for fear of its gaping security problems, two recently released Unix programs will give you a reason. These new Linux-based hacker tools enable TCP fingerprinting: a new way to scan your systems to decipher the the operating system type." First, *what* "gaping security problems"? The open-source nature of Linux should frighten only those utterly incompetent administrators who believe that system programming manuals must be kept in the safe -- a nonsensical view rejected by *all* professionals in this business for at least two decades now. Security comes from OS design and proper administration, not from secrecy of program operations; otherwise every time your bank fires a junior programmer, he could clean out your account from a modem in Rio. Moreover, Linux' open development model means that potential security holes are both found and fixed much more rapidly than those in most commercial operating systems -- particularly NT. It also means that such holes are disclosed publicly, so that Linux admins can take immediate stopgap measures until a patch becomes available. Ask your Microsoft support engineer for a complete list of reported security holes in NT and see what happens.... But in any case it is utterly opaque to me how the fact that a program capable of identifying the OS of *other* machines runs on Linux (or, as you say, nearly any Unix) could pose a security problem for *the machine it runs on*. If knowing what OS is running on the machine I'm sitting at is a security threat, then perhaps we should just simply unplug all our magic boxes from the wall. Yet this is the only possible interpretation of your opening paragraph. More generally, I have a real problem with this assertion: "Because the first major hurdle for any hacker is to find out what OS is running on a targeted system, these tools can cut the time it takes to do so." Well, of course the cracker (not hacker) needs to know your OS. So do many normal utilities such as ftp. Most web servers will provide version and OS information on request. The cracker also needs to know your IP address. Most heroin addicts started out on milk. So what? If simply knowing that a given machine is running OS/400, say, or that it's a Cisco router, poses a security threat, then the thing to do is get rid of the machine, because that knowledge can't possibly be kept secret enough. But this is obviously ridiculous. So, again, I'm afraid I find your column incoherent at several levels. What important point did I miss? Sincerely, Craig Goodrich Rural Village Systems somewhere in the woods near Huntsville, Alabama | ||
|