"Unix Held Hostage, Day 98?"
"War in the (Utah) Desert?"
We're trying to figure out the title for the informative infographic we'd provide if this column were a news show and we led each episode with more about the SCO/Linux case, which, like the rainy season in Portland, Oregon, has settled over the IT landscape in a way that causes us to shake our fists at the sky, pleading for just one day sans the relentless drizzle.
It seems as though absent a ruling, which is a long ways away, we aren't going to get any relief. SCO has to make its case before the public to have any hope of selling any of its freshly minted runtime licenses (which convert that free copy of Linux your company downloaded last week into a $900-per-seat Unix knock-off), and that means people who disagree with SCO are climbing over each other to rebut.
We'd like to think that last week's column, in which we opined that SCO is burning bridges with the server room set as it makes its case to the suits, was noticed in the Lindon, Utah offices, inspiring the company to reach out to open source developers with an open letter this week. But that would mean we'd have to take responsibility for writing a column that was flatly incomprehensible to SCO, as it took the opportunity provided by that open letter to accuse open source developers of theft and irresponsibility.
On the other hand, it's not like SCO's letter was to open source developers. It was really just more communication with the suits whom SCO is expecting will not meditate too hard on assertions like "the Open Source community needs a business model that is sustainable if it is to grow beyond a part-time avocation into an enterprise-trusted development model."From a software vendor's point of view, that makes a certain amount of sense: Part of SCO's corporate DNA includes an early Linux mover (Caldera) that went down in flames trying to sell something others are giving away for free. From the point of view of the rest of us (i.e., the people who have to use this stuff), comments like that ignore the way all sorts of open source projects, like Linux, Apache, the BSD family, PHP, sendmail, and bind, are trusted by all sorts of "enterprise customers" who make money with open source software not by selling it, but by conducting business with it. It ignores this fact so badly that we could almost suspect the letter was only recently dug out of a time capsule from 1997.
But that's just SCO's part of the drama this week; the open source developers it was talking past wrote back. Most notable, if only because he has a reputation for affability and a general disinterest in the spotlight, Linux creator Linus Torvalds wrote a missive titled "Open letter to Darl McBride -- please grow up," which read, in part:
"... we have to sadly decline taking business model advice from a company that seems to have squandered all its money (that it made off a Linux IPO, I might add, since there's a nice bit of irony there), and now seems to play the US legal system as a lottery."
Open Source Initiative co-founders Eric Raymond and Bruce Perens also fired back their own letter, charging SCO's CEO with writing a "farrago of falsehoods, half-truths, evasions, slanders, and misrepresentations."
Raymond's other contribution to the dust up this week is a piece of software able to compare large chunks of code at the rate of 55,000 lines per second. Conceivably, such a tool could be used to compare, say, Linux source code to SCO source code, helping to resolve just how much copyright infringing is going on, if any. Though Raymond declined to say he if plans to use it to undermine SCO's case, he did say "I am grinning a grin that should frighten the thieves and liars at SCO out of a week's sleep."
It may be time to reconsider "War in the Desert" for that news graphic: If the claims, counterclaims, and rhetoric get any more heated, welovetheiraqiinformationminister.com is going to have some competition:
"Don't believe the lies of the infidels. There is no SCO code in the Linux kernel. Never!"
Oops. Looks like it already has.
In Other News
- In the midst of all the other hollering, SCO included mention that SGI is now, officially, on the hook for potential infringement of SCO's intellectual property, too. According to the company, a Linux developer on the SGI payroll stripped SCO copyright notices from code licensed to SGI and included it in the Linux kernel. No word yet from SGI, and SCO says the companies are currently in talks about the matter. We should note that the only major Unix players untouched by SCO (so far) appear to be the BSD family. Everyone else seems to be getting ready to go to court or has already, at least figuratively, mailed a check to SCO in exchange for indemnification, provided suspicions about HP are correct.
- We're heartened to read Sun will be announcing some prices for the Orion "software train," which the company says will revolutionize the way companies pay for server products. As one network ops chief and loyal Sun customer told us a few weeks ago, "I'd be more interested if I had some idea what they want for it." Next week's SunNetWork conference, where the announcements are being made, should provide her an answer.
How this all fits with Sun's hardware business was made a little more apparent, too, as the company intimated prices will be lower for customers buying Sun's x86 hardware than they will be for customers running, say, Dell hardware.
- Novell put some meat on the bones of recent
pronouncements about its shift in strategy at BrainShare Europe
2003. The company will be including recent `` Ximian's Red
Carpet, a software management product, in its Nterprise Linux Services
package, which is slated for release by the end of the year. The package will
also include iFolder, NetMail, iManager, and Novell's Internet mail
The newly OS-agnostic face of Novell was also on display in its announcement of the Nterprise Branch Office 2 package, which will work equally well with Windows, Linux, and NetWare servers. Nterprise Branch Office 2 is an appliance software package that acts as an intermediary between primary data centers and groups of workstations.
- Wind River USA announced it is discontinuing its distribution of "the commercial BSD": BSD/OS. Customers have until December 31, 2003 to purchase the final release (5.1), which will include enhancements such as Kerberos 5, gcc 3.2.2, gdb 5.2.1,
binutils 2.3.1, TCP Segmentation Offload, USB 1.1 support, enhanced DMA bus support, and Common Access Method (CAM) Layer support. The announcement marks the end of Wind River's two-year stint as a BSD distributor. The company purchased rights to the product in 2001 after BSDi, the original distributor, shifted its business to hardware
- Another piece of Sun news, previously covered, is the
departure of Bill Joy from the company after 21 years. Many a Unix
nerd holds Joy in no small amount of esteem for his role in Berkeley
(later BSD) Unix, and his authorship of the bane of Unix newbies
everywhere, the vi editor. We once described vi as ideal for
"masochists on some sort of bizarre kick that causes second-year
college students to run away to monastic cults until they get tired of
eating porridge and sweeping the floor with rush brooms that are too
We have no such issue with Bill Joy, himself, for whom we wish the best of luck.
Security Tip of the Trade
This week brought news of yet another RPC-based hole in Windows, which brought predictable crowing and carrying from everyone else. While we enjoy a little schadenfreude as much as the next Unix geek, we also remember to keep an eye on our logs and make sure no one's making a monkey of us. Our tool of choice for the chore of logwatching?
A free tool called "logcheck." This handy program parses log files for entries that look anomalous, such as repeated failed login attempts to your FTP server from somewhere in Russia, and mails you a copy of the entries. Better yet, it can be customized to operate at several levels of cautiousness, from "workstation" to "paranoid," ensuring you aren't inundated with pointless messages. It also has a configuration directory that enables admins to use regular expressions to mask out messages that aren't worth worrying about. Here's a sample line from the "ignore" file for the secure shell daemon that makes sure you aren't warned every time someone hangs up a remote ssh session:
sshd.*: (fatal: )?Connection closed by remote host\
We got this example courtesy of the Debian distribution (which forked the project to suit its needs), but you can always visit the closest thing to a project page to find tarballs to build.