Slashdot Mirror
Red Hat Has a Rocking Week
bgarcia writes "There is a PR Newswire story stating that Red Hat and RSA Security have signed an agreement to include RSA's BSAFE SSL software in Red Hat Linux Professional Edition." And Wired tells us Red Hat is coming out with with a new version that improves large system performance and speeds crash recovery. (Click below for more)
Plus, earlier this week we read about the e-commerce product they're working on with Oracle and their rumored Cygnus acquisition. Hot stuff, especially for corporate Linux users.
It looks like Red Hat is back on track, doing great Linux stuff, instead of fooling around with peripheral things like their Linux version of MSNBC (with Salon, The Industry Standard, and The Register jointly playing NBC).
According to a friend of mine who dabbles in the stock market, Red Hat's stock is up nicely as a result of their decision to go back to doing more of what they do best: improving Linux and extending its marketability.
Mazeltov!
Patented, but they let anyone use it for free.
They also released both the beta cycle was completed. The 6.1 installer wasn't ready yet.
IANALBIPOOGL (I am not a Lawyer, but I play one on GrokLaw.)
I think the AC poster was being a wee bit sarcastic, Robin.
I've had to reboot a Linux machine many times before because of failures.
On occasion, my sound card will die, and all programs trying to use it will report it's already being used.
My X server (XFree86) occasionally crashes while starting and won't let me switch over to a virtual console. On my RedHat 6.0 box, I have some problems with random lock-ups.
XMame (SVGAlib) will nix your display under text mode under quite a few video games. Sometimes even because of a bad command line.
So, badly designed programs would be happy to crash your system. Linux isn't just the kernel.
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
From what I read here, and if we pull off from that detail and look on the broader picture it seems like RH is going M$ way: adding extra stuph to the core, and trading off system qulaity?! Aiming at profits (although they are a commercial company... therefore after the profits) rather then looking at the quality of the system performance. Adding user friendly interface + xtra glossy features, bells and whistles, covering up the mess under the bonnet. Many of us'd had enough of that with M$Win+ systems....
There was a posting a few days ago about diff distros. Some people were slagging off RH as not been as professional as other distros. Pointing exactly the above. Personally I do not find that this move would add any good to RH standing reputation.
dzak.com
Everybody has the right of a wrong oppinion!
The world does not revolve around the United States.
Hmmm ... I wonder how much money would be needed to setup a server farm on the moon. Obviously lots, but consider the idea of a domain that is actually outside all jurisdictions! Of course the ping time is a bitch, I know, but it wouldn't even be as bad as the original UUCP store and forward-at-night-when-the-rates-are-low days. I suppose we might have to get some patches for time-to-live parameters in the comms stack...
This is one of the things I love most about linux (as opposed to, say, windows). I find that about 90% of system freezes can be dealt with safely, and considering that system freezes are pretty rare to begin with, things tend to go smoothly more often than not.
Isn't this really available in all modern OSes except Microsoft and MacOS 9 or lower? In other words with my NeXT or my Solaris box or any of my Linux machines it's just a given that I can probably get in over the network via telnet and clean up. When my NT box locks up it takes me a couple of microseconds of unpleasant confusion before I realise "Oh yeah, it's that piece of junk" and _try_ and get task manager up - the last resort. Now where Linux does have an edge over some other Unices in my experience is the multiple virtual consoles - oftentimes an X problem just needs a quick trip into VGA mode and I'm all done. Sweet.
Chris
Production quality? its not even working at all yet. Right now, there is no way to read an XFS filesystem in Linux. I suspect it will be at least 6 months before that changes. Most users might be better suited by ext3 or ReiserFS anyway.
It definitely isn't. Last time I checked, it didn't even compile.
Guess they stripped off a few things too much.
For now, both ext3 and ReiserFS are better choices.
This message is provided under the terms outlined at http://www.bero.org/terms.html
Diffie-Hellman is not equivalent to RSA. It's vulnerable to man-in-the-middle attack. There are, however, some free assymetric algorithms that *can* be used - elliptic curves, for instance.
But the real problem is that many data-exchange standards (SSL, and MP3) *require* you to use patented technology. This is bad - you can't even save your data without violating a patent.
I refuse to use
Yeah, centimetres and inches.
11.0010010000111111011010101000100010000101101000
I don't know what your beef can possibly be with 5.2, as that is perhaps the only good release they've done in a long time. Now, I'm not talking about good as in compatibility with Quake or WINE or some stuff like that. I'm talking about pure reliability. And with the exception of polished releases like 4.2 and 5.2, RedHat has not had this in suitable amounts for quite some time.
One more point in my rant. I attempted to install 6.1 the other day (this is what lead to my conversion), and could not even get the installer to function properly. After spending several hours with it, I continually got installer script errors.
Short list of horrible RedHat problems of yore
I could go on and on. And if you could see the redhat-list archives of the last few years, you would see people complaining about the same problems from release to release.
With all due respect, one might as well say that it is available, but only usable on the moon.
What about international waters?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
What about their announcement to include Motif?
---
The world does not revolve around the United States.
*ahem*
To repeat: The fact remains that most of the Internet's bandwidth and business is centered in the US.
I'm sorry, but today, the Internet does revolve around the US. I am not saying that is good or bad, but it is the truth. Thus, an OSS e-commerce solution that cannot be used inside the US is locked out of the vast majority of the market.
Next time, before you reply, please read the post you are replying to. Thank you.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
In fact, it sounds like they continue to cater more and more towards corporate users or purchasers of their commercial package. Which is fine, except that they also have a certain responsibility to those of us who AREN'T paying customers. Strange but true.
Frankly, I think that RedHat is going to be in seriouis trouble once a lot of people realize that they're recent releases (4.0, 5.0, 6.0, 6.1 for instance) are horrible and that the competition (Linux-Mandrake for instance) is way ahead in terms of actually getting things working correctly.
I've used RedHat for a long, long time now; but the other night I formatted and moved on. First they didn't have the quality to warrant my money, and now they don't have the quality to warrant my bandwidth.
"But from 8 bucks to 100+, seems rather overwhelming."
Reread the earlier post. Up $8... *to* $100..., meaning it went up $8, *not* from $8 to $100.
The speed thing is because people try out the pre-release ext3, which journals /everything/ not just metadata, which is a speed hit. Metadata-only journalling will be the default for the release versions, AFAIK
i tried..but my comments were ignored.
What does Redhat owe you? They sell free software after packaging it. They don't actually take anything from you. They give away (if you have the bandwidth) all that is required to go into direct competition with them. Buy a cd burner and a cable modem and put them out of business.
How can Redhat be horrible if Mandrake is way ahead? Mandrake is Redhat with some additions.
If you aren't doing that, stop whining.
> If you aren't doing that, stop whining.
Buy a vowel, fella. He wasn't whining. He was stating a fact and offering his support in favor of Red Hat's decision. He went out of his way to be very polite in his statement of facts.
If anything, you're the one whining with your "The world does not revolve around the US" statement. Duh. If I recall correctly, the world revolves around the sun.
Thomas Dorris
> Is this just a new version of RSAREF, or what?
:-( This is very unfortunate because RSA can and will charge an arm and a leg, literally, for the privledge of using their super-cool algorithms in a commercial product. Nevermind the fact that they aren't the only game in town with it comes to cryptography.
It's RSA's implementation of their crypto algorithms. Here's an example of how one might find one's self in need of this (speaking from unfortunate experience). Let's say you wish to write a monitoring product that will submit queries to a secure web server and check that the applications being accessed are functional. In order to do this, one would need to construct a secure socket. In order to do this, one would need to implement a cipher suite that matches one of the cipher suites supported by the web server being accessed.
Non of this implies use of RSA algorithms. However, RSA has their own little monopoly thing going where the ONLY cipher suites supported by the Netscape Enterprise webserver and Microsoft's IIS make use of RSA-patented algorithms.
It's just very frustrating to be forced into a licensing agreement with a company because they hold a stanglehold on the market. There are plenty of good, FREE crypto algorithms out and about, but this doesn't matter. You can't use them because the webservers you wish to talk to don't support them. I assume RSA forced Netscape and Microsoft into some sort of exclusive arrangement that prevents them from using anything other than RSA stuff, but I don't know that for sure.
It's just bad business practice and it hurts us all.
Anyway, the BSAFE SSL-C library allows an application to make use of RSA algorithms over secure socket connections. I just wish Red Hat had also gotten a license for the SSL-J stuff as well...about 90% of my work these days is in Java. Yet another C library that I'd have to write wrappers around in Java just doesn't help me much.
Thomas Dorris
Free use or not, can it be GPL'd if its patented? Wouldn't that mean that if one day they want to collect license fees, I could just take the GPL'd
source and use taht for free? IANAL.
Is this just a new version of RSAREF, or what?
that they give some stuff back! (Speed improvements, etc)
and.. the SSL stuff is really cool. e-commerce is a big key right now.
oops.
I missed the part in the wired article about releasing the source to their changes.
Sorry about that.
As far as I understand it, the RSA software will not be released as Free Software (am I wrong?). If this is in fact the case, then RedHat is actively supporting the development of proprietary software. The question is: is this a Good Thing? I seriously doubt it.
bye
schani
are they gonna push ext3 or one of the others reported in here last week hmmmmm...
ill take clues for 100 please jim...
im sure the deveolpers of the other file would kinda like to know tot, do you suppose??
use Signature::Witty;
Although Red Hat didn't announce a date for the new version's release, investors reacted happily, bumping the stock up US$8.25 to $103.50 per share.
Okay, my biggest question, as I know nothing financial, is how I am to assume this reaction. Now, my guess being that investors and stockholders are typically ignorant, and are simply reacting to promises of 'making the fad even more', taking a niche market and exploiting it until it catches on, but I could be completely wrong.
However, I think the addition of Intel 64-bit support as well as the inclusion of a journalling file system (Wired didn't tell me which one, does anybody know?), is a Good Thing. With Linux getting more and more support, and easier to operate with X, even those more accustomed to NT are finally falling prey to its lure.
Sure there is. OpenSSL. It's just not usable in the US (at least for commercial use, and only if you use RSAREF), because of stupid software patents.
But next year, the patent *finally* goes away, and we should be able to use OpenSSL at long last.
Argh. Software patents suck!
--
Interested in XFMail? New XFMail home page
Now maybe they can spend some of their newfound money fixing up RH6.1. The installer is absolutely ATROCIOUS this time around, and there are some maddening misconfigurations and dumblefuck errors made in setting up KDE and gnome. Still, it's one of the best distros that no money can buy. Go Red Hat!
Consider that there continues to be no open-source alternative at the strength and dependibility of the RSA product. Consider also that this is an area key to the viability of Linux as a serious alternative operating system.
In other words, consider this a stopgap. I've noticed that OSS is normally better than the proprietary alternatives and can evolve at a staggering rate (witness KDE and Gnome), but they don't always do so. So, in order to not be viewed as falling behind, we need to get something in place until the OSS products catch up.
It's also worth considering that commercial software is a good solution is some cases (note: this is not necessarily one of them). For example, the OSS paradigm has yet to produce a really killer game (except, of course, xBill), a good set of office applications or a competetive financial app (yeah, I know, GNUCash. It doesn't hold a candle to MS Money).
Free software is a good development alternative because the end products are generally superior. I pride myself on being able to choose the superior solution, both for myself and for the people I work or consult for. Red Hat's partnering with RSA and use of their product puts them at the head of the pack, and that's what really counts.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I wouldn't say that. RHAT settled in the $80-$85 range about a month ago, and hasn't moved either way with a comparatively low trading volume. That was until the Microsoft decision came down. On Monday after the decision, the stock jumped $16 to about $105. It's been a bit volatile this week, with heavier than normal trading volume.
It looks to me like the stock is going to settle again in the $95-$100 range. Those PR announcements regarding RSA and ReiserFS did not appear to be much of a factor. In fact, Yahoo reported that the RSA announcement was more of a factor on RSA's stock, then anything else.
This does appear to be an interesting pattern: announcements of some RHAT deal or partnership having very little effect on RHAT stock, but causing a rally in the other company's stock.
--
Dan Kaminsky writes: "Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE."
Good point. If the same reasoning should lead anyone to distrust the US version of PGP, consider using PGPi, the International version of PGP (available from http://www.pgpi.com/ ). It is Open Source and includes the source code to the RSA algorithm (and everything else in PGPi, of course). Being Open Source, it's very likely not RSA's implementation of the algorithm.
Redhat has 'supported' non-free software before; look at their distribution of Real Networks' server and client, Netscape, and BRU.
The only time it became an issue was with KDE, when they hypocritically condemned Qt and KDE in favour of their Gnome project.
I really doubt this kind of announcement will have any notable impact on stock prices. Companies often spew out all kinds of news to boost their public image. Investors realize this is usually a more of a marketing thing than anything else, and typically ignore it. You'd also have to try to get the wire services to pick up your story and publish it where the wheelers and dealers can see it...personally I don't see Reuters or even BusinessWire talking about the next Perl release any time soon.
These are crucial times for Redhat. I'm glad to see they are using the newfound $$$ to address the needs that many Fortune 500 Co.'s see as important for a commercial server.
I am currently reading a book called "Insanely Great" by Steven Levy. The book takes a look at Apple in the early days, and the development of the Macintosh. One of the issues it talks about is the changes Apple went through after they went public.
Many suits and professional manegement types were brought in to deal with the needs of a rapidly growing company. This of course clashed with the free-flowing free-spirit atmosphere that Apple started with. Creativity doesn't always mix well with Suits and endless meetings and paperwork. (One could make the point this was part of the downward slide of Netscape.)
IMHO this is probably something RedHat is dealing with now. I would be interested in hearing from some employees at RedHat about how this transition is going. What is the atmosphere like ?
You're not an "insider". Just a programmer. If may be a different case if you were working for Redhat on some secretive project. But you're not. Even then, you'd probably be in the clear, because a software project on it's own is not going to have a DEFINITE impact on a single companies stock price. The work you're doing is presumably in the open, and even if it's not, you have no guarentees that Redhat or any other company is going to adopt whatever you've done.
Insider trading is mainly enforced when:
1 - Someone (CEO, CFO, buddy of a guy in accounting) finds that the company is going to produce a larger than expected loss and sells their stock before that information is disclosed to the rest of the investing public.
2 - Someone again involved with the company in some way, finds that they're about to take over another company, and buys up stock in the second company knowing that it's about to be bought out, but prior to it becoming general knowledge.
'nuff said
Should RedHat really be doing all these "changes" to the kernel and applications now? Are we going to be stuck with another horrible standard like RPM? Which, by the way, no matter how good you say it is, it's still the wrong way to do it.
I think RedHat is getting a big head over this whole IPO thing. I don't really think them buying Cygnus is a GoodThing(tm) either. egcs has been incorporated into the FreeBSD source tree. RedHat's software has never been know to be even remotely portable. (Trust me. I've tried it) What will happen when RedHat starts "making changes" to the egcs code base? Are we going to end up with a compiler that only works with the Linux 2.3.78-ac256 kernel?
God, when did it get easier to use? Did this happen over night or something. Enough of this desktop crap and concentrate on the server.
hack my box please, it's at bistromath.intercarve.net
I'd guess that they will use ext3. From what
I've heard (eg- not personally tested) it is
5-10% faster than ext2. I was a real nice sight
to see a kernel being compiled, and the power button being hit, followed by a fast reboot on a laptop the other day when I saw a demo.
Something just doesn't sit right between BSAFE and I.
Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE.
After all--we know the design justifications behind everything in the original version of PGP, and the various algorithms contained with SSLeay. I can't imagine how I could ever have the same kind of faith in a company whose very existence is dependant upon the agencies whose primary agenda is to stifle the spread of encryption technologies.
Protocols are proved by unique implementations--just ask NASA, which has multiple unique implementations of all critical systems, so a major bug in one doesn't cause the primary mission to fail. That RSA Inc. specifically tries to suppress unique implementations tells me that any software based on their code is unproved.
That's my opinion, and I'm sticking to it.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
It comes with 100's of more packages, and the ones that they share are usually more recent. Also, their desktop is much nicer.
Why is it everyone's all bent out of shape about RSA's patents??? They did discover their algorithm.
IF someone else had first, then they couldn't be awarded the patent.
IF someone else had devised a suitable alternative, then you'd be free to use that implementation as well or instead of.
The truth is they spent a lot of time in developing and testing (read: INVENTING) their algorithm. That time could have been spent in a more risk-free setting, working on already "proven" technologies. Would we be better off? Would their technology ever have made it past the intellegence community and to us? Doubtfully.
Patents are here to protect the inventors. Some companies abuse them, by letting their implentations be subject to widespread use prior to notifying users of their intent to collect royalties, like Unisys and LZW. RSA has always charged fees to use their products.
If patents hadn't been around to protect theirs and countless other inventions, I doubt that even computers as they are today would have been possible. Why would someone want to take the risk of spending huge amounts of time and money on a project only to allow others to profit from it?
By the way, isn't Diffie-Hellman considered equivilant? Why don't you people simply use that? Apache's opensource, Netscape fully documents their API's, and Microsoft provides enough access to theirs so that you could make plug-ins for all the major servers. Likewise for browsers. Or is it that RSA's implentation is more proven?
Why not XFS? Is it not production-quality yet? (Would surprise me if it isn't.)
Organizations usually protect their patents from expiration by securing similar/dependent patents that expire at different times.
We're definitely including ext3, and experimenting with ReiserFS.
This message is provided under the terms outlined at http://www.bero.org/terms.html
In my mind RSA is not a company that stands for open solutions. They have horded patents for the last 17 years that allowed them to monopolize the whole concept of assymetric crypto, and even attempted to keep some of their symmetric algorithms as trade secrets.
You could claim that it is more their fault than anything else that crypto didn't become reality for the common man until the last couple of years (though, before I get flamed, they also did make many great discoverees).
I'm not sure I'm happy to see Redhat in bed with them..
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Redhat paid fees to RSA quite some time ago and has been passing along the result in the "Secure" and "Commerce" (now called "Professional") editions of its distro since at least 5.2. They use the same mod_ssl and openSSL packages you can download for free but aren't legally allowed to use for commercial deployment in North America.
Redhat is paying RSA's "toll" for using their patented algorithms in North America. In other words, they make it legal for commercial sites in the US to run Apache with mod_ssl, making for a cheap, first-rate alternative to Raven or Stronghold.
As far as I can tell, this PR blitz is mostly RSA stock trying to ride in Redhat's jetstream.
The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:
The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?
I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Its good buisness to get ahead of future competitors.