|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 16 Aug 2001 16:52:37
To : All
Subject : URL: http://www.lwn.net/2001/0816/
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[3]Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
Other LWN stuff:
[14]Daily Updates
[15]Calendar
[16]Linux Stocks Page
[17]Book reviews
[18]Penguin Gallery
[19]Archives/search
[20]Use LWN headlines
[21]Contact us
TUCOWS.com:
[22]linux.tucows.com
[23]Ext2
[24]Themes
Recent features:
- [25]O'Reilly Open Source Conference
- [26]OLS 2001
- [27]Gael Duval
- [28]Kernel Summit
- [29]Singapore Linux Conference
- [30]djbdns
- [31]LinuxWorld NY
- [32]Jason Haas
- [33]Larry Wall
- [34]Bruce Momjian
- [35]2000 Timeline
Here is the [36]permanent site for this page.
See also: [37]last week's LWN.
Leading items and editorials
Linux distributors are branching out in their attempts to find ways to
make money with free software. Here's a couple of interesting
announcements from the last week:
* As expected, Red Hat [38]announced the availability of the "Red
Hat E-Commerce Suite." This offering is a bundling of Red Hat
Linux 7.1, PostgreSQL (oops, that's "Red Hat Database"), Apache,
Interchange (once known as "MiniVend"), and "CommerceLauncher," a
web-based configuration tool.
The components of the E-Commerce Suite are all open-source tools,
so one could build the equivalent of this suite without having to
pay for it. (In practice, though, CommerceLauncher is currently
only available if you buy the E-Commerce Suite; presumably it will
escape into the wild eventually). Red Hat is hoping that it will
be able to convince people to pay the subscription fee
($275/month) to get a combination of an integrated platform and
associated update and support services. There will also be, of
course, additional consulting services for an appropriate fee.
* Turbolinux has [39]announced the delivery of a "tailor-made Linux
package" to The Credit Index, which does credit risk modeling for
catalog marketers. It's an S/390 distribution which fits the
mainframe world to the degree that it can be installed from a 3490
tape drive. Amusingly, Turbolinux touts its 2.4.5 kernel, which it
claims is "the latest version." More seriously, though, Turbolinux
has put together a specialized install of its distribution to meet
the (intense) needs of a specific company.
The common thread here shows where the money may really be in the
Linux distribution business: providing integrated solutions that "just
work." Linux enthusiasts are happy to pull together software from
several sources and make the combination work well. People who are
experimenting with deploying Linux in their companies often prefer not
to have to do that; if they can get a single CD set (or 3490 tape)
with everything they need their lives are easier, and they feel more
confident in proceeding.
So it would not be all that surprising to see the number of
distributions actually increase in the future, even if the number of
distributors drops. And the real winners may be the company that can
crank out special-purpose, customized distributions in a way similar
to how Dell cranks out computers. Customers who get exactly what they
need tend to come back for more.
On the costs of full disclosure. A message on the Bugtraq list asked
[40]can we afford full disclosure of security holes?. The motivation
for the posting was, of course, the Code Red worm, which, according to
some of the more breathless accounts, has cost billions of dollars
worldwide. Implicit in the posting is a claim that Code Red would not
have happened in the absence of [41]the advisory and exploit posted by
eEye.
eEye, of course, [42]denies (convincingly) that its advisory enabled
the Code Red worm in any way. But what if it had? Is full disclosure
of security vulnerabilities an irresponsible act?
In the proprietary software world, it is tempting to say that only
vendors should be given details of vulnerabilities. They can then fix
the problem and get patches in the hands of their customers without
making exploit information available to the bad guys. This view misses
some important points, however. One is that malware authors will
figure out the problems anyway; a clever cracker with debugging tools
will be able to determine just what problems a binary vendor patch
fixes. Even if the license agreement says they can't do that. Vendors
also tend to be slow about fixing problems until there is a real need.
Independent vendors of security products and services have a
legitimate interest in the details of security problems.
But the real point is that those who use buggy software - and that is
all of us - have a right to know about the problems in the programs we
run on our systems and depend on. Proprietary software vendors, of
course, like to withhold such information; that has a lot to do with
why many of us use free software instead.
In the free software community, there really are no alternatives to
full disclosure. Once the source for a patch has been released, all
the details are easily available anyway. And the free software
community only benefits from its preference for not hiding problems in
general.
So free software users need not be involved in this debate. But the
truth of the matter is that the situation is not all that different
for proprietary software. The information will get out - crackers have
a sort of full disclosure policy of their own. Anything other than
full disclosure on the "white hat" side serves only to put people with
vulnerable systems (i.e. all of us) at a disadvantage.
LWN Coverage of the O'Reilly Open Source Convention. [43][shared
source panel] Better late than never... Dennis Tenney [44]reports on
the 2001 O'Reilly Open Source Convention in San Diego, CA. The report
covers the conference happenings, and includes interviews with Bruce
Momjian, Bruce Perens, Guido van Rossum, and Jim Fulton.
A note to our readers. A few of our readers with eagle-eyes will have
noticed that Managing Editor Liz Coolbaugh's name has been missing
from the section by-lines for a couple of weeks. Here's the scoop: Liz
has been ordered by her doctors to take a medical leave of absence and
will therefore not be contributing directly to the journalistic side
of LWN.net for a period of time. Liz, get some rest, we're looking
forward to having you back.
Those who are interested should see [45]the message to our readers
from Liz.
Meanwhile, the rest of us are clearly going to have to scramble to
fill the gap left by Liz's absence. This scrambling will likely
include cutting back on LWN's content for a while; we're still working
on what the exact changes will be, but they will be intended to keep
LWN on a sustainable basis while not sacrificing that which makes us
truly valuable to our readers. Stay tuned.
Inside this LWN.net weekly edition:
* [46]Security: Warhol worms; fun with fetchmail.
* [47]Kernel: Noise over the SB Live update; where to send patches?
* [48]Distributions: Mission Critical layoffs, Mandrake releases 2
new distributions.
* [49]On the Desktop: theKompany rumbles, Loki stumbles, and Miguel
humbels (Windows, that is).
* [50]Development: PLEAC project, Vorbis RC2, GNOME-DB, Linux
backups, Web services, exponential Python growth.
* [51]Commerce: IDC survey shows Linux growth, Linux and TeraGrid,
KDE 2.2, RedHat E-Commerce suite, TurboLinux on the S/390.
* [52]History: GNOME's beginnings; standards battles; Red Hat goes
public.
* [53]Letters: Fair use and first sale; astroturfing; Mono.
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [54]Jonathan Corbet, Executive Editor
* [55]Elizabeth O. Coolbaugh, Managing Editor
* [56]Michael J. Hammel, Senior Editor
August 16, 2001
[57]Click Here
[58]Click Here
[59]Next: Security
[60]Eklektix, Inc. Linux powered! Copyright Л 2001 [61]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-001-000-000-012
3. http://lwn.net/2001/0816/security.php3
4. http://lwn.net/2001/0816/kernel.php3
5. http://lwn.net/2001/0816/dists.php3
6. http://lwn.net/2001/0816/desktop.php3
7. http://lwn.net/2001/0816/devel.php3
8. http://lwn.net/2001/0816/commerce.php3
9. http://lwn.net/2001/0816/press.php3
10. http://lwn.net/2001/0816/announce.php3
11. http://lwn.net/2001/0816/history.php3
12. http://lwn.net/2001/0816/letters.php3
13. http://lwn.net//2001/0816/bigpage.php3
14. http://lwn.net/daily/
15. http://linuxcalendar.com/
16. http://lwn.net/stocks/
17. http://lwn.net/Reviews/
18. http://lwn.net/Gallery/
19. http://lwn.net/archives/
20. http://lwn.net/op/headlines.phtml
21. http://lwn.net/op/Contact.html
22. http://linux.tucows.com/
23. http://news.tucows.com/ext2/
24. http://unixthemes.tucows.com/
25. http://lwn.net/2001/features/oreilly2001/
26. http://lwn.net/2001/features/OLS/
27. http://lwn.net/2001/features/MandrakeSoft.php3
28. http://lwn.net/2001/features/KernelSummit/
29. http://lwn.net/2001/features/Singapore
30. http://lwn.net/2001/features/djbdns.php3
31. http://lwn.net/2001/features/linuxworldny/
32. http://lwn.net/2001/features/JHaas/
33. http://lwn.net/2001/features/LarryWall/
34. http://lwn.net/2001/features/Momjian/
35. http://lwn.net/2000/features/Timeline/
36. http://lwn.net/2001/0816/
37. http://lwn.net/2001/0809/
38.
http://www.businesswire.com/cgi-bin/f_headline.cgi?bw.081301/212252100&ticker=RH
AT
39. http://lwn.net/2001/0816/a/tl-credit-index.php3
40. http://lwn.net/2001/0816/a/full-disclosure.php3
41. http://www.eeye.com/html/Research/Advisories/AD20010618.html
42. http://lwn.net/2001/0816/a/eeye.php3
43. http://lwn.net/2001/features/oreilly2001/
44. http://lwn.net/2001/features/oreilly2001/
45. http://lwn.net/2001/0816/a/message-from-liz.php3
46. http://lwn.net/2001/0816/security.php3
47. http://lwn.net/2001/0816/kernel.php3
48. http://lwn.net/2001/0816/dists.php3
49. http://lwn.net/2001/0816/desktop.php3
50. http://lwn.net/2001/0816/devel.php3
51. http://lwn.net/2001/0816/commerce.php3
52. http://lwn.net/2001/0816/history.php3
53. http://lwn.net/2001/0816/letters.php3
54. mailto:lwn@lwn.net
55. mailto:lwn@lwn.net
56. mailto:lwn@lwn.net
57. http://ads.tucows.com/click.ng/buttonpos=lwnbutton125top
58. http://ads.tucows.com/click.ng/buttonpos=125-001-016
59. http://lwn.net/2001/0816/security.php3
60. http://www.eklektix.com/
61. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2001/0816/ |
Sergey Lentsov |
16 Aug 2001 16:52:37 |
|
|
