See also: last week's Back page page.

Linux Links of the Week

Kernel hangman. For those of you with too much free time... Jeff Dike has put up a Kernel Hangman game on the User-mode Linux site. See if you can guess some obscure kernel symbol before it's too late...

Section Editor: Jon Corbet

This week in history

A second internal Microsoft memo, now known as Halloween II, was brought to light. This followed close on the heels of the original Halloween Document. The second memo mentioned strategies for dealing with Linux and shed more light into some of the strategies that could be used against Linux.

What Microsoft justly fears is that open-source will expose the illusion on which its revenues depend. Along with Apache and Perl and sendmail and the innumerable other achievements of the open-source community, Linux demonstrates that no one need pay for excellent software. Ironically, many of Microsoft's loyal customers find this far too good to be true. They probably always will. This shouldn't be a problem; many Flat Earthers and Creationists lead happy and productive lives.
-- Feed Magazine on the Halloween memos

One year ago (November 11, 1999), RedHat and Oracle announced a collaborative distribution based on RedHat Linux that was intended to be aimed at high volume e-commerce sites.

U.S. District Judge Thomas Penfield Jackson's findings of fact revealed that Microsoft had a monopoly in the operating system business. In the ruling, Linux was written off as a viable alternative:

Fortunately for Microsoft, however, there are only so many developers in the world willing to devote their talents to writing, testing, and debugging software pro bono publico.... It is unlikely ... that a sufficient number of open-source developers will commit to developing and continually updating the large variety of applications that an operating system would need to attract in order to present a significant number of users with a viable alternative to Windows.

Publicly traded Linux stocks jumped up in price after the announcement. Cobalt Networks fortuitously chose this week to go public, and immediately jumped to $130/share - then the third biggest opening day "pop" ever.

Rumors circulated that Red Hat would buy Cygnus - these turned out to be true.

Journaling for ReiserFS was released by Hans Reiser. Another Journaling filesystem, Stephen Tweedie's ext3 version 0.0.2c filesystem was released.

The freeze of Debian 2.2 was pushed back - until January of 2000. That seemed like a long time away, but the eventual 2.2 release was even further away.

Letters to the editor

Date: Thu, 02 Nov 2000 07:29:58 -0700
From: Bruce Ide <nride@uswest.net>
To: letters@lwn.net
Subject: Playing Devil's Advocate

While the recent Microsoft network compromise was significant, we should
keep in mind that most security problems originate from people who are
not security conscious. Though a solid operating system helps, it's not
an end-all solution.

It doesn't take much browsing of the LWN Security Section to get a feel
for just how vulnerable a given distribution of Linux is out of the box.
Although it may not be particularly succeptable to remote attacks, local
users will typically find it to be pretty trivial to gain root access.
And of course the first thing Joe Random Newbie does once installing his
Linux box is to offer all his IRC friends accounts on his system. And it
blows his mind when he finds out later that his machine has been used to
trade live goat porn for the past year and a half.

Now using a system like Linux will help a bit, if for no other reason
than it keeps your servers from getting virusses. The security problems
we're seeing now will not go away until both programmers and users adopt
a "Security First" mind-set.

On a side note, the current anti-cracking legislation goes about this in
entirely the wrong way. It'll lull users and administrators into a false
sense of security and draw out the entire process. It's foolish at best
and dangerous at worst.

-- 
Bruce Ide                   nride@uswest.net

Date: Thu, 2 Nov 2000 09:44:38 -0600
From: Kevin Breit <battery841@mypad.com>
To: letters@lwn.net
Subject: Linux's security

Greetings,
	The Linux community is definatly interested in the situation that
Microsoft was cracked.  Most of our rebuttal is "Ah!  See, this is where Linux
shines."  While I agree that the open source model is much more secure than
the closed-source model, I don't feel that Linux shines in the security
category.
	Granted, Linux gets much more secure when not all services are installed
and set to go in init.d.  But do we really need to look at a simple find 
statement to find out that we have way too many suid applications that don't
need to be?
	What I feel needs to be done is that the distributions need to take
some time and take security seriously.  They need to look at all their suid
apps, and make them have the correct permissions.  Have default installs
have /tmp as its own partition and have noexec nosuid on that partition.  I
know that the Linus and Co. think it's nazi-admin, but enable wheel group on
Linux distributions by default.
	Linux is probably more secure than Microsoft's respective operating
systems are.  But Linux definatly doesn't touch OpenBSD's quality in regards
to security, and I feel it's arguable that it has some catchup to do with
FreeBSD.  Even if we may never hit OpenBSD's security standard, I feel it's a
goal we should all strive for.  This would allow us to say, without a doubt,
that Linux would do a better job than Windows.

Sincery,
Kevin Breit

Date: Thu, 02 Nov 2000 15:40:47 +0800
From: Frank Horowitz <frank@ned.dem.csiro.au>
To: letters@lwn.net
Subject: Time warp....

Dear editors,

In your "Two years ago" section of "This week in history..." in LWL of 2
November 2000, you state

	Supercomputing 1998 hosted Beowulf talks for the first time. 

Just to be pedantic, a full year earlier, I attended a daylong "Build
you own Beowulf" session in the short-courses preceeding the SC'97
meeting in San Jose. This was complete with a 130-odd node cluster on
the exhibition floor (which performed the first teraflop computation on
a Beowulf, IIRC), and Donald Becker debugging drivers for a new ethernet
chipset "on the fly".  

So, umm, I guess that should have been in its own "three years ago"
section. Off-by-one errors will never go away :-)

	Cheers,
		Frank Horowitz
--
Dr. Franklin G. Horowitz; Principal Research Scientist;
frank@ned.dem.csiro.au
CSIRO Exploration & Mining,  PO Box 437,  Nedlands,  WA  6009,      
AUSTRALIA
Tel.(08)9389-8421 (Int'l +61 8 9389 8421), FAX (08)9389-1909 (+61 8 9389
1906)

Date: Fri, 03 Nov 2000 16:32:11 -0600
From: James Crouchet <crouchet@sd.is.irs.gov>
To: letters@lwn.net
Subject: Advice on patents

This note concerns your story about LinuxWorks possibly patenting
loadable modules.

I think the writing is on the wall, and I encourage you to move
immediately to protect the intellectual property you yourselves so
often employ. Specifically:

---

1. The use of symbols which represent, either separately or in
combination, various sounds.

2. Combinations of such symbols to form complete modules. Each module
is represented by one or more series of sounds as drawn from it's
component symbols. Each module also possesses one or more definitions.

3. Combinations of the defined modules is used to express and record
ideas, concepts, queries commands and other sorts of communication.

The items described here are know as:

1. Letters
2. Words
3. Language

---

I would also encourage you to extend free usage rights for these
technologies to those who publish software, books, plays and other
communications using the open source model. Though you might want to
specifically restrict it's use by those who hold software patents. 

James Crouchet

Date: Tue, 07 Nov 2000 10:55:20 +1030
To: letters@lwn.net
Subject: Transmeta coverage


Hello folks at LWN,

I like LWN, a lot.  Your coverage of the Linux scene is excellent.

But what's this obsession with Transmeta, a hardware component
manufacturer?  It's not even an open source project: they are
yet to even publish the opcodes of their long instruction word
microcode.

The only link I can find it that it employs one Linus Torvalds
and lets him work on Linux.  But Transmeta is hardly the only
company that allows its staff to contribute to open source
projects.

Your current coverage is probably most unfair to developers of the
competing Alpha processor, who have been significant and continuous
contributors to the development of Linux.

I don't mind the occassional "Where is Linus now?" article but
breathless reporting of every Transmeta happening is too much.

Regards,
Glen

-- 
 Glen Turner                                 Network Engineer
 (08) 8303 3936      Australian Academic and Research Network
 glen.turner@aarnet.edu.au          http://www.aarnet.edu.au/
--
 The revolution will not be televised, it will be digitised