Turbolinux® Inc., a worldwide leader in Linux operating environments and multi-platform software deployment and management products, announced today that the combination of IBM DB2 database software and Turbolinux 7 Server now holds the world-record for performance in the industry-standard decision support benchmark test TPC-H (100GB).

The 100GB TPC-H benchmark was performed on a four-node IBM eServer xSeries 350. Each xSeries 350 server node was configured with four Intel® 900MHz Pentium® III Xeon TM processors and 4GB of memory, and ran with IBM DB2 Universal Database version 7.2 and Turbolinux 7 Server. The system achieved a Composite Query-per-Hour Performance Metric of 2960.6 QphH@100GB and a price/performance metric of $337/QphH@100GB with an availability date of June 20, 2002***.

These results indicate IBM’s DB2 version 7.2 running on Turbolinux 7 Server is 74 percent faster than the best Windows-based result**** and outperforms all other platforms at the 100GB scale factor***. Comprehensive results can be found on the TPC Web site at http://www.tpc.org/tpch/results/h-ttperf.idc.

TPC-H measures the performance of decision support systems to examine large volumes of data, execute queries with a high degree of complexity, and give answers to critical business questions. The test is a standard benchmark defined by the Transaction Processing Performance Council (TPC), an industry group whose members include most of the largest computer system and database companies worldwide.

“One of the reasons our customers and partners like IBM select TL7 Server is due to the performance and reliability that we build into each release”, said Ly-Huong Pham, CEO, Turbolinux. “Working jointly with IBM on this performance benchmark is just another example of how our two companies have joined forces to make Linux successful in the enterprise.”

Linux has been growing rapidly within the enterprise because of its cost-effectiveness and exceptional flexibility. In addition, both reliability and high-performance are necessary for applications such as CRM and ERP to run smoothly. Turbolinux continues to focus on providing a Linux operating system for high-performance and scalability with enterprise- class stability and reliability. The TPC-H benchmark proves that Turbolinux 7 Server is an effective Linux solution for IBM’s DB2 database, and positions this combination of technology as the most advanced, reliable, and highest-performing database solution.

About TPC
The Transaction Processing Performance Council (TPC), a not-for-profit organization, was founded to define transaction processing and database performance benchmarks, such as the TPC-C, TPC-H, and TPC-W benchmarks and to provide objective performance data based on those benchmarks. TPC benchmarks have extremely stringent requirements, including both reliability and durability tests, and must undergo an independent audit. Council members include most major database vendors and suppliers of server hardware systems.

About Turbolinux
Founded in 1992, Turbolinux® Inc. is a global software company providing Linux operating environments and multi-platform software deployment and management products that allow computing assets to be quickly redefined on demand — enabling true flexible processing power. Backed by some of the world’s leading technology companies, including Compaq, Dell, Fujitsu, Hitachi, IBM, Intel, NEC, Novell, Oracle, SGI and Toshiba, Turbolinux is headquartered near San Francisco with offices around the world. For more information, visit the Turbolinux Web site at http://www.turbolinux.com.

***TPC-related data presented here is current as of February 1, 2002.
****Compaq Proliant 8000 X700-8P with Microsoft SQL Server 2000 achieved a Composite Query-per-Hour Performance Metric of 1699.8 QphH@100GB and a price/ performance metric of $161/QphH@100GB with an availability date of August 1, 2000.

Anonymous Reader writes, “It’s useful. It’s dangerous. And it may be coming soon to a network near you.
It’s peer-to-peer (P2P) networking, and it may already be running on your enterprise networks, laying them open to various forms of attack, break-in, theft, espionage, and malicious mischief. But traditional perimeter defenses, such as firewalls and Network Address Translation (NAT) devices, may do little to help to ensure your network is safe.” Read the story at Linux-box.org.

– By Mikael Pawlo –

“This is not an easy time for humorists because the government is far funnier than we are.” Art Buchwald was full of wit in his famous speech of 1987. When it comes to public procurement of software, it is easier to keep yourself from laughing, especially if you think about open code issues.

Why should anyone be interested in open code for public agencies? A substantial part of the public procurement in all countries comes from the purchase of computer programs and IT solutions. In most countries, public bodies, together with the government, are the most
important purchasers of computer programs and IT solutions.

The public procurement is policed by a set of rules in most countries. As a
general idea, however differently implemented in different jurisdictions,
the rules are supposed to make the procurement proceedings transparent and
open to the public scrutiny. This will –at least in theory– ensure that
there is competition, thus providing a guarantee of an effective
allocation –both in terms of quality and cost– of public money.

The government could regulate public procurement through legislation or
through policy. It is very common to have a legal framework defining the
basic rules applying to all public procurement. The law would then define
the transparent procedure. The purchasing public body could in most cases
develop the specific guidelines for public procurement of computer programs. The governing body in question could require that all code developed
in its applications should be open and free (but not gratis). It could
state that all code should be released under the GNU GPL. In a lot
of cases I am familiar with, a completely different strategy is applied. In
its specs, the public body states that “all computer programs should be
based on Microsoft NT” or that “any bids should be submitted in Microsoft
Word 7.0-format” or “the Internet application should use the Microsoft
Internet Information Server.” You get the idea.

If you think open code is a good thing, like GNU GPL-licensed Free Software or other
computer programs released under Open Source-compatible licenses, you might want to advocate that all computer programs subject to
public procurement should be Free Software or Open Source. But public procurement often is more complicated than that. If one government — most likely in a developing country due to price constraints — chooses to ban all proprietary solutions in public
procurement of computer programs, it risks facing a Microsoft divide. Civil
servants need to be able to communicate using de facto office standards
such as Microsoft PowerPoint, Microsoft Word, and Microsoft Excel.
If the public body has a hard — if not impossible — time communicating and
exchanging documents with the outer world and the public at large, it will
soon become inefficient, and that is not why you pay taxes for public
procurement.

Still, the above scenario does not mean that governments need to push
proprietary solutions. First, I want to make one thing clear: In my view,
governments and public bodies should not push “gratis,” “free,” “open” or
“proprietary” solutions over any of the other options. That could severely damage the incentives for software developers and the national market for IT at large. That much
said, governments and public bodies still could improve the competition and
make open code much more of an option in public procurement.

The government should always choose the best computer program and IT
solution at any given period of time. The term, “best computer program,” is ambiguous,
but I think it should be defined by a combination of price, performance,
security, license terms, time of delivery, and quality. Sometimes, the result
of such an evaluation will be a computer program based on open code.
Sometimes, proprietary solutions will be the best choice. Public money
should not be used to support inefficient alternatives. However, currently
inefficient alternatives can win in public procurement. Remember that
public procurement policy usually is made to provide a guarantee of an
effective allocation — both in terms of quality and cost — of public money.
What if the public body designs its requirements in a way that rules out all Free
Software and Open Source alternatives already at the drawing table? This is
what I have seen happen on several occasions.

It is time that public bodies and governments look over their public
procurement policies. The policy should guarantee competition, not stifle
it. An example of one way to achieve this is when buying desktop products,
to define the standard applications the product should be able to
interact with, rather than designing the offer in a way that fits only one
given computer program or operating system at a time.

May the best computer program and license win! Then the government will
make us as happy in 2002 as Art Buchwald did in 1987.

Mikael Pawlo is an associate of the Swedish law firm Advokatfirman Lindahl.
On nights and weekends he works as an editor for the leading Swedish Open
Source and Free Software publication Gnuheter, which he co-founded with
Patrik Wallstrom.

Linux PR has a press release announcing “two new courses from Les Bell and Associates Pty Ltd provide intensive hands-on training in Linux System Administration and Linux Server Administration.”

Editor’s note: This is an old story that was pulled shortly after it was posted on NewsForge. Apparently, it had been linked to by outside sources, however.

ZDNet UK: ” Bliss manifests itself by overwriting Linux executables with its own code every time it is executed. Files cannot be recovered and files created in other operating systems and stored on Linux servers can also be corrupted. McAfee claims several Bliss infections have been reported and believes the virus originated from a research project. The company has released a version of its VirusScan product for Linux for free download from its Web site.”

Debian: “Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by
the uucp uid, which effectively means that a local user can completely
subvert the UUCP subsystem, including stealing mail, etc.”

--------------------------------------------------------------------------
Debian Security Advisory DSA 079-2                     security@debian.orghttp://www.debian.org/security/ Martin Schulze
February 8th, 2002
--------------------------------------------------------------------------

Package        : uucp
Vulnerability  : uucp uid/gid access
Problem-Type   : local and remote
Debian-specific: no

Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1.  It
permits a local user to copy any file to anywhere which is writable by
the uucp uid, which effectively means that a local user can completely
subvert the UUCP subsystem, including stealing mail, etc.

If a remote user with UUCP access is able to create files on the local
system, and can successfully make certain guesses about the local
directory structure layout, then the remote user can also subvert the
UUCP system.  A default installation of UUCP will permit a remote user
to create files on the local system if the UUCP public directory has
been created with world write permissions.

Obviously this security hole is serious for anybody who uses UUCP on a
multi-user system with untrusted users, or anybody who uses UUCP and
permits connections from untrusted remote systems.

It was thought that this problem has been fixed with DSA 079-1, but
that didn't fix all variations of the problem.  The problem is fixed
in version 1.06.1-11potato2 of uucp which uses a patch from the
upstream author Ian Lance Taylor.

We recommend that you upgrade your uucp packages immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
------------------------------------

  Source archives:

     http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato2.diff.gz
MD5 checksum: 2c712e69b3b529f30153daf8b21e2bab
     http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato2.dsc
MD5 checksum: 4f2b87605425e9d291efebb8428e5df4
     http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1.orig.tar.gz
MD5 checksum: 390af5277915fcadbeee74d2f3038af9

  Alpha architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-alpha/uucp_1.06.1-11potato2_alpha.deb
MD5 checksum: 802b9176a7d288f396483e02c70fe3e7

  ARM architecture:

     http://security.debian.org/dists/stable/updates/main/binary-arm/uucp_1.06.1-11potato2_arm.deb
MD5 checksum: e3cc46ac6b268471b7a42c428a47bb64

  Intel ia32 architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-i386/uucp_1.06.1-11potato2_i386.deb
MD5 checksum: 3cb57a9ad76d42dbc5d2559d585b39d1

  Motorola 680x0 architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-m68k/uucp_1.06.1-11potato2_m68k.deb
MD5 checksum: 34ac6394a622f0e492288d9a33b0a67a

  PowerPC architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-powerpc/uucp_1.06.1-11potato2_powerpc.deb
MD5 checksum: 7dd85581fcc2547df432060c2ca9afa9

  Sun Sparc architecture:

     
http://security.debian.org/dists/stable/updates/main/binary-sparc/uucp_1.06.1-11potato2_sparc.deb
MD5 checksum: f6460f4436d521140d15ee2c4d6dee17


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

The Register: “What will Dell Computer do now that Sun Microsystems is a PC company? This detail was overlooked yesterday, obscured by the smoke from the nine-gun salute Sun gave to Linux. And this particular paragraph was overlooked by us: ‘New single- and multiprocessor systems, to be announced mid-year will use the x86 architecture and be capable of running thousands of Linux applications natively.'” Read more here.

Mandrake: “zen-parse discovered an exploitable buffer overflow in groff’s preprocessor. If groff is invoked using the LPRng printing system, an attacker can gain rights as the “lp” user. Likewise, this may be remotely exploitable if lpd is running and remotely accessible and the attacker knows the name of the printer and it’s spool file.”

________________________________________________________________________

                Mandrake Linux Security Update Advisory
________________________________________________________________________

Package name:           groff
Advisory ID:            MDKSA-2002:012
Date:                   February 7th, 2002
Affected versions:      7.2, 8.0, 8.1, Single Network Firewall 7.2
________________________________________________________________________

Problem Description:

 zen-parse discovered an exploitable buffer overflow in groff's
 preprocessor.  If groff is invoked using the LPRng printing system, an
 attacker can gain rights as the "lp" user.  Likewise, this may be
 remotely exploitable if lpd is running and remotely accessible and the
 attacker knows the name of the printer and it's spool file.
________________________________________________________________________

References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0003
________________________________________________________________________

Updated Packages:

 Linux-Mandrake 7.2:
 56d6ca492d028660e7358e2af1236e5f  7.2/RPMS/groff-1.16.1-7.2mdk.i586.rpm
 1aba691d52d4954e6c4ec330577509e3  7.2/RPMS/groff-for-man-1.16.1-7.2mdk.i586.rpm
 2974b9435ff20c60d9db90e3e7942973  7.2/RPMS/groff-gxditview-1.16.1-7.2mdk.i586.rpm
 d5ad075b6be3e520dcbb101c6e368955  7.2/RPMS/groff-perl-1.16.1-7.2mdk.i586.rpm
 57ac693f4a507a9a9869281fa5e868c0  7.2/SRPMS/groff-1.16.1-7.2mdk.src.rpm

 Mandrake Linux 8.0:
 69b21ea6f7811e0180b81f5e6e763bff  8.0/RPMS/groff-1.16.1-7.2mdk.i586.rpm
 c77033dc0048071b21085bdbd1f899ef  8.0/RPMS/groff-for-man-1.16.1-7.2mdk.i586.rpm
 33f5822612914a8b9dc05ce939e3ebd0  8.0/RPMS/groff-gxditview-1.16.1-7.2mdk.i586.rpm
 c9f933dfbd2c5b5e312919698621a682  8.0/RPMS/groff-perl-1.16.1-7.2mdk.i586.rpm
 57ac693f4a507a9a9869281fa5e868c0  8.0/SRPMS/groff-1.16.1-7.2mdk.src.rpm

 Mandrake Linux 8.0/ppc:
 3f8cde1fde265be24d7a8da36c3e5b8b  ppc/8.0/RPMS/groff-1.16.1-7.2mdk.ppc.rpm
 952284ae71a894a7325b8fe6cabc331b  ppc/8.0/RPMS/groff-for-man-1.16.1-7.2mdk.ppc.rpm
 b0f13231c69dd6c50f4da9a6e2f06d2d  ppc/8.0/RPMS/groff-gxditview-1.16.1-7.2mdk.ppc.rpm
 f601ba4f903212a67c32f71d8f1e757d  ppc/8.0/RPMS/groff-perl-1.16.1-7.2mdk.ppc.rpm
 57ac693f4a507a9a9869281fa5e868c0  ppc/8.0/SRPMS/groff-1.16.1-7.2mdk.src.rpm

 Mandrake Linux 8.1:
 6cc7c8c5936c4a15dca519219c4f078a  8.1/RPMS/groff-1.17.2-3.3mdk.i586.rpm
 c8a8ae0e7848c60b922c8d8326afe01e  8.1/RPMS/groff-for-man-1.17.2-3.3mdk.i586.rpm
 23dd6a64b3007bcd6bc3f807f5373462  8.1/RPMS/groff-gxditview-1.17.2-3.3mdk.i586.rpm
 a92f47ab6a6d3a46509f3dd0d76ea9e3  8.1/RPMS/groff-perl-1.17.2-3.3mdk.i586.rpm
 fdae065cd64b4527919d44dbcf126497  8.1/SRPMS/groff-1.17.2-3.3mdk.src.rpm

 Mandrake Linux 8.1/ia64:
 3f14c6b7f03bd22b9224e01a49208db2  ia64/8.1/RPMS/groff-1.17.2-3.3mdk.ia64.rpm
 a1bf708aba7524d62b37d188fd9b28e3  ia64/8.1/RPMS/groff-for-man-1.17.2-3.3mdk.ia64.rpm
 e0a4732b4af728fcf3da51df15193490  ia64/8.1/RPMS/groff-gxditview-1.17.2-3.3mdk.ia64.rpm
 efdc1cc2cb3feabbc13b211c62d215d6  ia64/8.1/RPMS/groff-perl-1.17.2-3.3mdk.ia64.rpm
 fdae065cd64b4527919d44dbcf126497  ia64/8.1/SRPMS/groff-1.17.2-3.3mdk.src.rpm

 Single Network Firewall 7.2:
 56d6ca492d028660e7358e2af1236e5f  snf7.2/RPMS/groff-1.16.1-7.2mdk.i586.rpm
 1aba691d52d4954e6c4ec330577509e3  snf7.2/RPMS/groff-for-man-1.16.1-7.2mdk.i586.rpm
 57ac693f4a507a9a9869281fa5e868c0  snf7.2/SRPMS/groff-1.16.1-7.2mdk.src.rpm
________________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

________________________________________________________________________

To upgrade automatically, use MandrakeUpdate.  The verification of md5
checksums and GPG signatures is performed automatically for you.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".  A list of
FTP mirrors can be obtained from:

   http://www.mandrakesecure.net/en/ftp.php

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:

  rpm --checksig 

All packages are signed by MandrakeSoft for security.  You can obtain
the GPG public key of the Mandrake Linux Security Team from:

  https://www.mandrakesecure.net/RPM-GPG-KEYS

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other update advisories for Mandrake Linux at:

   http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services that
anyone can subscribe to.  Information on these lists can be obtained by
visiting:

   http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
________________________________________________________________________

Type Bits/KeyID     Date       User ID
pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  security@linux-mandrake.com>


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see  http://www.gnupg.org

mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn
7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77
9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV
Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s
+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX
Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl
3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi
RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX
lA==
=0ahQ
-----END PGP PUBLIC KEY BLOCK-----

Wired.com reports: “Bowing to momentum and some high-profile customer losses, Sun Microsystems has jumped hard into the Linux market with a host of new hardware and software products.

Still, its own Solaris operating system remains the top priority.
“

LinuxSecurity Contributor writes, “This week, advisories were released for pine, rsync, FreeBSD kernel, wmtv, and telnet. The
vendors include Conectiva, Debian, FreeBSD, and Red Hat. Also this week, LinuxSecurity.com has
released the latest version of the EnGarde Linux Postfix Howto.”
http://www.linuxsecurity.com/articles/forums_artic le-4411.html.