Editor’s Note: This is the first issue of what will eventually be a weekly column. Enterprise Unix Roundup will be exactly that, a discussion of what has recently transpired in the enterprise Unix market. We will offer news and analysis, security updates, and Unix tips. We welcome your feedback, which can be sent directly to author Michael Hall or to ServerWatch.
Michael Hall kicks off his enterprise Unix column with coverage of Sun’s latest ventures, a potential remote denial-of-service attack in the Linux nfs-utils package, and an easy-to-access man page whether you’re using a Solaris, Linux, or BSD system.
It’s summer, which means lazy days, slow news cycles, and the buzz of intellectual property rights attorneys in the air. For the past few months, the SCO/IBM case has had people talking. Two guys in a tradeshow bathroom were even heard making predictions about the clash.
Now Sun’s managed to snag a bit of the spotlight in the ongoing legal drama.
To recap the events thus far: IBM licensed code from SCO, which owns the rights to much of what people are talking about when they say “UNIX” in the formal sense. According to SCO, IBM took some of its licensed UNIX source code and used it to improve Linux, which is what more and more people are coming to mean when they say “Unix”
in the informal sense. IBM says that’s nonsense. SCO then hired ace lawyer David Boies (of Microsoft trial fame) and says it wants $3 billion for its troubles. SCO has also suspended IBM’s license to the UNIX code in question, which may be found (in licensed form) in IBM’s own AIX. SCO has also made a few menacing noises toward Linux
project leader Linus Torvalds and anyone running a Linux server.
So far so good?
For months Sun has been adamant that the rights to the UNIX code it licensed from SCO are both airtight (meaning no AIX-style “delicensing” for Solaris) and permanent. Until last week, however, the company wasn’t very forthcoming about why that may be so. Now the story may be told: Sun and SCO recently expanded a licensing agreement dating back to 1994 in which the companies agreed to allow Sun to indemnify its users against the sort of threats SCO’s been making about AIX. SCO also offered Sun 210,000 shares of stock at $1.83 per share (the company’s trading at close to $11 as we
write this) as sweetener to seal a deal SCO claims only strengthens its position regarding its issues with IBM.
We’ll keep you posted as that case moves out of discovery and into actual litigation.
The Orion “Software Train”: Beta Tickets Now Being Punched
Hardening Solaris against the ravages of SCO’s IP attorneys isn’t the only thing Sun’s been up to lately. Like everyone else in the tech industry, the company’s had to figure out how to move forward after The Bust. Enter Orion, which has now gone into beta.
The short and sweet on Orion is this: It’s a new licensing scheme.
Orion is coupled with a “software train” of Sun products formerly sold separately that will start rolling off the line in groups on a tighter schedule. But it’s really all about getting more folks to pay for what most sys admins say they love about Sun: interlocking pieces that go “click” when you slide them together.
However, not all the pieces are in place for the beta. About half of the total planned outlay of services, not to mention Linux support, hasn’t yet been rolled in.
We’re still not sure what to make of it.
The basic premise makes sense. Microsoft has been pushing IIS and other services into its products for a while now, and that’s made money. Sun is probably wise to encourage customers to think of its assorted server products as “part of the package.” But any talk of Solaris these days tends to focus on the fact that the operating system is being overtaken on several fronts. If customers begin to feel like an across-the-board Sun solution is being snuck under the door in the form of “pre-integrated” servers, they’ll look even more carefully at the alternatives. Just look at Netcraft results each month to see how well that’s worked for IIS in the bigger picture.
In Other News
- SGI has updated
its graphics workstation lineup, offering Irix on two new models.
Irix may not run many servers, but it has its place in enterprise
Unix as the operating system of choice for servers running high-end imaging
- Not long ago, ServerWatch reported on Hewlett-Packard’s
enthusiastic push for HP-UX on Itanium 2. Sun’s got something to say
about that. It is offering a
free migration assessment service to HP customers using Alpha or
Tru64 gear in the name of “saving” them from Itanium, which Sun says
has a “questionable track record.”
- Rendezvous is Apple’s take on Zeroconf, an attempt to create
DNS/DHCP-free IP networks. It seems to be catching on most among
printer vendors. This week, Oki Data joined the list (which includes
HP, Epson, Canon, and Lexmark), promising a Rendezvous-enabled printer
by the end of the year.
Enterprise Unix Roundup will keep an eye on vulnerabilities and exploits that affect a wide variety of Unix and Unix-like systems. This week, the one that popped up on our radar is a potential remote denial-of-service attack in the Linux nfs-utils package.
ISEC has the details. Red Hat, SuSE, Debian, Slackware, and Immunix all posted errata during the past week. If your vendor hasn’t yet, consider visiting the nfs-utils
home page and updating it yourself.
We’ll also take this opportunity to point out what most sys admins already know: NFS isn’t the most secure service in the world, anyhow, and most enterprises don’t run it outside their LAN. If your server’s mountd is exposed to the Internet and isn’t locked away behind your firewall, you should reconsider that practice.
Tips of the Trade
Part of the fun of learning your way around a Unix box is figuring
out where everything is. Most of us learn that there’s no such thing
as c: right away, then learn fairly soon thereafter that /etc is
where configuration files seem to go, or that /sbin is where the
really important programs go. But what’s /usr/local for? Or /opt?
There is a man page you can access under Solaris, Linux, and BSD systems that is known as hier (short for “hierarchy”) in Linux and BSD, and filesystem in Solaris. What does it do? Just type man filesystem (in Solaris) at a shell prompt, and you’ll get a rundown of what each “official” directory in Solaris is for and what Sun expects you’ll find or what to put in each. Linux and BSD return similar results with man hier. After a while, the “Unix way” (or your vendor’s variation on it) will seem as natural as sunlight, but until then, man hier is a handy tutorial.