Enterprise Unix Roundup: Special LinuxWorld Expo Edition
If you live on the West Coast and noticed a glow on the horizon from the direction of San Francisco this past week, it was probably because LinuxWorld Expo (LWE) was in town. Long considered the tent revival cousin of the more staid winter East Coast show, LWE West is where the old community spirit that characterized Linux in earlier times is more likely to be found, and it's where Linux vendors are a lot more likely to rally the troops.Red Hat Hits Back, SCO Cries "Conspiracy!" With all of the activity going on at LinuxWorld Expo, we decided to publish a bonus edition of Enterprise Unix Roundup. In a nutshell: SCO suits snowball; Novell announces Ximian purchase; and Sun makes 'Mad Hatter' details public. We also offer a quick fix for the postfix remote denial of service vulnerability that works on other breaches as well.
Red Hat announced a lawsuit aimed at SCO for making what the North Carolina company calls "unfair, unsubstantiated, and untrue public statements." German Linux distributor SuSE said it supports its rival in the suit. Red Hat's goal is to force SCO to admit that Red Hat isn't infringing on any of its intellectual property. For its part, SCO said it's weighing its options, which might include a countersuit for copyright infringement and "conspiracy."
Perhaps more substantial than the suit, which essentially aims to force SCO to do exactly what it's doing with IBM in court right now, is Red Hat's "Open Source Now" fund, a $1 million war chest to be used to defend free software developers from legal accusations of infringement. Consider the troops rallied.
SCO also got around to formally announcing the price of its Linux license, touched on here last week, which the company says will indemnify corporate Linux users against claims of IP infringement: $699 per system until October, when the company will really put the screws on and charge double that. OEMs are also supposed to cough up $32 apiece for any embedded Linux systems (like the TiVO or Sharp Zaurus) they have on hand.
One other note in the SCO saga: IBM, perhaps provoked by some muttering about its refusal to indemnify its AIX customers against the SCO suit, launched a countersuit. It is charging that SCO infringed on IBM patents and is suing for something SCO did as Caldera just a few years ago when it sold a Linux distribution and disrupted IBM's AIX business.
World Wrestling Entertainment headquarters are down the street from our office. We'll go talk to them about renting a steel cage.Sun's Hat of a Different Color
Last week we noted Sun's plans to resurrect "Mad Hatter," a corporate desktop built around its own Linux. The reasonable question that provokes is "why bother when there are all sorts of good, free-for-the-taking flavors of Linux (e.g., Red Hat) that already do all the work of making a Linux distribution work?" Well, that's exactly what Sun's doing: using a pre-existing distribution and building what one of our sources called "a common platform for developers."
That raises another question: "What's wrong with the Linux Standards Base (LSB)," which is the Linux developer community's own attempt to create exactly that, a standard base from which developers can work. The unspecified distribution is reportedly Red Hat, but we'll have to wait until Mad Hatter hits the streets to see what a quick toss of its entrails tells us.
If it is indeed Red Hat, the move to put a Sun spin on the product makes sense: A colleague at the show noted Red Hat is moving away from heavily emphasizing its retail/consumer product, essentially turning it into a free-floating release candidate and proving ground for its enterprise edition. That sort of loose "release early, release often" spontaneity so many grassroots Linux supporters enjoy isn't going to go over well with Sun, hence the tweaks.Novell Strengthens Its Ties to Linux
Novell, best known for NetWare, announced the acquisition of Ximian, a Linux company known for both its polished desktop software and Unix Outlook replacement Evolution. Analysts say the buy makes for a good fit.
Although the purchase of a Linux desktop company might seem out of character for a server software company, it makes more sense when viewed in the light of next year's planned release of GroupWise for Linux with its promised Java-based client. Ximian's "Connector" product allows Linux desktop users to interface with Microsoft Exchange servers. Similar functionality with GroupWise is in the offing for Evolution. We're fairly certain the Java client will not amount to much, nor will it need to with Evolution on the scene.
- wu-ftpd, a popular FTP daemon, was found to have a buffer overflow bug. This one is serious to the extent it opens the possibility of a remote root compromise. Mandrake, Red Hat, Conectiva, and SuSE have all released patches.
- postfix, another popular package used as a fast, secure, easily configured sendmail replacement, has been found to have a remote denial of service vulnerability. Several vendors have patched their releases, but this bug provides an interesting note in software releases: postfix lead developer Wietse Venema reports the bug was patched nine months ago, but that the version with the exploit is still in heavy circulation among distributors due to their own release schedules.
Tips of the Trade
This week's postfix snafu reminded us of a favorite Linux utility, to which we'll give a nod for this special Linux World edition: checkinstall.
Distributors aren't always the fastest at getting the latest and greatest out the door, it's not always easy to get ready-made binary packages. Checkinstall handles that problem by building a binary package out of a compiled source tree. Where you normally do the ./configure && make && make install routine to build a package, checkinstall intercepts the make install part and builds a package ready for installation in Red Hat, Debian, Slackware, or RPM-based distributions. That way, when your vendor finally does catch up, you can remove the package with a single command (instead of hunting its components down by hand) and install the new binary package without a hassle. Good stuff.