– by Robin “Roblimo” Miller –
What you’ll see when you hit the “Read more” link is the full text of an internal memo written by a local government employee (name withheld at his request) whose bosses are considering switching some or all of their servers from Solaris to Linux. Interestingly — and coincidentally — this memo was drafted the day before Sun publicly embraced Linux. Will Sun’s change of heart help keep this government agency as a customer? Or will the lure of Linux on low-cost generic hardware prove too strong? It’ll be months before we know. Meanwhile, what do you think? Should this county government in the southeast United States switch entirely from Solaris to Linux over the next few years? Make a partial switch? Or should they stick with Sun, especially now that Sun is moving more toward Linux? Solaris to Red Hat Linux comparison

1: Lower hardware costs: Higher grade hardware can be purchased at lower cost with an Intel server than with Sparc, i.e. hardware Raid; multiple processors; more hard drive space; video encoding cards; more memory.

Support for x86 Solaris is being phased out, so this is not a viable option.

In order to stay within budget, software Raid is used on our Sun systems. This is complex to setup and is a performance penalty to system resources. While the same applies to software Raid on Linux, we avoid these issues because Intel hardware Raid is within our budget.

2: While many third party software packages available for Solaris are not available for Linux, the following are needed that are not available for Solaris but are available for Linux:

Mkcdrec * Recovery software; Ncpmount (allows connections to Netware); Wine/Windows emulation. (Wine is available on x86 Solaris but not on Sparc, and Sun announced the end of life for the WABI products on July 15, 1997. (Increased Sun activity in porting software like this to either Sparc linux or Sparc Solaris would help.)

3: Software packages like Bash, Openssh, Perl, Gcc, Apache are available for Solaris in an easy-to-install pkgadd format but Sun doesn’t offer support for these packages as part of their normal OS support. Also, a number of packages on sunfreeware are considerably behind. For example, Apache is currently at 1.3.23, but the latest version on sunfreeware is 1.3.12, and the latest Red Hat Linux Apache rpm is version 1.3.22. Frequently updated packages reduces the complexity of maintaining a system by elimintating the need to compile every piece of software from the latest source. (Increased Sun activity in maintaining and supporting software on sunfreeware would help.)

4: Lowered software costs: Commercial software products like Cold Fusion, Pkzip, and ChiliASP cost more for Solaris than for Linux. This is typical across the industry for most software on Solaris. As a counter argument, a large number of packages available on Solaris are not available for Linux. But that is quickly changing. Arcims, for example, will not currently work on Linux, but Linux will be supported in the next release.

5: Simpler server recovery: A Linux server can be recovered quickly using CD recovery software (mkcdrec from sourceforge). This eliminates the need to do a complete reinstall of Linux and reconfigure any special software. Recovery time will vary from 30 to 60 minutes, and cd images are created nightly. Mkcdrec allows for you to build an iso image of your server that can be burned to a CD. Then you boot the server off the CD and it will rebuild all the partitions and make the system bootable. This allows a less-experienced administrator to quickly recover a server if I’m out sick or on vacation.

Ghost cannot be used on Sun hardware. A fully-supported Sparc Linux distribution by Sun would make it easier to port Mkcdrec and give some of our critical Sun systems better means for low cost easy recovery.

6: Reduced downtime with updating Linux: Linux only requires downtime for kernel patches. All other patches can be installed without bringing the server down. Security-related patches can be applied automatically. While the same applies to Solaris, Sun recommends bringing down Solaris when applying cluster patches.

Sun needs to make there cluster patches less complicated, perhaps by separating cluster patches into two groups; one cluster patch that requires downtime, and another cluster patch that doesn’t require downtime.

7: Additional drawbacks to Solaris: You’re forced to install a resource-hungry graphical user interface. X can be disabled, but that eliminates the ability to use multiple shell sessions and a decent text editor. (The default vi on Solaris is a pain to use unless you get vim from sunfreeware.)

Insecure telnet is installed by default. While an effective administrator should not install what is not needed, not everyone is an effective administrator. As a standard, telnet should be going away in favor of Secure Shell.

On Solaris 7 and below, insecure root access to ftp was allowed. This was finally fixed in Solaris 8 but only under pressure from customers. The reason why I included this is as another example of how Sun is slow to react to changes. This relates to the telnet example above.

Login passwords are limited to eight characters. Even if you set the password to “thispasswordislong” Solaris will only allow you to login with “thispass.” This allows for reduced time on brute force password cracks. This applies to telnet, ftp, Secure Shell, and anything else that relies on the Solaris login facility. I tested a brute force crack on my shadow password file some time ago and was able to crack my password within 20 minutes. The password was nine characters long and had two numbers in it, but the last number was at the end of the password. All our new passwords have more random numbers. This helps alleviate this problem, but in practice a powerful PC(s) could crack a Solaris shadow password file quickly.

New Sun servers come with non-standard keyboard and mouse connectors. The 280Rs we have need a special USB adapter, the E250s need a special vga adapter, and the remaining E450 uses a proprietary Sun connector. All of our Intel Compaq servers rely on standard PS2 keyboard and mouse connections controlled through a KVM switch. We do have a KVM switch geared for Sun servers but we still need the special adapters for everything except the E450.

Timothy R. Butler writes “”The goal for most desktop-oriented Linux distributions in the last few years has been to build a reliable desktop that works out of the box. However, in OfB Labs experiences, most Linux packages fall short of this goal – if only by a small bit. Please notice that I say “most” and not “all” in the previous sentence.” Read the Full Story at OfB.biz.”

Marcin Kurzawa writes “Toronto, Canada February 13, 2002: Today, Marcin Kurzawa, President and CEO of The CryptoHeaven Development Team, presents the companys namesake software setting the industry standard in user-friendly data encryption.

In this era of increased security, people look to introduce additional safety into their lives. We see it at airports, sporting events, at work and even at home. However, one gate frequently left unguarded against invasion is right inside their home and office their personal computer. With this need for business and home PC security in mind, the creative forces of The CryptoHeaven Design Team developed and perfected encryption software ideal for consumer use.

We conduct so many modern conversations electronically, especially as e-mail replaces postal mail for most Americans. These private exchanges often involve personal or important business information, yet they are at the mercy of monitoring by government agencies, IT companies and system administrators.

Until recently, if anyone wanted to violate the privacy of ordinary citizens, they needed to employ expense and labor to intercept and interpret postal mail or phone calls. Now, e-mail is routinely and automatically scanned for interesting keywords on a vast scale without detection.

CryptoHeaven protects you from such violation. The software is a hassle-free system that prevents third parties (including on-line system administrators) from gaining access to the text version of transmitted information. The software stores the users Information in encrypted form on server space personalized by the client. Once CryptoHeaven quickly locks that data safely, only the sender and the recipient possess the keys to gain access. Even if an unwelcome visitor (such as a hacker) possesses all transmissions made between different clients and all data stored on the server, he or she will never access the plain text information.

In addition to storing and protecting data, CryptoHeaven offers such online, secure and fully encrypted services as file sharing and distribution. Users receive free, secure e-mail service with instant messaging and chatting. For a fee, premium users enjoy extended service options. All of these services integrate into a single, simple user interface with automatic security key and contact management.

Using only the finest in cryptography, CryptoHeaven constructs an impenetrable wall with an AES symmetric Rijndael cipher with 256 bit symmetric key, public-key cryptography using 2048-4096 bit asymmetric keys and SHA-256 message digest function. The CryptoHeaven Team guarantees that this revolutionary software will leave your transmissions free from any type of snooping, including the prying eyes of government authorities. For their further protection, users need not give CryptoHeaven any of their personal information, including names, addresses, phone numbers or credit card numbers when they sign up for service.

CryptoHeaven also allows its users to create their own on-line communities. They can then invite their friends to exchange instant messages or share files in utmost privacy not offered by any other instant messaging software such as AOL Instant Messenger or Yahoo. Users can decide who has permission to view their files, barring anyone else from gaining unwanted access to their data. CryptoHeaven manages the users public keys securely, allowing CryptoHeaven clients to communicate within the protected system. The software simply offers a degree of security and anonymity that far exceeds that of any web-based system.

CryptoHeaven is a service of The CryptoHeaven Development Team; an Internet privacy and security group with secure data center servers located in Toronto, Canada. The teams philosophy and passion is offering outstanding service, excellent user support and competitive prices. CryptoHeaven stands behind their products, providing free technical support to all its clients.

Before heading up CryptoHeaven, President and CEO Kurzawa won top prize in the HeadStart competition sponsored by the IBM subsidiary, Footprint Software of Toronto and IBM’s Toronto lab. After working for IBM to develop database systems, he served as chief designer and project lead for the CryptoHeaven client and server software and system architecture. He overlooked all aspects of database design, technology choices, systems interactions and implementation.

As the only secure online system integrating secure email, secure group instant messaging, secure online file storage & secure multi-party file sharing, CryptoHeaven promises to revolutionize data security and on-line encryption.

Though wise, security conscious computer users will find this software invaluable, Kurzawa and the CryptoHeaven Team offers the software to the public as a free download. They welcome users to discover the strength and security of their unparalleled cryptographic system today. Kurzawa and company hope to make cyberspace a safer place accelerating wide spread use of high-grade cryptography software.

To prove the strength of their groundbreaking software, Kurzawa and the CryptoHeaven Team invite users to try CryptoChallenge #1. They are so confident that the CryptoHeaven system is unbeatable, well designed and finely implemented that The CryptoHeaven Team offers $10,000 to anyone that can crack the encrypted session information contained in the CryptoHeaven log file.

If you feel like tackling the challenge, send e-mail to: cryptochallenge@cryptoheaven.com for complete instructions. The CryptoHeaven team will administer and oversee this challenge. The challenge expires on May 31, 2002.

CryptoHeaven is available for multiple operating systems, including Windows, Mac OS X and Unix. It is distributed without restrictions upon its further dissemination. For more information, or to download your secure on-line future, visit: www.CryptoHeaven.com.

Contact:

CryptoHeaven Development Team
Attn: Marcin Kurzawa
5-2325 Hurontario Street
Mississauga, ON
L5A-4K4
Canada
E-mail: marcin@cryptoheaven.com
Website: http://www.cryptoheaven.com

###”

From BSD Today: “Seventy packages were added to the [NetBSD] packages collection this month, and six were removed, which, by my calculations, gives 2646 packages in the collection as of February 1st 2002, up from 2582 the previous month.”

Alan Cox: “If you have SIS IDE hardware please handle this kernel with care and report success/failures to Lionel.”

Download: http://www.kernel.org/pub/linux/kernel/people/alan/linux-2.4/2.4.18/

[+ indicates stuff that went to Marcelo, o stuff that has not,
 * indicates stuff that is merged in mainstream now, X stuff that proved
   bad and was dropped out]

*
*       If you have SIS IDE hardware please handle this kernel with care
*       and report success/failures to Lionel. 
*

Linux 2.4.18pre9-ac4
o       SIS IDE driver update (handle with care)        (Lionel Bouton)
o       First set of I2O endian cleanups                (me)
o       Make i2o_pci.c 64bit/BE clean                   (me)
o       Maybe fix crash on i2o scsi abort/reset paths   (me)
o       Make i2o use the passed scsi direction flag     (me)
o       Fix awk failure path in menuconfig              (Andrew Church)
o       Merge varies doc updates                        (Steven Cole)
o       Add serial support for the Lava Octopus-550     (Jim Treadway)
o       OPL3SA2 cleanup                                 (Zwane Mwaikambo)
o       Add missing blkdev_varyio export                (Todd Roy)
o       Update Changes file, config and experimental    (Niels Jensen)
        checks
o       Fix highmem warning in aacraid                  (Andrew Morton)
o       Make tpqic02 use new style request region       (Marcus Alanen)
o       Only turn off mediagx/geode TSC on 5510/5520    (me)
        | From information provided by Hiroshi MIURA
o       Massively clean up the AGP enable and bugfix it (Bjorn Helgaas)
o       Fix oops if you try to use the RW wq locks      (Bob Miller)
o       Remove FPU usage in neomagic fb                 (Denis Kropp)
o       Merge IBM JFS                   (Steve Best, Dave Kleikamp, 
                                         Barry Arndt, Christoph Hellwig, ..)
o       Updated sis frame buffer driver                 (Thomas Winischhofer)

“Invite KDE, OpenOffice and printing community representatives for GUADEC3l…”

Minutes of the GNOME Board meeting February 12 2002
          ===================================================


Presents:
=========

    Havoc Pennington (chair)
    Telsa Gwynne
    George Lebl
    Federico Mena
    Daniel Veillard  (minutes) (:10)
    Tim Ney 
    Jonathan Blandford
    Jody Goldberg 
    James Henstridge
    Miguel de Icaza (:30)
    Leslie Proctor (:30)


Regrets:
========
    Nat Friedman

Missing:
========
    Jim Gettys (flummoxed by thinking the half hour time change was the
                other way)

Decisions:
==========
   - Invite KDE, OpenOffice and printing community representatives for GUADEC3
   - Confirm the Advisory Board meeting the day before GUADEC April 3 Seville

Actions done:
=============

  ACTION: Miguel to anmounce Guadec3 to the Gnome community.
     => Done

  ACTION: Jody collect a list of communities we should contact to
          get them at GUADEC3
     => Done

Actions:
========

  ACTION: Tim, John and Havoc to get a draft statement on the relation
          with the free software foundation and license policy.
     => Tim and Havoc have started, pending

  ACTION: Jim to restart the font discussions with various parties
     => meeting scheduled this week with some of the font, in progress

  ACTION: Nat and Jonathan talk to gnome-sysadmin about adding ssh
          tunneling for GNOME CVS access
     => A description has been sent, waiting for a reply, other work
        need to be done, postponed after Gnome-2

  ACTION: Nat to talk to Havoc to get a discussion about rules
          w.r.t. backward compatibility rules in the 2.x time.
     => pending


New Actions:
============

  ACTION: Tim and Miguel check for logistic and policy of funding
          people travels and accomodations.

  ACTION: Havoc draft the agenda of the Advisory Board meeting

  ACTION: Jody and Leslie to find possble presentators from KDE,
          StarOffice and CUPS.

Discussion:
===========

 - approve last meeting minutes:
   http://mail.gnome.org/archives/foundation-announce/2002-January/msg00002.html

 - GUADEC3:
   We need answers on at least 2 item urgently:
     - what is the status of the paper selection process
     - can we get registration started with a check_button indicating
       if the person registering need help with travel expenses.
   Both are needed to schedule travels and booking tickets earlier allows
   to get significantly cheaper flights tickets.
   
   The Advisory Board meeting is confirmed to take place the day before.
   We need an agenda for that day.

   We should have talks from at least OpenOffice, KDE and printing (CUPS).
   We need to identify speakers ASAP to handle travel.

 - Leslie Proctor joined to talk about PR issues:
   When something is potentially "breaking the news", we should
   coordinate before doing the publication.
   Drafting a plan for the release of 2.0
   Deadlines for Ottawa and OReilly conferences are this month
   people are reminded to send proposals in time.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard@redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

From LinuxPR: Today, SuSE Linux, the international Open Source technology leader and solution provider, announced that the venture capital company AdAstra Erste Beteiligungsgesellschaft mbH, Munich, Germany, invests EUR 4.4 million in SuSE Linux AG.

It-director.com has an analysis about Microsoft’s recent security problems but quotes “recent studies” saying Linux distributions have more security flaws than Windows 2000. Of course, those recent studies, articles using statistics in ways they weren’t intended to be used, have been debunked, but what the heck? “The Penguin camp point out that there are different features in different distributions of Linux and so there is bound to be some variation. Also, there will be more problems found as the use of Linux becomes more widespread. The bottom line is rather disappointing as bold small print on the research points out that it should not be used as a comparison of one operating system versus another. If that is the case then what is the point in doing the work in the first place?”

It’s at GNU-friends.org: “David MacKenzie has been involved in the GNU Project for many years and has maintained several of their utilities. In our interview with him, he tells of how he came to work for the FSF, what music he listens to and his thoughts on using Perl or Python for a new autoconf-like system.”

MozillaQuest Magazine (MozillaQuest.com) reports: “Upgrade or repair a Linux or Microsoft Windows PC easily and economically. Use the PowerLeap Renaissance PC kit to upgrade to Pentium III or Celeron GHz performance. It’s a complete, fully integrated motherboard on an AT expansion card without edge contacts. Drop the Renaissance board into a PC, reconnect the power and signal cables, and you are set to go. It’s a slick concept. By making the upgrade yourself you avoid labor charges. If you are in charge of computers for a business, organization, school, or large-scale enterprise, save lots of labor costs by using the Renaissance/370S to upgrade its computers.The concept of upgrading or repairing a computer by dropping essentially a new PC into an expansion slot is interesting, innovative, works well, and installs easily.” Check this MozillaQuest.com story for pictures and details.