To:"Mike Swier" <mswier@YAHOO.COM>
Date: Tue, 13 Apr 2004 20:53:37 -0400 (EDT)
From:"Linux Pipeline Newsletter" <linuxed@techwire.com>
Subject: [LPN] Linux Pipeline Newsletter - 4.13.2004 - Security
LINUX PIPELINE NEWSLETTER
http://www.linuxpipeline.com/
Tuesday, April 13, 2004

In This Issue
1. Editor's Note
  - Wotta Maroon
  - Who Said "Enemy Of My Enemy Is My Friend"?
2. Only The Best Linux And Open-Source News
3. Trends: Google Challenges Microsoft Monopoly
4. Trends: Microsoft Trying Soft Sell To Beat Open Source
5. Trends: Special Report: Sun-Microsoft Alliance 
6. How-To: One Server Nearly Does It All
7. New! Voting Booth: Cast Your Vote On The Sun-Microsoft
Alliance
8. Voting Booth Results: The European Union's Anti-Microsoft
Decision Irrelevant To Linux
9. Shameless Self-Promotion
10. To Unsubscribe And Subscribe

------- Advertisement -------------------

This issue sponsored by HP. HP technology,
services and solutions help the world's great
companies face, manage and love change.
http://www.techweb.com/pipeline/HPEnterBrand

-----------------------------------------

1. EDITOR'S NOTE: 

WOTTA MAROON

Dan O'Dowd, CEO of Green Hills, a real-time operating system
vendor, is not content to simply be ignorant about open source.
He had to make a speech and put out a press release to make his
ignorance known to the entire world. 

O'Dowd made a speech Thursday, April 8, at an industry
conference, charging that if we use Linux to control our most
advanced defense systems, foreign intelligence agents and
terrorists will be able to use that knowledge to subvert national
security. 

Linux Called "Insecure" For Defense Systems  
http://www.linuxpipeline.com/news/showArticle.jhtml?articleId=18901004

Like many businesspeople who work in the world of proprietary
software, O'Dowd is terrified of open source because it's
entirely transparent. Anyone can contribute to the source code.
O'Dowd's fear is that hostile agents will be able to slip Trojan
horse code into the Linux development process. 

What O'Dowd and other critics of the open source process simply
don't get is that the same transparency that allows anyone to
contribute to open source allows anyone to review it. 

Sure, if you don't install metal detectors at the entrance to
your building, anybody can sneak a gun into the building by just
slipping it into their pocket. But if you're running a nudist
colony, there are other factors at work enhancing security. 

In other open source and Linux security news this week:

Four Linux distributors, including Red Hat and SuSE, took issue
with a recent report by Forrester Research comparing the security
of Linux and Windows. 

Linux Vendors Challenge Forrester Security Report
http://www.linuxpipeline.com/news/showArticle.jhtml?articleId=18900904

A volunteer-run, open source database of vulnerabilities in both
open source and proprietary software went live.

Free Internet Security Database Goes Live 
http://www.linuxpipeline.com/news/showArticle.jhtml?articleId=18901148

And Progeny said it plans to provide security updates for Red Hat
9 on May 1, the day after Red Hat itself plans to discontinue
support for the operating system. 

Progeny To Provide Security Patches For Discontinued Red Hat
Software
http://www.linuxpipeline.com/news/18900478

The Progeny program is an example of where open source security
can be more secure than proprietary software. If a company
decides to stop supporting its own open source product, another
company can gracefully pick up the slack, because the source code
is available to all. Whereas if a proprietary vendor, such as
Microsoft, decides to stop supporting old versions of its
software, you are, in the words of Marshall, the stammering nerd
from TV's "Alias," "fuh-fuh-fuh-- screwed."

WHO SAID "ENEMY OF MY ENEMY IS MY FRIEND"?

Several people wrote in to respond after I said last week that
I'd been unable to track down the source of the saying, "The
enemy of my enemy is my friend." Responses broke down like this:

- Nine people said it's an old Arab proverb, including one who
said it was also used in the Godfather movies, another who said
it might be Bedouin, and another who said it was either Arab or
Chinese.

- Four people attributed it to "The Art of War," by Sun Tzu. 

- One person attributed it to something called the "Arthasastra,"
which appears to be a reference to the Kautilyas Arthasastra, an
ancient Indian manual of statecraft. 

- One person said the quote came from the "Stargate SG-1" TV
series. 

--Mitch Wagner, Editor
Linux Pipeline
http://www.linuxpipeline.com/
mailto:mwagner@cmp.com?Subject=LPNfeedback

For more commentary and links from Mitch Wagner, see Wagner's
Weblog
http://wagblog.internetweek.com

-----------------------------------------

2. ONLY THE BEST LINUX AND OPEN-SOURCE NEWS
 	
Free Internet Security Database Goes Live
http://www.linuxpipeline.com/news/showArticle.jhtml?articleId=18901148
The Open Source Vulnerability Database is monitored by volunteers
who list vulnerabilities culled from security mailing lists.
It'll cover all platforms, not just open source software.

Sun Says Microsoft Alliance No Paper Truce   
http://www.linuxpipeline.com/news/18901153
 	
Linux Called "Insecure" For Defense Systems 
http://www.linuxpipeline.com/news/18901004

Linux Vendors Challenge Forrester Security Report 
http://www.linuxpipeline.com/news/18900904

Sun Rolls Out Free Java Application Server 8   
http://www.linuxpipeline.com/news/18900891
 	
Microsoft's Ballmer Has (Some) Nice Words For Open Source 
http://www.linuxpipeline.com/news/18900708

Itanium-Based NEC Server Test Screams For Oracle, Linux 
http://www.linuxpipeline.com/news/18900671
 	
Electronic Voting Machine Software Open For Examination
http://www.linuxpipeline.com/news/18900655

Sun Ships Solaris 9 Update, Unveils Solaris 10 Linux Project
Plans
http://www.linuxpipeline.com/news/18900584
 	
Sun: Microsoft Deal Isn't Anti-Linux
http://www.linuxpipeline.com/news/18900551
 	
Legal Pressure Pushes Lindows To Change Name 
http://www.linuxpipeline.com/news/18900495

Progeny To Provide Security Patches For Discontinued Red Hat
Software
http://www.linuxpipeline.com/news/18900478
 	
Oracle And Dell Take Aim At Midsize Businesses
http://www.linuxpipeline.com/news/18900379

Gumstix Ships Mini Linux Computers
http://www.linuxpipeline.com/news/18900358
 	
Microsoft Posts First Source Code Under Open Source License
http://www.linuxpipeline.com/news/18900342

PolyServe Introduces Storage Clusters For Linux Datacenters -
http://www.linuxpipeline.com/news/18900302
 	
EU Backs Up Its Microsoft Ruling
http://www.linuxpipeline.com/news/18900263

3. TRENDS: Google Challenges Microsoft Monopoly
http://www.linuxpipeline.com/trends/18901170
Google's vast array of Linux servers is becoming a huge computer
with a custom operating system that everyone on Earth can have an
account on. The company could threaten Microsoft's monopoly -- if
it can overcome privacy concerns.

4. TRENDS: Microsoft Trying Soft Sell To Beat Open Source
http://www.linuxpipeline.com/trends/18900956
Microsoft CEO Steve Ballmer actually praised open source this
week, and the company released software under an open source
license. That's a long-way from recent fire-breathing attacks.

5. TRENDS: Special Report: Sun-Microsoft Alliance 
http://www.linuxpipeline.com/trends/18900313
Sun Microsystems' and Microsoft's $2 billion alliance will likely
have a big affect on the Linux community, as it allies one of
Linux's biggest enemies with a company that has been both a big
enemy and a big friend. Here's a wrap-up of our coverage to date,
including a Q&A with Microsoft CEO Steve Ballmer and Sun chairman
and CEO Scot McNealy.

6. HOW-TO: One Server Nearly Does It All
http://www.linuxpipeline.com/howto/18901035
Review: The Axentra OfficeSeries Server S-200 provides small-
business security and network connectivity in a single, Linux-
based appliance.

7. NEW! VOTING BOOTH: Cast Your Vote On The Sun-Microsoft
Alliance
http://linuxpipeline.com/vote/sun_microsoft.jhtml
Is the Sun-Microsoft alliance anti-Linux?

8. VOTING BOOTH RESULTS: The European Union's Anti-Microsoft
Decision Irrelevant To Linux
http://linuxpipeline.com/trends/18901297
Most respondents to our Voting Booth reader poll said the
European Union's anti-Microsoft decision will be irrelevant to
Linux adoption.

9. SHAMELESS SELF-PROMOTION

Learn About Systems Management And Utilities Products In Product 
Finder
http://productfinder.linuxpipeline.com/index.cgi?search=Search&final_cat1=6&category=16&sub_cat=56

For other Product Finder product categories, browse or search the
database from its home page:
http://productfinder.linuxpipeline.com/

Check Out The Linux Pipeline Topic Centers

Core Linux:
http://www.linuxpipeline.com/corelinux/

Applications:
http://www.linuxpipeline.com/applications/

Enterprise Open Source:
http://www.linuxpipeline.com/enterprise/

Business:
http://www.linuxpipeline.com/business/

Tell A Colleague
If you know a colleague or co-worker who might be interested in
signing up for this newsletter, please forward it to him or her
and point out the subscription page:
http://www.linuxpipeline.com/newsletter.jhtml

Have You Discovered The Other Pipelines?
Linux Pipeline is one is a series of specialized IT sites you
might like. Here are the others, and you can expect more in the
future:

Enterprise Apps Pipeline http://www.enterpriseappspipeline.com
Biz Intelligence Pipeline http://www.bizintelligencepipeline.com
Compliance Pipeline http://www.compliancepipeline.com
Desktop Pipeline http://www.desktoppipeline.com
Developer Pipeline http://www.developerpipeline.com
IT Utility Pipeline http://www.itutilitypipeline.com
Mobile Pipeline http://www.mobilepipeline.com
Networking Pipeline http://www.networkingpipeline.com
Security Pipeline http://www.securitypipeline.com
Server Pipeline http://www.serverpipeline.com
Small Business Pipeline http://www.smallbusinesspipeline.com
Storage Pipeline http://www.storagepipeline.com
Web Services Pipeline http://www.webservicespipeline.com

Every Pipeline site has its own newsletter and RSS feed. Give 
them a try.

------- Advertisement -------------------

This issue sponsored by HP. HP technology,
services and solutions help the world's great
companies face, manage and love change.
http://www.techweb.com/pipeline/HPEnterBrand

-----------------------------------------

Subscribe To The Linux Pipeline RSS Feed
Linux Pipeline is now available as an RSS feed
http://www.linuxpipeline.com/rss/all.jhtml

You'll need specialized software, called a news aggregator, to 
view the preceding link. To find out more about RSS and news 
aggregators,
see here
http://wagblog.internetweek.com/archives/000951.html

Privacy policy:
http://www.cmp.com/delivery/privacy.html

The Linux Pipeline Newsletter
http://www.linuxpipeline.com/
Copyright (c) 2003-2004 CMP Media LLC
600 Community Drive
Manhasset, NY 11030