LinuxSecurity: “This week, some of the most interesting articles include “Secure Your Sockets with JSSE,” “Best Practices in Network
Security,” and “DNS and BIND, 4th Edition Online: Chapter 11: Security.” Also this week, take a look at our feature story,
“Open Source Security Testing Methods.”

– By Grant Gross
–

In case you were living under a rock this week, we’ll review the big news. Craig Mundie, a Microsoft senior vice president, announced what he called a “shared source” initiative, while at the same time ripping into Open Source business plans and the GNU General Public License.

After Mundie called the GPL a “threat” to intellectual property, the Open Source and Free Software communities’ retaliations were quick, massive and dead on target.

Among the responses:

• From Linus Torvalds, the creator of Linux: “The basic argument seems to be that it’s good for the economy to charge for intellectual property, so open source software cannot be good, while Microsoft is the most far-thinking company around and is doing it all for the good of the public. Gee, what a surprise.”

• Alan Cox, the Linux kernel contributor supreme, countered Microsoft’s .Net idea: “Craig claims, ‘Computers, devices and services will be able to collaborate directly with each other, and businesses will be able to offer their products and services in a way that lets customers embed them in their usage of the Web at their discretion. ‘Somehow the words ‘providing they use Microsoft products’ were left out.”

• Richard Stallman and the Free Software Foundation, defended the GPL: “Microsoft surely would like to have the benefit of our code without the responsibilities. But it has another, more specific purpose in attacking the GNU GPL. Microsoft is known generally for imitation rather than innovation. Its purpose is strategic — not to improve computing for its users, but to close off alternatives for them.”

• Even the software industry group, the Software & Information Industry Association, dug into Microsoft for the speech. “Microsoft is once again publicly making the case that innovation in the software industry should happen only at the discretion and direction of Microsoft,” said Ken Wasch, SIIA president. “There is no ‘one size fits all’ solution for the software needs of corporations throughout the world. Yet Microsoft is employing public relations tactics to incite fear among businesses that are considering migrating to the Open Source model.”

• Of course, the whole debate was touched off by Open Source advocate Eric S. Raymond, who got wind of the Microsoft speech the day before it happened. Raymond wrote: “What Mr. Mundie will hope you don’t notice is that Microsoft wants all the ‘sharing’ to be in one direction. What they’re doing is what we
  call ‘source under glass’ — you can see it, but you can’t modify or
  reuse it in other programs. They want to be able to get the huge benefit
  of having thousands of outside people review their code without allowing
  any of those people to use what they learn on other projects.”

The general tone of the technology press coverage of the Mundie speech seemed to be, “more of the same from Microsoft.” Salon.com made fun of the speech by saying Microsoft was calling Free Software “the devil’s work.” TheStandard noted the irony in Mundie’s speech: “Redmond lets its customers look at source code but doesn’t let them tinker with it. In fact, the company says free code is potentially criminal.” A ZDNet columnist asked, “What’s so scary about Open Source?” He added: “I’m surprised that Mundie wasn’t leerier about raising the issue of competitiveness. By
taking this kind of pot-shot at open source in general, Microsoft leaves itself open to criticisms that it’s afraid of competition. “

Reuters played the speech more straightforward, but noted that source sharing has roots in scientific and academic traditions and that companies such as IBM and Oracle have experimented with Open Source.

Whew! If you’re still interested in more coverage, search on “Microsoft” at NewsForge.

Microsoft and security (or lack thereof)

Just before the speech, Raymond added to his earlier comments with a challenge of Microsoft’s security record by noting a new flaw in Windows 2000 running the IIS Web server. “What this means is that unless a knowledgeable sysadmin has taken explicit action to prevent it, any 15-year-old who can copy code off the Internet can use Microsoft’s IIS to bypass your firewall, bypass your password system, and gain administrator-level access to the machine that hosts your webserver. They
can inspect, alter or delete files at will no matter how you have them secured. They can also use root-level access to that machine as a springboard for attacks on other systems inside your firewall.”

Ironically, on the day of the speech, Microsoft wasn’t able to keep crackers from defacing three of its own corporate Web sites.

Argentina: No more proprietary software?

Really, there was other news in the Open Source world this week. The Argentina legislature is considering a bill that would require all government offices to use Open Source software. That legislation should be interesting to watch — it could be the start of widespread adoption of Open Source software in Latin America.

No more mergers

A proposed merger of supercomputer-maker Linux NetworX and Ebiz fell through this week, with Linux NetworX saying only that it had “other opportunities” on the horizon. That announcement came in the same week that Linuxcare and Turbolinux called off their merger. Apparently, the two companies had trouble marrying their finances and operations.

In other news, 2600.com and the motion picture industry were back in court this week, on an appeal of the ruling against 2600 for linking to the DeCSS Linux DVD-playing code. Several reports noted that the panel of judges seemed to side with the motion picture giants.

Also, Jason Haas, leader of the popular Linux-for-Macs project, LinuxPPC, announced he was leaving the project. Haas said he was burned out and looking for something new.

New in NewsForge

Original reporting from NewsForge this week:

Hardware and software reviewer Jeff Field compares two recent Linux releases, Red Hat 7.1 and Mandrake 8.0. He likes Mandrake, partly because it has more up-to-date software.

Check out new editor Dan Berkes’ Open Source stock report, complete with a chart of how leading Open Source stocks did during the week.

We also report on Red Hat’s attempts to work with the backers of the controversial Uniform Computer Information Transactions Act, to make changes that would benefit the Open Source community.

one two three

DebianPlanet has posted the resurrected Debian Weekly News. Among the items: “Since the last issue, [4]2.2r3 is out. It fixes quite a few security
and release critical bugs: an ntp root exploit, and samba symlink
problems are among those. Some of the security updates were
incorrectly built on an unstable system, which caused some confusion.
This is fixed now.”

rewben writes, “After a lot of time and trying, I finally got my GameBoy running Unix. 🙂
There are pics on my website under ‘stuff.’ Note: the 14k4 modem in the gameport of the Gameboy is fake, that was just for fun, and its not the Gameboy itself that runs unix, but the laptop that is connected to the gameboy screen.
Have a look for yourself if you dont believe it. :)”

2600.com release audio files for last week’s court hearing in the motion picture industry’s lawsuit against 2600. The files are in Real Audio or MP3 formats. “he
first part consists of about 15 minutes of Dean Kathleen Sullivan’s argument for our
side, which came at the end of a tape which had a lot of other cases on it – hence
its shortness. The second and final part consists of the rest of the proceedings,
which runs around an hour and 18 minutes. It contains the remainder of Dean
Sullivan’s argument, as well as those of Assistant U.S. Attorney Daniel Alter for the
U.S. government and attorney Charles Sims for the motion picture industry.”

LinuxFocus has the review. Its conclusion: “If you are a system administrator, a programmer or a true Linux lover you will surely love the book.”

LinuxPlanet has part two of its “The monkey has landed” series on the release of Ximian Gnome 1.4. The review gives Gnome 1.4 four to five stars in several categories evaluated. Elsewhere, CNet gives Gnome 1.4 a seven out of 10 rating.

From CNet: “ne of the Internet’s most obscure technologies came
to life last weekend: transmitting network information
by carrier pigeon.

In 1990, David Waitzman wrote RFC 1149, a tongue-in-cheek standard for using pigeons to
transfer information using the Internet Protocol (IP). On Saturday, a group of Linux enthusiasts in
Bergen, Norway, succeeded in exchanging some data using the Carrier Pigeon Internet Protocol
(CPIP).”

Mayank writes, “SuSE 7.1 finally reached FreeOS and boy, were we eagerly awaiting this new release! It has lots of new additions like kernel 2.4 (the first to support 2.4 final), XFree86 4.0.2 (with anti-aliasing support) and the new glibc 2.2. Although we did get it a little late, we went ahead and reviewed the package and here’s our opinion.” The review is here on FreeOS.com.