Linux Goes a la Carte with UnitedLinux
Last Thursday, four separate Linux vendors announced their intent to
work together to create a single distribution named UnitedLinux
(http://www.unitedlinux.com). The companies, Caldera
(http://www.caldera.com), Conectiva (http://www.conectiva.com), SuSE
(http://www.suse.de/en), and Turbolinux (http://www.turbolinux.com), are
all very popular within their distinct geographical areas, but don't
generally compete with each other.
This new distribution will adhere to all the applicable Linux standards
such as the Linux Standards Base (LSB), Linux Internationalization
Initiative (GB18030), and Filesystem Hierarchy Standard (FHS). Many
distributions currently implement part of these standards, but miss the
mark in places either because of a difference of opinion or because of
separate evolutionary paths. Red Hat's use of /etc/rc.d/init.d vs.
/etc/init.d, for example, always bugged the heck out of me.
Linux, being open and free, has been a living breathing and evolving
entity. You have the old standards like Slackware, Debian, and Red Hat
(http://www.redhat.com). You have distributions forked from previous
versions, like Mandrake (forked from Red Hat) and SuSE (forked from
Slackware). You have new distributions created from the ether itself
such as Owl (http://www.openwall.org/Owl), Gentoo
(http://www.gentoo.org), and Linux From Scratch
(http://www.linuxfromscratch.org). There are security-enhanced distros
like Immunix (http://www.immunix.org), EnGarde
(http://www.engardelinux.com), and SELinux (http://www.nsa.gov/selinux),
or even distros for turning your machine into a piece of network
hardware like Linux Router Project (http://www.linuxrouter.org)or the
Floppy Firewall (http://zelow.no/floppyfw).
As should be familiar to anybody who has studied Darwin (and I mean the
dead scientist, not Apple's new project), all these different offshoots
of the same GNU/Linux creature will have different viabilities in the
ecosystem -- in this case the hard drives across the globe. However,
what cannot happen in natural evolutionary systems is the intelligent
merging of different branches.
If you take a bunch of animals from slightly different species -- say a
whole mess of grasshoppers with different characteristics -- and have
them join together, you will end up with a mixing of all the character
traits, but you will lack a 'superior' version of the grasshopper until
a lot of time passes. Even then, the 'super eyesight' gene may be tied
with the 'really tasty to birds' gene, and you wouldn't be able to
separate them. Bye-bye eyesight gene.
Security a la Carte
A merging of Linux distributions has the opportunity to pick and choose
the best features from each suite. The vendors will work together to
create the final product, rather than letting all the variations spawn
and die for eons until the right version survives. Hence, we'll see
results much sooner than those fictitious uber-grasshoppers. Think of it
as a form of intentional and directed punctuated equilibrium, if you
From a security point of view (and that is what I'm supposed to be
talking about here, isn't it?), we have a chance to see what will come
from the merger of different mindsets. SuSE, for example, impressed me
early on with the security scripts and tools they shipped before other
distributions were even worrying about proactive security measures.
The UnitedLinux white paper stresses their security systems more than I
expected, given that the distro itself seems geared toward ISVs
(Independent Software Vendors) and IHVs (Independent Hardware Vendors)
who, traditionally, have taken the 'security only slows things down'
approach. However, all of our favorite tools will be available:
netfilter (a.k.a., iptables), for firewalls and much more; Snort
(http://www.snort.org) and ACID
(http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html) for IDS
(intrusion detection) and analysis; SSL for all available protocols
(pop/imap/smtp/ldap/http/etc); various encrypted filesystems; IPSec for
creating secure VPNs or host-to-host transmissions; and, naturally, all
the PAM authentication methods you could shake a stick at.
One Remaining Question
How easily can UnitedLinux provide these features to the end user and
administrators? The trick will be to create software that is easy enough
for an idiot to administer, without making it easy enough for an idiot
As with any big project, more parties becoming involved increases the
risk of gaining less ground due to internal busywork, more meetings, and
less sense of direction. I think, in this case, there will be a strong
incentive to get this distribution out the door on schedule (version 1.0
release is scheduled for Q4, 2002). Regardless of how the literature may
be written, UnitedLinux's real goal is to rival Red Hat's current
position in the marketplace.
If they can do it by creating a better Linux distribution , then I'm
all in favor of it. After all, it's just evolution in action.
 I fully support the idea of distro's that do things right becoming
popular and stronger in the marketplace. However, given that
UnitedLinux may be stretching the GPL based on their plans to
charge per-seat licenses for the system, I'm going to be watching
situation very carefully. Such plans, which UnitedLinux member
Caldera has implemented in the past, have met with pretty strong