Enterprise Unix Roundup: Talking Past Each Other
September 11, 2003
"Unix Held Hostage, Day 98?"
"War in the (Utah) Desert?"
We're trying to figure out the title for the informative infographic we'd provide if this column were a news show and we led each episode with more about the SCO/Linux case, which, like the rainy season in Portland, Oregon, has settled over the IT landscape in a way that causes us to shake our fists at the sky, pleading for just one day sans the relentless drizzle.
It seems as though absent a ruling, which is a long ways away, we aren't going to get any relief. SCO has to make its case before the public to have any hope of selling any of its freshly minted runtime licenses (which convert that free copy of Linux your company downloaded last week into a $900-per-seat Unix knock-off), and that means people who disagree with SCO are climbing over each other to rebut.
We'd like to think that last week's column, in which we opined that SCO is burning bridges with the server room set as it makes its case to the suits, was noticed in the Lindon, Utah offices, inspiring the company to reach out to open source developers with an open letter this week. But that would mean we'd have to take responsibility for writing a column that was flatly incomprehensible to SCO, as it took the opportunity provided by that open letter to accuse open source developers of theft and irresponsibility.
On the other hand, it's not like SCO's letter was to open source developers. It was really just more communication with the suits whom SCO is expecting will not meditate too hard on assertions like "the Open Source community needs a business model that is sustainable if it is to grow beyond a part-time avocation into an enterprise-trusted development model."From a software vendor's point of view, that makes a certain amount of sense: Part of SCO's corporate DNA includes an early Linux mover (Caldera) that went down in flames trying to sell something others are giving away for free. From the point of view of the rest of us (i.e., the people who have to use this stuff), comments like that ignore the way all sorts of open source projects, like Linux, Apache, the BSD family, PHP, sendmail, and bind, are trusted by all sorts of "enterprise customers" who make money with open source software not by selling it, but by conducting business with it. It ignores this fact so badly that we could almost suspect the letter was only recently dug out of a time capsule from 1997.
But that's just SCO's part of the drama this week; the open source developers it was talking past wrote back. Most notable, if only because he has a reputation for affability and a general disinterest in the spotlight, Linux creator Linus Torvalds wrote a missive titled "Open letter to Darl McBride -- please grow up," which read, in part:
"... we have to sadly decline taking business model advice from a company that seems to have squandered all its money (that it made off a Linux IPO, I might add, since there's a nice bit of irony there), and now seems to play the US legal system as a lottery."
Open Source Initiative co-founders Eric Raymond and Bruce Perens also fired back their own letter, charging SCO's CEO with writing a "farrago of falsehoods, half-truths, evasions, slanders, and misrepresentations."
Raymond's other contribution to the dust up this week is a piece of software able to compare large chunks of code at the rate of 55,000 lines per second. Conceivably, such a tool could be used to compare, say, Linux source code to SCO source code, helping to resolve just how much copyright infringing is going on, if any. Though Raymond declined to say he if plans to use it to undermine SCO's case, he did say "I am grinning a grin that should frighten the thieves and liars at SCO out of a week's sleep."
It may be time to reconsider "War in the Desert" for that news graphic: If the claims, counterclaims, and rhetoric get any more heated, welovetheiraqiinformationminister.com is going to have some competition:
"Don't believe the lies of the infidels. There is no SCO code in the Linux kernel. Never!"
Oops. Looks like it already has.
In Other News
Security Tip of the Trade
This week brought news of yet another RPC-based hole in Windows, which brought predictable crowing and carrying from everyone else. While we enjoy a little schadenfreude as much as the next Unix geek, we also remember to keep an eye on our logs and make sure no one's making a monkey of us. Our tool of choice for the chore of logwatching?
A free tool called "logcheck." This handy program parses log files for entries that look anomalous, such as repeated failed login attempts to your FTP server from somewhere in Russia, and mails you a copy of the entries. Better yet, it can be customized to operate at several levels of cautiousness, from "workstation" to "paranoid," ensuring you aren't inundated with pointless messages. It also has a configuration directory that enables admins to use regular expressions to mask out messages that aren't worth worrying about. Here's a sample line from the "ignore" file for the secure shell daemon that makes sure you aren't warned every time someone hangs up a remote ssh session:
We got this example courtesy of the Debian distribution (which forked the project to suit its needs), but you can always visit the closest thing to a project page to find tarballs to build.