Hacking Linux Exposed





previous article
next article
Linux Goes a la Carte with UnitedLinux
By Bri Hatch.

Summary: Ignoring some trepidation regarding per-seat licenses and questionable GPL practices, UnitedLinux is generating excitement among business users eagerly anticipating the array of features compiled from the best Linux suites on the market.

Last Thursday, four separate Linux vendors announced their intent to work together to create a single distribution named UnitedLinux (http://www.unitedlinux.com). The companies, Caldera (http://www.caldera.com), Conectiva (http://www.conectiva.com), SuSE (http://www.suse.de/en), and Turbolinux (http://www.turbolinux.com), are all very popular within their distinct geographical areas, but don't generally compete with each other.

This new distribution will adhere to all the applicable Linux standards such as the (LSB), (GB18030), and (FHS). Many distributions currently implement part of these standards, but miss the mark in places either because of a difference of opinion or because of separate evolutionary paths. Red Hat's use of /etc/rc.d/init.d vs. /etc/init.d, for example, always bugged the heck out of me.

Linux, being open and free, has been a living breathing and evolving entity. You have the old standards like , , and . You have distributions forked from previous versions, like (forked from Red Hat) and SuSE (forked from Slackware). You have new distributions created from the ether itself such as , , and . There are security-enhanced distros like , , and , or even distros for turning your machine into a piece of network hardware like the or the .

As should be familiar to anybody who has studied Darwin (and I mean the dead scientist, not Apple's new project), all these different offshoots of the same GNU/Linux creature will have different viabilities in the ecosystem -- in this case the hard drives across the globe. However, what cannot happen in natural evolutionary systems is the intelligent merging of different branches.

If you take a bunch of animals from slightly different species -- say a whole mess of grasshoppers with different characteristics -- and have them join together, you will end up with a mixing of all the character traits, but you will lack a 'superior' version of the grasshopper until a lot of time passes. Even then, the 'super eyesight' gene may be tied with the 'really tasty to birds' gene, and you wouldn't be able to separate them. Bye-bye eyesight gene.

Security a la Carte A merging of Linux distributions has the opportunity to pick and choose the best features from each suite. The vendors will work together to create the final product, rather than letting all the variations spawn and die for eons until the right version survives. Hence, we'll see results much sooner than those fictitious uber-grasshoppers. Think of it as a form of intentional and directed punctuated equilibrium, if you will.

From a security point of view (and that is what I'm supposed to be talking about here, isn't it?), we have a chance to see what will come from the merger of different mindsets. SuSE, for example, impressed me early on with the security scripts and tools they shipped before other distributions were even worrying about proactive security measures.

The UnitedLinux white paper stresses their security systems more than I expected, given that the distro itself seems geared toward ISVs (Independent Software Vendors) and IHVs (Independent Hardware Vendors) who, traditionally, have taken the 'security only slows things down' approach. However, all of our favorite tools will be available: (a.k.a., iptables), for firewalls and much more; and for IDS (intrusion detection) and analysis; SSL for all available protocols (pop/imap/smtp/ldap/http/etc); various encrypted filesystems; IPSec for creating secure VPNs or host-to-host transmissions; and, naturally, all the PAM authentication methods you could shake a stick at.

One Remaining Question: how easily can UnitedLinux provide these features to the end user and administrators? The trick will be to create software that is easy enough for an idiot to administer, without making it easy enough for an idiot to mis-administer.

As with any big project, more parties becoming involved increases the risk of gaining less ground due to internal busywork, more meetings, and less sense of direction. I think, in this case, there will be a strong incentive to get this distribution out the door on schedule (version 1.0 release is scheduled for Q4, 2002). Regardless of how the literature may be written, UnitedLinux's real goal is to rival Red Hat's current position in the marketplace.

If they can do it by creating a better Linux distribution [1], then I'm all in favor of it. After all, it's just evolution in action.


[1] I fully support the idea of distros doing things right by becoming popular and stronger in the marketplace; however, given that UnitedLinux may be stretching the GPL based on their plans to charge per-seat licenses for the system, I'm going to be watching the situation very carefully. Such plans, which UnitedLinux member Caldera has implemented in the past, have met with pretty strong public resistance.

Bri Hatch is Chief Hacker at Onsight, Inc, and author of Hacking Linux Exposed and Building Linux VPNs. He majored in Evolutionary Biology back in college, and apparently he hasn't gotten it out of his system. We promise he'll be kept on a leash and stick to more code and less half-baked theory in the future. Bri can be reached at bri@hackinglinuxexposed.com.

Copyright Bri Hatch, 2002.

This article was first published here in ITworld.com Inc., 118 Turnpike Rd., Southborough, MA 01772  on 04-Jun-2002.

previous article
next article