|
Linux Pipeline Newsletter www.LinuxPipeline.com Tuesday, February 08, 2005 In This Issue: - Open-Source Legal Center Offers Free Help For Developers - European Legislators Shoot Down Software Patent Push - IT Salary Survey: Seems Like Old Times - More News... - InformationWeek 2005 National IT Salary Survey - Review: Novell Open Enterprise Server - Torvalds: Companies Learn To Play The Linux Game - More Picks... Join Transform Magazine for a FREE, on-demand TechWebCast on Management and Compliance of IM and P2P in the Enterprise. We'll provide insight into how companies can adopt and embrace IM efficiently and securely while meeting stringent regulatory compliance requirements. Register and view today: http://www.techweb.com/today/im100504 ----------------------------------------- Editor's Note: The Root(s) Of All Evil Last week's report that a worm had infected thousands of Windows-based MySQL installations wasn't nearly as bad as it might have been. The bot didn't exploit a hole in MySQL's code--it exploited lazy or ignorant administrators who couldn't, at the very least, protect their systems with a decent root password. MySQL Worm Just Wants To Chat MySQL AB, the Swedish firm that makes the open-source database, still took some heat over the incident. Critics want the company to force users to change the default root password when they set up MySQL--or, better yet, to disable root accounts by default. Either of these changes probably would have stopped the attack dead in its tracks, and MySQL AB says it's thinking about disabling default root access in its upcoming version 5.0 release. That's not a bad idea, but I think the company is getting way too much grief over this. Anyone with a reason to install a database server should already know better--and if they don't, they need someone to kick them in the pants, not to hold their hands. This makes for an interesting comparison, by the way, to Linspire's default setup process for its desktop Linux distribution. Linspire, you may recall, is the company working with Wal-Mart to distribute cheap desktop PCs and laptop systems to the masses. The people who buy these systems probably aren't Linux geeks; many of them are likely to be first-time users who want a cheap box to get them onto the Internet. When these folks hear the word "hacker," they're more likely to think Michael Meyers than Kevin Mitnick. In order to make its Linux systems as easy as possible to use, however, Linspire allows users to set up default root access on their systems. In fact, if you don't already know what user accounts are and how to create them, you're likely to stay permanently in root on a Linspire box. Right now, a lot of Linux admins are breaking into a cold sweat at the thought of thousands--someday, maybe, millions--of systems running in root while their users bumble around the Internet in ignorant bliss. Linspire says it's not a problem: Their systems do come with unnecessary ports closed and with properly configured firewalls. Furthermore, as I've seen suggested on a Linspire discussion group, in a market where most Linux users always run their systems in single-user mode, is the taboo against running in root nearly as important as it once was? That's an interesting question, but I personally don't think the answer has changed: this is a potential PR nightmare for Linspire. As both of these cases show, however, there's a lot of confusion over what makes for good system security, how to enforce good security, and who should take responsibility for that enforcement. As more users--and more attackers--move to Linux, we'll probably get some answers to these questions the hard way.
Matthew McKenzie
Don't let future editions of Linux Pipeline Newsletter go missing. Take a moment to add the newsletter's address to your anti-spam whitelist: linuxed@techwire.com If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks. Top Linux News Open-Source Legal Center Offers Free Help For Developers New law center, founded with $4 million in OSDL seed money, will offer free legal help to non-profit open-source projects, developers and customers.
European Legislators Shoot Down Software Patent Push
IT Salary Survey: Seems Like Old Times
PalmSource Closes Linux Acquisition
More Phishers Taking Spyware To The Bank
Intrusion Prevention System Works With Open-Source Apps
Linux 2.6 Kernel To Include Xen Virtualization Technology
Utility Computing Still A Work In Progress On Linux
Red Hat Launches Government Business Unit
E Escapes Spoofing Bug's Multi-Browser Attack
IBrix File System Simplifies Linux Clustering
Gnome 2.10 Hits Beta
Quiet Month For IT Job Market
Open Source DBs Up Enterprise Appeal Editor's Picks Survey: What HR Won't Tell You--But We Will Would you like to know how your job satisfaction and pay compare to your peers'? Help us help you find out: Take the InformationWeek 2005 National IT Salary Survey. The survey, now in its eighth year, tracks over 20 IT job categories. It's quick, it's easy, and it's completely confidential. It could even pay off: If you respond by Feb. 12, you're eligible to win one of several prizes, including a Panasonic wide-screen plasma TV worth more than $2,500. Click here to get started.
Review: Novell Open Enterprise Server
Torvalds: Companies Learn To Play The Linux Game
Quick Review: Thunderbird Lays An Egg
LAMP Vs. J2EE: A Tale Of Two Platforms
Torvalds Keeps An Open Mind About Open Solaris
SPECIAL REPORT: The Firefox Guide: You Want It, We Have It Cast Your Vote Now! Sun's recent Open Solaris release has raised question about whether the company has what it takes to build the community required to guarantee its success. Will Sun's Solaris gamble pay off and take market share away from Linux? Let us know--this is the final week for the poll! Get More Out Of Linux Pipeline Try Linux Pipeline's RSS Feed Linux Pipeline's content is available via RSS feed: Get RSS link. The feed is also auto-discoverable to many RSS readers from the Linux Pipeline home page. Note: RSS feeds are not viewable in most Web browsers. You need an RSS reader, Web-based service, or plug-in to view RSS. Find out which RSS readers the Pipeline editors recommend.
Check Out Our Linux Product Finder
Discover All The Pipelines
Recommend This Newsletter To A Friend
Join Transform Magazine for a FREE, on-demand TechWebCast on Management and Compliance of IM and P2P in the Enterprise. We'll provide insight into how companies can adopt and embrace IM efficiently and securely while meeting stringent regulatory compliance requirements. Register and view today: http://www.techweb.com/today/im100504 ----------------------------------------- Manage Your Newsletter Subscription We take your privacy very seriously. Please review our Privacy Policy.
Linux Pipeline Newsletter
|