IBM today announced new industry-standard
ECperf benchmark results showing that WebSphere* running on Linux**, the
open source platform, delivers the high-performance and scalability
required to deploy e-business applications while enabling customers to
reduce the total cost of ownership (TCO).
ECPerf is an Enterprise JavaBeans benchmark designed to measure the
scalability and performance of J2EE servers and containers. It is
developed
under the Java Community Process and has been built in conjunction with
J2EE server vendors.

IBM’s most recent ECperf submission, demonstrates a real e-business
solution with IBM WebSphere Internet infrastructure software, a cluster
of
eServer xSeries systems running Red Hat Linux and DB2. This solution
almost doubled the previous performance record held by BEA and HP running
Windows 2000 Server. While setting a new standard for performance, the
IBM
submission was also 39 percent less expensive than the BEA and HP
solution.

IBM is the first company to submit an ECperf benchmark running on Linux.

IBM delivered 32581.47 BBops/min@Std, a measurement of workload, and
$11/BBops, the measurement of total cost of ownership of the system under
test. These results show the value and performance that customers can
realize with a world-class e-business infrastructure from IBM. For more
information about IBM’s ECperf benchmark results, as well as the full
disclosure report, visit http://ecperf.theserverside.com/ecperf/

“IBM software and hardware running on Red Hat Linux is a powerful
combination, delivering the industry’s best value, lowest TCO with
industry
leading performance,” said Scott Hebner, Director of Marketing, IBM
WebSphere. “More and more businesses are considering performance results
when making purchasing decisions. These results, coupled with our
extensive customer base, shows that WebSphere delivers superior
performance
while cutting the overall cost of running applications.”

IBM continues to set the standard for performance. In an earlier
submission using Java, WebSphere and DB2 running Windows 2000, IBM
achieved
the equivalent performance at only 72 percent the cost of BEA WebLogic’s
submission.

About IBM’s WebSphere Software

WebSphere is the market-leading Internet infrastructure software, or
middleware, for creating, running and integrating e-business applications
across a variety of computing platforms. Built on open standards such as
J2EE, XML and the new Web services standards, and endowed with IBM’s core
strengths of reliability, scalability and security, WebSphere server
software and development tools are used by tens of thousands of customers
and have shown 11 consecutive quarters of doube-digit sales growth. For
more information: http://www.ibm.com/websphere.

*Indicates trademark or registered trademark of International Business
Machines Corporation.

**Linux is a trademark of Linus Torvalds.

All other trademarks or registered trademarks are property of their
respective owners.

LinuxJournal.com has the story: “Computers for schools and web sites for students. That’s the dream of an ambitious project being promoted in Thailand, known as SchoolNet. This project has notched up some impressive figures (some 4300 schools connected to SchoolNet, with some 1500 having their own web sites).

But that’s only part of the story. How it worked its way to achieving its goal, including taking some bold steps like using the GNU/Linux free operating system to back up its plans, makes this project stand out from other ventures aimed at taking computers to schools.”

From ZDNet: “In our unofficial tests, RC 1 ran nearly as fast as Internet Explorer 6. Plus, it works on Windows, Mac, and Linux, which no other browser does, and it promises a greater ability to customize than competing browsers do.

Best of all, Mozilla is completely free: no fees and no strings attached. Sure, we found some flies in the ointment, but we’re hoping that the gold code cleans them up.”

– By Grant Gross –

Executives at Linux security company Cylant say the computer security industry is engaged in a “conspiracy of sorts,” or at least a conspiracy of ignorance, in taking a reactive approach to fighting vulnerabilities.
Cylant is pitching its CylantSecure server monitoring product as an alternative to the virus-runs-wild-then-release-patch cycle practiced by most security companies. CylantSecure for Linux, what the company calls a “host-based intrusion detection system,” is a real-time monitoring system that immediately notifies the server’s sysadmin when something funky is happening that shouldn’t be.

The technology is based on research into software measurement done by
Cylant’s chief scientist, John Munson, for large, critical systems like those designed by Jet Propulsion Labs for the U.S. Space Shuttle. The software benchmarks the patterns of execution in the Linux kernel on a server, then determines when those patterns depart from normal. When an attack occurs, notification happens within “milliseconds,” says Joel Rothman, president of Cylant. The company has applied for a patent on the process of aggregating the information CylantSecure’s sensors pick up and put into a profile that’s the server’s normal functions. Some of the software is released under the GNU General Public License, and Cylant is a sponsor of the Kernel Instrumentation Project.

Conspiracy of ignorance?

“Our approach is different from everybody else’s,” Rothman says. “There is a built-in way of thinking within the security community that what you want to do is track down the perpetrators. That’s number one. Number two, there’s what we call a conspiracy, and it could very well be a conspiracy of ignorance, that services are so key and such a big profit motive — the patching, the updates, the upgrades, nothing to do with additional features — it’s very difficult for anyone in security to look at this product and say, ‘Wow, this great.’

“In essence, what we’re saying is, ‘Look, you don’t need the patch anymore,’ because the server is going do a very small number of things, we know what it’s doing, and when it starts doing something else, we’re not going to let it do that.”

The software can be configured to take several different steps if abnormal behavior starts happening: It can notify the administrator, shun traffic from the originating IP address for a certain length of time, or run an administrator defined program to deal with certain types of behavior. All the while, administrators can let the script kiddies think they’re doing damage, while capturing data on the attack, if they want the forensics.

“Because we’re getting everyone away from the idea of patching and forensics being important components to security, we get a lot of people who are very resistant,” Rothman adds. “We’re telling them, from our perspective, it’s not important. Let the hacker on the other end think he’s succeeded, if that’s what you want to do.”

Rothman notes that while Cylant is focusing on security, the system monitoring method has “as much application to system availability and reliability, and maybe even more so.”

Why Linux?

So why focus on Linux, which has the reputation of being both secure and reliable?

Partly because Cylant had access to the source code with Linux. Scott Wimer, Cylant’s CTO, says CylantSecure takes data from about 5,000 points in the kernel. Running the software on a piece of software as complex as the Linux OS also demonstrates that it could be used on other pieces of software, he added.

“Bill Gates wasn’t exactly returning our calls when we were asking him for the source code,” Rothman says. “What we’ve done with the Linux kernel could be done with any program if you give us the source code — Oracle 9i, any database, any other operating system, any embedded system. We don’t care what the system is, it’s a black box as far as we’re concerned. What we care about is how it behaved during training, and how it’s behaving now.”

Rothman says the Linux security market was ripe for an intrusion detection product, and the Linux/Apache server market share, around 50% of Web servers out there, makes for a significant market.

Installing CylantSecure

CylantSecure is designed to run on Red Hat 6.2 and 7.2. I tried to get my Red Hat 7.2 review copy to work in Mandrake 8.0, but ran into glib conflicts and some dependency issues. Even after updating to Mandrake 8.1 and running a Ximian Red Carpet update on 8.1, I ran into the same problems while trying to install the binaries manually. For example, CylantSecure demands version 3.2x of mkinitrd; Mandrake 8.1 has version 3.1.6.

(Yeah, yeah, I know I need to take the time to download or buy Mandrake 8.2 one of these days. It’s just that I feel a bit dishonest when I click the “I’m already a member of the Club or plan on registering soon” download link at Linux-Mandrake.com, and 8.2 isn’t on the shelves of my local Best Buy or CompUSA, despite rumors to the contrary.)

When I tried to install the Red Hat 6.2 binaries manually, I got most of the way through installing CylantSecure itself. When I tried to install its Console program, there was a different kind of dependency issue: It wanted Perl version 5.00503. and I had v5.6.1 installed.

But my Mandrake issues aren’t Cylant’s fault; a couple of employees even tried to hand-hold me through a manual installation over IRC. They say they’re working on an easier installer for later versions than the 1.2.1 review copy I have, and most potential business customers will be Red Hat users.

Another view

Short of doing my own review, at least until I find Mandrake 8.2 or switch to Red Hat, I asked Dave Wreski, corporate manager of Open Source security company Guardian Digital and publisher of LinuxSecurity.com what he thinks of CylantSecure and the company’s claims that the security industry is engaged in a “conspiracy of ignorance.”

“I think this statement is a bit ambitious,” he says. “While I do think they have a
good product, I think it would be unwise to use it as something more
than just another level of protection.”

Admitting he’s sounding like plugging his own distribution, Wreski says CylantSecure, plus a security-focused distro like Guardian Digital’s EnGarde Linux provides a “significantly higher level of protection.”

He adds: “In other words, using an off-the-shelf distribution, and not doing
everything possible to ensure it’s secure before relying on Cylant would
be foolish. After all, it only detects anomalies; if the administrator
gets lulled into a feeling Cylant will protect him based on
misinformation from a PR campaign, he will make costly mistakes. It
won’t protect you from an insecure security policy.”

Rothman admits other security measures beyond CylantSecure are important. Some behaviors, such as access controls, aren’t going to cause a change in the server behavior for CylantSecure to catch, at least for now, he says. “We’re not saying, ‘don’t have a firewall,'” he says. “There are important layers of security that you need to have because nothing is a panacea.”

Rothman and Wimer point to a security challenge Cylant sponsored early this year. The company challenged hackers to crash a default, unpatched Red Hat 6.2 installation, with everything installed and all services turned on, protected by CylantSecure. Instead of the Honeynet Project‘s estimation of a default Red Hat 6.2 installation lasting 72 hours before getting cracked, CylantSecure’s installation stood up to 6,500 attacks over 55 days before being successfully compromised through an access-control problem, according to the company.

From The Register: “One of the exhibits in the previous stages of the Microsoft antitrust trial included an email from one Chris Jones, recommending to Bill Gates that the binding of IE into Windows should be such that users would find running rival browsers ‘a jolting experience.’ At the time many people, not least of them the Department of Justice, seemed to think that this and other associated exhibits were all about the anticompetitive tying of IE into Windows in order to destroy Netscape. But apparently not — MS Windows exec Chris, taking the stand yesterday, put forward an explanation of almost patentable novelty.

What he meant, he said, was that the experience would be jolting for good reasons if it occurred because of the ‘great innovations’ that integration of IE brought to Windows.”

Anonymous Reader tells us of a story from LinuxVoodoo.com: “Single platform solutions are a fool’s panacea of security. The marketing departments of several vendors have been very successful in trying to pass the idea that a single platform for security can offer the best-of-breed security solutions for your network. The idea has long been marketed to the “C” level of corporations, companies, and small businesses. The truth is that security comes from layers of defense, not reliant upon a single source for solutions and security.”
Full Story.

From InternetNews.com:
“The European Union wants to throw the book at cyber criminals and is giving its member nations 20 months to get everything in order to accommodate the
necessary changes.

The proposed framework decision, released April 19, adresses cracking and distributed denial of service (DDoS) attacks.”

From CNet News: “Proposed licensing fees for MPEG-4, a next-generation video compression standard, could mean its early death on the personal computer,
RealNetworks CEO Rob Glaser said in a press conference Wednesday.

“The licensing structure is putting the technology on a path to become irrelevant in the PC industry,” Glaser said after giving a keynote speech at
the Streaming Media West conference here.”

Press release at Linux Today:

“SOT, has today issued their latest free product, SOT Office 2002. A full-featured,
high-quality software suite, SOT Office is fully compatible with other major office applications. The product is based on a combination of
Openoffice.org code and other Open Source products, topped with many fixes, refinements and functional enhancements.”

From ShouldExist: “Some companies that produce good GPL software are in financial trouble, and others could certainly benefit from a few extra dollars. Why not help them out by creating a market for Sharez?”