Bitten By the Red Hat Perl Bug

snydeq writes "Smart coders always optimize the slowest thing. But what if 'the slowest thing' is the code supplied by your vendor? That was exactly the situation Vipul Ved Prakash discovered when he tinkered with a company Linux box on which Perl code was running at least 100 times slower than expected. The code, he found, was running on CentOS Linux, using Perl packages built by Red Hat. So Prakash got rid of the Perl executable that came with CentOS, compiled a new one from stock, and the bug disappeared. 'What's more disturbing,' McAllister writes, 'is that this Red Hat Perl performance issue is a known bug,' first documented in 2006 on Red Hat's own Bugzilla database. Folks affected by the current bug have two options: sit tight, or compile the Perl interpreter from source — effectively waiving your support contract. If a Linux vendor can't provide comprehensive maintenance and support for the open source software projects you depend on, McAllister asks, who ever will?"

Re:Redhat?

You mean real h4x0rz like Sam Hocevar, who ran Debian last, put predictable pseudo-random number generators in their SSH packages.

Red Hat bitten by its own poor security

[Wills]

I'm surprised nobody is mentioning that Red Hat was itself recently bitten by another sort of bug - a security breach. Red Hat's servers were breached and an openssh trojan installed with correct Red Hat signature. Sadly, it seems that the breach happened because Red Hat was in the peculiar habit of keeping the package signing machine networked and accessible from the internet.

Re:waiving your support contract?

[Thaelon]

That was a very credible post. Right up until you said "boxen".

Grown ups say "boxes".