Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Linux Software

More Linux Coverage in the News 75

Posted by Hemos from the more-press-rolling-in dept.
Principal Skinner writes " The main feature on Userweb has a pretty good exposé of Linux, the open-source movement, and trends in OSes. Heavily slams NT on reliability, scalability and TCO, as well as raising questions about whether Windows2000 is The Answer. Also talks a bit about Novell and its products. "
This discussion has been archived. No new comments can be posted.

More Linux Coverage in the News More

More Linux Coverage in the News

Comments Filter:

  • Technically speaking, Linux also offers enterprises a migration path to support 64-bit applications as soon as they become available. ... Microsoft, Novell and other OS vendors are still at least a year away from providing 64-bit application support at the OS level....

    Is Linux really so 64-bit clean? I know that the VFS layer is not on 32-bit architectures, and I haven't yet heard that glibc2 and kernel 2.2 are totally cleaned up even on e.g. Alpha and UltraSPARC. Someone who has had more recent experience please let me know... last time it mattered I found myself using cruft like llseek(), *shudder*.

    I am sure of one thing: Linux is not ahead of Solaris on 64-bit cleanliness of interfaces. I have yet to come across any documented interface in Solaris 2.6 that is neither 64-bit nor has an explicit 64-bit equivalent.


  • Today all the shop that use NT must deal with NT bugs and try to find some workaround because they don't have the possibility to fix it (don't have the code). Your credibility to your customer can suffer from fault that aren't yours but are in the OS.
    If you use some open source OS you can either fix it or help other people fixing it (bug report...). Your credibility can suffer too but you can work to fix what pulled your credibility down (if this is bug related).

    In on part you have more control over your destiny but in the other part you have less control over your customer (they can more easily leave if they aren't happy). So you compete on your own quality.
  • Why download the files? Instead, do a net-based install. Redhat has a neat install-via-ftp option -- you just download one floppy-disk image, boot from that, and go. Since you have a fast connection, this is the BEST way to install linux.

    (Several other distributions can do NFS installs; can any others install via FTP?)

    --

  • Turns out the article I referred to did not contain stuff about NT's high Total Cost of Ownership. Sorry. I originally ran across this article in Washington DC Computer User, which has the Userweb URL on the front. The newspaper had an adjacent article on how great Unix is compared to NT, but by the time I got around to posting to Slashdot, I'd forgotten these were two separate articles, and it turns out only the feature article is shown on their website.
  • I always love to see what the pundits at Gartner Group are blathering about. Why anyone would pay money for their *predictions* is beyond me. A while back they predicted Linux would go nowhere... now that it has swept the Internet/Intranet catagory, that has been revised to "linux will not penetrate the enterprise." So after we sweep the enterprise, what is their next prediction? "Linux will not ascend to the godhead", perhaps? Remember, these are the same people who once predicted the death of SMTP on the global email backbone.

    Thad

  • it means that linuxers better not knock off Novell because linux needs their NDS
  • Novell to their customers.

    But "Mr. Novell" to us, huh?

    What you're advocating would mean Novell having to listen to every
    geek out there on the web, wether they are customers or not.

    Well, good heavens! Those geeks couldn't possible have any good ideas, could they.

    That basically means their customers would have a smaller voice, in the sea of any wannabe who had a copy of their code. That's the opposite of listening to their customers.

    To answer the point behind the persiflage (and my, is there a lot of it in your post), it is not inconsistent to listen to technically educated people and to one's customers. Most companies manage this trick without difficulty.

    Perhaps you need to work on your listening skills.



    --
  • This points out the fact that when criminals (or potential criminals) can get their hands on source code they'll sift through it looking for exploits.

    Of course they will. All the more reason to accept peer reviewers, as they do the same thing. Why should criminals have an advantage?

    You're right, of course. But the minute you release the source code a whole lot of security flaws might (will?) be found. They will get fixed but in the meantime, there will be many very exposed systems.

    I'm not saying open source isn't better or that under the closed source system those bugs will not be found. I'm just trying to point out that changing to an open source system is difficult and it may cause a lot of problems.

    I cannot see how to do such a change without making one vulnerable to these type of problems which might cause a consumer backlash.

  • This points out the fact that when criminals (or potential criminals) can get their hands on source code they'll sift through it looking for exploits.

    Of course they will. All the more reason to accept peer reviewers, as they do the same thing. Why should criminals have an advantage?

    Unless a piece of software is released under an OpenSource(tm) license, and mechanisms are in place for peer-review to result in rapid fixes (i.e. there is a body accepting open submissions, etc.) the public release of the source code DOES represent a security risk.

    What you say here is not quite accurate. The software does not have to be released under and open source license to retain security, and there need be no body to accept (code) submission. At minimum, we would like:

    • Availability of the source code for perusal. Redistribution can be restricted. We just need to see it.
    • People willing to listen to suggestions. They do not have to accept code. Any sort of bug-tracking system would provide this.

    It's sort of an all-or-nothing situation.

    Not at all. What I've outlined above is clearly not Open Source, but it can improve security.

    Regardless, the silliness of Novell's statement is that they imply security through obscurity is inherently better than open peer review, which has been proven time and again to be false.

  • "Novell will use open-source publishing when it makes sense," says Brian Faustin, Novell's director of product marketing for NetWare. "It doesn't make sense for the network operating system because we need to maintain our value-add through security and reliability features. Our customers don't want us to give away source code."

    First, I've never heard of any licensee of any software that would be *unhappy* if they got source with it, quite the contrary... and I don't believe "open source" implies "give away source".

    Second, I don't see how customers having source could decrease reliability (except versus attacks, which is really a security issue). And availability of source has a record of improving security and reliability via peer-review; what Netware exploits I have seen did not appear to involve more than interface knowledge, and in some cases would likely have had one-line fixes.

    But I'm sure everyone that agrees with me has heard all this before.

  • In this sort of instance, the typical script kiddie really wouldn't know what to do with the source...
  • It depends, on UNIX systems if the programmer used the correct data types, then all it should take is a recompile. Now if winsock is anything like the rest of windows then the programs all use int, or something of the sort, and it's going to be ugly for windows programmers.
  • This is nice. Does anyone know of a brief, not-too-technical history of Linux and Open Source? I keep looking for things to show people that don't understand "what all the fuss is about."

    Grant
  • Goodness gracious.... Here's a post that only the brave dare answer. :)

    Ok, I'll take a shot and everyone else can dogpile me for all the stuff I leave out and get wrong.

    If you could get a complete distribution in a single file, it would be a pretty huge file. You can probably get a disk image via FTP of most distributions (Red Hat, Debian, Slackware, etc.) Burn the image to CD-ROMs or copy it to an NFS mount and you're set.

    If I Remember Correctly, in many cases it's also possible to boot off an install floppy and do your install via FTP from the distributor's site.

    I suspect this post may result in several, "just buy/order CDs" responses. Honestly, I have to agree. A CD distro is a cheap/fast/easy way to get started. At the very least, it gets you a working OS quickly. It also comes in handy when a friend wants to install Linux, too. ;)

    Personally, I usually install a scratch system from CDs, recompile the kernel with my networking and hardware options, then start downloading the latest kernel, utilities, etc. This way, I'm able to work with the system while I'm updating it.

    This advice is solely based on my humble experience, so take it for what it's worth. Do have fun, though.
  • "Linux already has won the hearts of techies the world over, and lately, the free operating system has carved out a place on corporate servers. Could the typical office worker's desktop be the next stop?"

    The above is a quote from today's (6/3/99) SF Chronicle... mainstream enough for me. :)

    Unformatted (no CGI access) story here [sfgate.com]. Or track it thru www.sfgate.com, headline Wrestling with the Desktop, link OS Mania (this may all be gone by tomorrow... sigh)

    Shandon
  • Debian (potato at least, not sure about slink) can install using apt, which means via FTP or HTTP.

    Stampede will have an FTP install; I'm just not sure if they've written that part of the install script yet.

    Slackware does NFS installs, and you've already said - RedHat does FTP.
  • Are you implying Linux will ascend to the godhead?

    (are you implying that Linux will penetrate the enterprise?)

    Actually, I was implying that Gartner Group will run out of areas to make negative Linux predictions about, and that their predictions are rather silly besides. Then again, people keep saying Linux is like a religion... ;-)

    Thad

  • I think what he meant was that the VFS layer is not 64-bit clean on 32-bit systems. I know I've seen posts claiming that for this reason XFS won't be very useful on 32-bit systems.
    --
  • Seems as long as we keep up the sarcasm and refuse to swallow the shit like good little citizens, Linux will rule.

    When the last ember of the last flame war is extinguished and we start giving speeches like those found in Microsoft Press Publications (remember this the next time you read something like "For the purpose of learning C++, you must have a compiler. MS Visual Studio may be a good purchase), it's over.

  • The Support Question (Score:4)

    by remande ( 31154 ) <remande@bigfoot. c o m> on Thursday June 03, 1999 @10:50AM (#1868174) Homepage
    Yet it is the nature of Linux open-forum business model that GartnerGroup and others believe could harm Linux's chance of becoming a mainstream, general-purpose NOS. Author G. Weiss states in his book "Linux in the Mainstream: Key Make-or-Break Factors," "Linux sidesteps the issue of IS responsibility; many Linux converts unrealistically believe that IS departments can assume more responsibility and wean themselves from vendor dependence, since the worldwide resources of the community are available to leverage." The issue brings up a question: To whom will Linux IS managers turn in times of trouble to obtain fast relief in the absence of vendor support contracts?

    We do not expect IS departments to take more platform responsibility. We expect them to get support contracts from a competent support firm. IS departments can expect to get better support out of Linux (and other open source software) because OSS demolishes the support monopoly.

    You can only provide so much support for a piece of software without having the source code in your hands. If you find a bug, you can only fix it if you have the source code. With proprietary software, only the software vendor itself has that code, and thus it is the only truly competent support organization. If you really need a package to run, your chain of support must go to the vendor. If you don't get support from the vendor, you get support from someone who gets support from the vendor. If you don't like the support you get, you either live with it, or change support by changing vendors.

    Every proprietary software firm is a monopoly in the support market for its own software.

    With Linux, anybody with skills and a 486 can fix Linux bugs. You can support Linux to the hilt without selling Linux. There is no Linux support monopoly. The competition creates low-cost, competent support contractors.

  • Please help me understand:

    "...Another strength of NetWare 5 is NetWare Directory Services (NDS) version 8, which plays a lead role in the NetWare 5 success story..."

    "...Windows 2000 (NT 5) will include Active Directory, Microsoft's version..."

    *** So, what does Linux have to compete with these
    directory services?

    Novel Claims it's directory holds a Billion Objects, and Micro$oft seven million objects, ***What about Linux?

    -Bob OConnor
  • Whom do you think will take the time to look at a million pages of source code and search for bugs and holes? Not your average wannabe, and doubtfully most code guru's will. However, the people who depend on the software for the operation of their company will have a vested intreset in the product, and therefore gain the most from having the code infront of them. I rarley look at the linux source code, but I am still glad it is avalible so the thousands of geeks and hackers out there can program to their hearts content. I do not worry about a newbie proposing a change to the kernel, and linus accepting to because it was emailed to him. A similar process should be impliment in any good Open Source project.


    If the Open Source procedure is not secure or avalid method of development, why do so many people depend on linux or BSD for both their desktops and servers? How many viruses have you heard of for linux or BSD? How about unpached security holes in wither? This questions are easily answered, Ask the same of NT or any other commercial NOS(NT and Novell strech that definition) and you will find many admins perfectly capable of coding thier own fix, waiting for a bug fix or a feature to be added.

    As much as the industry and media may over look this point, Linux is built by the users, for the users, and Linux will continue to develop this way. The growth of Linux is powered by the needs and demands of the community. How cant he consumer be wrong about what they want? As long as Novell, Microsoft, Sun and a multituted of companies fail to address the issues presented to them, Linux will continue to grow and replace them.

  • Kevin Mitnick is in custody right now in part because he was in posession of a stolen copy of the Solaris source code. He supposedly was using it to read through the code to look for exploits.

    This points out the fact that when criminals (or potential criminals) can get their hands on source code they'll sift through it looking for exploits.

    It even more obviously points out the fact that hiding your source code doesn't mean that crackers won't see it. It is a fatal flaw in your argument that you fail to recognize this fact.

    We've all heard the OpenSource(tm) Doxology, and eveything I've typed above is another creed that serves as a counter-arguement.

    Many people who do not generally subscribe to the open-source model for all software understand its value for cryptography. Your attempted counterargument is unsupported and, I strongly suspect, insupportable. If you can come up with a solid counterargument to the accepted view, that would be interesting. However, merely making an assertion and citing irrelevant evidence does not constitute such an argument.

    It's a big world out there, guys.

    Indeed it is...and I am not aware of any respected security authority within it who supports your views.

    Your patronizing tone is inappropriate for someone who has displayed no understanding of security theory.



    --

  • Linux has no directory services... it's just a kernel. ;-)

    Seriously... Novell is releasing NDS for Linux. Novell's DS is very nice, well worth the price if you need directory services (who doesn't?)

  • But because there are no barriers to entry, there should be more competition in the Linux support market and thus the market will be efficient. If you can only go to the vendor for support, you have to pay what the vendor charges.

  • I found it on a website, but you can check page 265 of "the road ahead" to be sure.

    He just made a big mistake and was thinking about factorising large numbers in their prime factors, shich really would be a breakthrough and would invalidate a big amount off the cryptography used today (RSA being the most obvious example).

    Sometime people make big mistake so you can laugh at them... but sometime you ARE this people and that's less funny ;)
  • There's always OpenLDAP at http://www.openldap.org [openldap.org]. I don't know what kind of performance it has though.
  • Oh, come on! Did he really write that?

    As much as I cringe to stand up for Bill, he's
    alright in his statement -- factoring a prime
    involves exactly that -- provably asserting that
    a number has exactly two factors, just like factoring any other whole, prime or nonprime.
    In a sense "guaranteeing" that a number is prime,
    is the same thing as factoring it.
  • Incidentally, it has to be a firm composed of your Open Source buddies.

    Not at all. There's nothing in the world preventing, say, Microsoft from going into the Linux (etc) support business, so long as any mods they make to the code are released.

    Mind, with Microsoft's reputation for support, they may not get many takers.

    "Buying Protection" is nothing new. "Protection Rackets" have been defining the 'rules of the road' for centuries, then extracting their fees from the potential victims.

    True, and that's exactly the angle that Microsoft seems to be adopting when they spread FUD about support for e.g. Linux. "Gee, nice OS ya got here, but it'd be a shame if those protocols were to break."

  • I don't believe "open source" implies "give away source".

    The accepted definition [opensource.org] of Open Source is the same as 'free software'. That is, you can use, share and change the software without having to pay licence fees.

    Unfortunately, the term Open Source can be misinterpreted as meaning 'you can get the source code' - this is one of the reasons I would have preferred to stick with 'free software'.

  • You might try www.linux.org and www.linux.com
    Both of them have a section about "What is Linux?" and they include information about the Open Source model. The descriptions aren't anything too in depth, so it should be just what you're looking for.
  • RSA's stuff is very secure because people know the alogorithm. People are able to examine it and find any flaws, and the usually they tell other people about those flaws and it gets fixed. DES had some features that allowed it to be easily cracked but they were fixed because everyone had the algorithm. Cryptology is where the Open Model began.
  • Maybe the point to remember about Garter Group is that Large Corporations _do_ buy their research(opinions), and act upon it. Therefore they do have an impact on the spread of Linux and MS products. What is the general opinion about Meta Group?
  • The exact same article is on the front page of the "Puget Sound computer user". In fact I haven't gotten PSCU for months and just decided to pick up a copy on my lunch break. What an amazing coincidence.
  • sixl6@agfo.org says: Solaris 7 is the version that is 64-bit clean, not 2.6. You can run it on UltraSPARC boxen, but it doesnt run in 64-bit mode, not even SMP boxen.

    The ability to run in 64 bit mode is an installation option. Individual programs can be either 32 or 64 bit. All of the libraries that 64 bit programs are linked against have to be 64 bit. If the 64 bit option is selected the kernel is 64 bit and all programs that access kernel memory like (top) have to be compiled 64 bit. I selected the 32 bit kernel because I didn't think 64 bit was worth the trouble this time around.

  • Perhaps you could enlighten me as to the nature of VFS...

    I run on a 32bit arch (kernel 2.2.8) and grep'ing through /var/log/all for VFS gives a bunch of stuff like:
    Jun 2 17:46:43 frank kernel: VFS: Disk change detected on device fd(2,0)
    Jun 2 21:21:36 frank kernel: VFS: Disk change detected on device ide1(22,0)

    grep VFS /var/log/all | wc -l counts 297 lines, and the uptime is only about a day (I just got back to school after taking some time off to work. God I love being back on ethernet.)

    Seems like the VFS layer is alive and kicking on my intel box.

    ?
  • In a sense "guaranteeing" that a number is prime, is the same thing as factoring it.

    There is a difference between "factoring a prime number" (which is a no-brainer), and "using factoring to determine whether a particular number is a prime number" (which is the costly part). The question is, should we be nice to the III-man and assume that the latter was what was really meant? :-)

  • "Novell will use open-source publishing when it makes sense," says Brian Faustin, Novell's director of product marketing for NetWare. "It doesn't make sense for the network operating system because we need to maintain our value-add through security and reliability features. Our customers don't want us to give away source code."

    What's the implication? That Novell's security would be reduced if they gave away source code?

    That sounds like a certain discredited theory of security to me.



    --
  • "The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates, The Road Ahead, Viking Penguin (1995)

    Oh, come on! Did he really write that?

    (What's his problem? I can factor large prime numbers in my head. (As long as you guarantee me it's prime.))
  • Well, I wrote a rather large paper for a course fall semester, about 30 pages, where I discussed the history of UNIX, it's connection to the open-source concepts, the way in which it impacted and was impacted by the industry evolution over the 80's and 90's.

    I plan on posting it on my website, although I haven't done it yet. (maybe I should before I get slashdotted.) If you'd like me to let you know when I post it, gimme an e-mail.
    ---------

  • >You obviously are not aware of whomever is the securty authorities in charge at Novell.

    i'm guessing from the way you phrased this, you arent aware of those people, aside from knowing someone must exist in that capacity, either.

    what he asked for was "any respected security authority" not "anyone who has a job description involving security".
    can you cite anyone who is generally considered an authority on security who supports your views? (i.e. references to papers or interviews where they make statements supporting your case)

    personally, i dont know enough about the subject to say that nobody who is an expert supports you. but i'm more inclined to ignore your views when the only support you can manage is a vague reference to someone whose qualifications arent known, even to you. if you think this supports or validates your position, you should probably take some informal logic classes and learn how to build a proper argument.

    >In other words, semantic tricks based on religious beliefs.
    there were no semantic tricks in his statement. he merely said he wasnt aware of any acknowledged experts in the field who support your position. i would assume that you arent aware of any either, or you would have used them to support your case.

    your continued reference to "religious beliefs" and the implications you are trying to make with that phrase does fall into a category of logical fallacy though.

  • The difference between the Open Source model of buying support and the "Protection Rackets" you mention is that under the Open Source model, nobody's going to come and break your kneecaps if you don't buy support. :-)

    Seriously, though, you don't have to buy a tech-support contract. If you have someone who has the know-how to read the source and understand it, you can do your tech support in-house and save money on a tech-support contract. (You'll still be paying the salary of your in-house employee, of course, but one person will probably be able to handle several pieces of software in that respect). And, (warning! Generalizations ahead!) since open-source software usually tends to be of a higher quality than proprietary software, you won't need as much technical support anyway.

    As for the worldview/religion aspect of it, well, most long-time Open Source advocates do admit exactly that. Consider the fact that the emacs vs. vi flamewars are usually referred to as "religious wars", for example. (ObFlameBait: Down with bloatware! Long live vi! ;->)
    -----

  • You can only provide so much support for a piece of software without having the source code in your hands. If you find a bug, you can only fix it if you have the source code. With proprietary software, only the software vendor itself has that code, and thus it is the only truly competent support organization. If you really need a package to run, your chain of support must go to the vendor. If you don't get support from the vendor, you get support from someone who gets support from the vendor. If you don't like the support you get, you either live with it, or change support by changing vendors.

    Support costs vendors money. Therefore, they charge money for support. Time comes, they're making a lot of money from their support. At this point, it's becoming in the vendor's best interests to release software that requires support. This leads to software that contains bugs and/or is harder to use/implement. This is regarded as a bad thing.

    I'm not saying this is what happens with every vendor. But it is all too likely, what with the money MS makes in support.

  • You are implying that Netscape should change their security model.

    Yes, I am, along with many others. My original point was to discredit Novell's statement that Open Source reduces security.

    If they did change their security model to fit your view of how they should run their company, then what you propose (releasing the source code) would improve their security.

    Ok, I'm glad we can agree on that.

    Just releasing the source code would reduce the security of their product, not improve it.

    Ahh, now I see the crux of your argument. You are arguing that releasing the source code without adequate means to reap the rewards will reduce security. This is true.

    But you're playing word games. What many people don't understand is that opening the source to a product is a process. The simple act of posting the source code is not what people here are advocating. They are advocating the Open Source process - the peer review that has served the scientific community so well for centuries.

    To put it another way, Novell would have to listen to its customers. It's a novel concept, but one who's time has come.

  • Okay, maybe I should have done a bit more research about IPv6 for other unixs and OSs than checking Dejanews...

    It seems all the unix guys have IPv6 implimentations of some kind. Novell are 'developing' one, and supposedly Windows 2000 will have it, though I'm not sure. Not sure what the status with Apple is either, though.

    Besides, since some of your apps (everything that assumes IP address is 32 bit) will need re-writing to make use of it I don't think it's going to become a really important feature anytime soon...

  • > Indeed it is...and I am not aware of any respected security authority within it who supports your views

    You obviously are not aware of whomever is the securty authorities in charge at Novell. Or you don't respect them.

    They have given me no reason to respect them...nor have you even begun a defense of your bizarre views. It is an inadequate defense to claim that company $foo does things in such and such a way; have you never known a company to do a foolish thing?

    In other words, semantic tricks based on religious beliefs.

    No, just a judgment based upon well-understood principles of security. If you doubt this, then either cite a source to support your views which contains an addressable rationale, or defend the point yourself. I will cite O'Reilly's Practical Unix and Internet Security in defense of my views, and will happily quote chapter and verse at you if you so desire.



    --
  • I think they really miss the point. In my "Mathematics of Cryptography" class we were taught to assume the attacker had more resources available to them than we had. Thus, a secure system must be designed with the possibility that the attacker has the source code. Afterall, isn't RSA considered pretty secure and many people know the algorithm used?

    Just my $0.02
  • As somebody points out above, Linux doesn't have dibs on 64bit kernal stuff - certainly just about every commercial unix bunch has this 64bit option. They don't seem to have researched the commercial Unixs much in general. Not that surprising in some ways - until recently most people were still predicting the death of Unix...

    I dunno about IPv6 for the other unix guys, but there is a Sun provided IPv6 patch available for Solaris, and has been around since 1997 - for Solaris 2.5. Such a patch apparantly works on Solaris 7 too, though the web page [sun.com] doesn't say - it's bit outa date with regards to OS versions. Anybody know what the case is for Irix, and the other big boys? Besides, last I heard IPv6 hadn't even been completed yet, and I have no idea how long it'll be until it's being used significantly - ie I think bringing up IPv6 is a bit redundant when talking about current NOSs.

    I wasn't particularly impressed by this article. Could have been better in a couple of ways (in some ways it seemed to have re-hashes from other articles going on about Netware VS Windows), and besides, we've seen so much similar articles it's getting boring... ^-^

    PS Before someone asks, IPv6 is to replace IPv4 sometime and give us 128 bit IP addresses, instead of 32 bit. To put it simply.

  • What if the person did work for the company AND teach classes on his own personal time? What type of situation would the company be in now?
  • I seem to remember FTP Software announced support for IPv6 in their 32-bit Winsock implementation back in, oh, 1996. Dunno what happened to that product, though.

Slashdot Top Deals

"Remember, extremism in the nondefense of moderation is not a virtue." -- Peter Neumann, about usenet

Close