Enterprise Unix Roundup: Is Your SCO Check in the Mail?

by Michael Hall

Rather than sit on its haunches and wait for Linux users to ante up, SCO this week embarked on an aggressive billing campaign. Also of note this week: Dell joined IBM in announcing it won't indemnify Linux customers against possible legal action, and Panther reached RC status. Samba cited a fairly significant vulnerability in pam_smb PAM module, and we explain how to change a file with sed and regular expressions.

SCO says about 1,000 invoices are scheduled to go out to U.S. companies in the next month, marking a move from what must have been a disappointing strategy of waiting for Linux users to come forward and buy litigation insurance no one's sure they'll need to a more agressive series of bills that will end in litigation if unhonored. We say "disappointing" because the last month has yielded announcements of a mere pair of customers, and SCO won't identify either one. So it looks like it's time to tighten the screws, and the reaction is predictable:

"I hope we get a bill," said a sys admin of our acquaintance, expressing no small measure of defiance. His company is in the process of quietly dismantling its Solaris systems (mostly mail and Web servers) in favor of Linux. He hasn't been soft-pedalling the issue to his bosses, either. They get copies of the Free Software Foundation's stance on the whole matter. Net result: The company is going ahead with its Linux transition, and the management team doesn't feel compelled to lick any stamps or write any checks.

On the PR front, SCO hasn't been having an easy time of it. The past few weeks netted embarrassing deconstruction of the source code SCO has shown to the public in an effort to prove its infringement case. And it certainly won't help SCO when its ever-expanding circle of litigation is widened to, say, Germany, where the courts recently slapped the company with a $10,800 fine for neglecting to take down a Web page on its German site that reiterated the claims it has made about IP violations in the Linux kernel. The company was slapped with an injunction against saying such things in Germany after local Linux enthusiasts filed suit.

So we remain in head-scratching mode. SCO's moving ahead in a manner reflective of apparent sincerity on the company's part, but with recent bizarre claims that any popular or grassroots resistance to its legal actions are orchestrated by IBM. Based on these misguided attempts to call the time-tested licensing scheme under which most of the software comprising the average Linux installation is provided into question, it seems SCO is counting on a disconnect between the people in the executive suite whom it presumes aren't familiar with Linux beyond its bottom line aspects and the people in the server room, whom it is alienating at every turn.

While there's often a temptation on the part of the suits to blow off the intemperate passions of the geeks, SCO's tampering with passions that have landed it one fine already. One wonders how much ill will the vendor is willing to generate.

In all fairness, though, the SCO's been faring well in the stock market over the past month, with its stock prices surging in value 50 percent in the past three weeks: Someone, somewhere seems to think it stands a chance to cash in on companies willing to try to slip by the licensing dragnet but unwilling to simply blow off an invoice.

In Other News

  • Dell joined IBM in saying that it won't indemnify its Linux customers against legal action that arises from whatever IP issues may exist in the Linux kernel. Both companies say that's what the Linux kernel's license says anyhow: No guarantees, and if it breaks you get to keep both pieces.

  • Sun continues to insist that Solaris for x86 systems isn't the anemic might-as-well offering some admins claim: Late last week the company announced additions to its hardware compatibility list for Solaris x86. The company says it's motivated both by a push to capitalize on Microsoft's embarrassment over the Sobig virus (responsible for more than a few overtime hours for harried admins in the past month) and as a reaction to the confusion SCO is sowing with its attacks on AIX and Linux.

  • The Unix server horse race remains Sun's game. Numbers released by IDC last week reveal Sun has 33 percent of the $4.33 billion dollar Unix-based server market. IBM continues to nibble at the company's heels, though, taking 5.2 points from Sun in this last quarter.

  • Apple's next OS X release, Panther, is beginning to show up as a release candidate. Items of note in what looks to be the feature-complete release: IPv6 support, an enhanced X11 server (included as part of the core OS distribution), and recent synchronization with BSD kernel 4.8 and FreeBSD's NFS.

  • Speaking of BSD, next week is the USENIX BSDcon in San Mateo, CA. There's a handy (and unofficial) wiki devoted to the event with all sorts of related information.

Security Roundup

The most pressing security issue to come across the Enterprise Unix Roundup desk this week is a vulnerability in the pam_smb PAM module, which, as the Samba Web site points out, enables authentication of Unix users on an NT server. How serious is it? According to the Samba team, users connecting to a Samba server in share mode or a Win 95 server (there must be some out there somewhere), could log in without requiring a password. Therefore, serious enough.

Complete information is available on the Samba site. At publication time, SuSE is the only vendor with a packaged patch. If one of your systems is affected and it isn't running SuSE, this one may be worth patching from the provided source.

Tips of the Trade

Change a File With sed and Regular Expressions

Last week we promised a look at an application that puts regular expressions (regexps) to work for more than just finding a given text pattern. That application is the old Unix favorite sed. "sed," in classic Unix fashion, stands for "stream editor." It's mission in life is to read a stream of text (which can be a file, multiple files, or the output of a command like grep) and make changes to that stream. A simple way to think of it is as a high-octane search/replace for the command line.

So how does it work? Here's a quick example that shows substitution at work, one of sed's core uses. Assume a simple scenario: a phone list that needs to reflect a changed area code (from 503 to 971):

#sample phonelist file
John Doe; 503-123-4567; Portland, OR
Richard Roe; 503-234-5678; Portland, Oregon
Bill Moe; 971-345-6789; Portland OR
Don Ho; 971-456-5030; Portland, OR
Oregon Tire Company; 503-678-9101; Portland, OR
sed 's/503-/971-/' phonelist.txt
The "s" means "substitute," the "/" acts as a delimeter between each component of the command. In this case, it separates what we want to do "substitute" from what we had originally ("503") from what we want to substitute in its place ("971"). "phonelist.txt" is the name of the file we're using.

Once we're happy with the results of a substitution, we can redirect sed's output to a new file:

sed 's/503-/971-' phonelist.txt > new_phonelist.txt
If we wanted to clean up some odd addresses, like the ones that end with "Oregon" instead of "OR," we can use the "end of line" character regexps provide to make sure we don't turn "Oregon Tire Company" into "OR Tire Company":

sed 's/Oregon$/OR/' phonelist.txt

Look back over the last few weeks' columns to see ways you can construct your own regexps using sed. We'll return next week with more examples.

This article was originally published on Friday Sep 5th 2003
Mobile Site | Full Site