|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 31 May 2001 17:11:06
To : All
Subject : URL: http://lwn.net/2001/0531
--------------------------------------------------------------------------------
[1][LWN Logo]
[2]Click Here
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[3]Security
[4]Kernel
[5]Distributions
[6]On the Desktop
[7]Development
[8]Commerce
[9]Linux in the news
[10]Announcements
[11]Linux History
[12]Letters
[13]All in one big page
Other LWN stuff:
[14]Daily Updates
[15]Calendar
[16]Linux Stocks Page
[17]Book reviews
[18]Penguin Gallery
[19]Archives/search
[20]Use LWN headlines
[21]Contact us
TUCOWS.com:
[22]linux.tucows.com
[23]Ext2
[24]Themes
Recent features:
- [25]GaКl Duval
- [26]Kernel Summit
- [27]Singapore Linux Conference
- [28]djbdns
- [29]LinuxWorld NY
- [30]Jason Haas
- [31]Larry Wall
- [32]Bruce Momjian
- [33]2000 Timeline
- [34]Eric Raymond
- [35]LWN coverage of Comdex 2000
- [36]Ransom Love
- [37]Guido van Rossum
- [38]Paul Everitt
- [39]Embedded Systems Conference
- [40]Embedded Linux Consortium
- [41]OLS Coverage
Here is the [42]permanent site for this page.
See also: [43]last week's LWN.
Leading items and editorials
Linux costs less to insure. In the U.S., at least, a number of
important changes happen not as a result of government regulation, but
as a result of insurance company requirements. Insurance companies, of
course, have a strong motivation to stay on top of certain types of
problems - they end up paying for them, in the end. So they attempt to
encourage safer behavior through their premiums.
So it is interesting to see the insurance industry begin to flex its
muscles in the operating systems arena. Consider [44]this News.com
article on the business of "hacker insurance":
Okemos, Mich.-based J.S. Wurzler Underwriting Managers, one of the
earliest agencies to offer hacker insurance, has begun charging its
clients anywhere from 5 to 15 percent more if they use Microsoft's
Windows NT software instead of Unix or Linux for their Internet
operations.
This policy is the result of "hundreds of security assessments" done
by the company.
In this policy change, we have (perhaps) the first quantitative
assessment of the relative costs of Windows and Linux security
problems. While it is nice to see a (hopefully) objective result that
favors Linux, it is also a little disappointing. 5-15% is a fairly
small margin; we should really be able to do better than that. It's a
start, anyway.
On the auditing of free software. One of the advantages of free
software is said to be the greater degree of auditing of the code. The
source is available to anybody, so of course people are looking it
over for problems. "All bugs are shallow" and so on. Right?
The truth seems to be a bit less encouraging. People stumble across
"obvious" bugs in old code on a regular basis. Most projects have more
than their share of ugly code, well below the quality one would expect
from a system based on peer review. Common security problems turn up
in code that has been in service for years. If wide-scale auditing is
happening, it certainly is missing a lot of problems.
But it seems increasingly clear that this degree of auditing is not
happening. At the recent Kernel Summit, one high-level hacker was
heard to mutter that only a very small percentage of the kernel code
had ever been read by anybody other than the original author. And the
kernel is one of the most heavily audited free software packages
available.
What is going on here is fairly obvious when you think about it.
Auditing code tends to be unpleasant, tedious work. Learning a large
code base is hard, but until a hacker really understands the package
being audited, any fixes are more likely to create bugs then remove
them. But once you reach a point where you can confidently audit code
in a particular program, you're also at a level of understanding where
you can spend your time creating cool new features instead.
In other words, the choices available to a talented hacker are
generally (1) spend your time on tedious code auditing, and remain an
obscure participant, or (2) create something new and exciting, and
maybe become famous. Or something like that. It is not surprising that
auditing work tends not to get done.
It sure would be nice if more such work did happen, though. Software
truly benefits from being looked at by multiple people. More projects
should consider setting up "janitorial" groups to encourage auditing
activities and to help new hackers get going with the code. The
various companies out there that depend on Linux could also, perhaps,
dedicate some of their staff time to auditing tasks. Also helpful, of
course, is the development of automated auditing tools (see [45]this
week's kernel page).
Even better would be a shift in free software community ethics to
recognize code auditing as the crucial and difficult task that it is.
There is, at times, too much emphasis on the people who crank out the
code, and not enough on those who really make it work for everybody.
When auditing becomes a highly appreciated effort, maybe free software
will achieve its potential for top-quality code.
IP Filter licensing followup. Our story [46]last week on the IP Filter
licensing issue drew a fair amount of attention and mail. Several of
our readers politely pointed out that one aspect of our reporting was
not quite accurate: FreeBSD, as it turns out, does not use IP Filter
as its standard firewalling system. IP Filter is an option, but the
default firewalling code for FreeBSD is the free "ipfw" package.
OpenBSD, meanwhile, has [47]chosen to drop IP Filter as a result of
the licensing problems.
Anybody wondering whether these choices were wise may wish to peruse
[48]this article in the OpenBSD journal, and, in particular, read IP
Filter owner Darren Reed's comments. They speak for themselves, and
should help any prospective user decide whether it is a good idea to
depend on this particular package.
Linux and TV's. This week, [49]Princeton Graphic Systems announced a
TV running an embedded Linux kernel. The use of Linux in embedded
systems is certainly not new, but a look at just how many projects are
aimed at the couch potato crowd might be interesting. Aside from the
[50]Tivo, Linux has seen a surge in projects aimed at the ubiquitous
cable set-top box.
NetGem seemed to start the flurry with an announcement in April 1999
of their [51]NetBox Cable, the first set-top box to run on the Linux
OS for cable-based Internet access. Lineo followed later that year
with a project partnered with [52]MeterNet in September of 1999. In
January 2000, the company's Linux offering was selected for a box from
[53]Bast for use in hotels and apartments. Neither project has been
heard from since. Coollogic suggested they had been shipping their
[54]e-Pilot box since October of 1999, though LWN.net got word of
shipment in [55]April of 2000.
Fast forward to 2001 and you'll find the collection of players has
boomed. Aside from the aforementioned Princeton Graphics Systems
offering, [56]Sylvania has their own TV, while Nokia is set to launch
their much hyped [57]Media Terminal. On the downside, though, the
highly anticipated [58]Indrema game box is, alas, [59]no more. That is
only to be expected; not all companies can be expected to succeed. It
is still interesting to see more and more of them choosing to bet
their future on Linux.
LinuxDevices.com's [60]Cool Devices Quick Reference Guide gives a
complete run down of other interesting products running Linux.
Got a moment to give us a hand? Here at LWN, we're busily trying to
figure out how to do two things: (1) provide a better LWN experience
for our readers, and (2) figure out how to bring in some more money so
we can keep on bringing you news from the free software community. In
the pursuit of both goals, the folks at Tucows have put together
[61]an LWN reader survey.
The purpose of the survey is to tell us a bit about who is reading
LWN, what you do and don't like, and what you would like to see in the
future. The information will be useful for us in deciding how to
improve the site; it will also be helpful, in statistical form, as a
way of characterizing our audience to advertisers. That, in turn,
should help us to get more, better-paying ads and spend a little less
time trying to sell you domain names.
We've worked hard at minimizing the nosiness of the survey, and at
maximizing the privacy policy (which may be found at the head of the
survey form). We will not abuse the information you give us. If you
appreciate LWN, could please take a moment and [62]tell us what you
think? We would be most grateful.
Inside this week's Linux Weekly News:
* [63]Security: European Parliament recommends encryption and Open
Source software, new vulnerabilities in gnupg, Webmin, and TWIG.
More distribution updates.
* [64]Kernel: 2.4.5, the Stanford checker returns; 2.4 virtual
memory stability.
* [65]Distributions: Red Hat, SuSE and Turbolinux announce Itanium
ports, Yellow Dog Linux 2.0 ships, Lanthan Linux added to the
list.
* [66]On the Desktop: Printing issues but skip the tissues (the
desktop is not dead)
* [67]Development: WaveSurfer, new PostgreSQL and mnoGoSearch, an
Animation Editor, the GNet network library, FHS 2.2, Java 3d and
JMF.
* [68]Commerce: Here comes the Itanium.
* [69]History: "Lignux", the importance of faith, Python's first
move.
* [70]Letters: GPL boundaries, software bloat, desktop page
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [71]Jonathan Corbet, Executive Editor
* [72]Elizabeth O. Coolbaugh, Managing Editor
* [73]Michael J. Hammel, Senior Editor
May 31, 2001
[74]Click Here
[75]Click Here
[76]Next: Security
[77]Eklektix, Inc. Linux powered! Copyright Л 2001 [78]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://ads.tucows.com/click.ng/pageid=001-012-132-000-000-001-000-000-012
3. http://lwn.net/2001/0531/security.php3
4. http://lwn.net/2001/0531/kernel.php3
5. http://lwn.net/2001/0531/dists.php3
6. http://lwn.net/2001/0531/desktop.php3
7. http://lwn.net/2001/0531/devel.php3
8. http://lwn.net/2001/0531/commerce.php3
9. http://lwn.net/2001/0531/press.php3
10. http://lwn.net/2001/0531/announce.php3
11. http://lwn.net/2001/0531/history.php3
12. http://lwn.net/2001/0531/letters.php3
13. http://lwn.net/2001/0531/bigpage.php3
14. http://lwn.net/daily/
15. http://lwn.net/cgi-bin/webcal.pl
16. http://lwn.net/stocks/
17. http://lwn.net/Reviews/
18. http://lwn.net/Gallery/
19. http://lwn.net/archives/
20. http://lwn.net/op/headlines.phtml
21. http://lwn.net/op/Contact.html
22. http://linux.tucows.com/
23. http://news.tucows.com/ext2/
24. http://unixthemes.tucows.com/
25. http://lwn.net/2001/features/MandrakeSoft.php3
26. http://lwn.net/2001/features/KernelSummit/
27. http://lwn.net/2001/features/Singapore
28. http://lwn.net/2001/features/djbdns.php3
29. http://lwn.net/2001/features/linuxworldny/
30. http://lwn.net/2001/features/JHaas/
31. http://lwn.net/2001/features/LarryWall/
32. http://lwn.net/2001/features/Momjian/
33. http://lwn.net/2000/features/Timeline/
34. http://lwn.net/2000/features/ESR/
35. http://lwn.net/2000/features/Comdex/index.php3
36. http://lwn.net/2000/features/Comdex/RansomLove.php3
37. http://lwn.net/2000/features/Guido.php3
38. http://lwn.net/2000/features/PaulEveritt.php3
39. http://lwn.net/2000/features/ESC/
40. http://lwn.net/2000/features/ESC/ELC.php3
41. http://lwn.net/2000/features/OLS/
42. http://lwn.net/2001/0531/
43. http://lwn.net/2001/0524/
44. http://news.cnet.com/news/0-1003-200-6077282.html
45. http://lwn.net/2001/0531/kernel.php3
46. http://lwn.net/2001/0524/#ipfilter
47. http://lwn.net/2001/0531/a/ipfilter-gone.php3
48. http://www.deadly.org/article.php3?sid=20010527142347
49. http://www.linuxdevices.com/news/NS3611087503.html
50. http://www.zdnet.com/zdhelp/stories/main/0,5594,2582375,00.html
51. http://www.infoworld.com/cgi-bin/displayStory.pl?990415.icnetgem.htm
52. http://www.computeruser.com/news/99/09/29/news4.html
53. http://news.cnet.com/news/0-1003-200-1531824.html?tag=st
54. http://linuxtoday.com/stories/14860.html
55. http://lwn.net/2000/0413/a/coollogic.html
56. http://www.linuxdevices.com/articles/AT8534510660.html
57. http://www.linuxdevices.com/articles/AT4370516520.html
58. http://www.linuxdevices.com/articles/AT2772260294.html
59. http://videobusiness.com/games/040901_indrema_termination.asp
60. http://www.linuxdevices.com/articles/AT4936596231.html
61. http://cddev.tucows.com/cgi-bin/linuxpoll.pl
62. http://cddev.tucows.com/cgi-bin/linuxpoll.pl
63. http://lwn.net/2001/0531/security.php3
64. http://lwn.net/2001/0531/kernel.php3
65. http://lwn.net/2001/0531/dists.php3
66. http://lwn.net/2001/0531/desktop.php3
67. http://lwn.net/2001/0531/devel.php3
68. http://lwn.net/2001/0531/commerce.php3
69. http://lwn.net/2001/0531/history.php3
70. http://lwn.net/2001/0531/letters.php3
71. mailto:lwn@lwn.net
72. mailto:lwn@lwn.net
73. mailto:lwn@lwn.net
74. http://ads.tucows.com/click.ng/buttonpos=lwnbutton125top
75. http://ads.tucows.com/click.ng/buttonpos=125-001-016
76. http://lwn.net/2001/0531/security.php3
77. http://www.eklektix.com/
78. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://lwn.net/2001/0531 |
Sergey Lentsov |
31 May 2001 17:11:06 |
|
|
