Is the leak of Windows source code a security problem? John Markoff in the New York Times says so, but frankly I'm puzzled. Open-source advocates have long argued that *nix/*nux operating systems are more secure than Windows in part because techies have had years to look at -- and pound on -- their inner workings. It wasn't too long ago that encryption specialists lobbied for an open-source algorithm when the federal government was pondering a new encryption standard just for that reason: How do you know it's safe if you can't see how it works?
Now, though, "Computer security experts said [last] Friday that having even relatively small parts of the blueprints for Microsoft's Windows 2000 and Windows NT operating systems as easily available reference material for potential vandals and troublemakers could complicate the company's already difficult task in securing its software," Markoff writes.
Huh?
By this argument, Linux would be an inherently insecure OS, Apache is an insecure Web server and so on.
One source Markoff quotes is an attorney who used to prosecute federal computer crimes. However, others in the story spoke more about potential embarrassment to Microsoft as well as the issue of trying to keep control over its corporate secrets. Agreed, but that doesn't explain why this creates "vexing legal and (emphasis mine) security challenges."
BetaNews says the first exploit based on the leaked Windows 2000 Service Pack 1 code, involving IE's handling of .bmp images, "has appeared on security mailing lists." However, Microsoft says the problem was already fixed in IE 6 SP1, which shipped more than a year and a half ago.
The "critical" security hole Microsoft announced last week (see story) is a much more serious issue, with an exploit already up on the Web. That didn't come from any source code leak.
Feedback? Send me an e-mail.
Self-described Linux developer and enthusiast Nathan Hand has what he thinks are grounds for a truce between SCO and the Linux community. Points include each respecting the other's right to defend their intellectual property, following General Public License terms and ratcheting down the war of words. "Do not use rhetoric to vilify our community," Hand says. "The way forward for both our organisations is for The SCO Group's IP to be removed from Linux, if there is truly an infringement." No comment yet from Darl McBride....
Our sister publication Network World reviewed System Management Server 2003 and concluded it's "a plus for large installations that need to get a grip on the security management problem." Reviewer Paul Ferrill gave it a 3.5 out of 5 overall, with the best mark (4) for hardware/software inventory and worst (2) for installation.
OK, so the Mydoom worm clearly aims to launch an attack against SCO's Web site. The number-one reason people are unhappy with SCO is its legal actions and threats against Linux vendors, users and creators. Is it fair to assume that the worm was created by a Linux supporter?
BBC analyst Stephen Evans thinks so. "There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system," he wrote. "If anyone's anger has no measure, it is the wrath of Internet zealots who believe that code should be free to all (open source). "
There's absolutely no possibility that, say, someone sick of both sides, or who wanted to make Linux enthusiasts look bad launched the malicious code?
Open-source advocates were justifiably peeved. "If a Windows user wrote a virus to attack Linux, the news articles wouldn't be saying 'Microsoft Users are Evil. Attacking innocent Linux Users,'" complained one Slashdot poster. "They would be, 'Linux is Insecure and Worthless.' "
Dell has launched a Web site at linux.dell.com for those wanting to use Linux on Dell machines. Folks at Slashdot speculate it's being run by Dell engineers (thus making it much more trustworthy in the eyes of the average Slashdot reader!). Slashdot posters also note other laptop Linux sites, including Toshiba.
WinHec, Microsoft's annual conference for Windows hardware engineers, developers and designers, is slated for May 4-7 in Seattle. The company promises "deeper technical content" as well as a Windows platform roadmap update.
Neowin's got what it says are screen shots showing some future upgrades for Office 2003, including some ActiveX "custom controls."
Web wunderkind Joe Trippi is out as Howard Dean's campaign manager, and stories are already flying that the Internet may not be the campaign tool it was cracked up to be. Year of the Dean Bubble? asks Andres Martinez on the New York Times opinion page.
But simplistic analogies between dot-com excesses and Trippi's "open-source campaign" overlook important lessons from what he built at DeanForAmerica. Those who experienced the e-commerce boom and bust already know some:
- It's dangerous to get too enamored with technology. Good IT managers know not to hop on the latest tech fad just because it gets lots of ink. Good political operatives are discovering that technology and process must not be allowed to overwhelm fundamentals. No matter how great the implementation, it still has to serve a long-range goal, whether that's ROI or primary-night returns.
- Even overhyped technology can be valuable. There's something cosmic in Trippi's departure coming the same day that e-commerce bellwether Amazon.com announced its first-ever profitable year, with more than $5 billion in revenues (see story). Sure, there were a lot of pets.coms during the dot-com hysteria -- mucho venture capital but no viable business plan. However, there was also Amazon, eBay and many conventional companies that now generate a nice chunk of revenue online. (Just this week, Alaska Airlines said 30% of its sales come from its Web site.)
- Yes, move online; but don't ignore conventional channels that have worked for decades. Challenges now facing Dean's campaign have nothing to do with its Internet efforts, which exceeded all reasonable expectations for contributions and volunteers. It was the "bricks-and-mortar" strategy that's fallen short so far. For the political world, that means things like use of conventional media (primarily television).
You can't run a Net-only campaign in 2004 any more than you could run a major Internet-only bank in 1998 -- not enough critical mass. Actually, the Dean camp knew this; but execution on the traditional side didn't match the stunning success of the Web site. Remember, even Amazon has partnered with real-world retailers like Toys 'R Us, Target and Borders.
Stirling Newberry on the political site Daily Kos makes a good point on why the Internet wasn't the Dean campaign's problem. "The 'frequent' visitors to [political] Web sites were 10% of New Hampshire [voters]. They broke heavily for Dean," Newberry writes. "If that number were 30%, which is to say, the difference in television penetration between 1952 and 1956 - then Dean would have been within 2% of Kerry, a dead heat."
It's debatable whether the same portion of people who watch lots of TV will ever get much of their political news from political -- as opposed to general news -- Web sites. But this makes a good case that the problems in Dean's campaign are not in its Internet operations. After all, do you know a business that wouldn't want to win over a majority of frequent online shoppers?
Agree? Disagree? Send me an e-mail.
IBM was a big winner in LinuxWorld's product excellence awards last week, picking up three "bests" for data storage, Tivoli Storage Management Solution; productivity app, Lotus Workplace Products 1.1; and sys admin tools, Tivoli Intelligent ThinkDynamic Orchestrator. IBM also picked up the "best of show" award for Lotus Domino Web Access 6.5 for Mozilla on Linux.
You can see the full list of winners on the LinuxWorld Expo site.
Business Week declares SCO "The Most Hated Company In Tech" in its issue next week -- and that was before the Mydoom worm was unleashed around the world, which is apparently designed to attack sco.com. "SCO's huge Linux suit against IBM is a long shot that may yield nothing but bile," the article says.
"BusinessWeek interviews with SCO executives, industry leaders, lawyers, software experts, and corporate tech buyers all point to a single conclusion: SCO likely won't stop Linux," the piece continues. However, it does say "There's still a possibility that SCO could damage Linux' momentum."
Microsoft will put on DevDays events in 32 U.S. cities in March, focusing on "building secure smart client and Web applications" using Visual Studio .Net. Registration is $75 before Feb. 10.
Seventeen-year-old Canadian Mike Rowe thought it would be cool to add a "soft" to his name and put up a Web site at ... MikeRoweSoft.com.
Not surprisingly, the similarly named enterprise in Redmond, Wash., was less than amused. In fact, Microsoft initially demanded that Rowe give up his site and turn over the domain name for $10.
The dispute escalated into a bit of a PR debacle, but seems to have finally been happily resolved. Rowe is giving up the domain, but in exchange for an Xbox, a new Web site, a trip for him and his family to Redmond for Tech Fest in March and free Microsoft certification training, the Seattle Times reports.
Microsoft Corp. tomorrow will release the latest version of its Unix/Windows integration software, available for free on the company's Web site.
The prior incarnation of Services For Unix listed at $99, although there were some deals to get that software for free as well.
Version 3.5 features a roughly 50% performance improvement when tapping into Unix NFS -- thus making it within 10% of native Windows I/O, according to Dennis Oldroyd at Microsoft's server division. There's a similar 50% boost in speed when SFU runs on 8-way clusters. Other improvements include support for Posix threading, so a new set of Unix applications is eligible for compiling and running on SFU.
Oldroyd declined to say how many copies of SFU have shipped to date, but said it was a "small fraction" of overall Windows server customers.
Why give it away for free? Due to "our desire to deliver the highest level of interoperability to our customers," Oldroyd said. And it hardly makes sense to put up a price barrier to IT shops migrating Unix and Linux apps onto a Windows platform.
You can download Services For Unix 3.5 starting tomorrow (not today!) at www.microsoft.com/windows/sfu/downloads/default.asp. You can also take a general Windows Administration for Unix Professionals online course free on the Microsoft Web site (registration required) at http://www.microsoft.com/windows/sfu/unixproresources/unixnetadmin.asp.
Expect a flurry of announcements surrounding the Linuxworld Expo next week in New York, including MySQL Administrator, an open-source tool with GUI from MySQL AB for managing MySQL database servers; and the 64-bit Altix 350 server with Itanium 2 processor from SGI.
Microsoft is seeking beta testers for Windows Server 2003 for 64-bit extended systems, BetaNews reports. The software is designed to boost performance of 32- and 64-bit apps running on one system.
Novell formally completed its acquisition of SuSE Linux, keeping the SuSE brand while becoming a "product business unit within Novell," the company announced. Former SuSE CEO Richard Seibt stays on to manage the new unit as president. Novell also said it will financially protect any of its Linux customers from legal problems that might arise due to SCO lawsuits (see story).
If you're very interested in the saga, Novell's posted copies of all its correspondence with SCO on its Web site.
Artstechnica.com has posted an early look at XP Service Pack 2, concluding it's "all about security." Reviewer Kurt Hutchinson gets into some pretty granular details, including screen shots, such as how to authorize specific programs and ports to have outside access.
Microsoft is taking aim at Linux on a new section of its Web site, microsoft.com/getthefacts, which touts specific benefits of Windows over the open-source OS. Microsoft is promoting the site with a new two-page ad running this week in a number of computer trade publications (including Computerworld's print edition).
"We were looking at targeting the IT pros," a Microsoft spokesman told the IDG News Service. "It's the IT professionals who want the facts."
On IBM's site, meanwhile, you can find a nine-part series, Windows-to-Linux Roadmap. "We begin our transition by examining some of the differences and similarities between Linux and Windows, and learn to stop rebooting all the time," writes IBM's Chris Walden.
About two-thirds of 527 business surveyed by SG Cowen plan to increase their use of Linux, according to Network World. More than 70% of existing users expect to boost use of the OS in their shops, while 29% expected a first-time deployment.
Among those already using Linux, only 15% use it on desktop systems while 72% deploy it on servers.
Some, however, are deciding against a move. The London borough of Newham has ended participation in a government open-source software test and plans to stick with Microsoft software, several British media outlets report. Newham is "one of the leaders in local authority IT in the UK," according to the Register, and it appears officials there hope to bargain for a better licensing deal.
"Crucially, Newham has not yet agreed pricing with Microsoft UK, and there are signs that local authorities, and perhaps even the wider public sector, are beginning to coalesce around Newham," the Register says.
However, Israel has decided to stop purchasing new Microsoft software, unhappy with the company's high prices for individual applications, the IDG News Service says. The Israeli government is promoting development and use of open-source software.
Two Polish researchers say they've found a critical security flaw in the Linux kernel (see story). A problem with the memory management code in the mremap(2) system call could create "a virtual memory area of 0 bytes length," Paul Starzetz and Wojciech Purczynski of ISEC Security Research say in an advisory published earlier this week. "Such a malicious virtual memory area may disrupt the operation of other parts of the kernel memory management subroutines finally leading to unexpected behavior."