[LWN Logo]
[LWN.net]

Sections:
 Main page
 Linux in the news
 Security
 Kernel
 Distributions
 Ports
 Development
 Commerce
 Announcements
 Back page
All in one big page

See also: last week's Back page page.

Linux links of the week


On everybody's list of useful web sites should be, of course, the GNU project page. Here you'll find the full set of software made available by GNU, their news bulletins, and, perhaps most importantly, the full set of writings describing the philosophy behind the GNU movement. Much of what is there should be considered required reading.

Sanger's Review of Y2K News Reports is a daily-updated summary of news items about the year 2000 problem and efforts toward its solution. It is easy for Linux folks to think that y2k doesn't really matter to them; people thinking that way may find themselves surprised later on. An occasional look here is a good way to keep up to date with where things stand.


October 29, 1998

   

 

Letters to the editor


Letters to the editor should be sent to editor@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. 		 
   
To: editor@lwn.net
Subject: Citing Linux in Microsoft court case
From: David Kastrup <dak@neuroinformatik.ruhr-uni-bochum.de>
Date: 22 Oct 1998 13:42:26 +0200


In my opinion the citation of Linux as a serious proof that Microsoft
is not monopolizing the operating system market by its desktop wars is
insane.

Just look at the situation:  here we have a stable, robust, open,
technically solid operating system used often for server tasks.  In
benchmarks it beats NT hollow.  There are still several soft spots
(like extensive GL support, other multimedia points and other stuff
important for game playing, the number one performance utilizator).

Yet it's an absolute minority player in the desktop market, and a main
reason is that the "standard" desktop stuff will not run on it.  How
is this counterproof to Microsoft levering its OS stuff via their
applications and vice versa?  Another wail is that Linux is too hard
to install for an average user.  So is Windows, but Microsoft
marketing has pressed vendors to equip their machines with Windows
from the start.

If Linux is to gain an important position, it means that there will
have to be a completely alternate line of desktop tools both developed
and deployed, since Microsoft will not lend a hand.  I am not saying
that these alternatives will have to be free in order to make Linux
take over the desktops, but they will have to provided by a party
which does not have destroying Linux (and other competition) as one of
its key strategies.  *If* (and that's a very big if) Linux one day
becomes convincing evidence that one has not to solely rely on a
Microsoft monopoly for the desktop, the market will probably avalanche
and bury Microsoft, because their "either it's us or the enemy" stance
does not make for good mixing of Microsoft products with that from
competitors.  This will require people to be willing to change.  But
Mirosoft itself has been training people to replace mostly working
software with something different which writes incompatible formats.

Of course there is a place for Microsoft in such a course of events if
they want to occupy it: it's the application sector where they have
always tried to excel.  But it might be that they will have to think
about their close coupling of app and OS development if they don't
want to hurt their app business in the long run.

-- 
David Kastrup                                     Phone: +49-234-700-5570
Email: dak@neuroinformatik.ruhr-uni-bochum.de       Fax: +49-234-709-4209
Institut für Neuroinformatik, Universitätsstr. 150, 44780 Bochum, Germany
   
Date: Sun, 25 Oct 1998 12:25:27 -0500
From: "Andrew V. Shuvalov" <andrew@ecsl.cs.sunysb.edu>
To: editor@lwn.net
Subject: Samovar awards

Dear LWN team!
    I don't know if this story is interesting, but i started the
"Samovar awards" project dedicated to nominate most interesting events
in computer industry in some humorous way. Linux and RedHat's Bob Young
are among nominees. The site is here:
http://www.ecsl.cs.sunysb.edu/~andrew/awards/

    Good luck!
Andrew Shuvalov
   
Date: Mon, 26 Oct 1998 22:15:12 -0600
From: Craig Goodrich <craig@airnet.net>
To: security_watch@infoworld.com
Subject: Security Itch ...

Your recent column on TCP fingerprinting is interesting in
its technical section, but I found it utterly incoherent
in both its introduction and implied conclusion.

For example, you begin:

"If you're an anxious security manager hesitant to deploy a 
Linux system for fear of its gaping security problems, two 
recently released Unix programs will give you a reason. 
These new Linux-based hacker tools enable TCP fingerprinting: 
a new way to scan your systems to decipher the the operating 
system type."

First, *what* "gaping security problems"?  The open-source
nature of Linux should frighten only those utterly incompetent
administrators who believe that system programming manuals
must be kept in the safe -- a nonsensical view rejected by
*all* professionals in this business for at least two decades
now.  Security comes from OS design and proper administration,
not from secrecy of program operations; otherwise every time
your bank fires a junior programmer, he could clean out your
account from a modem in Rio.

Moreover, Linux' open development model means that potential
security holes are both found and fixed much more rapidly 
than those in most commercial operating systems -- particularly
NT.  It also means that such holes are disclosed publicly,
so that Linux admins can take immediate stopgap measures until
a patch becomes available.  Ask your Microsoft support engineer
for a complete list of reported security holes in NT and see
what happens....

But in any case it is utterly opaque to me how the fact that
a program capable of identifying the OS of *other* machines
runs on Linux (or, as you say, nearly any Unix) could pose
a security problem for *the machine it runs on*.  If knowing
what OS is running on the machine I'm sitting at is a 
security threat, then perhaps we should just simply unplug
all our magic boxes from the wall.  Yet this is the only
possible interpretation of your opening paragraph.

More generally, I have a real problem with this assertion:

"Because the first major hurdle for any hacker is to find 
out what OS is running on a targeted system, these tools 
can cut the time it takes to do so."

Well, of course the cracker (not hacker) needs to know your
OS.  So do many normal utilities such as ftp.  Most web 
servers will provide version and OS information on request.
The cracker also needs to know your IP address.  Most 
heroin addicts started out on milk.  So what?  

If simply knowing that a given machine is running OS/400,
say, or that it's a Cisco router, poses a security threat, then
the thing to do is get rid of the machine, because that 
knowledge can't possibly be kept secret enough.  But this
is obviously ridiculous.

So, again, I'm afraid I find your column incoherent at
several levels.  What important point did I miss?

Sincerely,

Craig Goodrich
Rural Village Systems
somewhere in the woods near Huntsville, Alabama
 

 

 
Eklektix, Inc. Linux powered! Copyright © 1998 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds