Slashdot Mirror

But pre-installed Lindows on hard drives sold seperately is an excellent idea :) I wonder if Mandrake or Red Hat will cut a similar deal with Quantum or whoever?

But pre-installed Lindows on hard drives sold seperately is an excellent idea :) I wonder if Mandrake or Red Hat will cut a similar deal with Quantum or whoever?

That was probably a troll, and I hate to feed it,

Could we please do it without the name calling? Thank you.

but had you read the documentation of the SPEC results Apple published,

I have read the said documentation.

This is not a lie, and this explains why the results were lower than Intel's published results, which used a binary compiled with the Intel compiler. None of the results are bogus, and no one is lying; it's just that they aren't using the same compiler.

Please see this gcc and this Intel compiler results. As you can clearly see, the difference is less than 10%. Apple shows results which are 100% off.

I don't know what your problem is with Photoshop, since it's a very common proc intensive app, optimized as much as Adobe can for both platforms, and graphics pros buy a computer largely based on PS performance.

I don't have a problem with Photoshop. However, it is strange to see only one app benchmarked whenever a new Apple processor comes out, while in the Intel world, you usually see games and office applications benchmarked.

That was probably a troll, and I hate to feed it,

Could we please do it without the name calling? Thank you.

but had you read the documentation of the SPEC results Apple published,

I have read the said documentation.

This is not a lie, and this explains why the results were lower than Intel's published results, which used a binary compiled with the Intel compiler. None of the results are bogus, and no one is lying; it's just that they aren't using the same compiler.

Please see this gcc and this Intel compiler results. As you can clearly see, the difference is less than 10%. Apple shows results which are 100% off.

I don't know what your problem is with Photoshop, since it's a very common proc intensive app, optimized as much as Adobe can for both platforms, and graphics pros buy a computer largely based on PS performance.

I don't have a problem with Photoshop. However, it is strange to see only one app benchmarked whenever a new Apple processor comes out, while in the Intel world, you usually see games and office applications benchmarked.

According to Redhat Bugzilla bug 104917, Red Hat has never shipped openssh 3.7, so they're not vulnerable to this. No workaround or fix is needed.

Just to alleviate some of the panic, RedHat boxes are safe.

It won't be called either of those names.

Boy, I sure am glad that my SendmailUpdate notified me automatically that there was a problem and automatically downloaded the patch for me. Windows never does that, right folks?

Well, on my RedHat box, the little blue checkmark turns into a red exclamation mark when there's an update. Then I click on it, it tells me what needs to be updated, then it downloads and installs everything.

Granted, the notification tool doesn't provide a method of automatically installing the updates, you have to click through the dialogue every time there's an update.

If you have a really big hard-on to get automatic updates, just install apt-rpm and then put 'apt-get update && apt-get upgrade --yes' into a daily cron job.

According to the Fedora desktop project page, the Desktop includes (among other things) the "email/calendaring" application. (Evolution, one presumes.)

Email and a calendar are not the same application. Doesn't anyone see this but me??

Let's have a lean, mean app whose function is to be a calendar, and another, equally tight app for email. They should exchange data easily. That's the unix way, and it's a good one. There's no reason for this to conflict with the goals of ease of use. (Trying to combine two disparate applications makes it harder to use IMHO.)

it may sound funny, but i just thought about switching from debian to redhat for the sake of more gui system apps, and up-to-date system when i found this little bug that seems to exist since redhat 8.0.

well i think i'll stay with debian now ;)

https://bugzilla.redhat.com/bugzilla/show_bug.cgi? id=73097

Unfortunately what needs improvement is the GUIs of the programs, not the desktop itself. Even the best desktop is no use if 2/3 of programs have awful GUI or are commandline only

Read the developer and HIG guidelines HERE I think the direction they're going as far as GUI is excellent. look how nice things are now since RH did thier GUI crackdown last year.

I beg to differ with you on this one... I think redhat will still be the commercial one for at least the next release.

Which, by the way, no one knows if it will be called Trendy "Red Hat X" or if they will stick with Plain "Red Hat 10".

Having said that, good lord, quality control will be a godsend in redhat RPM's. If for no other reason than to make sure that THE SOFTWARE IN ONE RELEASE IS ACTUALLY COMPATABLE WITH THE OTHER SOFTWARE IN THE SAME RELEASE. I pray for the day that redhat actually tests their software, to make sure they don't do something completely retarted like redhat 8 again. For example: Bundling apache 2.0.x with mod_perl that works with apache 1.3.x, but NOT with 2.0.x.

Thank you, fedora, for adding quality control. Redhat may only care that it looks pretty, and I know that they want us to spend $4000 on RH-enterprise, but it's important to have standards, and releaseing software *after* testing and *after* checking to make sure that it works at all is pretty important.

~Will //gentoo fan

Copying myself from OSNews . . .

From http://fedora.redhat.com/about/name.html:

The rules for using the Fedora trademark will be generally more permissive than the rules for using the Red Hat trademarks. The separate name and trademark are necessary in order to have different rules for using the trademarks. The rules for using the "Fedora" trademark will be available before the first release of Fedora Core.

I wish Red Hat weren't so non-committal here, but does this mean that instead of CheapBytes selling Pink Tie, LinuxCD selling Blue Jacket, and OSDisc selling Red Tux, every third-party CD Vendor will just call it Fedora?

Copying myself from OSNews . . .

From http://fedora.redhat.com/about/name.html:

The rules for using the Fedora trademark will be generally more permissive than the rules for using the Red Hat trademarks. The separate name and trademark are necessary in order to have different rules for using the trademarks. The rules for using the "Fedora" trademark will be available before the first release of Fedora Core.

I wish Red Hat weren't so non-committal here, but does this mean that instead of CheapBytes selling Pink Tie, LinuxCD selling Blue Jacket, and OSDisc selling Red Tux, every third-party CD Vendor will just call it Fedora?

I know this doesn't sound ideal, but you're really in the same boat with any other OS, even Windows. (Some hardware works only with NT/2000 or 9x, not both, plus old hardware often loses support.) Buying hardware without checking driver status leads to pain.

I don't think Fedora can make this better, only the hardware vendors can.

As for documentation, try checking out the RedHat manuals. That and a good introduction to the Unix command line and vi/emacs should cover you.

From looking at the package list, they are not listed.

Still wouldn't mind seeing a history of Fedora per se though. Seems like it's a more open, community-oriented Rawhide. Is that accurate?

really? lets break it down:
portal server: need oracle for that? depends I guess, but generally no
application server: depends.
Web server messaging: uhh...nope on the oracle need
calendaring: hmm...yes and no. Sorta.
clustering: no need for Oracle there...
high availability services: might need HA -for- Oracle, but don't need Oracle for HA ;)
directory services provisioning: Nope.
So can he get away with saying it, when you consider Oracle's application suite? With what he said, yes. Also note that he's talking about Linux, not Oracle. One can install Oracle's Application Suite on Solaris also. Additionally note that Oracle Application Suite is only supported for RedHat Advanced server, which considering it starts at $1499 and goes to $2499 shows that this isn't something for any old "free" linux.

Havoc Pennington says that Cambridge (Red Hat X) will be released before Redhat works to get the "infrastructure" set up to handle the flood and will start incorporating outside contributions for the release after that. I've heard this other places as well, though I don't remember where (I don't keep a bibliography for my brain).

I hate to reply to myself, but I found out why I got a free Basic entitlement, and wanted to share it. It is at http://www.redhat.com/software/rhn/offerings/ and has a chart of features.

They seem to giving you one free basic account when you buy your first one, so $60 gets you TWO entitlements. $60 each after that. Not a bad deal.

(no i don't work for them or own stock in them :)

How much exactly did they contribute?

In direct funds to other projects, I've no idea. They have given money to various projects though.

AFAIK, RH does not have much more than a dozen full-time people working on GPLed Linux stuff.

Well I can definitely think of around that many offhand. They're all pretty high profile too. Alan Cox (nuf said), Havoc Pennington (GNOME, freedesktop.org), Ingo Molnar (responsible for the new sceduler and pre-emptive kernel work), Christopher Blizzard (Mozilla), Jeff Law (GCC), Dave Jones (more kernel stuff), Rik van Riel (kernel VM work). All these people are high respected and have done a huge amount of good for OSS. I stopped there because I need to go and get some lunch, but I could have gone on. These are just names people on Slashdot will recognise immediately. There are many developers RedHat employ who work on embedded stuff, internationalisation work, etc, etc. Check out some of their mailing lists.

RedHat have also contributed by doing stuff like this. OK, that's their own PR, but google and you can find other stuff (help at LUGs, etc). They've helped out with legal stuff on some projects. They've defended Linux's name (hello SCO).

RH just commits a symbolic amount of ressources back to the community;

Rubbish. See the stuff above. They are a significant factor in pushing Linux forward. They continually suprise me (them being commercial does sometimes make me sceptical!) in the stuff they do solely for the community. I actually think that most of it ends up helping them out (even if it's just because people think better of them and so help them out in return). They continue to try and open their processes to the community (see their plans for the base distro.

the most of their R&D is in proprietary stuff.

Care to back up that statement?

The single company that makes the most value out of Linux is IBM.

Here I could possibly agree with you. IBM probably do have more people developing Linux related products or software (I know one of them too). I bet you more of those are proprietary than RedHat's though (as a proportion). No doubt IBM have done a great deal for Linux - but so have RedHat. Who's been the most important? I honestly couldn't say. Could Linux go on without either or both of them? Yes. Would it have acheived the same succes without either or both? Yes.

A final point I would like to make is that one thing RedHat have done very successfully (which is why they're now publishing these profits) is they've got the name and value of Linux out there. For this alone, we should appreciate them.

How much exactly did they contribute?

In direct funds to other projects, I've no idea. They have given money to various projects though.

AFAIK, RH does not have much more than a dozen full-time people working on GPLed Linux stuff.

Well I can definitely think of around that many offhand. They're all pretty high profile too. Alan Cox (nuf said), Havoc Pennington (GNOME, freedesktop.org), Ingo Molnar (responsible for the new sceduler and pre-emptive kernel work), Christopher Blizzard (Mozilla), Jeff Law (GCC), Dave Jones (more kernel stuff), Rik van Riel (kernel VM work). All these people are high respected and have done a huge amount of good for OSS. I stopped there because I need to go and get some lunch, but I could have gone on. These are just names people on Slashdot will recognise immediately. There are many developers RedHat employ who work on embedded stuff, internationalisation work, etc, etc. Check out some of their mailing lists.

RedHat have also contributed by doing stuff like this. OK, that's their own PR, but google and you can find other stuff (help at LUGs, etc). They've helped out with legal stuff on some projects. They've defended Linux's name (hello SCO).

RH just commits a symbolic amount of ressources back to the community;

Rubbish. See the stuff above. They are a significant factor in pushing Linux forward. They continually suprise me (them being commercial does sometimes make me sceptical!) in the stuff they do solely for the community. I actually think that most of it ends up helping them out (even if it's just because people think better of them and so help them out in return). They continue to try and open their processes to the community (see their plans for the base distro.

the most of their R&D is in proprietary stuff.

Care to back up that statement?

The single company that makes the most value out of Linux is IBM.

Here I could possibly agree with you. IBM probably do have more people developing Linux related products or software (I know one of them too). I bet you more of those are proprietary than RedHat's though (as a proportion). No doubt IBM have done a great deal for Linux - but so have RedHat. Who's been the most important? I honestly couldn't say. Could Linux go on without either or both of them? Yes. Would it have acheived the same succes without either or both? Yes.

A final point I would like to make is that one thing RedHat have done very successfully (which is why they're now publishing these profits) is they've got the name and value of Linux out there. For this alone, we should appreciate them.

Is the source code for Red Hat's installers available?

Their installer is called anaconda and like all other packages in the distribution a source RPM is available (eg: pub/redhat/linux/9/en/os/i386/SRPMS/ of your local redhat ftp mirror).

How about their build and dependency system/database?

Not sure what you mean here. If you mean the scripts they have to build the binary files they distribute, I don't think so. However, they will all be using Free tools. It's definitely feasible to create your own version of RedHat (if kickstart is not what you want to do). They even split the copyrighted images/text with trademarks out into files you can easily replace.

Dependency system - again, not sure what you mean unless you're referring to RPM which is absolutely Free (and used by many other people).

It's worth pointing out that they are trying to open up their development process to the community. This will be a slow process but they are definitely trying to do the right thing.

But we have to remember about the roots - RedHat is becoming a little bit prioprietary, a little bit uncompatible... yes! yes!

No, Why don't you read RH's patent policy first HERE

basically they're defensive patents, I wont say anything more cause you should read it yourself and become englightened.

Red Hat wants to thank the community for embracing this new project. We have received a lot of interest, comments, and questions, which have resulted in us rethinking some of our initial plans.

Some things we are working on before we relaunch are:

• Collaborating with existing projects to avoid duplication of effort
• Incorporating community suggestions and feedback

I cannot talk about FreeBSD, my experience with Debian is that they are always a few steps behind for a matter of stability.
The "drivers" as you claim are kernel modules, and to my knowledge Redhat kernel sources are availble ( Redhat 8 and Redhat 9 ) you can also check in the update section.
So I would guess if you have trouble with Debian, either your kernel is not up to date (ftp.kernel.org) or the installation fails to detect and configure hardware correctly...
BTW I used a Dell box to try out Knoppix (which is Debian based) and have not met any problems.

I cannot talk about FreeBSD, my experience with Debian is that they are always a few steps behind for a matter of stability.
The "drivers" as you claim are kernel modules, and to my knowledge Redhat kernel sources are availble ( Redhat 8 and Redhat 9 ) you can also check in the update section.
So I would guess if you have trouble with Debian, either your kernel is not up to date (ftp.kernel.org) or the installation fails to detect and configure hardware correctly...
BTW I used a Dell box to try out Knoppix (which is Debian based) and have not met any problems.

How about this as a solution? This applies if the people "running a brand-spankin-new linux distro that came set up out of the box with sendmail" are using RedHat which is most likely anyway since new linux users seem to be attracted to that product. And if they aren't then other distros like Debian provide apt-get to fetch updates easily. Lots of solutions. People just need to be aware of them.

So there.

So there what?

Yes, there is, and it is not know to give false positives like Microsoft's.

RHN Update Agent

Then Redhat can't make up their minds, because this page says, "Subscribe to Red Hat Network (subscriptions start as low as $60 USD/year). As a paid subscriber, you'll be able to download the latest Red Hat Linux ISOs" and "Subscribe to Red Hat Network, get instant access to Red Hat Linux 9."

They're sure making it sounds like you have to subscribe.

Get the new ones off Red Hat's site. They will say 3.1p1 (see here for why) instead of 3.7, but they do contain all current security fixes.

Red Hat has released an upgrade here

Then you probably can't read

RedHat has posted new RPM's: https://rhn.redhat.com/errata/RHSA-2003-279.html Enjoy!

By over 50%, you mean, 43%? Also, this figure assumes that the string library will be used correctly, which,

Well it obviously changes with each security errata released. For instance it'll go up a little today due to the second ssh problem that could have been avoided by use of a real string library.

But yes it's was at 43%, for any half ok string library, when you looked. So possible around 50% would have been better wording. However if you classify the problems with a severity level (not finished, but something I'm going to do for that page). You see that almost all the ones that allow the attacker to control your machine go away (the other being DOS attacks, or things like the w3m XSS problem ... which I could happily ignore for weeks.

Perhaps using a new API will give some security benefit if you use it correctly.

The security benifit isn't just that some attacks don't do anything, it's that other attacks (like integer overflows -- if they happen) go from overflowing the heap/stack so the attacker can control your application to being plain DOS attacks. The former is something I/everyone have to maddly rush around applying patches/work arounds for (like I'm currently madly turning ssh off on a bunch of boxes until RH release an errata), the later is something that I can wait for. Big difference.

Redhat just released an advisory with links to updated RPMS: RHSA-2003-279

Redhat has finally posted patched RPMS on their errata pages. Scroll down and select your release.

Great, now maybe Redhat will fix their damn openssh RPMs that they fubarred with their last patch!

For over two years now, my colleagues and I have contended that the Bizarre style of Open Source programming has produced a technically inferior product, Linux, that is only permeating the commercial market due to the industry's attempt to appease the cyber-political forces of GNU. Even the most outspoken, die-hard advocates of Linux concede that other Unix-based operating systems (i.e. FreeBSD, BeOS) are superior to Linux. Yet, unlike the concessions given when comparing Linux to other Unix-based operating systems, the zealots in the Windows vs. Linux Wars have made their positions quite clear, each believing in the superiority of their own operating system and each demonstrating that neither side is willing to budge on the issue. However, what if one side admitted that the other side's operating system was better? What if one side surrendered to the other? That's exactly what happened. On February 13, 2003, Red Hat conceded defeat to Microsoft in the category of operating system security.

Adversaries of Linux, including myself, have for years argued that Linux is not secure. Our strongest line of reasoning points to the Linux operating system's lack of adherence to TCSEC (Trusted Computer Security Evaluation Criteria) and CC (Common Criteria) standards. (Please note that I said adherence and not certification, because an operating system can still be secure by voluntarily adhering to TCSEC and CC standards without being officially certified.)

In a press release issued on February 13, 2003, Red Hat announced that security in Microsoft Windows 2000 SP3 is provably and certifiably superior to security in Red Hat Linux. Well, ok, Red Hat didn't say that with words , but it most certainly said that with actions.

What Red Hat actually did say with words was that it is pursuing CC certification for Red Hat Linux Advanced Server at Evaluation Assurance Level 2 (EAL2). That's right, EAL2, the second lowest level of security assurance. Remember, higher numbers are better. Just to put this into perspective for you, Mac OS X is CC EAL3 certified, Sun Solaris is CC EAL4 certified, and Microsoft Windows 2000 SP3 is CC EAL4 certified.

Those are some pretty loud actions, and they're saying some pretty interesting things. They're saying that Linux is two levels of security behind Sun Solaris, a Unix-based operating system. They're saying Linux is two levels of security behind its arch nemesis, Microsoft Windows 2000. They're saying Linux is a full level of security behind Mac OS X, an Open Source operating system based not on Linux but on BSD. They're saying that Linux is the epitome of mediocrity, that Linux, in its current state, simply isn't up to par when it comes to operating system security, and here's the clincher: they're saying that all those Linux evangelists who have been preaching about the so-called "superior" security of Linux have been lying to you.

You don't have to take my word for it. This is straight from the mouth of the beast. Well, perhaps it would be better to say that this is straight from the actions of the beast. While the beast tries to put a positive spin on this blow to the credibility of Linux by saying that it hopes to be at EAL4 sometime in the far, distant, unforeseeable future, the beast's hazy vision does not negate the lack of security in the here and now.

The old axiom is right. Actions do speak louder than words, and they're saying, "Linux sucks."

Now that so many trees have been sacrificed to print books about Red Hat 9, I am wondering where is the next RHL 10 (Severn) beta release? More information about the new world order of RHL development was supposed to appear at rhl.redhat.com today, but not much seems to be happening.

Red Hat seems to have realized something about shrink-wrap + dead trees releases that the book publishers have not: a 6-month release cycle is too short for physical media. It may be more convenient to read about RH configuration in a book rather than on a screen, but parts of these books will be obsolete in a few months (if not weeks) and everything that is contained in them can be learned from online documentation now. The computer books that remain useful for years tend to be thin (think K&R).

I saw 3-4x performance gains on Redhat 8.0, Xeon 2.8GHz, 4GB ECC.

3-4x compared to what? That's a simple question... care to answer it?

My server was a nice Altus 130 with dual Athlon 2600MP and 4 Gb of ram, and a nice, EDA vendor supported Red Hat 7.2. Now, I happen to know that the Athlon CPUs tends to get starved since the CPU-Memory bus isn't quick enough to keep it up for some things, like verilog simulations, or on various benchmark reports that you can find at various sites. That's why even my old Sun Blade 1000s with only 600 Mhz CPUs was able to keep up. The Suns have a better memory bus. A P4 with the 800 Mhz bus would do better that the Athlons, and let the greater CPU power show. The 533 Mhz bus wasn't really different that the Athlon.

This was VerilogXL, NCVerilog and Design Compiler.

We run Modelsim and VCS. So? I might believe NCVerilog would be Modelsim, but VCS?

Your FUD doesn't hold water "anonymous coward".

There is FUD flying alright, but its mainly anti-Sun FUD coming from you. Well, that might be a little harsh. I'll give you the benefit of the doubt and just assume that you are ignorant and unfamiliar with your vendors plans and supported tools. Since I'm in a charitable mood I'll help you out.

Why don't you try visiting DeepChip? You will find, if you read carefully, that Linux is far from a universal win, although there are many success stories. Unfortunately many of the success stories sound sort of like yours-- "I have a hot, brand new Linux box that beats some sort of old Sun!! Linux RULES!!" If you cast your net wider to check FPGA sites, and various other ones, the story is about the same.

Here is the Cadence SUPPORTED HARDWARE PLATFORMS MATRIX FOR 32 BIT platforms. You will notice that there are large gaps in the Linux support, and that it is for older releases.

There is also a Cadence SUPPORTED HARDWARE PLATFORMS MATRIX FOR 64-BIT APPLICATIONS, but I wouldn't bother looking for any Linux based tools there for at least a year or two, if ever. Even IBM's AIX doesn't fare so well there.

What about Synopsys? Well, their baseline for building EDA tools on X86 Linux is going to be Red Hat 7.2 (the one that is EOLed) for some time to come, and it will only support binary compatible versions. (I will also note that Synopsys has dropped support for various intermediate Red Hat releases on various tools due to problems, so you might find that 7.0 and 7.3 supported, but not 7.1 or 7.3). On the Itanium Synopsys is going to support Red Hat Enterprise (you know, the cheap one - not.) Although why you would buy an Itanium based system and run Red Hat instead of HP/UX is beyond me. HP/UX is far more mature and has a much larger software base than Linux, but I guess some people will run Linux just to run Linux.

What about Mentor Graphics? Their supported platform release history looks a lot like the other two. There are lots of tools that only run on old Linux releases, and gaps in the releases.

As You can read in the Red Hat Network 2.6.0 Release Notes that they have End Of Lifed Red Hat 6.2-7.0. 7.2 should be EOL about now too.

As you can see, almost all EDA tools from the major EDA vendors are only supported on obsolete, unsupported Linux releases. If you put in a little effort, you will find that many of them are moving to run only on the professional versions o

For over two years now, my colleagues and I have contended that the Bizarre style of Open Source programming has produced a technically inferior product, Linux, that is only permeating the commercial market due to the industry's attempt to appease the cyber-political forces of GNU. Even the most outspoken, die-hard advocates of Linux concede that other Unix-based operating systems (i.e. FreeBSD, BeOS) are superior to Linux. Yet, unlike the concessions given when comparing Linux to other Unix-based operating systems, the zealots in the Windows vs. Linux Wars have made their positions quite clear, each believing in the superiority of their own operating system and each demonstrating that neither side is willing to budge on the issue. However, what if one side admitted that the other side's operating system was better? What if one side surrendered to the other? That's exactly what happened. On February 13, 2003, Red Hat conceded defeat to Microsoft in the category of operating system security.

Adversaries of Linux, including myself, have for years argued that Linux is not secure. Our strongest line of reasoning points to the Linux operating system's lack of adherence to TCSEC (Trusted Computer Security Evaluation Criteria) and CC (Common Criteria) standards. (Please note that I said adherence and not certification, because an operating system can still be secure by voluntarily adhering to TCSEC and CC standards without being officially certified.)

In a press release issued on February 13, 2003, Red Hat announced that security in Microsoft Windows 2000 SP3 is provably and certifiably superior to security in Red Hat Linux. Well, ok, Red Hat didn't say that with words , but it most certainly said that with actions.

What Red Hat actually did say with words was that it is pursuing CC certification for Red Hat Linux Advanced Server at Evaluation Assurance Level 2 (EAL2). That's right, EAL2, the second lowest level of security assurance. Remember, higher numbers are better. Just to put this into perspective for you, Mac OS X is CC EAL3 certified, Sun Solaris is CC EAL4 certified, and Microsoft Windows 2000 SP3 is CC EAL4 certified.

Those are some pretty loud actions, and they're saying some pretty interesting things. They're saying that Linux is two levels of security behind Sun Solaris, a Unix-based operating system. They're saying Linux is two levels of security behind its arch nemesis, Microsoft Windows 2000. They're saying Linux is a full level of security behind Mac OS X, an Open Source operating system based not on Linux but on BSD. They're saying that Linux is the epitome of mediocrity, that Linux, in its current state, simply isn't up to par when it comes to operating system security, and here's the clincher: they're saying that all those Linux evangelists who have been preaching about the so-called "superior" security of Linux have been lying to you.

You don't have to take my word for it. This is straight from the mouth of the beast. Well, perhaps it would be better to say that this is straight from the actions of the beast. While the beast tries to put a positive spin on this blow to the credibility of Linux by saying that it hopes to be at EAL4 sometime in the far, distant, unforeseeable future, the beast's hazy vision does not negate the lack of security in the here and now.

The old axiom is right. Actions do speak louder than words, and they're saying, "Linux sucks."

For over two years now, my colleagues and I have contended that the Bizarre style of Open Source programming has produced a technically inferior product, Linux, that is only permeating the commercial market due to the industry's attempt to appease the cyber-political forces of GNU. Even the most outspoken, die-hard advocates of Linux concede that other Unix-based operating systems (i.e. FreeBSD, BeOS) are superior to Linux. Yet, unlike the concessions given when comparing Linux to other Unix-based operating systems, the zealots in the Windows vs. Linux Wars have made their positions quite clear, each believing in the superiority of their own operating system and each demonstrating that neither side is willing to budge on the issue. However, what if one side admitted that the other side's operating system was better? What if one side surrendered to the other? That's exactly what happened. On February 13, 2003, Red Hat conceded defeat to Microsoft in the category of operating system security.

Adversaries of Linux, including myself, have for years argued that Linux is not secure. Our strongest line of reasoning points to the Linux operating system's lack of adherence to TCSEC (Trusted Computer Security Evaluation Criteria) and CC (Common Criteria) standards. (Please note that I said adherence and not certification, because an operating system can still be secure by voluntarily adhering to TCSEC and CC standards without being officially certified.)

In a press release issued on February 13, 2003, Red Hat announced that security in Microsoft Windows 2000 SP3 is provably and certifiably superior to security in Red Hat Linux. Well, ok, Red Hat didn't say that with words , but it most certainly said that with actions.

What Red Hat actually did say with words was that it is pursuing CC certification for Red Hat Linux Advanced Server at Evaluation Assurance Level 2 (EAL2). That's right, EAL2, the second lowest level of security assurance. Remember, higher numbers are better. Just to put this into perspective for you, Mac OS X is CC EAL3 certified, Sun Solaris is CC EAL4 certified, and Microsoft Windows 2000 SP3 is CC EAL4 certified.

Those are some pretty loud actions, and they're saying some pretty interesting things. They're saying that Linux is two levels of security behind Sun Solaris, a Unix-based operating system. They're saying Linux is two levels of security behind its arch nemesis, Microsoft Windows 2000. They're saying Linux is a full level of security behind Mac OS X, an Open Source operating system based not on Linux but on BSD. They're saying that Linux is the epitome of mediocrity, that Linux, in its current state, simply isn't up to par when it comes to operating system security, and here's the clincher: they're saying that all those Linux evangelists who have been preaching about the so-called "superior" security of Linux have been lying to you.

You don't have to take my word for it. This is straight from the mouth of the beast. Well, perhaps it would be better to say that this is straight from the actions of the beast. While the beast tries to put a positive spin on this blow to the credibility of Linux by saying that it hopes to be at EAL4 sometime in the far, distant, unforeseeable future, the beast's hazy vision does not negate the lack of security in the here and now.

The old axiom is right. Actions do speak louder than words, and they're saying, "Linux sucks."

For over two years now, my colleagues and I have contended that the Bizarre style of Open Source programming has produced a technically inferior product, Linux, that is only permeating the commercial market due to the industry's attempt to appease the cyber-political forces of GNU. Even the most outspoken, die-hard advocates of Linux concede that other Unix-based operating systems (i.e. FreeBSD, BeOS) are superior to Linux. Yet, unlike the concessions given when comparing Linux to other Unix-based operating systems, the zealots in the Windows vs. Linux Wars have made their positions quite clear, each believing in the superiority of their own operating system and each demonstrating that neither side is willing to budge on the issue. However, what if one side admitted that the other side's operating system was better? What if one side surrendered to the other? That's exactly what happened. On February 13, 2003, Red Hat conceded defeat to Microsoft in the category of operating system security.

Adversaries of Linux, including myself, have for years argued that Linux is not secure. Our strongest line of reasoning points to the Linux operating system's lack of adherence to TCSEC (Trusted Computer Security Evaluation Criteria) and CC (Common Criteria) standards. (Please note that I said adherence and not certification, because an operating system can still be secure by voluntarily adhering to TCSEC and CC standards without being officially certified.)

You may recall my article "Oh Linux, Where Art Thou?" where I cite John Pescatore, Director of Internet Security for Gartner. He and I see eye to eye on the issue of Linux security. In response to Microsoft's announcement that Windows 2000 SP3 became CC EAL 4 certified, he said that Linux simply couldn't meet this level of security. Now, the world's largest Linux distributor and source of Linux service and support is acknowledging that he's right.

In a press release issued on February 13, 2003, Red Hat announced that security in Microsoft Windows 2000 SP3 is provably and certifiably superior to security in Red Hat Linux. Well, ok, Red Hat didn't say that with words , but it most certainly said that with actions .

What Red Hat actually did say with words was that it is pursuing CC certification for Red Hat Linux Advanced Server at Evaluation Assurance Level 2 (EAL2). That's right, EAL2, the second lowest level of security assurance. Remember, higher numbers are better. Just to put this into perspective for you, Mac OS X is CC EAL3 certified, Sun Solaris is CC EAL4 certified, and Microsoft Windows 2000 SP3 is CC EAL4 certified.

Those are some pretty loud actions, and they're saying some pretty interesting things. They're saying that Linux is two levels of security behind Sun Solaris, a Unix-based operating system. They're saying Linux is two levels of security behind its arch nemesis, Microsoft Windows 2000. They're saying Linux is a full level of security behind Mac OS X, an Open Source operating system based not on Linux but on BSD. They're saying that Linux is the epitome of mediocrity, that Linux, in its current state, simply isn't up to par when it comes to operating system security, and here's the clincher: they're saying that all those Linux evangelists who have been preaching about the so-called "superior" security of Linux have been lying to you.

You don't have to take my word for it. This is straight from the mouth of the beast. Well, perhaps it would be better to say that this is straight from the actions of the beast. While the beast tries to put a positive spin on this blow to the credibility of Linux by saying that it hopes to be at EAL4 sometime in the far, distant, unforeseeable future, the beast's hazy vision does not negate the lack of security in the here and now.

The old axiom is right. Actions do speak louder than words, and they're saying, "Linux sucks."

Redhat was founded in 1995. And though by 2000 even though they had 70% of the Linux market share, they only made positive cashflow as of last December.

My source says - June 19[2001] Red Hat announces profitability one year ahead of Wall Street's forecasts. Where is your source?

But you seem to think that Linux usage has only grown by meager percentage points.

Actually I said that Linux has grown by 20% (15 to 18 Million). I don't consider that meager.

Linux has an 8% greater market share than 2002 and has even doubled on desktops while Windows has only grown 1%

Ignoring the fact that numbers for desktops and numbers for servers should never be compared - I would point out that 1% for Microsoft is a much larger number than even 100% for Linux on the desktop. Microsoft sold like 7 million units of XP in the first two weeks.

Linux only had HALF that, then that's a 12% growth going from 18% to 30%! If you add that same 1% to Microsoft and half of that from the year before, that gives Microsoft a whopping 45% in comparison!! Meaning Microsoft has only a 15% greater market share! Not a landslide... only 15%.

Holy cow that is some bad, bad math. You can just add different types of percentages like that. One is growth and one is market share. Here is an example:

Company A - 4500 units grows by 1.5% to 4567
Company B - 1800 units grows by 12% to 2016
Total population = 10,000 units grows by 1% to 10,100 (well the total has to grow too!)

Company A - 4500/10000 = 45%, 4567/10100 = 45.2%
Company B - 1800/10000 = 18%, 2016/10100 = 20%

So yes the gap closed but not by much. Either way you are just proving my point that Microsoft still has the lead. I never said it was a landslide. You are the one saying Linux took the lead.

You managed to avoid my whole point about Apple entirely though; you quote only Windows sales but neglect to point out equivalent Apple sales for the time...between Apples market dominance

I did? Apple never had a lead. What market dominance? Show me one number to support that they ever had dominance. As for the Windows sales number - it was the highest sales ever. That would imply that Apple's was lower - duh! And that was WAY before Windows 95.

Now as to your theory about big business, you are quick to state that Linux is faster, cheaper, more stable, easier to configure, and more secure. Do you mean to tell me in a time of economic downturn that businesses are going to turn a blind eye to these simple facts? Faster, cheaper, better is the business mantra!

You are missing the point. I am talking about webhosts. Companies that aren't already married to Microsoft. For a company that already has licenses for the servers the cost is not an issue and neither is the ease of configuring virtual domains.

For instance, 30% of businesses affected by SQL Slammer switched to Linux within a 3 month period; 11% switched within one month!

Support? Links? Proof?

As for your 'proof' that IIS servers have grown 4% since 2001, you're wrong

I never said they grew by 4%. I said that their market share went from 20 to 24%. And they did.

They have been falling ever since and and are now down to 23.5 percent! Do you notice a trend? Hmm? Falling since March of 2002? Gee... apparently even 1 year can make a nearly 12% difference in Market share!

You're right but what does that prove in our argument? They still went up since 2001. And we are still talking about relatively small percentages compared to the 130% you are assuming (and which you seem to have ignored).

And you say Sun is getting hurt by Linux? Hell no. Linux users support J2EE more than anyone else.

hahahaha. That's a joke right? How much of Sun's revenue do you think comes from Linux users using J2EE? Not even in

dear reader the gnome armageddon has started,

first of all i want to clarify that this text was meant to be a source of information otherwise i wouldn't have spent so much time into writing it. belive me it took me a couple of days writing this text in a foreign language. even if you don't care at all for gnome, you may find some interesting information within this text that you like to read. please try to understand my points even if it's hard sometimes, otherwise you wake up one day and feel the need to switch to a different operating system.

on the following lines i'm trying to give you a little insight of the gnome community. the things that are going on in the back, the information that could be worth talking and thinking about.

many of us like the gnome desktop and some of us were following it since the beginning. gnome is a promising project because it's mostly written in C, easy to use, configurable and therefore fits perfectly into the philosophy of u*nix. only to name some of its advantages.

unfortunately these advantages changed with the recently new released version of gnome. the core development team somehow got the idea of targeting gnome to a complete different direction of users. the so called corporate desktop user. in other words they're targeting people that aren't familiar or experienced with desktop environments. usually business oriented people who are willing to pay money for getting gnome on their computers.

having this new target in mind, the core development team mostly under contract by companies like redhat, ximian and sun decided to simplify the desktop as much as even possible by removing all its flexibility in favor of an easy clean simple interface to not confuse their new possible customers. so far the idea of a clean easy to use desktop is honourable.

some of the new ideas, features and implementations such as gconf, an evil windows registry like system, new ordering of buttons and dialogs, the removal of 90%-95% of all visible preferences from the control center and applications, the new direction that gnome leads and the attitude of the core development team made a lot of users really unhappy. these are only a couple of examples and the list can easily be expanded but for now this is enough. now let me try to get deeper into these aspects.

you may imagine that users got really frustrated because their beloved gnome desktop matured into something they didn't want. during the time, the frustration of a not less amount of people increased. more, more and more emails arrived on the gnome mailinglists where users tried to explain their concerns, frustrations and the leading target of GNOME.

but the core development team of gnome don't give a damn about what their users are thinking or wanting and most of the time they come up with their standard purl. the reply they give is mostly the same. users should either go and 'file a bug' at bugzilla or the user mails are being turned so far that at the end they sound like being trolls or the user feedback is simply not wanted. whatever happens the answers aren't really satisfying for the user. even constructive feedback isn't appreciated.

if you gonna think about this for a minute then things gonna harden that they are directing into the commercial area. the core development team actually don't care fo

I am going to avoid ad-hominem attacks and just present facts - can you do the same?

3 years? I calc 2 1/2 years - amazing how 3 years is a lot to you but not 6 months.

Let's look at some of your other arguments:

You say that Linux was just a fledgling in 2001 and yet RedHat reported profits for the first time in 2001 and Linux had over 15,000,000 users already in 1999 (source - RedHat. The only estimate I could find of users today is around 18,000,000. Obviously we are not talking about servers here but I am making the argument that Linux was far from fledgling at that point.

You compared the change to the "Microsuck revolution." What revolution would that be? Dos far outsold anything that Apple ever put out and Windows 3.1 had sold 10 million in 1990 (the most of any GUI at that point). By the mid 90's Apple was struggling just to survive. That's why they hired Gil Amelio in 96 to clean house. I remember those days because at that point I was fresh out of college and using a Mac - an SE/30 that probably still runs today. At that point the entire population of computers was small enough to make any change a significant percentage. Nowaday's - well let's save that for next.

The change that would be needed to get the swing you are talking about is astronomical. You are saying that Linux went from a 28% share to a 65% share. Now we don't have an accurate count of actual servers (at least not that I saw) but let's use 10 million since it is round and underestimated. If Linux was at 28% and went to 65%, assuming that the total count stayed the same there would have to have been 3.7 Million new Linux servers brought online. And that is way lowball. You are basically saying that Linux on the server has grown 130% in 2 1/2 years while Microsoft has shrunk in half. Considering that we established earlier that the entire population of Linux users is estimate to have grown by 3 million since 1999 I think that is a little ambitious.

Now one thing I noticed is that you ignored my comment about the change in the regular survey in that timeframe. In that time the percentage of Apache sites grew from 63 to 65 and IIS grew from 20 to 24. If there was such a huge swing away from Microsoft then how do you explain the growth in IIS? IIS doesn't run on Linux or any other OS.

And how about some logic. If I am a webhost running thousands of sites who am I a going to choose? Linux of course. It is faster, cheaper, more stable, easier to configure, and more secure. BUT if I am a big business that is only going to host two or three sites and I am already paying Microsoft for the servers what would I choose? Well even then I might choose Linux but most of them would choose Windows.

You talk about security being a big switching factor and yet most of the worms have been hitting desktops. Nimda and Code Red were IIS specific but they only lasted as long as they did because of amateurs not patching their machine. Big companies just patched and moved. And patching does not mean your site being down for hours. Most large sites have more than one webserver. That alone is enough for me to question your expertise. And like I said - the numbers from just last month don't support that assumption. IIS is still growing.

You want to know how really is getting hurt the most by Linux? Sun. The switch from Solaris to Linux is MUCH easier and cheaper than switching from Windows to Linux. So if Linux did grow from its 28% (which I'm sure it did to some extent) then it would be taking a lot of it from Sun and the other unix flavors.

Your comment about Microsoft on Netcraft is confusing. All I saw was a lot of IIS6. Maybe I am missing something. A link would be nice.

I am sure I could go on but this is the last of my posts until I see:

Solid numbers to support your case (I have given you tons - old and new).
Links - You seem to have lots of info but no support.
Rational discussion - name calling is tiresome and AC comment bashing is usually the last line of defense for a losing argument.

I look forward to your FULL response.

dear reader the gnome armageddon has started,

first of all i want to clarify that this text was meant to be a source of information otherwise i wouldn't have spent so much time into writing it. belive me it took me a couple of days writing this text in a foreign language. even if you don't care at all for gnome, you may find some interesting information within this text that you like to read. please try to understand my points even if it's hard sometimes, otherwise you wake up one day and feel the need to switch to a different operating system.

on the following lines i'm trying to give you a little insight of the gnome [gnome.org] community. the things that are going on in the back, the information that could be worth talking and thinking about.

many of us like the gnome desktop and some of us were following it since the beginning. gnome is a promising project because it's mostly written in C, easy to use, configurable and therefore fits perfectly into the philosophy of u*nix. only to name some of its advantages.

unfortunately these advantages changed with the recently new released version of gnome. the core development team somehow got the idea of targeting gnome to a complete different direction of users. the so called corporate desktop user. in other words they're targeting people that aren't familiar or experienced with desktop environments. usually business oriented people who are willing to pay money for getting gnome on their computers.

having this new target in mind, the core development team mostly under contract by companies like redhat [redhat.com], ximian [ximian.com] and sun [sun.com] decided to simplify the desktop as much as even possible by removing all its flexibility in favor of an easy clean simple interface to not confuse their new possible customers. so far the idea of a clean easy to use desktop is honourable.

some of the new ideas, features and implementations such as gconf [gnome.org], an evil windows registry like system, new ordering of buttons and dialogs, the removal of 90%-95% of all visible preferences from the control center and applications, the new direction that gnome leads and the attitude of the core development team made a lot of users really unhappy. these are only a couple of examples and the list can easily be expanded but for now this is enough. now let me try to get deeper into these aspects.

you may imagine that users got really frustrated [osnews.com] because their beloved gnome desktop matured into something they didn't want. during the time, the frustration of a not less amount of people increased. more [gnome.org], more [gnome.org] and more [gnome.org] emails arrived on the gnome mailinglists where users tried to explain their concerns, frustrations and the leading target of GNOME.

but the core development team of gnome don't give a damn about what their users are thinking or wanting and most of the time they come up with their standard purl. the reply they give is mostly the same. users should either go and 'file a bug' at bugzilla [gnome.org] or the user mails are being turned so far that at the end they sound like being trolls or the user feedback is simply not wanted. whatever happens the answers aren't really satisfying for the user. even constructive feedback [gnome.org] isn't appreciated.

if you gonna think about this for a minute then things gonna harden that they are dir

That's what we settled on. The entire rest of our world is Apple PowerBooks, iBooks and Gentoo boxen (except the internal web server -- it's an old RedHat machine).

We tried and tried and tried all the other IMAP servers, since we had to support Outlook XP, only UW-IMAP seemed to work with TLS and Outlook.

I would not want to run Gentoo on my mailserver. I want fast, fire and forget. I love Gentoo and OS X on my G4 PowerBook, on my desktop and even in the server and testbed farms.

Not email.

Not for a while.