IBM today introduced an
energy-conserving IBM eServer[1] that consumes up to 57 percent less
electricity and generates up to 63 percent less heat than the comparable
Sun solution.[2] Designed for customer flexibility, the eServer runs both
UNIX(R) and Linux[3] and costs substantially less than the Sun offering.[4]

IBM eServer lowers total cost of ownership with Project eLiza
self-management features that enable the kind of “hands-off” operation
usually associated with high-end IBM eServer systems like the pSeries 690
“Regatta” and zSeries mainframe.

“More than ever, our customers are interested in lowering their total cost
of ownership,” said Val Rahmani, general manager, IBM eServer pSeries.
“IBM’s new UNIX server combines energy efficiency and enterprise-class
management features with ultra-fast performance to provide customers with
the ideal synthesis of power and affordability.”

A new addition to the IBM eServer p610 family, the system is a powerful
one- or two-way machine ideal for data sensitive applications such as
e-business, customer relationship management, enterprise resource planning
and sales force automation. It was developed as part of IBM’s company-wide
initiative announced last fall to address the energy needs of computing.

Enterprise-Class Storage Technology
Based on an elegant mainframe-inspired design, the IBM eServer supports
sophisticated storage technology, called RAID 5, inside the server cabinet
rather than in a separate storage enclosure. This design breakthrough
eliminates the need for the power supplies and cooling fans associated with
a separate box, dramatically reducing energy consumption and conserves
floor space.

Crucial to e-business infrastructures, RAID, Redundant Array of Independent
Disks, allows a large number of disks to be treated by a system as a single
storage device. The main benefits are improved data recovery if one or
more of the disks in the array fails and potentially improved disk
performance.

RAID 5 offers the best blend of performance, data recovery and resource
usage of any of the RAID architectures and is especially important to
e-business and other transaction processing applications, large databases,
and to other customers with a high sensitivity to data loss. Customers
wanting to implement RAID 5 on an entry level Sun or HP system [5] must
first purchase an external storage device.

This presents several disadvantages.

The external storage device takes up valuable space on the floor or in the
storage rack. Having an external storage device adds considerably to noise
levels and to electrical requirements. Not having an external RAID system
leaves the external SCSI controller free to connect to other peripherals
and storage devices. A full hardware solution, like the IBM RAID
implementation, provides higher performance levels than a software
implementation, which can place increased demands on the system processor.

Compared to Sun’s 280R with StorEdge A1000 Workgroup, the IBM RAID
solution:[6]

• Transfers data from disk to server four times faster[7]
• Needs no external box (no additional power requirements, no external
  cabling)
• Is quieter[8]
• Leaves external SCSI connector available for use
• Can be implemented in tower and rack configurations

The IBM eServer contains up to 291 GB of internal disk storage, twice the
capacity as the Sun Fire 280R, which holds a maximum of 146.8 GB.

The IBM eServer also features a balanced design based on copper
microprocessors, which require less power than competing Sun processors.[9]

Project eLiza Manageability Features
IBM Project eLiza technologies, unique to IBM servers, enable the system to
dramatically reduce downtime. These technologies include First Failure Data
Capture, which is designed to keep a running log of all system errors.
IBM eServer includes Light Path Diagnostics, sets of LED lights that make
systems management easier by flashing red if components are not performing
optimally. A dedicated service processor monitors the overall health of
the system and is designed to detect potential problems before they occur.

The IBM eServer is also equipped with wireless systems management features
allowing administrators to easily manage servers using handheld PDAs.

Operating System Flexibility
The IBM eServer p610 runs AIX 4.3.3, AIX 5L and Linux. AIX offers the
scalability, performance, reliability and security needed to accommodate
demanding e-business workloads. AIX features a strong affinity with Linux,
allowing customers to build and run many popular Linux applications on AIX.

As part of its effort to improve the interoperability between AIX and
Linux, IBM has ported a collection of Open Source and GNU software tools
from the Linux world and bundled them into a toolbox for AIX users. This
toolbox opens up a broad range of Linux applications, development tools,
and utilities to AIX users. For Linux application developers, it
introduces an easy way to target new opportunities for their software on
AIX.

The IBM eServer system’s advanced features and attractive price point make
the server an ideal solution for ISVs and other solutions creators seeking
a 64-bit development platform for AIX applications.

The IBM eServer p610 Model 6C1 and 6E1 start at $5,995. The system is
available in rackmounted or tower versions. Planned availability is
February 22, 2002.

[1] The IBM eServer brand consists of the established IBM e-business logo
with the following descriptive term “server” following it. IBM and the
e-business logo are trademarks of IBM Corporation in the United States
and/or other countries.

[2] Comparison is based on maximum configurations of the p610 with
internal RAID and Sun 280R with a StorEdge A1000 Workgroup. According to
the pSeries Site and Hardware Planning Information Document (SA38-0508-13),
available “http://www.ibm.com,”http://www.ibm.com, the p610 requires a
maximum of 450 Watts and dissipates a maximum of 1,536 BTUs per hour.

According to the Sun 280R Server Owner’s Guide, January 2001, Revision A
(which can be found in Technical Documentation on http://www.sun.com), the
280R consumes a maximum of 810 Watts per hour (AC power) and dissipates a
maximum of 3,140 BTUs / hour. According to the Sun StorEdge A1000 and D1000
Installation, Operations, and Services Manual (which can be found in the
Technical Documentation on http://www.sun.com), the A1000 consumes a
maximum of 260 Watts per hour and dissipates a maximum of 1,092 BTUs per
hour. The combination of the Sun Fire 280R and A1000 consumes up to 1,070
Watts and dissipates up to 4,232 BTUs per hour.

[3] SuSE Linux Enterprise Server Version 7.

[4] p610 with 1 333MHz processor, 2 Ethernet ports, 1 x 36 GB disk, 1 GB
of memory, internal RAID 5 with 4 18 GB hot swappable disks, $17,175. Sun
280 R with 1 900 MHz processor, 2 Ethernet ports, 1 x 36 GB disk, 1 GB of
memory, and A1000 storage device with 4 18 GB hot swappable disks, $20,185.
Sun pricing available at http://store.sun.com.

[5] Entry level Sun and HP systems defined as Sun 22R and 280R and HP A400
and A500.

[6] p610 information according to the pSeries Site and Hardware Planning
Information Document (SA38-0508-13), available “http://www.ibm.com,”
http://www.ibm.com, A1000 information according to the Sun StorEdge A1000
and D1000 Installation, Operations, and Services Manual (which can be found
in the Technical Documentation on “http://www.sun.com).”http://www.sun.com
).

[7] IBM p610 drives are Ultra3 SCSI (160MB/sec) vs SUN A1000 with Ultra
SCSI (40MB/sec) drives, 128MB cache on IBM FC 2498 vs 24 MB cache on Sun.
p610 information according to the pSeries Site and Hardware Planning
Information Document (SA38-0508-13), available “http://www.ibm.com,”
http://www.ibm.com, A1000 information according to the Sun StorEdge A1000
and D1000 Installation, Operations, and Services Manual (which can be found
in the Technical Documentation on “http://www.sun.com).”

[8] According to the pSeries Site and Hardware Planning Information
Document (SA38-0508-13), the p610 operates at 6.4 bels. According to the
Sun 280R Server Owner’s Guide, January 2001, Revision A (which can be found
in Technical Documentation on http://www.sun.com), the 280R operates at 6.9
bels. According to the Sun StorEdge A1000/ D1000 Datasheet (which can be
found in the product section on http://www.sun.com), the A1000 operates at
6.6 bels. The combination of the Sun Fire 280R and A1000 operates at 13.5
bels. This combination operates at 204% of the noise level of the p610.

[9] According to the pSeries 610 Models 6C1 and 6E1 Technical Overview,
the POWER3-II processor consumes a maximum of 42 Watts per hour running
at450 MHz. According to the UltraSPARC III Specifications (which can be
found on http://www.sun.com), the UltraSPARC III dissipates a maximum of 65
Watts per hour (AC power) running at 900 MHz.

IBM, the e-business logo, zSeries, Project eLiza, Light Path Diagnostics,
AIX, AIX 5L, and pSeries are trademarks of IBM Corporation in the United
States and/or other countries.

UNIX is a registered trademark in the United States and other countries
licensed exclusively through The Open Group.

Linux is a trademark of Linus Torvalds.

All other company, product and service names are trademarks or registered
trademarks of their respective companies.

Anonymous Reader writes, “Web browsers aren’t the only clients that need to talk HTTP. In this technical article at ELJonline, Alan DuBoff explains how you can get information from web servers and even load complete software updates with this tiny, easy-to-use HTTP client library which is suitable for use in embedded Linux-based applications.”

Wirelessnewsfactor.com has an article about email encryption techniques, including PGP. “There are e-mail encryption options, including a software program called PGP (Pretty Good Privacy) that is free to use and distribute. So, in this time of heightened awareness about security and privacy issues, why doesn’t everyone use it?
“

– By Grant Gross –

It’s been a challenging past few weeks for Open Source/Free Software-related issues in the courts. Two cases with implications for Free Software developers and fans have hit roadblocks, and the creator of DeCSS, which allows Linux users to decode and play DVDs, was charged with a crime in Norway.

In mid-January, DeCSS programmer Jon Johansen was charged with violating a Norwegian law originally designed to keep people from accessing others’ phone and bank records.

Later in January, Eric Corley of 2600.com filed an appeal in a ruling that prohibited his site from posting that same DeCSS code. The lower court ruled that posting the code didn’t qualify as free speech.

And just last week, Princeton Professor Edward Felten and his team of researchers decided to drop their case against the music industry and the U.S. government over threats music industry officials made as Felten’s team planned to present its research on an anti-copying technology. Felten had challenged the music industry’s attempts, with threat of prosecution under the U.S. Digital Millennium Copyright Act, to block the team’s research from being presented. What’s ironic is the music industry had challenged the scientific and programming communities to break the Security Digital Music Initiative’s anti-copying technology, but objected to the results being published.

A common thread in each of these cases is the involvement of the Electronic Frontier Foundation. The EFF has a 12-year track record of defending civil liberties related to the Internet and other technology, and the San Francisco organization has often stepped in to help on issues related to Open Source, taking on heavyweights like the U.S. music and movie industries. We asked Robin Gross, the EFF’s intellectual property lawyer, to talk about the impact on Free Software of the Felten case, the DeCSS cases, and the U.S. government’s prosecution of Russian programmer Dmitry Skylarov and now his employer under the DMCA.

NewsForge: What implications does the dropped Felten lawsuit have on scientists and programmers, especially Open Source/Free Software developers, who sometimes
attempt to reverse engineer programs in the name of research, work or simple curiosity?

Robin Gross: There is much uncertainty for these scientists and programmers. Under the language of the DMCA’s anti-circumvention provisions, anyone who makes or provides technology, including software or information, that could help
someone bypass digital locks that control access to copyrighted works would
violate the law. While the DMCA purports to have exemptions to the general
ban on circumvention, they do not reach what most scientists actually do and
don’t allow them to publish their results in any event. So there is a lot
of risk that programmers and researchers will be prosecuted.

NewsForge: What legal advice would you give to an Open Source/Free Software developer who’s attempting to reverse engineer a program, say a popular word
processor, in order to make it more compatible with Linux or one of the BSDs?

Robin Gross: They could be opening themselves up to lawsuits if they bypass controls that regulate access to works or if they write a program that can access or
copy works. They should consult an attorney before doing the work if they
want to be sure.

NewsForge: The EFF recently filed a brief in the Dmitry Sklyarov/Russian eBook case asking the court to declare the DMCA unconstitutional. During the Felten presentation last August I asked EFF legal director Cindy Cohn something like, “Why not throw the whole thing out?” and she said something to the effect of, “We’re not there yet.” Is the EFF now advocating that the whole DMCA be scrapped, or just its anti-circumvention provisions? If it’s the whole thing, why the change in focus?

Robin Gross: EFF believes the DMCA’s anti-circumvention provisions must be declared unconstitutional or else substantially reformed.

NewsForge: 2600 magazine filed for a rehearing in its case in January, and Eric Corley recently promised to keep fighting. What’s the status of the case right now?

Robin Gross: We are waiting for a decision from the 2nd Circuit Court of Appeals — no word yet.

NewsForge: Are there broader implications for news Web sites or personal Web sites that have linked to DeCSS or other potentially prohibited code? Do you think the
motion picture industry would ever come after anyone besides 2660.com?

Robin Gross: Under the court’s decision in the 2600 Magazine case, anyone who links to DeCSS intending to distribute it can be banned by the statute. Any link
can be construed as intent to disseminate the code — since that’s what a
link really is — information that tells you where you can find a particular
piece of information. Other journalists who want to provide links to the
software in question, can be found to violate this law. Its breadth is
extremely expansive.

NewsForge: What legal advice would you give to a Web site that has linked to the DeCSS code? (I know of no such sites, of course.)

Robin Gross: Watch out for the threat letter from the MPAA!

NewsForge: What’s the status of the Jon Johansen case? How is the EFF involved in
that case?

Robin Gross: Jon’s trial has been set for June 3rd and is expected to last six days before a three-judge panel of the Oslo City Court. EFF does not represent Jon, but we
have been advising his attorneys and have started a fund to help him pay
for his legal defense.

NewsForge: Why do you think did the Norwegian government is only now prosecuting Johansen for creating DeCSS in 1999?

Robin Gross: It could be because we had a victory in the California DeCSS case in November that ruled folks had a First Amendment right to publish information that they obtain in the public domain and simply want to republish on their site. Perhaps this is the MPAA’s response — to apply more pressure on Norway to criminally charge him.

NewsForge: Another subject shift: What’s going on with UCITA? Is it dead, other than in
the states that already passed it (I happen to live in one of those), or is it likely to keep on coming back?

Robin Gross: UCITA has been passed in only two states — Virginia and Maryland. Three other states have passed anti-UCITA legislation, so it’s a race throughout the country.

NewsForge: What’s the EFF’s stance/involvement on UCITA?

Robin Gross: EFF opposes UCITA because while it claims to merely apply traditional contract law in a digital environment, it *actually* dramatically expands
the copyright industry’s ability to control how information can be used. In addition to being allowed to disclaim warranties and prevent the public from being able to criticize or reverse engineer works.

The Open Source Security Testing Methodology Manual 2.0 will be released on February 26th at ideahamster.org.

The Open Source Security Testing Methodology Manual (OSSTMM) is unique in that it is the first and most widely available standard in development for the comprehensive security testing of Internet systems and networks. Created by the Ideahamster organisation, the OSSTMM is a continuously evolving document with over 150 collaborators, ensuring that as IT focus changes and new developments in Internet security occur, the OSSTMM remains current and up to date.

Before the OSSTMM, no documents existed which addressed the needs of security professionals by providing an open, publicly available standardised guide for formal Security Testing. We assume that there are other methodologies, but no commercial enterprises have ever made them public knowledge; ultimately, clients end up paying for services that they cannot really evaluate.

There are many companies that offer security testing, whether by automated tool, or by using “real world hacker experience”. Some claim to be compliant with various government sponsored certification schemes, other boast membership to various closed-shop accreditation schemes. Until now, no certification or standard existed that provided clients and end users with assurances that the security testing work they are commissioning is to an acceptable standard.

The OSSTMM changes all of this — offering participants a consistent framework and clearly quantifiable results, thereby affording a level of assurance or the output quality, accuracy and validity of the tests that end users have not yet seen in the Security Industry.

Security Testing thus becomes quantifiable, constant and repeatable, visibly thorough and compliant to a global range of individual and local laws.

From Pete´s announcement mail:
“I have been able to integrate most of the submissions, corrected flow for new procedures, new laws, and new tasks. I have integrated security metrics, risk assessments, and included SECTIONS which will better guide testing. Included is a template of a sample report which contains all the elements which MUST appear in a report to carry an OSSTMM compliancy clause, data collection templates, and a few other OSSTMM standard testing instruments. All of this document will be drill down to the web site in the appropriate places and room to grow. This is a very different manual from 1.5.”

PRNewswire: “Xi Graphics Inc., a manufacturer of
premium graphics drivers for UNIX and Linux, announced the release of an
update for their new Accelerated-X Summit v2.0 line of drivers, which now
includes 3D support for the Solaris operating system running on Intel/AMD
platforms.”

NewsFactor network writes: “Microsoft on Monday made available a software patch designed to block a set of six different security vulnerabilities in the Windows version of its flagship Internet Explorer (IE) Web browser. On its Web site, Microsoft stated that the cumulative update will eliminate “all known security vulnerabilities affecting Internet Explorer 6, as well as six new vulnerabilities, the most serious of which could allow an attacker to run code on your computer.””

Jah Shaka writes: “We are pleased to announce that we will be using OpenML for all video processing and i/o in the upcoming 1.9 alpha release of Jahshaka. After months researching video libraries, combined with valuable feedback from our alpha-testers, we realized that it would be a nightmare to support multiple OS’s any other way. OpenML’s high level of integration with OpenGL allows us to now maintain our goals of realtime interactivity while supporting multiple platforms seamlessly. Check out the Khronos website for more details at khronos.com.

NewsFactor Network writes: “The number and variety of computer worms, security vulnerabilities and attacks on the Internet continue to grow, often leaving more dangerous, targeted hack attacks that go beyond random worm infections and hacker scans overlooked, according to some experts. These targeted attacks, which typically involve a savvy perpetrator who knows where to go and what to get, can be much more dangerous than the run-of-the-mill viruses and vulnerabilities lurking on the Web. Experts say less attention is paid to targeted attacks because they affect fewer victims, but that may be changing as mass-mailing worm launches and vulnerability scans become more refined.”

From a thread on the Free Software Business mailing list, VA Software CEO Larry Augustin shares his understanding of the relationship between Free Software and Open Source, in the following brief post. (VA Software is the corporate parent of NewsForge.)”I have not been able to discern any difference between Open Source and
Free Software with regards to the end result: source code being “free”
in the sense that the FSF defines “free”. Both communities seem to have
the same goal.

“However, the Open Source community seems to believe two things which RMS
and the Free Software community do not seem to believe:

1. The word “free” is detrimental to achieving the goal because
most people seeing it applied in the context of software think “zero
cost”, not “freedom.” By using a different term, it may be easier to
achieve the end goal.

2. There may be reasons for supporting Free Software other than
a moral belief that all software should be free. The Open Source
community is willing to be flexible in the rationale behind Free
Software and is accepting of pro Free Software arguments based on
economic or other rationale. RMS and the Free Software community do not
seem to allow for these other arguments. Again, by allowing for a
different rationale, it may be easier to achieve the end goal.

“I believe that RMS and the FSF have slowed the acceptance of Free
Software by their unwillingness to compromise on these two points. I
believe that adopting the terminology and arguments presented by the OSI
would accelerate the acceptance of Free Software.”

Larry