Slashdot Mirror

It has been called an "Open Source alternative to .NET", although it is by no means a clone. Rather, it focuses on extending existing UNIX features and programs to the Internet, where they haven't been before.

Perhaps we don't need a clone, just as Linux is not a clone of Windows. And it's a good thing it is not.

Here are some articles and mentions of Piper:

On Slashdot

Linux Software Encyclopedia

Linux Weekly News

Gnome Gnotices (It's interesting to note that the article first posted there referred to Piper as an alternative to .Net. The moderator later changed that. Paranoid minds, such as mine, wonder about this and the future intentions of GNOME with respect to .Net.)

O'Reilly P2P website

SunWorld Online

And some other online magazines/forums:

Infolets

Tecnologia

Hispa MP3

--
This sort of thing has cropped up before. And it has always been due to human error.

Really, it's that good. Even the often-critical Slashdot reviews found it to be "Outstanding". If you have even a passing interest in cryptography, I'd highly recommend picking up this book. Just don't buy it from Amazon, please :).

Alex Bischoff
---

To start with, as others have said Open Source (for most people) is not at all about money. In fact, you can almost always say that Open Source is about filling a need before that need was realized and money could be focused on it. A lot of commercial software follows from free things that were done originally because there was a vision beforehand. Browsers, editors, graphics tools, desktop publishing, etc. all have products that followed from Open Source roots.

Now, about the lack of direction. I would argue that Open Source can offer a much better sustained direction than any money driven project can - after all, if the source of the money decides to exert effort elsewhere then the effort WILL go elsewhere, and a project will die (you've all seen it before in countless companies) even if the project had some merit. I give you
XVFB (X Virtual Frame Buffer) as an example - developed long ago and not used much at all, it's making a comeback for server side Java programs and automated GUI testing, as well as some system admin work. In a commercal environment this program would be dead and buried and forgotten. Because it was Open Source, it could lie dormant until it was needed and wanted.

Some Open Source projects may have less vision than others, but in general will tend to at least be consistant - after all, most projects have a sort of leader or set of leaders whose only interest is in making the program meet thier vision - and even if they go away the program will only be picked up by others if the original vision matches what they want to do. I imagine this very consistancy is why you think Open Source projects lack vision, even though you also complain about lack of direction... they have no need of focus groups because the users are the focus groups. What Open Source really needs is some means of active distribution to get programs into the hands of more people, and thus provide better direction through more input. What if you could buy the Gimp in stores for the cost of packaging?

The big one for me is innovation, it seems to me that innovation in general is lacking everywhere, not just open source. But I see hope: Imagine if you will what happens when a bunch of programmers from the industry rich with profits from stock options grow older. I think the tendancy of many people as they grow older is to try and give something back to the community around them, and for most programmers that will probably manifest itself in various individual projects. Some will be companies, some will be open source projects headed by people that never need to work again, but it will not matter - that is where innovation will come from, from people who literally can try anything because there is no cost of failure. In Open Source, innovation usually means totally new projects which is why it can be hard sometimes to see innvation at work, because projects fly along under the radar for some time until they seem to spring up from nowhere.

On a side note, I believe there is already work on groupware in the open source world (Evolution, and probably some others). I agree that companies need groupware, but all of the parts of groupware have been there forever apart from calendaring. That is the most needed part of groupware though (to synchronize schedules) and so will take a bit of time to do right.

Also, the other trend you ignore at your peril is that the world is moving toward a much more distributed model of computing - even Microsoft. .Net at the heart of things uses SOAP, an RPC like mechanism that uses XML to transport method calls. That should make it a lot easier for Open Source projects to attach to commercial work, and vice versa. It should also make reverse engineering a lot easier so that totally Open equivilents that can operate with the Closed world are easier to create (which in some ways does serve to stifle innovation and increase imitation).

SunWorld recently did an article on Sola ris 's journaling fs. They did a "pull the plug test" too on with and without journaling on. They also found that with journaling on the file-system was quite a bit faster. (I've done some testing myself, and found some things to be about 10x faster...)

First they were announced in 1997 to be released in mid 1998.

Then they were "on track" for volume shipments by the end of 1999.

Now they finally have some of them in products in late 2000.

Very impressive. Heck, weren't we supposed to have UltraSparc IV's by now?

By James Niccolai, IDG News Service

San Jose (August 11, 1999) -- Linus Torvalds wants more battery life from his Sony Corp. Vaio notebook, so naturally, better power management is among the improvements planned for the next version of the Linux kernel. Apparently that's how it goes when you've been anointed "the leader of the free world" by your open source peers.

First, don't get me wrong, I'm not against the idea at all and I do think that Coda is really great (on paper).
Second, I'm also surveying Coda's enhancements for more than 2 years now and I really think it's a great software with lots of people behind but my question really is : "can Coda achieve enough scalability and stability in order to be installed for 1000+ clients ?" (the FAQ and the latest changelog doesn't help me think it could handle 2500 clients without any problem at all...)

Because frankly, when I hear all the feedback from different people using it 'in real life', it's not all so bright...

Besides, what about Intermezzo that is derived from Coda with most of it's features because of such "unforseen" scalability issue that were not planned back when the developement began... (appart from the fact that Intermezzo seems a little beta to me)

You can also find some good information concerning Coda/Intermezzo/NFSv4 here

As a conclusion, why not having one or more big editor (IBM, SGI, HP...) put some big bucks on the table in order to help any of these 2 projects being finalized through funds (SourceXchange, CoSource or any other way)

You do recall correctly. This is one of the articles about it from back in 1996. It never really did take off, and kind of hit a big snag when they hijacked internic.net in "protest."

Read Bruce Schneier's Cryptogram newsletter.
Bruce Schneier's hotlinks.
Look at Cryptome. Lots of information about Echelon, the MPAA/DeCSS issue, laws, export controls...
Mach 5 cryptography archives.
Designing Secure Software.
Simson Garfinkel and Gene Spafford's book Web Security and Commerce is a very good introduction to cryptography and security issues.

SunWorld had a two part tutorial on setting up and running ssh a while back. Check it out.

Hi, I work as a writer/security type for SecurityPortal.com, I do a weekly column, a weekly newsletter, wrote a 200 page guide to Linux security, so I feel somewhat qualified to critique this article.

That article is (I'm trying to think of a gentle word) bad.

Pulling statistics out of thin air is a bad idea. I personally would put the percentage lower based on the types of attacks I have seen a lot of (ie bulk scans performed by worm like programs, not something a "script-kiddie" can write).

Are we talking about hackers (Linux kernel hackers) or crackers here? A mid-1990's estimate is horribly out of date by now, I don't think there is any remotely reliable way to peg it. Also you need to define it first. If a 14 year old decides to go to rootshell, gets an exploit, defaces a major website, gets away with it, but realizes how much trouble he might have gotten into, and never does it again, is he a cracker? Is someone who tries out a few exploits from rootshell on his ISP "for fun" once a cracker?

No. Many "hardened" sites are not maintained properly, or even if they are (not hardened enough of course) there will be at least one time when a new exploit comes out and is not fixed for say 6 hours, a large windows of oppurtunity. Classic examples are bugs in Bind (DNS server software used by almost everyone), most DNS servers that are secured are secured quite well, however there have been several bugs that surfaced this year that pretty much nixed anything you could do to secure it (on most systems anyways).

Protecting yourself from your software

Securing Bind

There are a lot more items in the article I take exception to. As far as social engineering goes you should make the author read Winn Schwartau's "Information Warfare" (actually he should read it in anycase, it's a pretty comprehensive book). You might also check out:

Sunworld article on social engineering

Also in general the article is pretty messy, there is a bit on social engineering a few paragraphs before the social engineering section, I would seriously recomend removing it and having someone rewrite it from scratch.

-Kurt Seifried - my sig deleted

Hi, I work as a writer/security type for SecurityPortal.com, I do a weekly column, a weekly newsletter, wrote a 200 page guide to Linux security, so I feel somewhat qualified to critique this article.

That article is (I'm trying to think of a gentle word) bad.

Pulling statistics out of thin air is a bad idea. I personally would put the percentage lower based on the types of attacks I have seen a lot of (ie bulk scans performed by worm like programs, not something a "script-kiddie" can write).

Are we talking about hackers (Linux kernel hackers) or crackers here? A mid-1990's estimate is horribly out of date by now, I don't think there is any remotely reliable way to peg it. Also you need to define it first. If a 14 year old decides to go to rootshell, gets an exploit, defaces a major website, gets away with it, but realizes how much trouble he might have gotten into, and never does it again, is he a cracker? Is someone who tries out a few exploits from rootshell on his ISP "for fun" once a cracker?

No. Many "hardened" sites are not maintained properly, or even if they are (not hardened enough of course) there will be at least one time when a new exploit comes out and is not fixed for say 6 hours, a large windows of oppurtunity. Classic examples are bugs in Bind (DNS server software used by almost everyone), most DNS servers that are secured are secured quite well, however there have been several bugs that surfaced this year that pretty much nixed anything you could do to secure it (on most systems anyways).

Protecting yourself from your software

Securing Bind

There are a lot more items in the article I take exception to. As far as social engineering goes you should make the author read Winn Schwartau's "Information Warfare" (actually he should read it in anycase, it's a pretty comprehensive book). You might also check out:

Sunworld article on social engineering

Also in general the article is pretty messy, there is a bit on social engineering a few paragraphs before the social engineering section, I would seriously recomend removing it and having someone rewrite it from scratch.

-Kurt Seifried - my sig deleted

It is important to really find out if the disks are the problem.
I suggest you examine your system carefully to see what is actually happening. Besides using vmstat, iostat and friends you can get
a software package by Adrian Cockroft which has a 'virtual adrian' which points out all the bad spots in the system.
It can be found here : SE toolkit

This is a LONG article from SunWorld mag, and you have to go down a fair bit to get to the info about file journaling, and such, but it's a good read:
Getting to know the Solaris filesystem, Part 1

I know this question was about Linux, but I wanted to put my 2 cents in about swap and Solaris as I often run into admins who are ardent supporters of the 2 x RAM rule. My experience is that a lot of people overdo swap on Solaris. The best way to gauge your need of swap is through trial and error. You need to look at what you are going to do with the box and you need to be familiar with the applications. Solaris 2.x deals with anonymous memory in a more efficient manner (it relieves the need for swap space when a process demands more space). The tools you can use to figure out your needs would be /usr/proc/bin/pmap, swap -s, vmstat and df. Sure bets that you will need sizable swap space are databases that rely on shared memory. Often their requirements exceed physical memory. (Check out the Solaris Performance and Tuning from Cockroft and look at Sunworld's swap article from January of `98.) The moral: KNOW YOUR APPLICATIONS. TEST, TEST, TEST! Run the application and peek at it with pmap. How much does it memory does it take? Is that what the peek is? Then do this with the other processes on the system and add them up. Look at swap with vmstat and df -k. Do you have a lot of /tmp and /tmp is swapfs? If you do, then maybe you have too much swap. Also, be sure to trim your system of unneeded processes. Why have automountd running when you don't automount? Why have nfs or rpc running if you don't need them? You will find a winning combination after trial and error. Nothing beats experience and testing in sizing a box.

btw, Sun's SCSL is aimed more at commercial developers (including Sun's OEMs) and researchers, not so much general members of the public. However, they are releasing quite a bit of stuff under the SCSL - Java, Jini, HotSpot (later this year), their SPARC processors and several other software products. They seems to be SCSL'ing their products in general. They haven't said much about SCSL'ing Solaris recently - the last time it was brought up they said it would be quite hard to do, because of all the liscences.

I suppose there will be inevitable comparisons between Beowulf and Sun's HPC software, and SMP kit. The main hardware difference is bandwidth and latency - Beowulf seems more about combining lots of single CPU (or low CPU count, eg 1-4) boxes in a network, possibly having several hundred of such boxes. Sun's approach to high end computing is to have big SMP boxes (a single Starfire E10000 can take 64 UltraSparcs) with the option of clustering a few of them - currently limited to 4, ie 256 processors. A Starfire has a 6Gbyte/s I/O bus and 15Gbyte/s main memory bus, which is rather better than Ethernet. Sun's approach is more expensive, but it also solves a wider class of problems well. For some things (eg cracking codes, rendering) you don't need much interprocess communication or bandwidth, so it scales well with Beowulf, but for other things (some kinds of database operations, eg OLAP, and data intensive scientific calculations) you really need very high bandwidth and very low latency (close to main memory speeds) which is where Beowulf doesn't do so well. Still, some things don't scale so well, even on a Starfire... Btw, the Starfire is over 2 years old.

Cue Sun's next gen super-computer, codename Serengheti, which has a completely different architecture. It's memory architecture is called Cache Only Memory Architecture (COMA), which seems to have been in development for a long long time at Sun. A single box will take 128 processors, and you'll be able to cluster 8 of them, for a total of 1024 processors. It'll be powered by Sun's UltraSparc-III, which recently reached first silicion, and has b ooted on Solaris. Incidentaly, the UltraSparc-III has hardware support for 1024 processors, and is supposed to be out in volume production by the end of the year. However, Serengheti won't be out until about the 2nd half of 2000.

• While Linux will pose more of a threat in the long-term, currently it's helping Sun. Here's some recent Sun-related links - Sun does well according to
• IDC server survey. Sun's sha re price has risen from $20 to $70 in last 6 months. Sun is now selling the Samba-like NetLink (part of Project Cascade). Interview with Scott McNealy (Sun CEO) at The Register, parts one, two, three and four - "the enemy of my enemy is my friend, so I love Linux.". A SunWorld (not part of Sun) article about the "unoperating system" - Oracle (and Sun's) plans for 'thin-server' appliances with a small OS.

Here's the bit about Linux from the article at The Register:

• "Linux is like Windows: it's too fat for the client, for the appliance ...it's not scalable for the server. It's the right way to do the wrong answer, so if you're going to do the wrong answer which is fat clients and thin servers, then at least do it with Linux.

• "Don't send any money to Microsoft for something that's fatter, slower, buggier, doesn't scale as well, and has fewer people working on it.

  "There was an interesting little experiment our CTO [Bill Joy] did. He took the Sony Vaio notebook ... He downloaded Linux, then he went over to Netscape and downloaded the latest version, and then he went over to Star Office, and all of a sudden he had a better, faster, smaller, lower-powered, bug-free, legally free environment ... with more people working on it than the entire state of Washington.

  "Now why in the world would anybody ever write another cheque to Microsoft? I don't know. But why would you do Linux either? That's the wrong answer. Go thin clients, go appliances: that's the right way to go long term. So that's why I call [Linux] the right way to do the wrong answer. And the enemy of my enemy is my friend, so I love Linux."

Okay, some comments on this. If you include all the GNU/XFree86 as being part of Linux then it becomes pretty damn big. XFree86 is something like 45 million lines of code, last I heard. So 'all' of GNU/Linux is about 60 million, perhaps. Solaris is about 10 million. However, Scott's take on the future is basically the network computer concept. However, the markets he's thinking of are a) corporate, b) embedded consumer systems (TVs, set-top-boxes, intelligent phones etc) and not geeks. So, you have 'big iron' servers in the background giving you extreeme reliability - as reliable as phones, and incidentaly about 20% of Sun's revenue comes from telcos. These manage the 'master records' of your files, data etc. You then have 'simple' local clients that can do their own processing and have access to your 'big iron' servers.

As an example, just recently, Sun announced their 'i-Planet' software, which is very cute - all you need is 'client' computers with Java running on it, and some servers in the background, with both connected to the internet. Now, what you do is from anywhere on these client computers you 'login' to the server, which then sends you some Java programs so that you can securely manage/access your email and other things. Basically, you don't need a 'personal' computer anymore.

Scott's "right way to do wrong answer" is kinda misleading. But you can look at it like this, a) he thinks Linux is 'good' for what it is supposed to do, b) he thinks that (currently) Linux is not a general solution to the various problems that need to be solved in computing - ie it solves a sub-set. Scott's general 'solution' is for big (Sun) servers in the background with 'thin clients' being used the the public/workforce running Java - the hardware/OS doesn't even have to be from Sun.

Is he right? Well, I think that for many situations I think 'thin client' 'network computing' is a good way to do many things, but it's not really for hacker types. How well the implimentation works will depend on the software, which is why NCs didn't take off - the software wasn't ready.

Sorry this isn't very well written...

• While Linux will pose more of a threat in the long-term, currently it's helping Sun. Here's some recent Sun-related links - Sun does well according to
• IDC server survey. Sun's sha re price has risen from $20 to $70 in last 6 months. Sun is now selling the Samba-like NetLink (part of Project Cascade). Interview with Scott McNealy (Sun CEO) at The Register, parts one, two, three and four - "the enemy of my enemy is my friend, so I love Linux.". A SunWorld (not part of Sun) article about the "unoperating system" - Oracle (and Sun's) plans for 'thin-server' appliances with a small OS.

Here's the bit about Linux from the article at The Register:

• "Linux is like Windows: it's too fat for the client, for the appliance ...it's not scalable for the server. It's the right way to do the wrong answer, so if you're going to do the wrong answer which is fat clients and thin servers, then at least do it with Linux.

• "Don't send any money to Microsoft for something that's fatter, slower, buggier, doesn't scale as well, and has fewer people working on it.

  "There was an interesting little experiment our CTO [Bill Joy] did. He took the Sony Vaio notebook ... He downloaded Linux, then he went over to Netscape and downloaded the latest version, and then he went over to Star Office, and all of a sudden he had a better, faster, smaller, lower-powered, bug-free, legally free environment ... with more people working on it than the entire state of Washington.

  "Now why in the world would anybody ever write another cheque to Microsoft? I don't know. But why would you do Linux either? That's the wrong answer. Go thin clients, go appliances: that's the right way to go long term. So that's why I call [Linux] the right way to do the wrong answer. And the enemy of my enemy is my friend, so I love Linux."

Okay, some comments on this. If you include all the GNU/XFree86 as being part of Linux then it becomes pretty damn big. XFree86 is something like 45 million lines of code, last I heard. So 'all' of GNU/Linux is about 60 million, perhaps. Solaris is about 10 million. However, Scott's take on the future is basically the network computer concept. However, the markets he's thinking of are a) corporate, b) embedded consumer systems (TVs, set-top-boxes, intelligent phones etc) and not geeks. So, you have 'big iron' servers in the background giving you extreeme reliability - as reliable as phones, and incidentaly about 20% of Sun's revenue comes from telcos. These manage the 'master records' of your files, data etc. You then have 'simple' local clients that can do their own processing and have access to your 'big iron' servers.

As an example, just recently, Sun announced their 'i-Planet' software, which is very cute - all you need is 'client' computers with Java running on it, and some servers in the background, with both connected to the internet. Now, what you do is from anywhere on these client computers you 'login' to the server, which then sends you some Java programs so that you can securely manage/access your email and other things. Basically, you don't need a 'personal' computer anymore.

Scott's "right way to do wrong answer" is kinda misleading. But you can look at it like this, a) he thinks Linux is 'good' for what it is supposed to do, b) he thinks that (currently) Linux is not a general solution to the various problems that need to be solved in computing - ie it solves a sub-set. Scott's general 'solution' is for big (Sun) servers in the background with 'thin clients' being used the the public/workforce running Java - the hardware/OS doesn't even have to be from Sun.

Is he right? Well, I think that for many situations I think 'thin client' 'network computing' is a good way to do many things, but it's not really for hacker types. How well the implimentation works will depend on the software, which is why NCs didn't take off - the software wasn't ready.

Sorry this isn't very well written...

Let the code run free.

Although I wholeheartedly agree with most of the conclusions in the article, remember where it came from. Its straight from Sun World. The only difference between this and ZD's pro-NT stuff is this might be true ;)

SunWorld asks what exactly Sun is up to, in an article entitled "Does Sun Have an E-commerce Strategy?". A lot of people are beginning to wonder.

SunWorld asks what exactly Sun is up to, in an article entitled "Does Sun Have an E-commerce Strategy?". A lot of people are beginning to wonder.

I love it when /. can even bring down sunworld... :-)