Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials

Recent events, however, have provided us with a counterexample of utmost clarity. The Berkeley Internet Name Domain (BIND) server is one of the classic free software success stories. It is free software, and plays a crucial role in the operation of the Internet. It runs almost every DNS server on the planet; its "market share" makes Sendmail and Apache look like bit players.

And therein lies the problem. When a security problem turns up in BIND, the entire net is immediately vulnerable. In this respect, the net is a monoculture. Imagine the damage that could be done by a malign individual who is able to find and exploit a new BIND bug. Given that (1) BIND bugs seem to turn up regularly, and (2) BIND 9 contains a large amount of new code, this scenario is a real possibility. The fact that ISC plans to create a closed forum for the discussion of BIND security issues (see this week's LWN security page) does not add confidence in this area.

BIND shares a lot of characteristics with sendmail. It is a piece of near-universal infrastructure which performs a crucial function. It is also too large and complex to ever be audited thoroughly. Sendmail, however, faces viable competitors; those who do not want to run it can do very well with qmail, Postfix, Exim, or others. These mailers handle a small piece of the Internet's mail traffic, but they add a great deal of security and robustness to the system.

BIND is not entirely without competition either. Some of the other free (or "almost free") DNS servers out there include:

• djbdns. This DNS server was written by D. J. Bernstein, who also wrote qmail. It shares a number of the characteristics that qmail has: the code is compact, fast, and highly secure. It also shares qmail's downsides: Mr. Bernstein's aggressive personality (see his Buggy Internet Name Daemon page), not-quite-free licensing (you can't redistribute modified versions), and code that is at times difficult to read. djbdns also lacks some capabilities (such as TCP service), making it not necessarily suitable for larger domains.

  Update: we've received mail saying that we have understated the capabilities of modern versions of djbdns; we're investigating, and we regret any errors on that front. Further update: we now have a detailed look at djbdns available as a separate feature which, hopefully, sets the record straight.

• CustomDNS is a DNS server, written in Java, which is intended for highly dynamic domains. DNS lookups are handled "on the fly," so that, say, associating domain names with DHCP-assigned addresses can be handled. CustomDNS uses HP's e-speak technology under the hood. The whole package is covered by the GPL.

• Dents is a DNS server written in C. It features a control architecture built on CORBA and a modular plug-in system for added features (there is, for example, the inevitable module that calls a Perl script to resolve queries). It is licensed under the GPL. Dents appears to have much of what is required, but development seems to have stalled (the last release on SourceForge (0.3.1) is from September, 1999; no CVS commit appears to have happened in the last three months) and the documentation is nonexistent. The force behind Dents was Johannes Erdfelt; he is now heading up the Linux USB project, and is likely too busy to work with Dents. Dents is not yet ready for prime time.

• ENS is a small DNS server which is intended to be used in embedded systems.

From the above list, one can conclude that BIND's competitors have some ground to cover yet (though supporters of djbdns disagree). Energetic hackers looking for a project may want to consider the creation of a viable competitor to BIND; the net will be a safer place when we have one.

Speaking of the KDE/GNOME competition... if you search for KDE on Google you'll find, among the expected things, a "sponsored link" from Ximian. Not everybody thinks that's quite the form the competition should take...

SuSE lays off most of its U.S. staff. We have now received word from several SuSE employees that they have been laid off as part of a general cost-cutting measure. Evidently, almost all of SuSE's U.S. presence will be closed down, leaving "about two dozen" people out of work. The people affected were doing installation support, consulting, and some development work. Some of them have been saying their goodbyes on the SuSE English mailing list; it is clear that they will be missed. We wish the best for all the SuSE folks.

If you are not one of the people involved, this step is actually not all that significant. SuSE apparently has no intention of cutting back on its English edition or backing out of the U.S. market - SuSE Linux will be available as always. And, in the end, a couple dozen people out of a worldwide total of around 600 is a pretty small reduction - a number of Linux companies have made much larger cutbacks than that. SuSE remains alive and well. (See also: this Slashdot comment posting from SuSE employee Michael Hasenstein on the layoffs and what they mean for SuSE).

Amusingly, SuSE's U.S. PR agency dismissed LWN's initial reporting on the layoff as "totally rubbish". We're waiting for our apology...:)

It's time to make a choice about software licensing. At least, that's what we read on the front of a piece of junk mail that Microsoft, in its wisdom, chose to send to the LWN offices. On the back, the choices are clearly spelled out:

• A. Big Penalties from the BSA
• B: Big Savings from Microsoft

You'll be glad to know that the Business Software Alliance has declared a "28-day truce" - for the month of February, it will "hold off on software investigations." Now is the time to go out and be sure you've bought licenses for everything you (and your employees) are using, or "pay the price."

Microsoft hopes to simultaneously take advantage of and dissociate itself from this ugly aspect of proprietary software. Come to terms with the Good Cop (Microsoft), and it will protect you from the Bad Cop (the BSA).

This brochure, of course, leaves out an important alternative:

• Run free software and tell the BSA to take a hike

Anybody who has administered a network of systems can attest to the hassles of dealing with software licensing. The up-front cost is one thing, but the administrative time involved in managing software licensing is considerable. Tracking software on systems, maintaining a database, running license manager daemons, getting everything working again after a hardware or software upgrade, and so on, takes a great deal of effort. Proprietary software is a costly game to play if you stick to the rules.

And if you don't, there's the BSA with its audits and raids and penalties. The BSA has become a sort of software industry police force, with the willingness and ability to go to the courts for the authority to raid companies and "audit" their computers. And this is not just a U.S. phenomenon; the BSA is a worldwide organization.

Free software brings freedom, and that includes freedom from threats and raids by BSA bullyboys. How much is that freedom worth to your company?

LinuxWorld 2001 New York. If you didn't catch the links to our LinuxWorld coverage on the daily page this past week, here is your chance to check it out. This year's conference was a study in contrasts; the exhibit floor was twice the size of last year, but several vendors canceled their attendance at the show at the last minute. The venture capitalists were no longer circling, but that didn't mean that money wasn't present. This time, it came in the form of a large new presence from the big computer companies, IBM in particular, but also Intel, Dell, Compaq and more.

In many ways, there was more money around than ever; IBM's investments were part of that, but also it was clear that the large companies were confident that Linux was moving into the enterprise. Maybe we've only got our toe in the door at the moment, but that is changing quickly. And the enterprise is where customers can and will spend money to get what they need.

Overall, the mood was upbeat. While Linux IPOs and other get-rich-quick schemes were definitely in disfavor, the feeling that Linux and Open Source software is an unstoppable movement was still present, possibly bolstered by the preview release of Revolution OS, a documentary about Free Software, Linux and Open Source and its impact on many people's lives. Even if you aren't one of the people in that film (it could only focus on a few), it is an experience to see the world we've lived in portrayed on film. We hope it will do well at its official opening in March and move on to become available for more people to see.

Meanwhile, our coverage is not yet complete; interviews and feature articles based on last week's work will be forthcoming in the near future.

Inside this week's Linux Weekly News:

• Security: Privacy issues with HTML mail, ISC "members only", NSA teams with VMWare, insecurities in Wireless protocol.
• Kernel: Some 2.4.1 problems; the great kiobuf debate
• Distributions: Ututo, Astaro and Relax join the list. SuSE wins an award and enters the Internet Portal business.
• Development: LDP update, multi-headed KDE, LAMP, Tkinter 3000, DDD 3.3.
• Commerce: LinuxWorld wrap-up.
• History: "Open Source" turns 3.
• Letters: On DirecTV's "black Sunday"

This Week's LWN was brought to you by:

• Jonathan Corbet, Executive Editor
• Elizabeth O. Coolbaugh, Managing Editor
• Michael J. Hammel, Senior Editor

Next: Security