Slashdot Mirror
Red Hat Advanced Server Gets DoD COE Certification
DaveAtFraud writes "CNET is reporting that Red Hat Advanced server has been certified as a 'Common Operating Environment' (COE) when running on an IBM server by the U.S. Department of Defense. Red Hat Advanced Server is the first version of Linux to receive this certification. The certification clears the way for broader use of Linux in governement computer systems. Its interesting to note that the certification effort was made for the more proprietary (and costlier) Red Hat Advanced Server and not the basic Red Hat distribution." This despite the best efforts of certain lobbyists.
I use it on a box to run apps that I developed that our M$ monkeys haven't matched(or can't) match. Mainly a lot of situations where one line of code does what would take several more in M$ (Scheduler vs. cron)
In our case it comes down to services. I work for the Commanding General and all he wants is "services not platforms".
I think maybe that has helped to bring in open source in our little corner of the military more than anything. IM talks about how they are M$ certified blah blah and I just bring out a new app coded in Perl that the green suiters can't live without.
Or better yet create one and let it run on one of my own outside servers and then demo it to them with a "Oh by the way, we need Linux to do this".
It's like heroin, get 'em hooked. They gotta have it. Superior services, not platforms.
As far as it being the more expensive version of RH that's certified, have you seen RH's stock price? You're still saving the military a lot more in the long run by getting the more expensive version.
Here's a better link to story, sans linkspam:
http://news.com.com/2102-1001-984202.html
COE? Here's the link to their homepage:
http://diicoe.disa.mil/coe/
Admins! Get your fucking heads out of your asses and check to see if something is linkspam before posting it. This isn't the first time. Someone is making money from the click through.
Fuck them.
RH Advanced Server has generated some ill-will in our company when we realized the only way to "have a peek" was to shell out 800 buxors. We did that, but the venom dented some people's enthusiasm.
.iso image, under a non-commercial license of some sort? I mean, shit, even Solaris 9 is available for 20 bux as a non-commercial, and 100 bux for commercial license.
Is there a way to get the
Sigged!
I think it's unfair to compare RedHat AS to Solaris. First of all, Solaris has gobs of system management tools, a kernel with many tricks up it's sleeve and a full UNIX98 compliance. And second, Solaris has a lifecycle of 11.5 years, while RedHat AS has only 3 year lifecycle.
Sigged!
RedHat might patch their 2.4.9 kernel to fix serious bugs, but they have only certified against the version that came out of the box.
I've been using AS2.1 for several months now, and I haven't been disappointed. If anything, now my employer "has someone to sue" if the OS doesn't work right. Wasn't that part of the hesitation for larger corporations in adopting Linux?
Never hit your grandmother with a shovel, for it leaves a bad impression on her mind...
Anyhow, all these distro's really have in common is the kernel code which makes them linux. The rest of the software (FTP, wm's, editors) bundled is up to the bundler. It is these choices that can make a distro more secure from another. EX: ssh v. telnet, std ftpd v. vsftpd, vi v. emacs (Sorry, I just had to ;-}) et al; The DOD is going to certify the whole bundle and not just individual pieces. Basically, they don't trust their admins (contractors mostly) to pick the right pieces on their own, so they will find a good bundle and certify that with special instructions.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
That said, why DON'T we just package the source tarballs instead of the binaries? I mean, back in the day it took forever to compile something on a beat up old 486. But today I can build Tcl/Tk in a little under 7 minutes, and the Linux Kernel in 20 or so. As the machines get faster and the compilers get more efficient tracking the binaries is going to seem downright silly after a while.
My US0.02
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Besides, last I checked Sun was hawking Linux.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
There has been a leak that Microsoft internally uses third party Product Management application written in Java that runs in Redhat Linux and the back end database is Oracle 9i.
.Net.
The MS internal audit team has found numerous security hole in Windows XP , SQL Server and
Based on their test the Java, Linux and Oracle database was the most secure and stable.
This isn't about some moron IT guy in a green/navy jumpsuit deciding to use NT because he likes it, it's about the moron IT guy having no choice in the matter because he HAS TO deploy a COE compliant system.
This is big news for Linux.
There was a LOT of bureaucratic inertia standing in the way of this effort inside the DoD. In the office this little initiative started in within ESC, the push for this cost two program managers and one engineer their positions, with extra effort made to derail their careers. Another person had to keep his head down and toe the line for a long time. The replacement for the second program manager was frusterated and constrained and a little scared, having entered the arena of combat by stepping over the corpses of the previous two (figuratively).
The efforts by DISA and Red Hat were started because the little program that those people worked on provided the customer for the product. Sure, there was a lot of "anecdotal" demand for Linux, but this was the first formal acquisition program that was committed to it. The guinea pig, so to speak.
Let's give proper respect to RH (those involved know who he is) at Red Hat, who took that first call and pitched it to his management, even though it looked like all the risk was on Red Hat.
In a free market economy the consumer has the option of making choices based on any number of factors including price, quality, speed/efficiency, convenience, and just plain old personal taste. However, in any system that shuts out all but the most deep pocketed (and well connected personally) companies then you had better be willing to pay more for less. Furthermore if the weights of the value of a product, service or the company that renders it has moved from the above factors (price, quality, etc) to that of the prettiest proposals, the slick talkingest (reverting to my Yosemite Sam mode) company personnel and the prettiness of words and documents presented then you will inevitably end up with less quality. Competition has then moved completely to the realm of draft picks for the cheerleader squad. It doesn't matter if they do nothing but look pretty and say stupid repetitive cheers... hey! they look pretty.
Bullshit artistry is _THE_ factor in government contracting, as a track record of proven quality does not factor in. Now to be fair, there is the SEI system in place (Systems Engineering and Integration) which mostly inherits from the ISO 9001 system. With five levels (1 - 5, no zero... 1 is granted to anyone whether they can find their ass with either hand or not) you have a criteria of process quality by which you can judge an organization. However, with all the money and obvious effort that went into creating and maintaining this system the Achilles heel is no different than in any other of the "best laid systems and plans" to date. That my friend is the factor of non-compliance to the very processes that define who is granted what level. In other words, they don't use it like it was intended thus rendering it as just another acronym. The ironic thing (but typical in entrenched bureaucracy) is that even though pretty much anyone will admit (if you ask them lightly in the break room over coffee) that the system is rather broken most of those will still puff up with pride (if contractor) if they are a talking head of an organization with higher than SEI Level 2 or will speak with awe and wonder (if government) of an organization with SEI Level 2 or higher.
What I fail to understand is why some will defend this bastardization on the grounds that those organizations with an undeserved SEI level are "Working Towards it." Well, that is good... really, however that is illogical when you look at the fact that the SEI system is not a projection but a grant of current operational status. I somehow doubt that there would be much validity in being granted a good bill of health after being shot 10 times if it was based on the fact that the surgical staff would "Soon fix me up good." No, instead I should be labeled as "In Critical Condition" and any other status be viewed as such. (Hmmm, is THAT what STAT comes from... meaning right NOW? I sure don't know) Back to IT work, if I was the customer then I would not care one damn bit of a system in place that is not consistently applied. The minute it becomes acceptable practice to arbitrarily award the SEI Levels is the same instance that such levels loose their meaning.
Now some might say (who lack working neurons) that this is exactly what happens with capitalist Evil Corporations (TM) yet in reality we see that it is the government itself that creates this system. If the government would place individuals in decision making roles that had both a sense of ethics as well as refined professionalism then you would find that requirements would soon show a dramatic shift towards the quality of the products and services rendered. Networked people are important, to that there is no question. Yet a professional organization will correctly view those connected personnel as one of the many factors involved in doing business. ("Professional" defined here not just as "they get paid to do X" but referring the the ethical and motivational set of standards and practices they employ) Some actually believe that without business developers sliming their way through the system, charming the customer and confusing them when they question bad quality, that there would be no business. Perhaps in some cases there would be less, but there have been entirely too many cases in history (large and small) that show that if there is a need on one end and a supplier on the other than things can work out just fine. The middle man is nothing more than a facilitator of this process... a catylist (sp) but since they themselves do not do any real work they are expendable in reality. Before them business happened at perhaps a slower rate. Without them business adapts. Without those providing the actual product and service than there is nothing to be made of the best of deals. Take out the bullshit artists in the government and soon you will find that their contractual counterparts will begin to vanish as well.
On a different but very much related note: Has anyone ever done a study of the percentage of commercials split up by radio, television and print (including the net) that actually advertise the uniqueness of the product, its advantages over competitors and why you should buy it? Don't get me wrong, I LOVE those beer commercials usually. However when so many commercials have become little sitcoms or tools of the "arteest" then I really fail to see how I as a consumer am supposed to do anything but ignore them and focus on doing research (to include ratings). I rarely see any commercial that is useful however that could just be where I live.
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
As far as security goes, I doubt the government will worry much about the bundled software; they generally disable everything they're not interested in and install their own segments for the functionality they need. While that does mean that the production systems probably won't have my favorite applications (because they haven't been ported to DII COE segments), at least my development systems can have what I want and still closely match the production systems. Heck, I could even develop at home.
That said, getting *any* version of Linux certified is great for me. I expect most of the Solaris segments will run with very little modification, so my development environment can very closely match my production environment. An the performance benefits I get from running on x86 hardware -- not to mention cost benefits -- will be phenomenal. (Given the recent revelations concerning Java and Solaris, running under a different OS is welcome as well, since a large part of our software is affected.) I might even get to use bash! And vim! (And emacs, for the heathens. Or your editor of choice.) And gcc!
I expect Linux will win its place in the DII COE hierarchy, and sooner rather than later. In fact, at least one very important DII COE segment is already adding Linux support. My job is about to get a whole lot easier.
For geek dads: Contraction Timer
Actually no, this is a lesser certification. Linux has never achieved any security certifications of any kind while MS has starting with NT4. NT4 and W2K has also held this certification for some time. So, once again, linux playing catch up. Next thing you know various distributions will even try to match the look and feel of win-- opps, already happened.