The Linux Beacon--But Wait, There's More

Newsletters

Subscriptions

Forums

Store

Career

Media Kit

About Us

Contact

Home

Volume 2, Number 27 -- July 19, 2005

But Wait, There's More

Two Flaws Found in Kerberos Authentication

Two security flaws discovered in the Kerberos authentication mechanism last week could allow hackers to crash or take control of affected computers. The Massachusetts Institute of Technology, which developed Kerberos and distributes it under an open source license, labeled the two flaws "critical" in its advisories, which can be found here and here. Kerberos, along with Enterprise Identity Mapping, is a key ingredient in the single sign-on technology created by many vendors. IBM, Sun Microsystems, Red Hat, and others embed Kerberos software into their application and system software. MIT has issued patches for the two flaws and says the flaws will be fixed in an upcoming release of Kerberos, krb5-1.4.2.

Novell Gets Stronger Partnership with Fujitsu-Siemens

The Fujitsu-Siemens server partnership tightened its tied to commercial Linux distro Novell last week as Fujitsu and Siemens try to boost sales of their existing X86 and X64 Primergy server line and ramp up sales of their new Itanium-based PrimeQuest servers.

Fujitsu-Siemens inked a deal in 2000 with then-independent Linux distributor SUSE Linux (formerly a German company, as Siemens still is) to distribute Linux on the Primergy line. In October 2002, Fujitsu-Siemens expanded that relationship to cover the worldwide Primergy market, and a little more than a year later, Novell acquired SUSE. The latest agreement allows Fujitsu-Siemens to distribute SUSE Linux on its entire Primergy and PrimeQuest lines on a worldwide basis. As with other agreements between Linux distros and the major server makers, Fujitsu-Siemens will be providing tech support services for SUSE Linux, with Novell providing joint tech support services when problems escalate beyond the capabilities of Fujitsu-Siemens to handle it.

SAS Supports Linux on Itanium

Business analytics software vendor SAS Institute announced last week that it is supporting Linux on Itanium for the first time for its Enterprise BI Server product. Because of the excellent floating point performance of the Itanium chip from Intel, the growing use of Linux among enterprises, and the dearth of mainstream Unix support on Itanium (Hewlett-Packard's HP-UX being the exception), SAS needs to be able to support Enterprise BI Server on a Linux-Itanium combo. The software is supported on AIX (Power), HP-UX (PA-RISC and Itanium), and Solaris (Sparc) Unix platforms as well as on 32-bit X86 machines running Novell's SUSE Linux Enterprise Server 8, Microsoft Windows, and IBM's 31-bit z/OS mainframe platform; it has also been ported to the 64-bit Windows version for Itanium processors. For now, SAS is supporting Red Hat Enterprise Linux 3 on Itanium servers, but will probably expand to 64-bit versions of RHEL 4 and SUSE Linux Enterprise Server 9.

Red Hat and Novell Partner with Openexchange to Push Groupware, Pull SLOX Base

Open source groupware provider Openexchange said last week it has lined up the two biggies in commercial Linux--Red Hat and Novell--to distribute and support the commercial version of its new open source groupware software, Open-Xchange Server 5.

Last year, Openexchange (formerly known as Netline Information Service) took its groupware program open source under the GNU General Public License, and offered a commercial version with support called Open-Xchange Server 5. The software is based on the commercial SUSE Linux Openexchange Server (SLOX) that was created in conjunction with SUSE and sold and supported by SUSE prior to Novell's acquisition of that company in the fall of 2003. A few weeks ago, as we reported in this newsletter three weeks ago, Netline changed its name and reincorporated in the United States so it could ramp up sales and support of OX Server 5.

OX Server 5 was initially available for Novell's SUSE Linux Enterprise Server 9, and last week Openexchange made its software available for Red Hat Enterprise Linux 4. Openexchange also announced that OX Server 5 is a certified Red Hat application and that as part of its software partnership agreement with Red Hat, Openexchange will get unspecified open source technology and services from Red Hat. In return, Red Hat gets to try to chase the installed base of SLOX servers. And to try to keep Red Hat from succeeding, Novell has its own distribution agreement to try to upgrade SLOX customers to OX Server 5 running on SLES 9. The original SLOX server was a tightly integrated bundle of SLES 8 and an earlier version of the groupware called Openexchange Server.

Judge Pushes Out SCO-IBM Trial Date

Here we go again. Those of us hoping for some sort of closure in the lawsuit between SCO Group and IBM are going to have to wait a little bit longer. The trial, which was set to begin on November 1, has been moved out to February 26, 2007, to give IBM more time to prepare for its chairman and CEO, Sam Palmisano, to prepare for his deposition. IBM had filed a motion to try to wiggle out of having Palmisano be deposed for the case, which is standard operating procedure in these cases. IBM was trying to argue that Palmisano does not have any special knowledge that might relate to the case, but considering he was the executive who in December 1999 spearheaded IBM's campaign to help further commercialize Linux, this is likely not the case.

While granting SCO's motion to have Palmisano deposed for four hours, U.S. District Court Judge Dale Kimball denied SCO's motion to file an amended complaint--which would have been its third such amendment. SCO filed its $3 billion lawsuit against IBM in March 2003, alleging that IBM has dumped Unix code protected under its copyrights and used intellectual property owned by SCO to help bolster Linux. In January 2004, SCO filed a different lawsuit against Novell, which has alleged that Novell, not SCO, owns the copyrights to Unix, and therefore SCO has no grounds on which to sue IBM. Kimball has denied Novell's second motion to dismiss this case. It is unclear when the SCO-Novell case will come to trial; the pending Red Hat-SCO lawsuit will not come to trial (or be settled) until these two cases are done.

IBM Chills Out Server Racks with Heat Exchanger

IBM this week announced a heat exchanger that uses water-cooling technology that IBM hopes will give it an edge over its rivals in selling the hottest server technologies.

The "Cool Blue" eServer Heat Exchanger took three years to develop. It consists of back door for IBM's 42U enterprise server racks that hooks into existing water-based air-conditioning systems--commonly known as computer room air conditioning, or CRAC, and a more appropriate acronym could not be found since data centers are increasingly addicted to air conditioning--to suck heat out of the back of the rack and pump it into the water supply.

Tim Dougherty, director of BladeCenter marketing at IBM, says the heat exchanger can remove up to 50,000 BTUs of heat out of a rack, which amounts to 55 percent of the heat generated by a full rack of servers. The other 45 percent of the heat still gets dissipated into the data center and must be dealt with by those CRAC units. However, the heat exchanger will allow customers to cope with hot spots in the data center or to more densely pack servers in a rack without creating a hot spot. While server makers often talk up the density of their machines, in many cases--particularly with machines with lots of peripherals and the fastest processors installed--customers can only half-populate their racks in real world settings. So removing half of the heat through a water-based chiller will allow many customers to get the densities they bought into when they acquired their servers. IBM is particularly interested in peddling the chiller with its eServer 1350 rack-mounted clusters.

The Cool Blue chiller costs $4,299, and it only snaps on IBM's racks. It can be used to cool xSeries, pSeries, and iSeries servers. Dougherty says it is designed to be installed by customers, but if customers want help, installation services will cost from a few hundred to a few thousand dollars, depending on the geography and the complexity of the data center.

Oracle Delivers Release 2 of 10g Database

As expected, database maker Oracle last week announced it has delivered Oracle 10g Release 2, a kicker to the original 10g database that was launched in February 2004. Oracle 10g is itself an improved version of the Oracle 9i database and the Real Application Clusters (RAC) extensions that Oracle co-developed with Compaq a number of years ago. Oracle 9i RAC implemented the first practical and usable clustering technology for general purpose applications, and Oracle 10g is a so-called grid implementation of this software, and the difference between cluster and grid is largely a marketing one, not a technology one. Oracle has sold over 40,000 licenses of Oracle 10g to over 15,000 customers in the past 17 months.

With Oracle 10g Release 2, the company is making performance tweaks to make clustered databases run more smoothly and efficiently, and is boosting the scalability of the database to over 100 server nodes in a single database image. The software also has better load balancing across the cluster, and Oracle has published open up and API in the Clusterware feature of the 10g database (this is the secret sauce that Oracle licensed from Compaq's TruCluster extensions to its Tru64 Unix to create Oracle 9i RAC) that will allow companies to better hook 10g databases into their high availability clustering and management software. The 10g Release 2 database also has beefed up encryption technologies, since everyone is paranoid about losing archive tapes or having data stolen from their networks these days. Oracle 10g Release 2 is shipping initially on Red Hat Enterprise Linux 3, but will be available for Red Hat Enterprise Linux 4, Novell SUSE Linux Enterprise Server (presumably versions 8 and 9), IBM AIX, Sun Microsystems Solaris, Hewlett-Packard HP-UX, and Microsoft Windows over the next 30 to 90 days.