|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 19 Jan 2001 05:50:36
To : All
Subject : URL: http://lwn.net/2001/0118
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[3]Security
[4]Kernel
[5]Distributions
[6]Development
[7]Commerce
[8]Linux in the news
[9]Announcements
[10]Linux History
[11]Letters
[12]All in one big page
Other LWN stuff:
[13]Daily Updates
[14]Calendar
[15]Linux Stocks Page
[16]Book reviews
[17]Penguin Gallery
[18]Archives/search
[19]Use LWN headlines
[20]Contact us
TUCOWS.com:
[21]linux.tucows.com
[22]Ext2
[23]Themes
Recent features:
- [24]Bruce Momjian
- [25]2000 Timeline
- [26]Eric Raymond
- [27]LWN coverage of Comdex 2000
- [28]Ransom Love
- [29]Guido van Rossum
- [30]Paul Everitt
- [31]Embedded Systems Conference
- [32]Embedded Linux Consortium
- [33]OLS Coverage
- [34]Cary Bunks interview
- [35]Making circuits with PCB
- [36]Linux-powered Camera
- [37]The FSL Cluster
Here is the [38]permanent site for this page.
See also: [39]last week's LWN.
Leading items and editorials
'Ramen Worm' attacks Red Hat-based systems.
A new worm, dubbed the "Ramen Worm", was spotted on the Internet this
week. For those of you unfamiliar with the term, a "worm" is a
self-propagating attack, e.g., a script is written to attack a system,
copy itself to that system and then automatically go out to find new
vulnerable systems and attack them. This differs from the term "virus"
in that viruses are attached to or embedded in otherwise innocuous
files or programs. Linux is generally (though not theoretically)
immune to viruses; it is not immune to a worm, since a worm is simply
a specialized case of a successful, usually network-based, attack.
Nonetheless, a worm is self-propagating, like a virus, so there are
similarities. This particular worm was not an impressive example, at
least to security experts. It was cobbled together from pre-existing
components and exploits vulnerabilities that are four to seven months
old. As such, it is a good example of why we warned back in
[40]November, 2000 that the Linux community should not become too
cocky about its security record, based on its relative immunity to
viruses. Given how easily this one was developed, we can expect to see
more of them in the future.
The biggest lesson from the worm this week is apply your security
updates. The only systems vulnerable to this attack were those with
vulnerabilities that had been reported months ago and for which fixes
had long since been available. Obviously enough systems fit this
criteria to fuel a significant attack.
The actual impact of the worm is minimal, restricted to disabling
anonymous ftp access and defacing websites. Unfortunately, it could
easily be modified to be much more damaging. Confirming the lack of
actual malicious intent, the worm has been reported to only attack
systems with anonymous ftp enabled and then to close politely close
anonymous ftp behind it, essentially preventing the system from being
infected again via the same mechanism, unless the local administrator
re-enables anonymous ftp without patching the system. (It is worth
noting that the scanning traffic created by the worm is causing
problems for some networks, especially those which use multicast).
The worm found this week specifically targets Red Hat 6.2 and Red Hat
7.0 systems that have not applied security updates for wu-ftpd,
nfs-utils and LPRng. Here are the advisories for the applicable
security updates, though, of course, it is recommended that all
security updates be applied:
Red Hat 6.2:
* [41]wu-ftpd-2.6.0-14.6x, issued June 23rd, 2000
* [42]nfs-utils-0.1.9.1-1, issued July 17th, 2000, last updated July
21st, 2000
Red Hat 7.0:
* [43]lprng-3.6.24-2, issued September 26th, last updated on October
4th
In addition, although the worm was written to attack Red Hat Linux
systems, the vulnerabilities themselves are not specific to Red Hat
and therefore the worm could also easily be rewritten to attack other
Linux systems. Below are links to our coverage of the involved
vulnerabilities, including links to updates from other Linux/BSD
vendors:
* [44]wu-ftpd
* [45]nfs/rpc.statd
* [46]LPRng/lpr
[47]This ZDNet article provides some interesting information on the
worm. For more technical detail, several analyses of the worm have
been published, including [48]this one by Daniel Martin. The majority
of first-hand information about the worm comes from the SecurityFocus
Incidents mailing list, on which the worm was first reported on
January 15th.
Signs of the times. Should anybody still doubt that the Linux business
climate has changed dramatically over the last year, a couple of
events from the last week should help to clarify things:
* Linuxcare and Turbolinux have an agreement to merge. There is no
official announcement at this point, but we have received
confirmation from Linuxcare that a deal has been made.
* Lineo has [49]withdrawn its intended initial public offering (IPO)
of stock, which was filed last May.
The current business climate is clearly no fun, especially if your
business depends on obtaining funds from investors. Linuxcare,
Turbolinux, and Lineo have all attempted to go public; none have yet
succeeded. In a world where private investment has dried up, and the
IPO market is closed, it is difficult for a startup business to get
large enough to firmly establish itself.
In such an environment, about the only "get big fast" route that
remains open is consolidation. It would not be surprising to see a
number of other Linux companies look to mergers as a path to growth. A
year from now, there may be a much smaller community of Linux
companies doing business.
Turbolinux, meanwhile, has long taken the approach that it is a
software vendor, and that it is not interested in the services-based
plans adopted by distributors like Red Hat. The merger with Linuxcare
is obviously the end of that strategy. It is also likely to be the end
of Turbolinux's IPO bid, at least for now. Merging with Linuxcare is
such a fundamental change that Turbolinux would essentially have to
throw out its IPO filing and start over. In a time when the markets
are openly hostile to initial offerings, the company is unlikely to
bother with a new filing.
An interesting question will be whether the merger is the end of
Linuxcare's distribution-independent policy. A credible, neutral
stance will certainly be harder to maintain when Linuxcare is part of
a major Linux distributor. Those interested in speculation might
wonder if, instead, Turbolinux is preparing to deemphasize, if not
exit, the distribution business in favor of its clustering and other
value-added offerings. According to [50]its IPO filing, Turbolinux
only derived 37% of its revenue from operating system sales in the
first half of 2000. Might Turbolinux have decided that its future lies
elsewhere?
What the future holds for Lineo is unclear. Failed IPO bids are often
followed by reductions in staff; Lineo has grown rapidly through its
series of acquisitions and may now find itself needing to slim down a
bit. It is also worth noting that the embedded Linux world is highly
fragmented, with several companies all competing with each other. Some
consolidation in that sector is to be expected.
VA Linux Systems puts out another warning. In another sign of the
times, VA Linux Systems has put out [51]another warning that earnings
will not be up to expectations. Revenue for the second quarter (which
ends on January 27) is expected to be $50 million at best, for a loss
of $0.24-0.28 per share. Among other things, VA says that the usual
January sales upturn has not happened this year, and blames the state
of the economy in general.
VA has also been facing price pressure:
Additionally, the current economic conditions are creating a
difficult pricing environment resulting in lower gross margins.
Going forward in this economic environment, we intend to focus on
higher margin business and to manage expense levels such that we
can achieve profitability given our revised revenue expectations.
Of course, "manage expense levels" is PR-speak for "lay people off."
The "current economic conditions" aren't getting any better. (VA has
legal problems as well; see [52]this week's Linux in Business page for
discussion of the class-action lawsuits against the company).
Through all of this it's worth remembering that Linux and the
businesses that have sprung up around it are two different things. It
may not be the easiest of times to run a Linux business (though it's
certainly far better than it was even five years ago), but Linux
itself is doing great. Adoption and mindshare continue to increase,
and the software is just getting better. And many businesses are doing
well. For example...
There is still money for Linux businesses, at least occasionally.
Consider these examples:
* Conectiva has [53]announced an equity investment from ABN AMRO
bank, Intel Capital, and LatinTech Capital. The amount of the
investment has not been disclosed; it will be used to expand
Conectiva's service network and to "stimulate open source
application software products" in specific areas.
* A company called RLX Technologies has [54]announced its existence.
RLX will be building rackmount server boxes for hosting centers;
they will be based on Transmeta chips and Linux. RLX expects to
beat the competition in low pricing, high server density, and low
power consumption. The company, which includes a number of Compaq
founders, was launched with $19 million in angel investments, and
is working on concluding another financing round now.
* The company formerly known as Helix Code (now "Ximian") has
[55]announced the receipt of $15 million in funding from Charles
River Ventures and Battery Ventures.
Clearly some investors still believe in the future of Linux, even if
the stock market is not currently favorable. As Linux and free
software in general continue to grow, investors will figure out that
their future is still bright. We will, with luck, never see a repeat
of the frenzy of a year ago; but we should, at some point, leave the
current depression behind as well.
Interview: Larry Wall. [56][Larry] [57]ChangeLog.net editor Maya
Tamiya has sent us another interview. This time, Maya has
[58]interviewed Larry Wall at the Perl/Ruby conference, which was held
in Kyoto, Japan at the end of last year. In this interview, Larry
discusses a wide range of topics, including his job at O'Reilly, Perl
certification, the commercialization of Perl, competition between open
source projects, the power of laziness, Perl 6, post-modernism,
software patents, documentation, and more. (This interview contains a
number of pictures; there is also [59]a smaller version available for
those with limited bandwidth).
Hardware sales are getting, well, hard. Earlier this week [60]Tuxtops
announced that it would be dropping its Linux laptop line in favor of
a software product to be announced at a later date. The LWN.net staff
immediately began to ponder if there was some real problem with
getting Linux to run on laptops, or if making a business out of that
was really all that hard. After all, [61]LinuxLaptops and [62]VA have
both exited that market. [63]ASL still sells them though the list of
small laptop vendors with a Linux focus is dwindling. So, what about
the big players?
[64]IBM lists 3 ThinkPad models (A20m, T20, and T21) that they ship
preloaded with Linux. All are loaded with Caldera OpenLinux eDesktop.
While they point out that IBM hardware has been Red Hat certified, a
search through [65]Red Hat's certified hardware database, searching
for "IBM" and "Notebooks" (any architecture, any Red Hat release),
comes up empty.
Gateway doesn't make it easy to determine if it sells notebooks
preinstalled with Linux from its site. Compaq's support of Linux is
well known, but its [66]Linux site has no information on laptops. Dell
at least has a [67]Linux specific section on its site, but it only
mentions servers and desktop system as preinstalled. No obvious
information on laptops is provided.
So what's the deal with laptops and Linux? Of course Linux works well
on laptops (most of the LWN.net staff uses Linux laptops of one kind
or another). The lack of preinstalled support can be the result of a
number of issues. First, many of the features that are used to add
value to laptops by hardware makers are only now, with the release of
the 2.4 kernel, becoming commonly supported: USB, Firewire, DVD,
S-Video output, WinModems, and so forth. Since smaller hardware
vendors like LinuxLaptops or Tuxtops (though not necessarily Dell, IBM
or Compaq) are generally not also Linux distributors, they rely on
well-known distributions to support these features. That will happen
later this year. For now, these smaller vendors are on their own. So
that would leave the larger companies, those with resources to produce
drivers for the more modern hardware features commonly found on
laptops, to write their own drivers. They can do that, so why the lack
of preinstallation?
The next issue may be margins. While Linux is inexpensive, laptops are
not. Larger companies have to push these machines in volume, though
probably not to the levels required for desktop systems. Laptops with
Linux preinstalled may not be the high volume market needed to sustain
smaller, Linux-focused companies. Of course, all hardware vendors have
been hit fairly hard by a slowing economy and weak sales in general.
The disappearance of a few smaller vendors is a normal shakeout under
these circumstances. But that still doesn't explain why preinstalled
laptops from the big three aren't well publicized.
While hardware support used to be a viable reason for lack of support,
it's hardly the status quo these days. Too many people are writing
drivers for new hardware - IBM expects to put $1 billion US dollars
into development this year alone. Preinstalled Linux, especially on
laptops shouldn't be that hard. So what is the biggest reason Linux
isn't preinstalled?
Laptops aren't servers. And Linux is still trying to establish itself
on the desktop. Hardware makers have everything to gain with
preinstalled Linux servers. The value in preinstalled desktops - and
laptops - has yet to be measured.
Inside this week's Linux Weekly News:
* [68]Security: Borland InterBase back door, cgi-bin file extension
issues, glibc, PHP, dhcp, rctab, flash, jaZip, splitvt and other
vulnerabilities.
* [69]Kernel: 2.4.0 and disk corruption; ReiserFS gets into 2.4.1;
which is really the fastest web server?
* [70]Distributions: Niche Linux Distributions rub elbows with Mac
enthusiasts, yet more new Linux distributions, Debian runs on the
Itanium.
* [71]Development: Kannel SMS/WAP gateway, Gnucash 2.0, Ximian, XML
tools.
* [72]Commerce: Troubles at VA Linux Systems, IBM and NCSA Create
Worlds Fastest Linux Supercomputers in Academia, NuSphere MySQL,
new version, training offerings.
* [73]History: Turbolinux/Pacific HiTech through the years.
* [74]Letters: LaTeX pronunciation, VA lawsuit and the Linux
trademark.
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [75]Jonathan Corbet, Executive Editor
* [76]Elizabeth O. Coolbaugh, Managing Editor
* [77]Michael J. Hammel, Senior Editor
January 18, 2001
[78]Click Here
[79]Click Here
[80]Next: Security
[81]Eklektix, Inc. Linux powered! Copyright Щ 2001 [82]Eklektix, Inc.,
all rights reserved
Linux Ю is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-001-000-000-012
3. http://lwn.net/2001/0118/security.php3
4. http://lwn.net/2001/0118/kernel.php3
5. http://lwn.net/2001/0118/dists.php3
6. http://lwn.net/2001/0118/devel.php3
7. http://lwn.net/2001/0118/commerce.php3
8. http://lwn.net/2001/0118/press.php3
9. http://lwn.net/2001/0118/announce.php3
10. http://lwn.net/2001/0118/history.php3
11. http://lwn.net/2001/0118/letters.php3
12. http://lwn.net/2001/0118/bigpage.php3
13. http://lwn.net/daily/
14. http://lwn.net/cgi-bin/webcal.pl
15. http://lwn.net/stocks/
16. http://lwn.net/Reviews/
17. http://lwn.net/Gallery/
18. http://lwn.net/archives/
19. http://lwn.net/op/headlines.phtml
20. http://lwn.net/op/Contact.html
21. http://linux.tucows.com/
22. http://news.tucows.com/ext2/
23. http://unixthemes.tucows.com/
24. http://lwn.net/2001/features/Momjian/
25. http://lwn.net/2000/features/Timeline/
26. http://lwn.net/2000/features/ESR/
27. http://lwn.net/2000/features/Comdex/index.php3
28. http://lwn.net/2000/features/Comdex/RansomLove.php3
29. http://lwn.net/2000/features/Guido.php3
30. http://lwn.net/2000/features/PaulEveritt.php3
31. http://lwn.net/2000/features/ESC/
32. http://lwn.net/2000/features/ESC/ELC.php3
33. http://lwn.net/2000/features/OLS/
34. http://lwn.net/2000/features/CBunks/
35. http://lwn.net/2000/features/pcb/
36. http://lwn.net/2000/features/Axis/
37. http://lwn.net/2000/features/FSLCluster/
38. http://lwn.net/2001/0118/
39. http://lwn.net/2001/0111/
40. http://lwn.net/2000/1130/index.php3#viruses
41. http://lwn.net/2000/0629/a/rh-wuftpd.php3
42. http://lwn.net/2000/0727/a/rh-statd.php3
43. http://lwn.net/2000/1005/a/sec-lprng-rh.php3
44. http://lwn.net/2001/0118/security.php3#wu-ftpd
45. http://lwn.net/2000/0817/security.php3#nfs/rpc.statd
46. http://lwn.net/2000/1019/security.php3#lprng
47. http://www.zdnet.com/zdnn/stories/news/0,4586,2675147,00.html
48. http://members.home.net/dtmartin24/ramen_worm.txt
49.
http://www.freeedgar.com/search/ViewFilingsData.asp?CIK=1112479&Directory=912057
&Year=01&SECIndex=1292&Extension=.tst&PathFlag=0&nStartLoc=511&nEndLoc=4698&Text
FileSize=4714&DateFiled=1/12/2001&FormType=RW&SFType=&SDFiled=&tabletype=1&table
name=&SourcePage=FilingsResults&OEMSource=&UseFrame=1&CompanyName=LINEO+INC
50. http://lwn.net/2000/features/Turbolinux-ipo.php3
51. http://www.businesswire.com/cgi-bin/f_headline.cgi?bw.011601/210160739
52. http://lwn.net/2001/0118/commerce.php3
53. http://lwn.net/2001/0118/a/conectiva-abn.php3
54. http://www.newsalert.com/bin/story?StoryId=CoMpvueSbmdeWmJiWotq
55. http://www.businesswire.com/webbox/bw.011701/210172428.htm
56. http://lwn.net/2001/features/LarryWall/
57. http://changelog.net/
58. http://lwn.net/2001/features/LarryWall/
59. http://lwn.net/2001/features/LarryWall/?small=1
60. http://lwn.net/2001/0118/a/tuxtops-bowout.php3
61. http://www.linuxlaptops.com/
62. http://www.valinux.com/systems/
63. http://www.aslab.com/contents/products.html
64. http://www.pc.ibm.com/ww/software/alliances/linux/systems.html#Preloaded
65. http://hardware.redhat.com/redhatready/cgi-bin/us/db-hcl.cgi
66. http://www.tru64unix.compaq.com/linux/systems.htm
67. http://www.dell.com/us/en/dhs/topics/linux_000_hardsol.htm
68. http://lwn.net/2001/0118/security.php3
69. http://lwn.net/2001/0118/kernel.php3
70. http://lwn.net/2001/0118/dists.php3
71. http://lwn.net/2001/0118/devel.php3
72. http://lwn.net/2001/0118/commerce.php3
73. http://lwn.net/2001/0118/history.php3
74. http://lwn.net/2001/0118/letters.php3
75. mailto:lwn@lwn.net
76. mailto:lwn@lwn.net
77. mailto:lwn@lwn.net
78. http://ads.tucows.com/click.ng/buttonpos=lwnbutton125top
79. http://ads.tucows.com/click.ng/buttonpos=lwn125x400
80. http://lwn.net/2001/0118/security.php3
81. http://www.eklektix.com/
82. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0118 |
Sergey Lentsov |
19 Jan 2001 05:50:36 |
|
|
