Sunday, December 24, 2006

Setting up name-based virtual host on apache

I just finished setting up name-based virtual host for one of my clients. The server is Red Hat Linux Enterprise 4 update 4 (RHEL) with public IP. After I have successfully setting up DNS server correctly in particular to access to this server, this is how I setup name-based virtual host for it.

What is name-based virtual host?
A feature for webserver (ie apache,IIS etc) to serve many websites with one IP. The server will serve webpages accordingly based on the name of the site (ie www.example.com , mail.example.com , blog.example.com etc2).

Let's do it.
This tip is for Red Hat and maybe the same for Fedora Core (FC). On Mandriva and other distros, the directive to change may be in different files and different folders.

Step 1
Open up /etc/httpd/conf/httpd.conf with your favorite text editor (I personally use joe in console).

Step 2
Coment out this line:

NameVirtualHost *:80


Step 3
Comment out these lines (in the VirtualHost containers and change accordingly to your server name:

ServerAdmin testuser@example.com
DocumentRoot /var/www/html/
ServerName www.example.com
ErrorLog /var/log/www.example.com.log
CustomLog /var/log/www.example.com.common.log common


ServerAdmin testuser2@example.com
DocumentRoot /var/www/html/email
ServerName mail.example.com
ErrorLog /var/log/mail.example.com.log
CustomLog /var/log/mail.example.com.common.log common


Note:
See the DocumentRoot directive in each VirtualHost container. It is different. And also see the difference of ServerName directive. It is used by Apache to differentiate the website served based on the name.

Step 4
Restart apache by issuing "service httpd restart" in console (without the double quote). Notice any error if any.

Step 5
Now you can try accessing your server with www.example.com and mail.example.com. See if it serves the right page. If yes, congratulations. You have successfully done it.

That's all there is to it. Have fun.

Wednesday, December 13, 2006

The new ShoutMix ShoutBox v2



At last the long awaited ShoutMix ShoutBox v2 is ready for prime time now and this time AJAX is used for real time update. It has many new features though. To know more, please register at shoutmix site and explore yourselve. For heavy or corporate users, you are encouraged to register as a premium user with affordable price and enjoy more features.

More news here and here.

Thursday, November 2, 2006

connecting to SSH server passwordless

If you have to connect to an SSH server frequently or you want to make a shell script using ssh, you might want to consider connecting to it passwordless. This trick is now new. I have heard about this long time ago but didn't have any necessity for it so I ignored it until recently.

by the time of this writing, I have just completed my script for backup using SSH passwordless. Here I want to share the way I did it in a simple way. I hope it benefits others. Bear in mind that, all ssh utilities like sftp, scp and ssh can use passwordless connection once we complete setup one.

Step 1
  • Connect to SSH server and open up sshd_config in /etc/ssh or equivalent. Check your distro documentation.
  • Make sure you have the following entries:
    # Allow Identity Auth for SSH1?
    RSAAuthentication yes

    # Allow Identity Auth for SSH2?
    PubkeyAuthentication yes

    # Authorized Keys File
    AuthorizedKeysFile ~/.ssh/authorized_keys
Step 2
  • Make RSA keys using ssh-keygen in your home directory of ssh client.
    $ cd ~  
    $ mkdir identity-test
    $ cd identity-test
    $ ssh-keygen -f id_rsa -t rsa
    Generating public/private rsa key pair.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

    Your identification has been saved in id_rsa.
    Your public key has been saved in id_rsa.pub.
    The key fingerprint is:
    c3:af:e9:6c:2f:19:4d:b5:1a:a9:40:06:54:e6:60:08 me@localhost
  • look at the created files
    $ ls
    id_rsa id_rsa.pub

    The id_rsa.pub contains the public key and id_rsa contains private key.
  • copy the content of id_rsa.pub to ~/.ssh/authorized_keys
    Two ways to achieve this
    1. login to ssh server and paste the content into the file
    2. using scp to copy the content into the file
  • So, let's test logging in with this key. Since we have put the test key in a non-standard place, we will need to reference it explicitly on the command line:
    $ ssh username@server -i ~/identity_test/id_rsa
    $username@server$ hostname
    $server
    $username@server$ exit

    $ ssh username@server -i $HOME/identity_test/id_rsa "echo Success!"
    Success!
    $
  • In the above examples, if you can login without password then the setup is a success. If not, please recheck the setup.
Have fun ssh'ing :)

Monday, October 2, 2006

An encounter with VLAN

2 days ago, I helped my friend setting up internet connection for his office's LAN. As he showed me the network diagram, I realised that there are 6 VLAN that I need to cover to make them connect to the internet.

6 VLANS-->CORE SWITCH-->ROUTER+PROXY+DNS-->GATEWAY-->INTERNET

The problem was to get the clients in each VLAN to communicate each other and to communicate with router. All clients should also be able to access dhcp server located in one of the VLANS. After struggling about two days, I managed to get all clients in different VLANS talking to each other and the router. The problem was that I didn't understand how each VLAN talk to each other. The solution was located on coe switch. The commands below did the job:

route add -net 172.20.10.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.20.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.30.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.40.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.50.0 netmask 255.255.255.0 gw 172.20.30.254 eth0
route add -net 172.20.60.0 netmask 255.255.255.0 gw 172.20.30.254 eth0

If you can see above, the gateway is the same to be able all VLANs talking to each other and .30.254 is the gateway of the router.


route add default gw xxx.xxx.xxx.xxx

xxx.xxx.xxx.xxx is the gateway public IP (usually a modem). Don't forget that the router should enable ip forwarding. change it in /etc/sysctl.conf and run sysctl -p to make it effective. NAT and forward table really depends on it.

iptables and squid
I setup squid for faster internet access and save internet bandwidth. For each VLAN, we have to make rules.

iptables -t nat -A PREROUTING -s 172.20.10.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.20.20.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.20.30.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.20.40.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.20.50.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -s 172.20.60.0/24 -p tcp --dport 80 -j REDIRECT --to-ports 3128

Note that 3128 is the squid port.

That's it. Now the clients on every VLAN can access to the internet and communicate with each other.

Tuesday, September 19, 2006

ping using netbios name from Linux box

I have a linux box in a LAN with almost other boxen are MS Windows ME/XP. This Linux box acts as a WINS server serving request from LAN for netbios information. I can get the name of pcs in my workgroup using smbclient -L mywinsserver but I didn't know the ip address of each client. I would like to ping the name of a client pc using netbios names. How to overcome this? I got this simple solution from the net. Put wins in /etc/nsswitch.conf like this:

hosts:          files dns wins

This line says, try looking in /etc/hosts files and then dns server and then wins server for the ip address of the name. This is only applicable if there is a WINS server in your network. If not, you're out of luck.

tips : to speed up netbios name resolution, try putting wins in the front like this

hosts:          wins files dns

I don't recommend this unless you access clients on your network frequently. Otherwise, the default should be enough.

Thursday, September 7, 2006

Samba explained

I'm done setting up samba server as instructed by my boss 2 weeks ago. The mystery of SAMBA have been revealed :). I never done this before. I mean I've never done setting up one for 'production' server. I learnt a lot from internet by googling and asking on a Linux forum to get hints. I wanna share a few tips here for us.

My setup
The first thing to configure is smb.conf. I use Slackware 10.2. This file is located in /etc/samba. For your distro, you should check in /etc or /etc/samba. This file is divided into 2 categories:

  1. global setting [global]
  2. share definitions (this is where you define your sharing directories)
Let's discuss them in turn

global setting[global]

workgroup - specify workgroup of your machine
server string - specify server string ie Samba server
security - specify your security here ie share or user. share is suitable for home use. user is more secure. You have to specify username and password when you want to connect to this samba server.
hosts allow - ie 192.168.0.0/24 or 10.0.0.0/16 , specify LAN clients allowed to connect. You may want to add localhost too ie 127.0.0.1
wins server - specify WINS server to be used by this samba server for faster NetBIOS name resolution ie 192.168.0.11

There are more directives to be set but I concentrate for simple setup only.

Share Definitions
Here you can specify what directory you want to make sharing. Look at this example:

[homes]
comment = Home Directories
browseable = No
writable = Yes

[public]
comment = For Public Consumption
path = /home/samba/public
public = Yes
writable = Yes
printable = No
writelist = @staff
browseable = Yes

[Finance]
comment = Finance's Stuff
path = /home/samba/finance
valid users = @finance
public = no
writable = no
printable = no
browseable = yes
write list = @finance
create mask = 0660
directory mask = 0770
force group = @finance

------
for [Homes], it is the home directory of the user if they logged in. browseable = No states that the directory is not browseable by other users or hidden. writable = yes states that the user is given read and write permissions.

for [public], the path for this folder is /home/samba/public. You have to make sure that this directory exist and make sure the permission is set as below:

drwxrwxr-x  root staff  /home/samba/public

this ensure that the staff group has write permission as stated by writelist = @staff. The other directives are self-explanatory.

For [finance], the path is /home/samba/finance and valid users = @finance states that only users in finance group can enter/access this directory and write list = @finance ensures that only users in finance group have read and write permissions. The "create mask" and "directory mask" ensure new and modified files and directories retain their correct permissions, and the "force group" causes all file read/writes to be the group finance regardless of what the user's primary group is, ensuring that all members can read/write/modify files. permissions. You should set the directory as :

drwxrwx---  root finance  /home/samba/finance

These are the tips that I got when I was setting up the samba server. I hope it can be useful to anyone who wanna setup a simple samba server in a LAN more secure by setting up the sharing directories correctly.

You can extend the above setup as you grasp the key concept above. The permissions of Linux directories should satisfy what you state in smb.conf or the other way around :). Otherwise it will make no sense.

Lastly, to restart the samba server , issue this command :

/etc/rc.d/rc.samba restart

or (if you use Fedora, Redhat or Mandriva)

service smbd restart

Have nice day!

Saturday, July 29, 2006

The latest Google Talk



When I was checking my INBOX, I usually ignored emails from unknown sender (including emails from mailing lists) for the first time if and only if the Subject was not interesting but one email really caught me. The subject was about the latest Google Talk or Gtalk for short. I am a big fan of Google Talk and have been using it for nearly a year now. Of course, the 'talk' feature is the main attraction. I like its simplicity.Nonetheless, I want it to have more features like the ability to share files, change status on the fly based on action, more colorful smilies and webcam support. Use YM! I hear you say. No. What I want is the google way of doing things. Simple but elegant. :-)

Wait no more. At least many of the features have been added in the recent release. See what's new. Download it here.

Thursday, July 6, 2006

Apache virtual server on SuSe 9.2



Hello there!. We meet again. :)

I am in the process of tranferring my old server files and data to our new server. It is an IBM e-series (2 Xeon CPUs, 1 GB RAM, 2 HDDs, Hardware RAID capable, 2 power supplies). I have setup SuSe Linux Professional 9.2 on it for testing. After 2 days testing it, I decided to use it as the distro of choice for our new server. SuSe is an excellent distribution for servers (so do other distributions aimed for servers). This is the article on how I setup name-based apache virtual server for the server.

Setting up apache virtual server
What is apache virtual server? It is a concept where a server can have multiple names and multiple IPs. Each server name can have different content depends on folder they are assigned (See below). The configuration on some distros is different depends on what directive have been put in httpd.conf and other files.

Copy file /etc/apache2/vhosts.d/vhost.template to vhost.conf in the same directory. Put this in /etc/apache2/vhosts.d/vhost.conf :

<**virtualhost>
ServerName www.mydomain.tld
ServerPath /mydomain
DocumentRoot /srv/www/web/domain
< /virtualhost>

<**virtualhost>
ServerName www.mydomain2.tld
ServerPath /mydomain2
DocumentRoot /srv/www/web/domain2
< /virtualhost>

(please remove the leading **)

This is one server serves multiple domains or subdomains. To configure name-based virtual hosts, uncomment this line in /etc/apache2/listen.conf:

NameVirtualHost *:80

If you are using UTF-8 in your web pages, you should replace this line in /etc/apache2/mod_mime-defaults.conf:

AddDefaultCharset ISO-8859-1

with this line:

AddDefaultCharset Off


How does apache knows to differentiate each domain/subdomain ?

It looks at the HTTP header of clients' packets. If you type http://www.mydomain.tld, it will serve for domain www.mydomain.tld and the same for the other domain. You can have as many domain as you like.


To see the status of your bonding interface, issue this command :

~#cat /proc/net/bonding/bond0

The output is as below :


Ethernet Channel Bonding Driver: v2.6.0 (January 14, 2004)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 0
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:14:5e:69:75:2a

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:14:5e:69:75:2b

Summary
Instead of 2 servers for two purposes, I create name-based apache virtual server to serve for my domains and subdomains. This eliminates the need for more hardwares and cost. Furthermore, the server is capable enough to handle more that 1 domain and I think this is one of many ways to use the hardware effectively.

Resource
http://www.topology.org/linux/apache2.html
http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Saturday, June 24, 2006

Installing Linux on an iMac



What Linux distro is the best for iMac? For a week, by searching with google, I found out that YellowDog is the best. I have to verify it myself by installing one. Before this, I have run Ubuntu Live CD PowerPC Edition to find out whether Linux can be installed on iMac. I couldn't believe my eyes. It was running perfectly. Now it's time to install to hard disk and wipe out the Mac OS 9.

My iMac is a G3 with 60 GB hard drive and Riva 128 is the graphic adapter.


SuSeLinux:~ # cat /proc/cpuinfo
processor : 0
cpu : 745/755
temperature : 27-29 C (uncalibrated)
clock : 400.000000MHz
revision : 50.2 (pvr 0008 3202)
bogomips : 49.79
timebase : 24967326
machine : PowerMac2,2
motherboard : PowerMac2,2 MacRISC2 MacRISC Power Macintosh
detected as : 66 (iMac FireWire)
pmac flags : 00000014
L2 cache : 512K unified
pmac-generation : NewWorld
SuSeLinux:~ #



SuSeLinux:~ # lspci
00:0b.0 Host bridge: Apple Computer Inc. UniNorth AGP
00:10.0 Display controller: ATI Technologies Inc Rage 128 PR/PRO AGP 4x TMDS
0001:10:0b.0 Host bridge: Apple Computer Inc. UniNorth PCI
0001:10:17.0 Class ff00: Apple Computer Inc. KeyLargo Mac I/O (rev 03)
0001:10:18.0 USB Controller: Apple Computer Inc. KeyLargo USB
0001:10:19.0 USB Controller: Apple Computer Inc. KeyLargo USB
0002:20:0b.0 Host bridge: Apple Computer Inc. UniNorth Internal PCI
0002:20:0e.0 FireWire (IEEE 1394): Apple Computer Inc. UniNorth FireWire (rev 01)
0002:20:0f.0 Ethernet controller: Apple Computer Inc. UniNorth GMAC (Sun GEM) (rev 01)
SuSeLinux:~ #



With Ubuntu, to my surprise, the installer couldn't enter X mode. I tweaked the xorg.conf to make it work. I failed. I got no time to tweak a little bit more. I turn to Yellow Dog. The Yellow Dog installer also failed to enter X mode. Lastly, I turned to OpenSuSe. To my relief, it worked. The gui installer had no difficulty to run. After booting, the X worked but the screen was not centered. I tweaked xorg.conf a little bit. It's easy with xvidtune than SaX2. Now the screen looked better. You didn't have to be a rocket scientist to tweak it. :p


The monitor section :

Section "Monitor"
DisplaySize 300 230
HorizSync 60-60
Identifier "Monitor[0]"
ModelName "APPLE IMAC"
Option "DPMS"
VendorName "APP"
VertRefresh 75-117
UseModes "Modes[0]"
EndSection


The modeline section :

Section "Modes"
Identifier "Modes[0]"
Modeline "1024x768" 78.525 1024 1049 1145 1312 768 769 772 800 +hsync +vsync
Modeline "1024x600" 89.40 1024 1088 1200 1376 600 601 604 637
Modeline "1024x600" 88.39 1024 1088 1200 1376 600 601 604 636
Modeline "1024x600" 87.51 1024 1088 1200 1376 600 601 604 636
Modeline "800x600" 69.65 800 848 936 1072 600 601 604 637
Modeline "800x600" 68.86 800 848 936 1072 600 601 604 636
Modeline "800x600" 68.18 800 848 936 1072 600 601 604 636
Modeline "768x576" 66.54 768 816 896 1024 576 577 580 613
Modeline "768x576" 65.80 768 816 896 1024 576 577 580 612
Modeline "768x576" 65.18 768 816 896 1024 576 577 580 612
Modeline "640x480" 50.03 640 680 744 848 480 481 484 513
Modeline "640x480" 49.59 640 680 744 848 480 481 484 513
Modeline "640x480" 49.16 640 680 744 848 480 481 484 513
EndSection


The device section :

Section "Device"
BoardName "Rage 128 PR"
BusID "0:16:0"
Driver "ati"
Identifier "Device[0]"
Screen 0
VendorName "ATI"
Option "AGPMode" "true"
# Option "UseCCEFor2D" "false"
# Option "UseFBDev" "true"
Option "ForcePCIMode" "true"
EndSection


Running Linux on iMac is a wonderful thing. Linux is Linux. Whatever platform it is running, you can turn it to be a server, workstation or desktop. You decide.

Thursday, June 15, 2006

AMD Opteron vs Intel Itanium





Recently, I attended a seminar on Grid Computing and HPC. The organizer invited an Indian speaker, a sales director of SUN India, Mr Mohan. In his brilliant speech, many useful information gathered by me especially the decision made by SUN to opt for AMD Opteron on many its HPC products instead of Intel Itanium (in terms of commodity 64-bit CPU).

Why Opteron?
These are the reasons (briefly):

1. Allows end users to run their existing installed base of 32-bit applications and operating systems at peak performance, while providing a migration path that is 64-bit capable.

2. HyperTransport technology - provides a scalable bandwidth interconnect between processors, I/O subsystems, and other chipsets. This feature is not available in Itanium.

3. Integrated DDR DRAM Memory Controller - this memory is integrated in CPU itself. For Itanium, the memory is outside of CPU. According to Mr Mohan,Itanium introduced FSB (Front Side Bus) to connect CPU to external RAM. This increases latency.

4. Low-Power Processors - the AMD Opteron processor offers industry-leading performance per watt making it an ideal solution for rack-dense 1U servers or blades in datacenter environments as well as cooler, quieter workstation designs. This is a critical factor for HPC environment.

The bottomline is Opteron is more scalable than Itanium in terms of speed. If we add more CPUs, the Opteron speed will increase as opposed to Itanium. To make things worse, the bandwidth between CPUs will be divided evenly.

These are distinctive features on AMD Opteron that made it suitable for SUN to bundle it for their server products. Although Intel is popular, for technical people, popularity is nothing. The technical side of it is more important and pricewise it is cheaper too.

ps : This article is not endorsed by AMD :-)

Monday, June 5, 2006

64 bit is the way to go...

The server is up and running. It is a 64-bit Xeon with two processors.


[root@flowerhorn ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 2.80GHz
stepping : 1
cpu MHz : 2800.216
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi m
mx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl cid cx16 xtpr
bogomips : 5521.40
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 2.80GHz
stepping : 1
cpu MHz : 2800.216
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi m
mx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl cid cx16 xtpr
bogomips : 5586.94
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 48 bits virtual
power management:
[root@flowerhorn ~]#


Sorry. the info was cut a little bit here and there. The point here is, it has 2 cpus (see processor 0 and 1 and it is Xeon 2.8 Ghz)

Here is the memory info :

[root@flowerhorn ~]# cat /proc/meminfo
MemTotal: 1024604 kB
MemFree: 11644 kB
Buffers: 36896 kB
Cached: 259168 kB
SwapCached: 76 kB
Active: 778852 kB
Inactive: 174596 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 1024604 kB
LowFree: 11644 kB
SwapTotal: 2618552 kB
SwapFree: 2614760 kB
Dirty: 448 kB
Writeback: 0 kB
Mapped: 689168 kB
Slab: 27868 kB
CommitLimit: 3130852 kB
Committed_AS: 1189824 kB
PageTables: 11904 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 269992 kB
VmallocChunk: 34359468047 kB
[root@flowerhorn ~]#

MemTotal = Total memory (it is 1 GB)

Older Xeon processor is 32-bit. The latest one is 64-bit. I heard that AMD's Opteron is superior in benchmark of 64-bit CPU. If I need one more server, I will opt for Opteron. To take advantage of 64-bit CPU, one should install 64-bit OS and applications if they are available. That's what I did. I did install Mandriva 64-bit and Slamd64.


[root@flowerhorn ~]# uname -a
Linux flowerhorn.censored.org 2.6.12-12mdksmp #1 SMP Fri Sep 9 17:20:34 CEST 2005 x86_64 Intel(R)
Xeon(TM) CPU 2.80GHz unknown GNU/Linux
[root@flowerhorn ~]#


Come on guys. Take advantage. That's the key point here. :)

Friday, May 26, 2006

bond0 interface

In the example below, the bond0 interface is the master (MASTER) while eth0 and eth1 are slaves (SLAVE). Notice all slaves of bond0 have the same MAC address (HWaddr) as bond0 for all modes except TLB and ALB that require a unique MAC address for each slave.

# /sbin/ifconfig
bond0 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST
RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:7224794 errors:0
dropped:0 overruns:0 frame:0
TX packets:3286647 errors:1 dropped:0
overruns:1 carrier:0
collisions:0 txqueuelen:0

eth0 Link
encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet addr:XXX.XXX.XXX.YYY
Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST RUNNING SLAVE
MULTICAST MTU:1500 Metric:1
RX packets:3573025 errors:0 dropped:0 overruns:0
frame:0
TX packets:1643167 errors:1 dropped:0 overruns:1 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x1080

eth1 Link encap:Ethernet HWaddr 00:C0:F0:1F:37:B4
inet
addr:XXX.XXX.XXX.YYY Bcast:XXX.XXX.XXX.255 Mask:255.255.252.0
UP BROADCAST
RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:3651769 errors:0
dropped:0 overruns:0 frame:0
TX packets:1643480 errors:0 dropped:0
overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:9 Base
address:0x1400

Monday, May 22, 2006

squid and iptables - revisited

One of best combinations for internet connected LAN is squid, a proxy server and iptables, a packet filtering ruleset. To make it useful, this combination is used to configure transparent proxy for a LAN or more.

iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 3128
Above command is for LAN (192.168.0.0/24) connecting to the internet via proxy server running on port 3128.

To make https proxied( it is not actually because we can't proxied encrypted packets but they are just forwarded), the command is as below :
iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 3128
You can NOT do the same for ftp (port 21). For ftp, you have manually inserted the proxy address for ftp protocol in your browser connection setting.

By above command executed on a proxy server (a.k.a firewall), the PCs in the LAN need not be configured one by one to use the proxy server. Less work for system/network administrator :). They are said to be connected to the internet using proxy server transparently. Now you got it? :)

There's one more way to handle https connection. Instead of going through squid, you can also NAT it. Drop the above https command and use this :

iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -p tcp --dport 443 -j SNAT --to 111.222.333.444
where 111.222.333.444 is your proxy server public IP address.

It is up to you which way you want to use. I can say that from my experience, there's no noticeable difference in terms of performance. If you do not agree, please do not hesitate to write comment and state your experience.

Monday, April 24, 2006

When Microsoft lovers bash Microsoft

People tell me I bash Microsoft too much; that Microsoft's products really are great. OK, so I won't bash Microsoft this time around.

I'll let Microsoft's own friends do it.

Let's start with Mike Danseglio, program manager in Microsoft's Security Solutions group. In early April at the InfoSec World conference, Danseglio was talking about Windows security. He said, "When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit."

In other words, Windows users may have no choice but to wipe their systems down to the bare-metal and then reinstall the operating system and applications.

In one case, Danseglio said, a branch of the U.S. government had a malware infestation on more than 2,000 client machines that "was so severe that trying to recover was meaningless. They did not have an automated process to wipe and rebuild the systems, so it became a burden. They had to design a process real fast."

That's great. If you run Windows, Microsoft is telling you that you may need to have a network process set-up to blow away your systems and restore them automatically.

Let's take that a step farther. You also can't trust your data backups, because they might have malware hiding on them. You'll also need to keep your Windows systems constantly updated, because an unpatched XP system that's exposed to the Internet, according to a recent Symantec study, lasted only an hour and 12 seconds before being compromised.

Let's move on, shall we?

Paul Thurrott, editor and owner of Paul Thurrott's SuperSite for Windows, is the Windows expert's expert. I may know a thing or two about Linux, but I don't know Linux half as well as he knows Windows.

So, what does he have to say about the latest Vista beta? The title of his piece is: Where Vista Fails.

I quote: "Since the euphoria of PDC 2003 [Microsoft Professional Developers Conference 2003], Microsoft's handling of Windows Vista has been abysmal. Promises have been made and dismissed, again and again. Features have come and gone. Heck, the entire project was literally restarted from scratch after it became obvious that the initial code base was a teetering, technological house of cards. Windows Vista, in other words, has been an utter disaster. And it's not even out yet."

And people thought I was hard on Vista!

If you're one of those people who've been looking forward to Vista -- and dismissing comments from people like myself who run multiple operating systems and have found Vista to be less than impressive -- you really must read Thurrott's story.

How about Aero, for example, that great 3D interface, which will almost certainly require you to update your graphics card if not force you into getting a new system? The one new feature that people are excited about it in Vista?

Thurrott has this to say: "Anyway, the reality of glass windows is that they stink ... But the visual difference between the topmost window (that is, the window with which you are currently interacting, or what we might describe as the window with focus) and any other windows (i.e. those windows that are visually located "under" the topmost window) is subtle at best. More to the point, you can't tell topmost windows from other windows at all. And don't pretend you can."

I don't know about you, but that's got me all excited about Aero.

Or, take another guy who's Microsoft through and through, Vladimir Mazek. He's the CEO of Open Web Now Corp., a small Orlando, Fla.-based business that's all about providing Microsoft services to its customers. He's a mover and a shaker in the Microsoft SMB integrator space, with more Microsoft certifications than you might have known existed. And he runs his own Web site, Vladville, off "by WordPress [the open-source content management system] on CentOS Linux 4.3."

Why!?

Mazek explained to B.J. Gillette of Email Battles that, "Well the frontend box was always Linux, it was just powered by Blogger so it was a plain Apache. We used Windows + SQL 2000 for the backend and distribution of the SBS Show which gets like 40-60,000 downloads per episode so we had to get crafty about distributing it. But with the upgrade we just decided to standardize that end of things on Linux/Apache."

It wasn't because of any Linux or Apache technical wonderfulness that he switched over. He "migrated to Linux purely because of the costs. Despite popular belief, Microsoft does not give its MVPs [Microsoft Most Valuable Professionals] free production software."

Ah, but that is part of Linux's strength. For technically savvy users, like Mazek, it is completely free.

So, there you have it. A senior Microsoft employee saying that XP can be so thoroughly compromised that you may have no choice but to destroy and rebuild your PCs; a Windows expert's expert dismissing Vista as an "utter disaster"; and an extremely well-respected Microsoft integrator and MVP turning to open-source because it makes better financial sense.

I really don't have to say a thing about Microsoft, do I?


by Steven J. Vaughan-Nichols


[taken from Linux-Watch]

Thursday, April 20, 2006

Torvalds Patches Linux Kernel, Fixes Broken Virus

Patch fixes bug that prevented a virus from running on some systems.

Robert McMillan, IDG News Service
Wednesday, April 19, 2006


SAN FRANCISCO -- The hacker who created a widely reported cross-platform virus that could affect both Windows and Linux PCs may have inadvertently done some free bug testing for the Linux operating system. Linux creator Linus Torvalds said today he had patched his operating system kernel to fix a bug that had been preventing the virus from running.

The virus, called Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was first reported on April 7 by security vendor Kaspersky Lab, which labeled it an interesting proof-of-concept program, because of its ability to affect both Windows and Linux.

After discovering that the virus didn't work on recent versions of Linux, open-source developers did some investigative work and discovered that the cause was an obscure bug in the compiler used by Linux. News of this bug was first reported on NewsForge.com.

The bug affects versions of Linux that were compiled using a certain kernel option, called REGPARM, which was recently enabled by default, according to Torvalds.

Torvalds has now patched the problem in his version of the Linux kernel, which is used by developers. Most users, however, won't see the patch until version 2.6.17 of the kernel is released, he said.

'Benign' Bug
This patch fixes what Torvalds calls a "benign" bug that has no effect on most programs. It also helps Virus.Linux.bi work in systems where it otherwise would have been ineffective.

But Torvalds pointed to a couple of reasons why his fix doesn't really help the bad guys. First, he disputed the idea that Virus.Linux.Bi is actually a virus. "It ends up really being just a program that writes to files that it has permissions to write to. Nothing wrong with that," he said. "It just does so in an interesting manner that means that it gathers more publicity."

And even if the proof-of-concept code could be put to malicious use, "any serious bad guy" would have had no trouble overcoming the compiler bug that was preventing it from working, Torvalds added.

To date, Kaspersky has not seen any hackers adopt the proof of concept code for use in real attacks, though the security vendor says that malicious "black hat" hackers might attempt to put it to use.

"There are always black-hatters out there that are going to try to use part of it to create something new,"
said Shane Coursen, a senior technical consultant with the company.

"We may see another virus using the same method of cross-platform infection."

Saturday, April 15, 2006

Red Hat keeps its grip on Fedora


Red Hat Inc. announced on April 4th that the Fedora Project is going to stay under Red Hat's control, instead of going to the Fedora Foundation as it had previously announced.

Red Hat's Community Development Manager Greg DeKoenigsberg explained that the Fedora Foundation was not going to take charge of the operating system, after all. Instead, Red Hat was retaining some "control over Fedora decisions, because Red Hat's business model *depends* upon Fedora."

This brings to mind the way Sun keeps control of Java through its Java Community Process partners.

This is also not what Red Hat said it was doing in June 2005, when it announced that it was forming the Foundation to take charge of Fedora development. At that time, Mark Webbink, Red Hat's deputy general counsel, said, "We feel that we are now at a point where we need to give up absolute control. We built our company on the competence of the open-source community and it's time for us to continue to manifest that."

By August, Red Hat's Foundation plans were a little clearer. The new organization was to provide funding for filing patents covering inventions of open source developers; to support copyright assignments to assure compliance with open source licenses; and to provide organizational structure for Fedora volunteers.

So, what happened?

Max Spevack, the Fedora Project Leader, explained in a public message that, "We've had a lot of smart people working hard to make this Foundation happen, but in the end; it just didn't help to accomplish our goals for Fedora."

"When we announced the Foundation, it was with a very specific purpose, and in a very specific context, said Spevack, "to act as a repository for patents that would protect the interests of the open source community."

It was only later, Spevack continued, that "people inside and outside of Red Hat were interested in working beyond the stated purpose -- an intellectual property repository -- and instead saw this new Foundation as a potential tool to solve all sorts of Fedora-related issues. Every Fedora issue became a nail for the Foundation hammer, and the scope of the Foundation quickly became too large for efficient progress."

According to Spevack, even after the Foundation was incorporated in September, no one had successfully articulated "the precise responsibilities of the Foundation. This conversation took months, but ultimately it came back around, again and again, to a single question: 'What could a Fedora Foundation accomplish that the Fedora Project, with strong community leadership, could not accomplish?'"

Red Hat concluded that there wasn't anything the Foundation would do better. Spevack goes over all the reasons why it wouldn't work well for its original intellectual property purposes, and why it would have trouble legally making a go of it as a non-profit group.

At the end of the day though, Spevack wrote, "The simple and honest answer: Red Hat *must* maintain a certain amount of control over Fedora decisions, because Red Hat's business model *depends* upon Fedora. Red Hat contributes millions of dollars in staff and resources to the success of Fedora, and Red Hat also accepts all of the legal risk for Fedora. Therefore, Red Hat will sometimes need to make tough decisions about Fedora. We won't do it often, and when we do, we will discuss the rationale behind such decisions as openly as we can."

Nevertheless, Spevack insists, "Just because Red Hat has veto power over decisions, it does not follow that Red Hat wants to use that power. Nor does it follow that Red Hat must make all of the important decisions about Fedora. In fact, effective community decision making is one of the most direct measures of Fedora's success."

As a nod to the community, Fedora will now be governed by the Fedora Project Board. In turn, this will be made up of nine board members: five Red Hat members, four Fedora community members, and a Red Hat appointed chairman, who has veto power over any decision.

Spevack will be the first chairman. The Fedora Project Board's Red Hat members are Jeremy Katz, Bill Nottingham, Elliot Lee, Chris Blizzard, and Rahul Sundaram. From the community, the members will be Seth Vidal, Paul W. Frields, Rex Dieter, and a fourth board member to be named as soon as possible.

Most fundamental administration matters have not been set up yet. Spevack wrote, "A lot of the key governance details -- term length, board composition, election or appointment process -- have yet to be resolved. One of the first responsibilities of the new board will be to work with the Fedora community to answer these questions."

The community, however, seems indifferent to who's running the show. As one active Fedora user put it on the Fedora Forum Website, "As long as Fedora is still being developed and supported as well as them keeping the standards up I'm not too fussed about how the managing body is structured."

The few Fedora users who bothered to comment on the matter, agreed. "If it doesn't effect to Fedora development then it's fine," wrote another Fedora user.

On the technical side, the Fedora Project is sticking to its six-month release schedule. For those of you keeping score, that means we should see Fedora Core 6 in late September.

This new version "may" include a live CD, Intel Mac support, and better configuration tools, and might also include Fedora Directory Server in the Fedora core. It won't, however, have a single installer CD or installer-based partition resizing.

-- Steven J. Vaughan-Nichols (from Linux Watch)

ATI releases Linux driver and update



PEOPLE often complain about ATI Linux support. Nvidia rocks with driver support for the OS, and we know that Nvidia has just released a driver supporting the new kernel.

ATI is ready with its own answer, supporting XFree86 4.1, XFree86 4.2, XFree86 4.3 and X.Org 6.8. There is even a 64-bit driver and all of these drivers and XFree86 and the driver itself are version 8.24.8.

The driver supports all the modern graphic cards including X1900, X1800 cards and the older ones too. The big thing is that ATI now supports Avivo, even under Linux, and we do know that many of this community plays with video files than with games.

The Linux driver even has a GUI and you can download it here.

*UPDATE: My machine now uses ATI's proprietary driver and it rocks. The installation is a snap.

Sunday, April 9, 2006

Gunning for Linux The free operating system--backed by IBM, HP, and others-- is breaking Microsoft's monopoly.

...but a lawsuit by SCO, which claims to own parts of the code, could wreck the party.

old news but nice to read.

By Roger Parloff

(FORTUNE Magazine) – In the ascetic waiting room of the SCO Group's Lindon, Utah, headquarters, the only reading matter is a stack of beige, telephone-book-sized binders. They are volumes I, II, III, and IV of the company's press clippings. For the previous month. SCO (pronounced "skoe," to rhyme with "snow") is already notorious in three insular communities. The first to appreciate its significance were countercultural software developers, at least a few of whom would like to transform society by reordering our approach to the protection of intellectual property. Next to catch on were the pragmatic information technology officers and risk-averse in-house lawyers who work for every company this magazine writes about. Now the ripple effects are about to touch the rest of us, and we need to know about SCO too.

SCO became infamous in March 2003, when it sued IBM alleging that the IT giant had improperly dumped parts of SCO's confidential, enterprise-grade, proprietary software code, called Unix, into Linux. Linux (rhymes with "cynics") is a "free" or open-source operating system that can be downloaded off the Internet for no charge. Such software is called free not because of its price (there is no prohibition on charging for it, though most people don't) but rather because its source code--the specialized language in which it is written--is kept open to public view, enabling developers to freely comprehend it, modify it, debug it, customize it, and distribute it. With proprietary software, like Microsoft Windows, developers can typically do none of those things, because of both legal prohibitions and technological barriers.

Though Linux began as a hobby of sorts among software developers, in recent years IBM, Hewlett-Packard, NEC, Intel, Computer Associates, Fujitsu, Hitachi, and others have come to see enormous commercial potential in it. These companies believe they can make money indirectly off Linux by selling hardware loaded with it, proprietary software that runs on top of it, or support services that maintain and optimize it. Such companies, led by IBM, have already invested more than $1 billion in upgrading Linux for general business, data-center, and telecommunications purposes.

For some, the bet is paying off. IBM reported more than $2 billion in Linux-related revenues last year, a gain of 50% over the previous year. Though it is still rare to see Linux running on desktop computers in American offices, it is now commonplace on network servers at FORTUNE 1,000 companies, universities, and government agencies. It accounted for 23.5% of the market for new server software shipments in 2002, running a very respectable second to Microsoft's 55%, according to market research firm IDC. (Unix was third, with 11%.) Many corporate CTOs and CIOs consider Linux more reliable, flexible, and transparent, not to mention cheaper, than proprietary alternatives. In addition, millions of consumer electronics devices--cellphones, PDAs, TiVos, and DVD players--are already running on stripped-down, "embedded" versions of Linux. Linux is even gaining in the desktop environment, where IDC estimates that shipments are increasing yearly at a 25% rate.

Because of Linux's increasingly important role, the SCO suit swiftly escalated from an arcane two-party licensing dispute into a whirlpool of litigation engulfing a widening circle of companies. The dispute stemmed from SCO's 2001 acquisition of Unix, an operating system developed by AT&T in the late 1960s for use on mainframes and minicomputers. Included in the purchase were some 30,000 licensing contracts that AT&T had entered into with about 6,000 universities, government agencies, and businesses, including IBM.

SCO's acquisition of Unix soon had repercussions for all Linux users, even those who had never licensed Unix. Linux had been designed to share some programming principles with Unix, so that developers who felt at home in the Unix environment could easily adapt. In May 2003, SCO announced that it had discovered other fragments of alleged Unix code in Linux--quite apart from anything IBM may have put there. It sent letters to every FORTUNE 1,000 and FORTUNE Global 500 company warning that end users of Linux were violating its copyrights. SCO demanded $699 per single-processor server running Linux to license whatever Unix code might be floating around inside.

Next, network software distributor Novell jumped into the vortex. Novell was then turning its business model inside out to embrace Linux--a decision for which it would be rewarded with a $50 million investment by IBM in November. In late May 2003, Novell announced that it actually owned all the crucial Unix rights that SCO had been asserting against IBM and Linux end users. Novell cited provisions of an impenetrably confusing 1995 contract in which Novell had sold certain Unix rights, while retaining others, to the company from which SCO had later acquired its Unix rights. In January, SCO sued Novell for "slandering its title" to the Unix assets.

Finally, this March, SCO sued two Linux end users, AutoZone and DaimlerChrysler, in state courts in Nevada and Michigan, forcing even the sleepiest of corporate counsels to take notice. Every business that had either switched to Linux or was contemplating doing so--and it was a rare company that didn't fall into one or the other category--now had to worry about becoming the next AutoZone. Some discovered that they were at least theoretically exposed to even worse doomsday scenarios. Suppose your company had shipped ten million cellphones, for example, and it later turned out that each one contained five lines of stray Unix gobbledygook mixed up among a million lines of embedded Linux gobbledygook. Could a court really order your company to recall all ten million devices just to tear out and rewrite a few lines of offending techno-gibberish? Answer: yes.

Yet all this tumult still doesn't fully account for the towering stack of press clippings on the SCO waiting room's end table. The religious fervor of the backlash against SCO's suits reveals that this is no plain-vanilla licensing dispute. (One whole volume of January clippings was devoted to the MyDoom worm, which had primed infected computers worldwide to stage a crippling denial-of-service attack on SCO's website.) SCO's suits happen to be imperiling a movement. That movement teaches that software should be a public utility, not a product, and that free software is just one illustration of how a radically different, more communal approach to intellectual property will better serve the advancement of knowledge, innovation, and creativity.

Readers need not buy into the grander vision, however, to agree that what's at stake in the lawsuits is much bigger than SCO or even IBM. Even the stodgiest greed-is-good capitalist cannot deny that the loose-knit band of free-software enthusiasts has already succeeded where the U.S. Department of Justice and the European Commission have failed. These developers are right now, before our eyes, curbing the Microsoft Windows monopoly. They have created a genuine competitor to Windows--one that, because of its nonproprietary nature and diffuse authorship, Microsoft can neither acquire nor suppress. Explains Eben Moglen, a Columbia Law School professor and the chief lawyer for the Free Software Foundation: "The technical and business transactions which Microsoft has employed in the past to protect its franchise against commoditization have met a successful, irreversible commoditization movement. And the largest and best-funded competitor in the information technology industry"--IBM--"has figured out how to benefit from it."

Yet the source of Linux's strength in the market--that diffuse, communal authorship--is also its soft underbelly in the courtroom. Because it is continually cobbled together from informal contributions by thousands of developers scattered across the globe, there is no assurance that its many co-authors are all scrupulously donating only fragments that they have written themselves, as opposed to, for instance, lifting or paraphrasing--even unwittingly--from copyrighted or patented code.

Even beyond questions of tainted pedigree, Linux is a morass of law-school exam questions waiting to be administered. In copyright terms, no one knows just what manner of beast it is. Is it a work of "joint authorship"? A "compilation"? A perpetually expanding series of "derivative works"? Without knowing the answers to those questions, lawyers can't pinpoint precisely who owns either the whole of Linux or any of its fragments. Lawyers don't even know what country's law should apply when trying to untangle any of those questions.

The SCO suits are in this sense more important for the structural vulnerability in Linux that they have exposed than for the specifics of the wrongdoing they assert. Those who hope to use open-source code in the commercial world will have to learn to protect such works--and themselves--from courtroom assault. They need to start today.

Surprisingly enough, the man who founded the whole free-software movement--the playful, eccentric, now-51-year-old Richard Stallman--saw the problem coming and tried to head it off. In the early 1980s the MIT Artificial Intelligence Lab where Stallman worked installed a new, updated mainframe computer. It was a traumatic event for Stallman, for reasons he has described in his book of essays, Free Software, Free Society. For more than a decade Stallman and his colleagues had been writing and improving the software that had run on the predecessor machine. When the new computer arrived, all their work went up in smoke. The new machine came with its own proprietary operating system, whose source code was a carefully guarded trade secret. To his horror Stallman learned that he and his community of developers would no longer be permitted to tinker with it.

This approach was worse than infantilizing, in Stallman's view. It was "antisocial," "unethical," and "simply wrong." Stallman decided to devise his own operating system, whose source code would be free and open for all to examine and critique and modify. He would call it GNU, which stood for "GNU's Not Unix." (It's pronounced with a hard "g," and rhymes with "canoe.")

Stallman's GNU project produced many of the higher-level functions of an operating system, but as the 1990s dawned he had still not yet gotten down to the "kernel" --the lower-level functions that interact most directly with the hardware. Serendipitously, in 1991 a 19-year-old Finnish college student named Linus (pronounced "LEE-nus") Torvalds independently began composing his own operating system. Unlike Stallman, Torvalds began at the lowest levels. ("Lowest" in this culture is not pejorative but laudatory. The closer a developer gets to the machine, the greater the respect to which he or she is entitled.)

Torvalds posted his work-in-progress on the Internet, inviting comment. To his surprise, his posting garnered considerable interest, as well as insightful suggestions from sophisticated developers around the world. From that point forward the project proceeded quickly and communally, with Torvalds or his delegates making the final determinations about which suggestions to incorporate. Many open-source enthusiasts believe that this communal approach intrinsically results in more reliable, bug-free software than proprietary code.

Eventually Stallman's upper-level GNU functions were placed on top of Torvalds's kernel, and the operating system was complete. The whole is now typically referred to as Linux.

But there was a crucial legal difference between the portion of the project led by Stallman and that led by Torvalds. The difference stems from Stallman's rather fanatical notion of "free"--which extends beyond the conventional notion of merely allowing people to do what they want. Stallman foresaw that some people might want to take free software, modify it, and claim the modifications as their own property. He did not want that to happen. To him it was fundamental that if he was going to let others see and play with what he had created, the others had to reciprocate. He embodied this peculiarly controlling notion of freedom in an unusual license he wrote himself, known as the General Public License (GPL).

Stallman's controlling view of freedom extends to press freedom, which is why he is not directly quoted in this article. As a precondition to being interviewed, Stallman insists that reporters agree to certain usage rules regarding the phrase "free software"--he abhors the more popular term "open source"--and that they pledge to refer to Linux in their stories as GNU/Linux--a name that, he feels, better acknowledges his own contributions to it. FORTUNE declined.

In a nutshell, the GPL allows users of GNU software to copy, modify, and distribute it as long as they permit others to do the same with the modifications they make. It's a little like a reverse copyright. A friend of Stallman's famously called the GPL "copyleft--all rights reversed."

Many people have mistakenly assumed that the free-software movement is at odds with copyright law. On the contrary, it depends upon it. The GPL is not a conventional contract, and its enforceability, most lawyers believe, hinges on copyright laws (see box). Stallman was therefore scrupulous about keeping his copyrights in good order. In 1984, for instance, he quit MIT to ensure that the university could not claim ownership of the software he wrote under the so-called work-for-hire doctrine that governs many employer-employee relationships. He also required that any contributor to the GNU project formally assign his or her copyrights to the Free Software Foundation in a pen-and-paper document, and likewise provide a signed acknowledgment from his or her own employer waiving any possible work-for-hire claims. He further insisted that contributors indemnify the Free Software Foundation if it later turned out that their contributions were not their own and therefore infringed someone else's copyright.

Although Torvalds elected to use Stallman's GPL license to cover the Linux kernel, he never instituted any of Stallman's scrupulous methods of ensuring that copyrights were assigned to a central entity, nor did he try to police contributors to ensure that they weren't donating code that didn't belong to them. Torvalds was just a college kid, after all, pursuing a then-noncommercial labor of love. In any event, why would a Finn, collaborating with quasi-anonymous e-mailers from Germany, Sweden, Mexico, or places literally unknown, break his back to comply with U.S. copyright law?

Nevertheless, the consequence today of Torvalds's understandable omission is that the kernel at the heart of Linux--upon which companies like IBM are now staking their futures and challenging the Microsoft behemoth--is legally radioactive.

The much-loathed would-be Linux slayer we know today as SCO has its roots in a secret, visionary unit of Novell that was set up in the early 1990s to--of all things--develop a commercial-grade version of Linux. In 1994, Novell dumped the project, and the unit's leaders left to form their own company, Caldera. In March 2000, Caldera went public. At that point, then-CEO Ransom Love recalls, Linux had progressed to the stage where it was well suited for the branch offices of a national business--like, say, an AutoZone outlet--though such businesses might still need to run Unix at their headquarters. Love thought that if he could acquire the rights to Unix, he could better meet customers' needs and meld Unix and Linux into a single environment.

Caldera had another motive for acquiring Unix, Love adds--one that is ironic in light of how events would play out. Love understood that Linux's potential Achilles' heel was its mongrel intellectual-property pedigree. "If Microsoft was ever going to attack," Love says, "they would do it through fear and uncertainty and doubt around the intellectual-property issue." Love also knew that, given Linux's provenance, the most likely source of illicit contributions into Linux was Unix. "By purchasing Unix, we felt like we could actually provide indemnification" to Linux end users--i.e., pledges to protect them from potential copyright suits by people claiming to own fragments of Linux.

AT&T had created Unix in 1969 as a unifying operating system that would run on a wide variety of hardware. It licensed Unix to different customers on different terms. Universities were often allowed to see and modify the source code as long as they did not use it for commercial purposes. Commercial licensees received the code on more restrictive terms.

Many hardware manufacturers--including IBM, Silicon Graphics, Hewlett-Packard, and Sun Microsystems--were allowed to see and modify the source code and then redistribute the software (but not its source code) preloaded on their hardware. In exchange, they paid royalties on the redistributed code and promised to keep confidential the source code for both Unix and their "derivative" works. Over time, many manufacturers developed their own "flavors" of Unix--Sun's was Solaris, for instance, while IBM's was AIX--as did some universities. All these variants cross-pollinated over the years. For this reason, identifying the correct copyright holder of any one stretch of code in any one flavor of Unix--and the precise terms under which that copyright holder originally licensed it--can be a daunting challenge. The best genealogy of Unix is illustrated in a comically unfathomable chart provided by French software historian Eric Levenez on his website at www.levenez.com. That family tree prints out across 17 eight-by 11-inch pages. (See excerpt at right.)

Novell bought the Unix business from AT&T in 1993, but then, after a management change, sold most of the Unix assets to a small company called Santa Cruz Operation in 1995. In May 2001, Caldera's Love bought those Unix assets from Santa Cruz. He bought the Santa Cruz name too, announcing that Caldera would become the SCO Group in summer 2002.

Meanwhile, the tech economy was falling apart, throwing the company into turmoil. In addition, in 2001 IBM suddenly withdrew from a joint venture with Santa Cruz--known as Project Monterey--that Caldera had banked on as an important revenue source.

In June 2002, Love was replaced as CEO by Darl McBride, a former Novell executive who had been selected because of his expertise in marketing through a reselling channel. McBride had opened Novell's Japan operation in 1990--he speaks fluent Japanese, which he learned on a Mormon mission during college--and had taken that unit to $150 million in revenues in about three years.

McBride is a blunt, unnuanced man with a fireplug build. (He lettered in four sports in high school.) He is old school, and not easily swept up by visionary rhetoric. And he is not one to back down from a fight. About a week after he joined SCO, some IBM officials came to visit him, he says. "They were out here talking about how important this Linux thing is. I was talking about, well, Linux is interesting, but we have this other thing called Unix, which is where we make all of our money. They came back very strongly with, 'The operating system must be free.' Okay, that's their game plan, fine. But what they're trying to do is impose that standard on the world."

While McBride was figuring out what to do with the company, customers began approaching him with a proposition. Users of SCO's Unix systems that were switching to Linux had discovered that their old Unix applications would run seamlessly on Linux if they merely copied certain critical SCO Unix files--known as run-time libraries--into Linux. Aware that such copying might violate their licenses with SCO, these customers wanted SCO to license them just those files. At the same time, SCO learned that other, less prudent customers were copying those libraries without asking permission. McBride decided to set up a division, SCOsource, to license the libraries to Linux users and--um, er--to remind others of their obligations when it came to copying SCO's Unix-related intellectual property.

McBride started bouncing this idea off "big time" players and business partners, he recalls, like Oracle, HP, and Red Hat. "The reactions were neutral to positive," McBride claims. "Except in IBM's case. Which was a violent reaction. Their response back to me was very simple: We cannot let customers even have an inkling that there might be intellectual-property problems inside of Linux. For any reason."

With tension between SCO and IBM rising--IBM's withdrawal from Project Monterey was still a simmering issue--SCO announced the launch of the licensing unit at a LinuxWorld conference in January 2003. It also signed up the most credentialed litigator in America, David Boies, as the unit's enforcer. At the same conference Steve Mills, the head of IBM's software group, unwittingly exacerbated tensions in his exuberant keynote. According to one news account, Mills stated that while Linux lagged behind Unix at the moment, IBM would exploit its expertise with AIX to bring it up to speed. "The pathway to get there is an eight-lane highway," he reportedly said. Asked whether Linux would eventually replace AIX--IBM's flavor of Unix--Mills implied that it would. A few minutes later Dell's CIO, Ron Mott, displayed a slide to the same audience and read aloud its conclusion: "Unix is dead."

In this and earlier public statements, IBM implied that it was grafting sophisticated code from AIX onto Linux to accelerate Linux's commercial upgrade. McBride believed IBM couldn't do that, since all AIX code constituted, in his view, a Unix "derivative" whose source code IBM had to keep secret under its licenses.

In March 2003, SCO sued IBM, and--as Moglen aptly analogizes--it was as if Gavrilo Princip had assassinated the Archduke Franz Ferdinand.

The Linux community was naturally skeptical about SCO's claims and became more so when SCO initially refused to say precisely which segments of Linux code it was claiming title to. Since Linux developers were offering to rip out and replace anything that might infringe, it appeared to SCO's critics that SCO was more interested in gouging Linux users than in protecting Unix code. (SCO maintained that it could not publicly identify any filched source code without waiving the very confidentiality rights that it was trying to protect and enforce.)

There were other reasons to be suspicious of SCO's good faith. SCO's stock price rose sharply in the wake of the suits' announcement--from $1.09 in mid-February to $20.50 in October--and some officers and directors were regularly selling chunks of stock. Though McBride was not among them, he did receive almost $1 million in cash compensation in 2003--an extraordinary sum for the CEO of a microcap.

In addition, very shortly after filing the IBM suit, SCO corralled $25.8 million in what were characterized as licensing agreements with Microsoft and Sun. They were widely interpreted as efforts by Microsoft and Sun to bankroll the legal assault upon Linux.

The bounty-hunting terms of SCO's retainer agreement with Boies are yet another cause for raised eyebrows. Boies's firm and the others working with him are billing SCO at discounted hourly rates, but in return they stand to receive 20% of any judgments or settlements that result. What's unusual, though, is that the contracts specify that if SCO is acquired during the litigation--imagine, say, IBM buying SCO to make it go away --SCO's lawyers will take 20% of the company's sale price. The lawyers even receive 20% of any financings SCO receives during the litigation. For instance, when SCO got a $50 million private placement in October 2003, SCO's law firms immediately banked more than $8.9 million, including $1 million cash. One of the law firms working with Boies's 178-lawyer firm on the case and, therefore, sharing in the booty, is Los Angeles solo practitioner Kevin McBride--CEO McBride's brother. How does Boies's firm split the money with Kevin McBride and the others? The "lion's share" goes to the Boies firm, Kevin McBride says.

We've reached the point in the narrative where some brute legal analysis can no longer be postponed. We'll make it brief. The challenge in writing about the SCO suits--and inevitably fattening SCO's next volume of press clippings--is that even the most skeptical account tends to advance SCO's cause. Fear of lawsuits, even meritless ones, can spur companies to shy away from switching to Linux or to pay SCO the toll it seeks. This is the power of sowing FUD--fear, uncertainty, and doubt--which is a strategy of long standing in the computer industry. Certainly there are reasons to be skeptical of SCO's legal claims. Though SCO's key original claim against IBM was dramatic and easy to empathize with--the claim that IBM dumped Unix code into Linux--it has subsequently become clear through courtroom give-and-take that SCO's claim is actually more attenuated. The crux, as McBride concedes in an interview, is really that IBM dumped into Linux AIX code that IBM wrote itself but that SCO says is "derivative" of Unix and therefore covered by the confidentiality provisions of IBM's original license with AT&T. It's not a preposterous reading of the license, but it's an aggressive one.

By far the greatest potential obstacle for SCO is the astoundingly confusing September 1995 sales contract whereby Novell transferred some but not all of its Unix rights to Santa Cruz, and thence to SCO. If Novell's reading of that contract turns out to be right--i.e., that Novell retains control of all the crucial rights SCO is now asserting--SCO's whole post-McBride business model is annihilated.

SCO insists that the 1995 deal was exactly what the outside world then thought it was--a sale by Novell to Santa Cruz of Novell's "Unix business" and "Unix intellectual property," as the companies' joint press release described it at the time. Nevertheless--and at least in part because the smallish Santa Cruz could not have afforded the Unix business otherwise--the actual contract specifies that Novell is to continue to receive 95% of the royalty income from the existing Unix licenses, and that it retains veto power over the enforcement of those licenses. (The contract anticipates that Santa Cruz would eventually release a next-generation Unix, whose royalties would be entirely its own.) What the contract leaves unclear is whether Novell's veto power also extends to the non-royalty-yielding source-code licenses, including the one that now forms the crux of SCO's case against IBM.

The other huge question mark left by the same contract revolves around the Unix copyrights, which are SCO's sole basis for demanding licenses from Linux end users. Notwithstanding the claims of the press release heralding the deal, a critical appendix to the contract states that "all copyrights" are excluded from the sale. SCO claims that this was a typo--a whopping typo, to be sure--that was corrected in an amendment a year later. But the amendment itself is confusing and vague.

The one advantage SCO might have in this absolutely critical dispute with Novell is that McBride was present when the sales contract was being negotiated--though he happened to be on the Novell side of the table back then. By contrast, none of Novell's current top management were. "I was in the staff meetings," McBride protests. "We [at Novell] were selling Unix. We were exiting the business. I've gone back and talked to all of those guys. We have statements from them. We know what they're going to say as this goes through." (The two signatories to the contract declined to comment.)

As if those issues aren't knotty enough, SCO is also inviting Linux end users into a litigation tar pit when it comes to its claims about the Unix fragments in Linux. Many of the files SCO alleges are infringing are "header" files, containing names, data, and other information that many copyright specialists doubt are copyrightable at all. In addition, SCO is complaining not just about verbatim copying but also about the purloining of its code's "structure, sequence, and/or organization"--another notion that probes the outer reaches of what is copyrightable. The last time the U.S. Supreme Court grappled with such questions was in 1996, in a would-be landmark dispute in which the justices wrestled themselves to a 4-4 draw. In sum, even if SCO is bluffing, it will be an exceedingly expensive bluff to call.

It's not about SCO. It's not about SCO. It's not about SCO." Daniel Egger, a lawyer, software developer, and venture capitalist, has pored over SCO's legal claims and found them wanting. What Egger does believe, however, is that the SCO suits have exposed a "structural" problem with open-source software that has staying power. In fact, Egger believes that so strongly that he has joined the growing ranks of entrepreneurs who now offer consulting services and proprietary software to help commercial users of open source minimize their legal risks.

Other business lawyers share Egger's view that there is a structural problem. Though copyright suits like SCO's get most of the press, attorney Irwin Gross remarks, patent suits are an even greater threat. "There's a lot of roadkill out here," he says, referring to all the Silicon Valley startups that failed and whose only remaining assets are their patents. "There's a lot of patent applications floating around in the hands of people who don't have an interest in anything other than asserting them."

Though Hewlett-Packard, Novell, and others have begun offering "indemnification" to their open-source customers, the guarantees are comforting only until you read the fine print, according to Egger. The protections typically vanish if the customer modifies the software--the raison d'etre of open source--while some apply only to suits by SCO, others have liability caps, and on it goes.

Although proprietary software is also vulnerable to copyright or patent claims, its end users have some assurance that their vendors will go to bat for them if there should be a problem--if not because of indemnification contracts, then just as a matter of business self-interest. Until now, open-source end users have had no analogous "sugar daddy" to turn to, as Gross puts it.

Egger hopes his startup, Open Source Risk Management, will serve such a role. In time he aims to sell open-source insurance policies. In the shorter term, three Linux promoters--IBM, Intel, and MontaVista Software--have already ponied up $3 million to seed a legal defense fund for Linux end users sued by SCO.

The gathering array of alliances and opportunistic businesses rallying to the legal rescue of open-source suggests that as long as corporate behemoths like IBM and HP see a stake in making open source survive, it will. "If SCO shows anything," says Gross, "it shows the phenomenon of how many big players are now inextricably intertwined with Linux. And it shows how reviled you're going to be if you pursue the Linux community."

That it does.

How The Open-Source World Plans To Smack Down Microsoft, And Oracle, And...

Old news but still worth reading.


By David Kirkpatrick

(FORTUNE Magazine) – Steve Ballmer made a sudden and unscheduled trip to Munich last winter. The CEO of Microsoft had been vacationing with his family in Europe when he got word that the Bavarian capital was about to scrap the Windows operating system on its 14,000 PCs and switch to free "open source" Linux software to run its machines. Loath to lose a prominent government customer, Ballmer jumped into a business suit and rushed to Munich. But he was too late. The city decided to go open source.

What happened in Germany is a microcosm of a change that is sweeping the $200-billion-a-year software industry. Open-source software is popping up everywhere, in PCs and cellphones and set-top boxes, in servers that power the world's websites and in giant corporate and government systems. Today the biggest challenge confronting Microsoft--and Oracle and IBM and virtually every other major software maker--is chillingly simple: How do you compete with programs that can be had free?

In just a few years, a grassroots approach to creating software has shaken the status quo. In 1991, Linus Torvalds, a college kid in Finland, posted his Linux operating system online and invited friends to use and improve it. The availability of this basic, powerful software, which works on Intel's ubiquitous microprocessors, coincided with the explosive growth of the Internet.

Linux soon began to gain a global following among programmers and business users. Then, during the dot-com boom, mighty IBM got into the act. The $90-billion-a-year giant seized on Linux as a way to sell more hardware and services, and to stymie Microsoft in corporate accounts. Never mind that foes of open source like Microsoft senior VP Craig Mundie denounce free Linux as "socialism," a threat to the very fabric of the industry Bill Gates created; largely because of IBM's endorsement, the use of free software has soared.

The revolution goes far beyond little Linux. Remember how the PC clobbered minicomputer makers Digital Equipment, Wang Labs, and Data General? Some software companies could face a similar fate. Just about any kind of software can be found in open-source form. The SourceForge.net website, a meeting place for programmers, lists an astounding 86,000 programs in progress. Most are minor projects by and for geeks, but hundreds pack real value. If you need a customer-service application for a company of up to $200 million in annual sales, it's there. Free software is also popping up increasingly on PCs. If you hate shelling out $350 for Microsoft Office or $600 for Adobe Photoshop, OpenOffice.org and the Gimp are surprisingly high-quality free alternatives.

Users like open software for more than its price. Whereas most software companies jealously guard the inner workings of their programs to protect their commercial value, open source unveils its essential programming, or "source code," to the world. That makes it easy for users to modify it to suit their needs and for programmers to share improvements. Open-source programs are typically maintained by volunteers, sometimes numbering many thousands. Says Ted Schadler, an analyst at Forrester, a Boston IT-industry watcher that surveys corporate users: "Companies find the quality of mainstream open-source products like Linux to be at least equal to that of commercial alternatives."

You may not realize it, but you probably encounter open source every day. When you search for information about a movie on Google or buy a book on Amazon, your inquiry is shunted through vast farms of servers powered by it. Sabre, the $2-billion-a-year travel-reservations system, uses Linux and open-source database software in its Dallas data center, one of the largest on earth. Open source helps guide the Mars Rover. Some 70% of large companies surveyed recently by Forrester use Linux on at least some of their computers; an even higher percentage reported plans to increase their use of open source. Government leaders, notably in China, are endorsing open source as a way to save money and curb the influence of foreign suppliers, especially Microsoft.

For all Linux's prominence, the most successful open-source program is Apache, software that manages your browser's interaction with the web. It is used by 67% of websites worldwide, according to Netcraft.com, which analyzes the Internet. Another hit program is MySQL, a database that four million customers have downloaded. And so-called application-server programs like JBoss and Tomcat are displacing software sold by BEA Systems, IBM, and Oracle.

For the likes of Microsoft and Oracle, this trend spells trouble. Software is one of IT's few remaining redoubts of profitability now that fierce competition has hammered down the prices of PCs, disk drives, displays, cellphones, and Internet routers. But with open source challenging some of software's most widely used products, outsized profits like Microsoft's astounding 40% operating margins are at risk. Marc Andreessen, who led development of the first web browser, says open source will have the biggest and fastest impact on products "with broad horizontal appeal, where a lot of people use them in the same way." He means programs like Windows, Microsoft Office, low-end Oracle databases, and the Palm OS.

Faced with this tsunami, the giants have a tricky choice: Do they fight the wave or try to flow with it by adopting free-software strategies of their own? IBM, Oracle, SAP, BEA, Veritas, and Intel have all chosen to go with the Linux flow. All have assigned programmers--300 at IBM alone--to work on improving the program. Most of the giants also support the Open Source Development Labs, a Beaverton, Ore., nonprofit that employs Torvalds to oversee Linux's technical evolution. And what does software's Che Guevara think about working for the capitalists? "Open source in no way means noncommercial," Torvalds writes laconically in an e-mail. Adds Dan Woods, an IT executive writing a book on the trend: "Open source has lost its innocence as a bunch of people holding hands on a hilltop." That's for sure: Free software is becoming big business.

Marten Mickos must be Larry Ellison's worst nightmare. This genial Finn (he's the guy with his shoes off in the opening photo) runs a startup called MySQL in Uppsala, Sweden, which gives away database software. (MySQL is pronounced "my sequel.") Mickos has a devilish plan--he wants to make his company a powerhouse by blowing up the industry's price structure, or as he has told friends, "turning the $10-billion-a-year database business into a $1 billion one." That would subvert the plans of the big three in databases--Oracle, IBM, and Microsoft. Too bad, says Mickos: "Software has been overglorified for 20 years. You've been able to overcharge for underperforming software."

But wait. How can anyone expect to build a business by giving away his product? Though MySQL can be downloaded free on its website, more than 4,000 customers have elected to pay for it, at the tiny rate of $495 per server per year. They do so for two reasons--to get MySQL to stand behind the product and provide service, and for the right to incorporate MySQL's code into their own products. Amazon, Cox Communications, and Sabre pay for support; Cisco Systems, Hewlett-Packard, and Ericsson for rights to the code.

To Mickos, the freebie approach makes business sense. He calls it a "smarter way to produce and distribute the goods." For one thing, it lets MySQL attract customers while spending close to nothing on marketing. On average, 35,000 users download MySQL each day. What's more, paying or not, the users serve as a sort of gigantic quality-control team. They can peer into the program and tell the company what needs improving. "We get notes from customers saying, 'We believe the bug is on line 3093,'" says Mickos. "That single hint can be so valuable it's worth 1,000 staff developers." And while MySQL is tiny--sales last year were $12.5 million--venture capital firm Benchmark Capital has pumped more than $8 million into MySQL in expectation of a big IPO.

Nobody claims the MySQL database is as capable as Oracle's or IBM's, programs rich in sophisticated features. But many customers don't care. Phyllis Michaelides, chief technologist for $10-billion-a-year Textron Corp., voices an opinion heard increasingly often in IT departments about open-source products: "MySQL is getting better and better. It may not do everything, but if you don't need it, why pay for it?"

Like Linux, MySQL hit the big time with the help of a powerful ally: For MySQL, it was SAP, the $9-billion-a-year king of enterprise applications. Companies use SAP to automate everything from finance to manufacturing. To run the software, you must also have a database, which SAP generally does not provide. SAP's success in the '90s generated billions of dollars of sales for Oracle, and both companies thrived. But the symbiosis is breaking down, in part because Oracle has been pushing enterprise applications of its own. Its controversial bid to buy PeopleSoft is aimed largely at challenging SAP.

So last year SAP began recommending MySQL to customers and has also contributed to Mickos's company software code to beef up its offerings. CEO Henning Kagermann denies, unconvincingly, that helping MySQL is a thrust against Oracle: "We are not a database company and don't want to be." Other big players have also aligned themselves with MySQL, including Veritas, a $1.8-billion-a-year maker of software to manage data storage gear, and BEA Systems, a $1-billion-a-year maker of application-server software.

Larry Ellison told financial analysts in December that "it's going to be a very long time" before MySQL competes successfully with Oracle in large corporate accounts. Lieutenants at his $10-billion-a-year company scoff that MySQL is anemic and overhyped. Says vice president of product strategy Ken Jacobs: "We see a lot more of them in the press than we do in competitive situations." Maybe so, but free software like MySQL can gain tremendous acceptance without a formal sales pitch. As Mark Andreessen points out, "A truly disruptive technology does not get noticed until it's too late."

Though IBM derives an estimated $3.5 billion of annual sales from DB2, it has taken a welcoming attitude toward open source since it embraced Linux. Software chief Steve Mills explains that Big Blue aims to stay ahead of competition like MySQL by constantly innovating: "The possibility exists that a product at a lower price can take business away from us. But that's always been true. Open source is threatening only if you're not differentiating enough with your product." CEO Alfred Chuang of BEA strikes a similar note. BEA has begun using open-source code to perform basic tasks in its products; that frees its programmers to invent valuable features that open-sourcers may find hard to match. Says Chuang: "Open source in general is very good for BEA."

The open-source tsunami threatens no company more than it does Microsoft. Linux has been a major factor in the recent slowing of the giant; long one of the mightiest growth stocks, Microsoft shares rose just 6% in 2003, vs. 50% for the Nasdaq.

Signs of damage to Microsoft are everywhere. Not only does Linux now have, according to the IDC research firm, a 15% share of operating systems on enterprise server computers--a vast market Microsoft once thought was there for the taking--but also Apache's dominance in web servers represents a huge lost opportunity. Says longtime industry analyst George Gilbert of Tech Strategy Group: "Apache has prevented Microsoft from controlling both ends of the wire on the web--the browser and what the browser talked to. If it hadn't been there, Microsoft could have controlled ... the web itself."

Microsoft's stronghold, desktop computer software, is also under siege. Though Torvalds is careful to clarify that he is "not a Microsoft hater," the open-source consortium he works for recently launched a big campaign to promote desktop Linux. A December survey by Merrill Lynch found 58% of large-company CIOs have a growing interest in open-source desktop software. China, India, and Argentina are proceeding with open-source desktop initiatives.

In the U.S., desktop Linux appeals especially to a market on which Microsoft is counting for growth: small business. A recent full-page newspaper ad in Seattle for Fry's Electronics stores showed why: It offered a Linux PC for $199. Even the most stripped-down Windows machines seldom sell for less than $400.

Faced with the assault of free, Microsoft is cutting prices on its mainstay products far more than ever before. That same Fry's ad offers Microsoft's Office XP program for only $119.99; in recent years it has sold for as much as $500. This version is supposedly only for students and teachers, but anyone can buy it. Fighting Linux in developing countries has prompted even more dramatic price cuts. In Thailand, Microsoft recently experimented with charging just $50 for both Windows and Office. In schools in the developing world and in poor parts of the developed one, the company now offers Windows essentially for free and Office on a subscription basis at $2.50 per year. The price cutting is sure to spread. Says Tony Scott, chief technology officer at General Motors: "You'll see the price Microsoft can charge for its operating system driven down consistently over the next few years."

Microsoft thrives, of course, when faced with competition--remember how it rallied to crush Netscape during the Internet boom. (Nor is it without allies: Tiny SCO of Lindon, Utah, has worried Linux users by claiming copyright ownership of some of the underlying code--a claim that's wending its way through federal court in Salt Lake City.) Today at Microsoft hundreds of employees are working on Linux and other threats, and the word "open" crops up a lot. Martin Taylor, a rising star who recently served as CEO Ballmer's chief of staff, is assigned full-time to the open-source challenge. Says Marshall Phelps, an ex-IBMer whom Microsoft hired in June to develop an intellectual-property licensing program: "Microsoft has been pretty closed as a company. Basically now we're open for business." Jason Matusow, who runs a program that allows selected customers special rights to view Microsoft source code, says, "Customers in large numbers are telling us we need greater transparency."

Then there is Bill Gates. Microsoft's chairman and chief software architect is spending most of his time these days on a top-to-bottom reworking of Windows, the company's $11-billion-a-year mainstay. Code-named Longhorn and not due for release before next year, the software aims to make computers more versatile and less expensive to maintain. It also aims to discourage defection to Linux: It will integrate key functions of Office and database software so that users won't be as easily tempted by free programs like OpenOffice and MySQL.

As the popularity of open source surges and prices and profit margins in software crumble, will the industry be ruined? Microsoft's Mundie warns darkly that the erosion of profits will slow innovation. But Torvalds (sounding positively Gatesian) argues that the demand for innovative software is limitless: Programmers will never lack for moneymaking opportunities as infotech weaves itself into all aspects of our lives. That may be closer to the truth. Software companies have always had to innovate to survive--and fear focuses the mind.