Week in review: Linux grows up
Fans of Linux flocked to the LinuxWorld Conference to promote their products and deliver the message that the open-source operating system has finally earned its wings.
Few have a greater stake in making sure that message is heard than IBM. "Linux is here to stay. It's deeply embedded in the infrastructure. Its rate of growth and implementation in the infrastructure is frankly unstoppable," Steve Mills, head of IBM's software group said in his keynote at the conference.
Big Blue has 4,600 customers buying Linux servers, software or services, and says that it has garnered more than $1.5 billion in Linux revenue in 2002 and that its Linux work was profitable overall.
Among those customers are new converts Unilever, PGA Tour, VeriSign and automobile insurance company Mercury Insurance Group. Announcing customers is an important part of showing a technology is mature enough to use in the real world.
Even Dell Computer is getting the message. It has switched 14 of its internal servers from Sun Microsystems machines to its own systems running Linux and a new version of Oracle's database software. The new systems, which spread the database across a "cluster" of interconnected lower-end machines instead of using a single more powerful system, cost less and work faster, the PC maker's chief information officer said.
|
Despite these achievements, not all was peace, love and penguin power at the conference.
|
A critical vulnerability was found in the Concurrent Versions System (CVS), which is used in the vast majority of open-source projects to update and maintain source code. The security hole allows attackers to take control of a CVS server, and, alarmingly, it may also allow anonymous attackers to fiddle with open-source code at the development level.
SCO Group has hired a high-profile attorney to see whether Windows, Mac OS X, Linux and versions of BSD infringe on Unix intellectual property the company owns. The company previously said it had "not engaged (the attorney) to take legal action against our fellow Linux vendors." But this week, the company wouldn't rule out that the investigation could have implications for Linux companies, Apple Computer, Microsoft, BSD versions of Unix and other companies using the various operating systems.
Heat on swapping
In a legal decision that could make it easier for the music industry to crack down on file swapping, a federal judge ordered Verizon Communications to disclose the identity of an alleged peer-to-peer pirate. The judge said the wording of the 1998 Digital Millennium Copyright Act (DMCA) requires Verizon to give the Recording Industry Association of America (RIAA) the name of a Kazaa subscriber who allegedly has shared hundreds of music recordings.
The dispute is not about whether the RIAA will be able to force Verizon to reveal the identity of a suspected copyright infringer, but about what legal mechanism copyright holders may use. The RIAA would prefer to rely on the DMCA's turbocharged procedures because they are cheaper and faster than other methods are, but Verizon and civil liberties groups have said the DMCA does not apply and that it does not adequately protect privacy.
File swappers shed few tears as Hilary Rosen announced that she would step down as CEO of the RIAA at the end of 2003. Hilary Rosen has presided over a transformation of the organization that has matched the turmoil of the music industry since 1998.
Once a trade organization little-known outside music and policy circles, the RIAA has become a household word known for its vigorous prosecution of online piracy and its role as the nemesis of file-swapping services from Napster to Kazaa. During the past several years, Rosen has served as a focal point for all the criticism and complaints levied by advocates of unfettered technology. Indeed, she was featured in the most recent issue of Wired magazine as "The Most Hated Name in Music."
The digital copyrights debate entered a new phase as technology groups went on the offensive against Hollywood in a bitter dispute over a call for government-mandated copy protection. A coalition of companies--including Apple, Microsoft, Dell, Cisco Systems, Hewlett-Packard and Intel--have united to oppose legislation backed by the movie studios that would allow the U.S. government to set antipiracy standards for PCs and consumer-electronics devices.
Their specific target is an antipiracy bill that was introduced last year but has yet to be introduced to the 108th Congress, which began its session this month. By demonstrating broad opposition to the idea, and by enlisting libertarian and conservative advocacy groups in their coalition, the companies hope to bottle up any similar proposal this year.
Grappling with glitches
America Online shuttered a security hole in its Web e-mail service after being tipped off to the flaw, but not before "hundreds" of accounts had been compromised. The incident apparently was caused by a flaw in the software that authenticates international users. The flaw allowed anyone to access an AOL e-mail account with only the account name and not the password. An attacker, then, could gain access to a known account, or, by way of a lucky guess, a random account.
An attacker could then use the weakness to get hold of the AOL user's password. Using the account name, the attacker could attempt to log in to AOL Instant Messenger. The IM log-in window offers a link labeled "Forgot my password," which, when clicked, brings up a page in the user's Web browser asking if he or she would like the IM password e-mailed. In many--if not most--cases, AOL users assign the same password to their e-mail and instant messaging accounts.
Apple created its new Keynote software to let its boss, Steve Jobs, make it through speeches without a hitch. But now that the company has released the presentation program to the public, early customers say it is anything but bug-free.
There are complaints of a host of problems, the most severe of which being that the software is prone to crashes that can take down an entire operating system--something intended to be a rare occurrence in Mac OS X. The crashing problem appears to crop up most frequently on older laptops, particularly those without sophisticated graphics accelerators.
Microsoft warned system administrators that a new flaw in its Windows 2000 and NT domain controllers could leave their networks open to attack. The vulnerability affects the Windows Locator service, software that translates network names into the addresses of actual resources, such as disks and printers, on a company's local area network.
The flaw occurs because the software doesn't check all the parameters sent to the service as part of a request to register information. By carefully crafting the data, an attacker can cause a condition known as a "buffer overflow," where the software can be forced to crash or execute code appended to the data.
Tech in court
A federal judge in Baltimore set a schedule that Microsoft must meet for including Sun's Java programming language with its Windows operating system. The decision had been expected after the judge ruled on Dec. 23 that Sun stood a good chance of winning its antitrust lawsuit against Microsoft and told both sides to craft a preliminary injunction.
The judge gave Sun what it requested when filing the lawsuit: an injunction ordering Microsoft immediately to stop distributing incompatible versions of Sun's Java interpreter and to begin shipping authorized versions with Windows and Internet Explorer in four months. The injunction will remain in effect until a trial takes place or an appeals court lifts the requirements. Microsoft immediately appealed the ruling.
A New York court ordered a Niagara Falls company to stop telling consumers they had asked to be spammed. MonsterHut was permanently enjoined from falsely representing that it had obtained permission to send e-mail to consumers. The company was sued by New York Attorney General Eliot Spitzer in May. Spitzer lauded the ruling this week.
The suit charged that MonsterHut had sent more than more than 500 million commercial e-mails since March 2001, claiming that the recipients had opted in to receive them. More than 750,000 people asked to be removed from the e-mail lists.
In what legal experts describe as a first, a federal appeals court has upheld a ruling that AOL and other Internet service providers are not liable for "hostile code" sent between subscribers. An electronics engineer had accused AOL of failing to enforce its terms of service against a subscriber who sent him a so-called punter, or malicious software instructions designed to temporarily kick someone off the service. The court upheld a ruling that said an ISP's immunity from prosecution for a subscriber's actions covers not only the sending of actionable words, but also of hostile code.
Also of note
The U.S. Senate voted unanimously to slap restrictions on a controversial Pentagon data-mining program that critics say would amount to a domestic spying apparatus...Notorious computer hacker Kevin Mitnick went online Tuesday for the first time in nearly a decade...Complaints about identity theft have risen 73 percent from a year ago...T-Mobile began giving priority access to cell phone calls made by emergency service workers in 15 different U.S. metropolitan areas...Apple quietly extended an overture to the Unix community, with the release of software that would make it easier for Unix applications to run on the Mac operating system.