Slashdot Mirror
Red Hat Has a Rocking Week
bgarcia writes "There is a PR Newswire story stating that Red Hat and RSA Security have signed an agreement to include RSA's BSAFE SSL software in Red Hat Linux Professional Edition." And Wired tells us Red Hat is coming out with with a new version that improves large system performance and speeds crash recovery. (Click below for more)
Plus, earlier this week we read about the e-commerce product they're working on with Oracle and their rumored Cygnus acquisition. Hot stuff, especially for corporate Linux users.
It looks like Red Hat is back on track, doing great Linux stuff, instead of fooling around with peripheral things like their Linux version of MSNBC (with Salon, The Industry Standard, and The Register jointly playing NBC).
According to a friend of mine who dabbles in the stock market, Red Hat's stock is up nicely as a result of their decision to go back to doing more of what they do best: improving Linux and extending its marketability.
Mazeltov!
Patented, but they let anyone use it for free.
They also released both the beta cycle was completed. The 6.1 installer wasn't ready yet.
IANALBIPOOGL (I am not a Lawyer, but I play one on GrokLaw.)
I think the AC poster was being a wee bit sarcastic, Robin.
I've had to reboot a Linux machine many times before because of failures.
On occasion, my sound card will die, and all programs trying to use it will report it's already being used.
My X server (XFree86) occasionally crashes while starting and won't let me switch over to a virtual console. On my RedHat 6.0 box, I have some problems with random lock-ups.
XMame (SVGAlib) will nix your display under text mode under quite a few video games. Sometimes even because of a bad command line.
So, badly designed programs would be happy to crash your system. Linux isn't just the kernel.
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
The world does not revolve around the United States.
Hmmm ... I wonder how much money would be needed to setup a server farm on the moon. Obviously lots, but consider the idea of a domain that is actually outside all jurisdictions! Of course the ping time is a bitch, I know, but it wouldn't even be as bad as the original UUCP store and forward-at-night-when-the-rates-are-low days. I suppose we might have to get some patches for time-to-live parameters in the comms stack...
This is one of the things I love most about linux (as opposed to, say, windows). I find that about 90% of system freezes can be dealt with safely, and considering that system freezes are pretty rare to begin with, things tend to go smoothly more often than not.
Isn't this really available in all modern OSes except Microsoft and MacOS 9 or lower? In other words with my NeXT or my Solaris box or any of my Linux machines it's just a given that I can probably get in over the network via telnet and clean up. When my NT box locks up it takes me a couple of microseconds of unpleasant confusion before I realise "Oh yeah, it's that piece of junk" and _try_ and get task manager up - the last resort. Now where Linux does have an edge over some other Unices in my experience is the multiple virtual consoles - oftentimes an X problem just needs a quick trip into VGA mode and I'm all done. Sweet.
Chris
Production quality? its not even working at all yet. Right now, there is no way to read an XFS filesystem in Linux. I suspect it will be at least 6 months before that changes. Most users might be better suited by ext3 or ReiserFS anyway.
It definitely isn't. Last time I checked, it didn't even compile.
Guess they stripped off a few things too much.
For now, both ext3 and ReiserFS are better choices.
This message is provided under the terms outlined at http://www.bero.org/terms.html
Diffie-Hellman is not equivalent to RSA. It's vulnerable to man-in-the-middle attack. There are, however, some free assymetric algorithms that *can* be used - elliptic curves, for instance.
But the real problem is that many data-exchange standards (SSL, and MP3) *require* you to use patented technology. This is bad - you can't even save your data without violating a patent.
I refuse to use
Yeah, centimetres and inches.
11.0010010000111111011010101000100010000101101000
I don't know what your beef can possibly be with 5.2, as that is perhaps the only good release they've done in a long time. Now, I'm not talking about good as in compatibility with Quake or WINE or some stuff like that. I'm talking about pure reliability. And with the exception of polished releases like 4.2 and 5.2, RedHat has not had this in suitable amounts for quite some time.
One more point in my rant. I attempted to install 6.1 the other day (this is what lead to my conversion), and could not even get the installer to function properly. After spending several hours with it, I continually got installer script errors.
Short list of horrible RedHat problems of yore
I could go on and on. And if you could see the redhat-list archives of the last few years, you would see people complaining about the same problems from release to release.
With all due respect, one might as well say that it is available, but only usable on the moon.
What about international waters?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
What about their announcement to include Motif?
---
The world does not revolve around the United States.
*ahem*
To repeat: The fact remains that most of the Internet's bandwidth and business is centered in the US.
I'm sorry, but today, the Internet does revolve around the US. I am not saying that is good or bad, but it is the truth. Thus, an OSS e-commerce solution that cannot be used inside the US is locked out of the vast majority of the market.
Next time, before you reply, please read the post you are replying to. Thank you.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
In fact, it sounds like they continue to cater more and more towards corporate users or purchasers of their commercial package. Which is fine, except that they also have a certain responsibility to those of us who AREN'T paying customers. Strange but true.
Frankly, I think that RedHat is going to be in seriouis trouble once a lot of people realize that they're recent releases (4.0, 5.0, 6.0, 6.1 for instance) are horrible and that the competition (Linux-Mandrake for instance) is way ahead in terms of actually getting things working correctly.
I've used RedHat for a long, long time now; but the other night I formatted and moved on. First they didn't have the quality to warrant my money, and now they don't have the quality to warrant my bandwidth.
"But from 8 bucks to 100+, seems rather overwhelming."
Reread the earlier post. Up $8... *to* $100..., meaning it went up $8, *not* from $8 to $100.
The speed thing is because people try out the pre-release ext3, which journals /everything/ not just metadata, which is a speed hit. Metadata-only journalling will be the default for the release versions, AFAIK
> If you aren't doing that, stop whining.
Buy a vowel, fella. He wasn't whining. He was stating a fact and offering his support in favor of Red Hat's decision. He went out of his way to be very polite in his statement of facts.
If anything, you're the one whining with your "The world does not revolve around the US" statement. Duh. If I recall correctly, the world revolves around the sun.
Thomas Dorris
> Is this just a new version of RSAREF, or what?
:-( This is very unfortunate because RSA can and will charge an arm and a leg, literally, for the privledge of using their super-cool algorithms in a commercial product. Nevermind the fact that they aren't the only game in town with it comes to cryptography.
It's RSA's implementation of their crypto algorithms. Here's an example of how one might find one's self in need of this (speaking from unfortunate experience). Let's say you wish to write a monitoring product that will submit queries to a secure web server and check that the applications being accessed are functional. In order to do this, one would need to construct a secure socket. In order to do this, one would need to implement a cipher suite that matches one of the cipher suites supported by the web server being accessed.
Non of this implies use of RSA algorithms. However, RSA has their own little monopoly thing going where the ONLY cipher suites supported by the Netscape Enterprise webserver and Microsoft's IIS make use of RSA-patented algorithms.
It's just very frustrating to be forced into a licensing agreement with a company because they hold a stanglehold on the market. There are plenty of good, FREE crypto algorithms out and about, but this doesn't matter. You can't use them because the webservers you wish to talk to don't support them. I assume RSA forced Netscape and Microsoft into some sort of exclusive arrangement that prevents them from using anything other than RSA stuff, but I don't know that for sure.
It's just bad business practice and it hurts us all.
Anyway, the BSAFE SSL-C library allows an application to make use of RSA algorithms over secure socket connections. I just wish Red Hat had also gotten a license for the SSL-J stuff as well...about 90% of my work these days is in Java. Yet another C library that I'd have to write wrappers around in Java just doesn't help me much.
Thomas Dorris
Free use or not, can it be GPL'd if its patented? Wouldn't that mean that if one day they want to collect license fees, I could just take the GPL'd
source and use taht for free? IANAL.
that they give some stuff back! (Speed improvements, etc)
and.. the SSL stuff is really cool. e-commerce is a big key right now.
oops.
I missed the part in the wired article about releasing the source to their changes.
Sorry about that.
As far as I understand it, the RSA software will not be released as Free Software (am I wrong?). If this is in fact the case, then RedHat is actively supporting the development of proprietary software. The question is: is this a Good Thing? I seriously doubt it.
bye
schani
are they gonna push ext3 or one of the others reported in here last week hmmmmm...
ill take clues for 100 please jim...
im sure the deveolpers of the other file would kinda like to know tot, do you suppose??
use Signature::Witty;
Although Red Hat didn't announce a date for the new version's release, investors reacted happily, bumping the stock up US$8.25 to $103.50 per share.
Okay, my biggest question, as I know nothing financial, is how I am to assume this reaction. Now, my guess being that investors and stockholders are typically ignorant, and are simply reacting to promises of 'making the fad even more', taking a niche market and exploiting it until it catches on, but I could be completely wrong.
However, I think the addition of Intel 64-bit support as well as the inclusion of a journalling file system (Wired didn't tell me which one, does anybody know?), is a Good Thing. With Linux getting more and more support, and easier to operate with X, even those more accustomed to NT are finally falling prey to its lure.
Sure there is. OpenSSL. It's just not usable in the US (at least for commercial use, and only if you use RSAREF), because of stupid software patents.
But next year, the patent *finally* goes away, and we should be able to use OpenSSL at long last.
Argh. Software patents suck!
--
Interested in XFMail? New XFMail home page
Consider that there continues to be no open-source alternative at the strength and dependibility of the RSA product. Consider also that this is an area key to the viability of Linux as a serious alternative operating system.
In other words, consider this a stopgap. I've noticed that OSS is normally better than the proprietary alternatives and can evolve at a staggering rate (witness KDE and Gnome), but they don't always do so. So, in order to not be viewed as falling behind, we need to get something in place until the OSS products catch up.
It's also worth considering that commercial software is a good solution is some cases (note: this is not necessarily one of them). For example, the OSS paradigm has yet to produce a really killer game (except, of course, xBill), a good set of office applications or a competetive financial app (yeah, I know, GNUCash. It doesn't hold a candle to MS Money).
Free software is a good development alternative because the end products are generally superior. I pride myself on being able to choose the superior solution, both for myself and for the people I work or consult for. Red Hat's partnering with RSA and use of their product puts them at the head of the pack, and that's what really counts.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I wouldn't say that. RHAT settled in the $80-$85 range about a month ago, and hasn't moved either way with a comparatively low trading volume. That was until the Microsoft decision came down. On Monday after the decision, the stock jumped $16 to about $105. It's been a bit volatile this week, with heavier than normal trading volume.
It looks to me like the stock is going to settle again in the $95-$100 range. Those PR announcements regarding RSA and ReiserFS did not appear to be much of a factor. In fact, Yahoo reported that the RSA announcement was more of a factor on RSA's stock, then anything else.
This does appear to be an interesting pattern: announcements of some RHAT deal or partnership having very little effect on RHAT stock, but causing a rally in the other company's stock.
--
Dan Kaminsky writes: "Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE."
Good point. If the same reasoning should lead anyone to distrust the US version of PGP, consider using PGPi, the International version of PGP (available from http://www.pgpi.com/ ). It is Open Source and includes the source code to the RSA algorithm (and everything else in PGPi, of course). Being Open Source, it's very likely not RSA's implementation of the algorithm.
These are crucial times for Redhat. I'm glad to see they are using the newfound $$$ to address the needs that many Fortune 500 Co.'s see as important for a commercial server.
I am currently reading a book called "Insanely Great" by Steven Levy. The book takes a look at Apple in the early days, and the development of the Macintosh. One of the issues it talks about is the changes Apple went through after they went public.
Many suits and professional manegement types were brought in to deal with the needs of a rapidly growing company. This of course clashed with the free-flowing free-spirit atmosphere that Apple started with. Creativity doesn't always mix well with Suits and endless meetings and paperwork. (One could make the point this was part of the downward slide of Netscape.)
IMHO this is probably something RedHat is dealing with now. I would be interested in hearing from some employees at RedHat about how this transition is going. What is the atmosphere like ?
You're not an "insider". Just a programmer. If may be a different case if you were working for Redhat on some secretive project. But you're not. Even then, you'd probably be in the clear, because a software project on it's own is not going to have a DEFINITE impact on a single companies stock price. The work you're doing is presumably in the open, and even if it's not, you have no guarentees that Redhat or any other company is going to adopt whatever you've done.
Insider trading is mainly enforced when:
1 - Someone (CEO, CFO, buddy of a guy in accounting) finds that the company is going to produce a larger than expected loss and sells their stock before that information is disclosed to the rest of the investing public.
2 - Someone again involved with the company in some way, finds that they're about to take over another company, and buys up stock in the second company knowing that it's about to be bought out, but prior to it becoming general knowledge.
Should RedHat really be doing all these "changes" to the kernel and applications now? Are we going to be stuck with another horrible standard like RPM? Which, by the way, no matter how good you say it is, it's still the wrong way to do it.
I think RedHat is getting a big head over this whole IPO thing. I don't really think them buying Cygnus is a GoodThing(tm) either. egcs has been incorporated into the FreeBSD source tree. RedHat's software has never been know to be even remotely portable. (Trust me. I've tried it) What will happen when RedHat starts "making changes" to the egcs code base? Are we going to end up with a compiler that only works with the Linux 2.3.78-ac256 kernel?
Well, it doesn't hurt RSA. Monopolies, de-facto and otherwise, are very profitable.
And important thing to note here is that this is not an example of the patent system breaking down: this is an example of the patent system working as intended. A patent is a grant of a time-limited monopoly, with the condition of full disclosure of the technique. The US government granted RSA a monopoly on these algorithms, and so it's not terribly surprising that they've been able to parlay that into market domination.
I point this out because it's important to understand the differences between bad things that happen when the patent system is working as intended, versus when it's not working as intended. Most of the time, the patent-related complaints we hear are about bogus patents, patents that were obvious or trivial or already in the prior art. Those are examples of the patent system breaking down.
But if you fixed the problems at the patent office that caused bogus patents to be issued, and caused the patent office to execute their mandate correctly, situations like the RSA one would still occur.
In other words, if you're against the recent Amazon patent, you're against stupid patents. If you're against the RSA patents, you're against software patents.
I don't understand the importance of this inclusion as I figured that it was already in their secure server version. As far as I understand RSA will not allow you to license their stuff in the USA without it's use.
I'll agree, though, that there were a few errors that probably shouldn't have crept in there.
----
I think that it's perfectly legit (i.e. non-hypocritical) for RedHat to sell their basic RedHat Linux system, which comprises all free software, and then to additionally sell more commercialized versions which include non-free software.
Note that RedHat has in the past included non-free software on their CDs, but it's only on the CD that you buy (i.e. it's not available via FTP), and it has been non-core parts of the OS. (The flak over KDE was because KDE was a core OS component, and therefore it was dangerous to support it.)
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
Something just doesn't sit right between BSAFE and I.
Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE.
After all--we know the design justifications behind everything in the original version of PGP, and the various algorithms contained with SSLeay. I can't imagine how I could ever have the same kind of faith in a company whose very existence is dependant upon the agencies whose primary agenda is to stifle the spread of encryption technologies.
Protocols are proved by unique implementations--just ask NASA, which has multiple unique implementations of all critical systems, so a major bug in one doesn't cause the primary mission to fail. That RSA Inc. specifically tries to suppress unique implementations tells me that any software based on their code is unproved.
That's my opinion, and I'm sticking to it.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Why is it everyone's all bent out of shape about RSA's patents??? They did discover their algorithm.
IF someone else had first, then they couldn't be awarded the patent.
IF someone else had devised a suitable alternative, then you'd be free to use that implementation as well or instead of.
The truth is they spent a lot of time in developing and testing (read: INVENTING) their algorithm. That time could have been spent in a more risk-free setting, working on already "proven" technologies. Would we be better off? Would their technology ever have made it past the intellegence community and to us? Doubtfully.
Patents are here to protect the inventors. Some companies abuse them, by letting their implentations be subject to widespread use prior to notifying users of their intent to collect royalties, like Unisys and LZW. RSA has always charged fees to use their products.
If patents hadn't been around to protect theirs and countless other inventions, I doubt that even computers as they are today would have been possible. Why would someone want to take the risk of spending huge amounts of time and money on a project only to allow others to profit from it?
By the way, isn't Diffie-Hellman considered equivilant? Why don't you people simply use that? Apache's opensource, Netscape fully documents their API's, and Microsoft provides enough access to theirs so that you could make plug-ins for all the major servers. Likewise for browsers. Or is it that RSA's implentation is more proven?
Why not XFS? Is it not production-quality yet? (Would surprise me if it isn't.)
>> It's just bad business practice and it
>> hurts us all.
> Well, it doesn't hurt RSA. Monopolies,
> de-facto and otherwise, are very profitable.
I don't consider RSA a member of the set "us". I still believe their business practice has hurt "us" all. The term "us" in this case means all software developers just trying to implement a set of project requirements. There is no good reason why I HAVE to use an RSA algorithm to talk to a secure web server. There is only one reason, a very stupid one at that, that forces me to do this... RSA has bullied itself into market dominance. And until their crazy little patent expires, development on other similar algorithms has been hindered. Granted, there are plenty of other alternatives that have been developed despite RSA's position, but until most major browsers *and* servers support these alternatives, I contend that their development has been hampered greatly.
> In other words, if you're against the recent
> Amazon patent, you're against stupid patents.
> If you're against the RSA patents, you're
> against software patents.
For the record, I didn't say I was against the RSA patent; just their business practice. I believe RSA has a valid claim to their particular way of approaching encryption. I think they have every right to patent that idea. And if anyone wants to mangle data according to their specification, then they should feel obligated to pay RSA for that right. What I'm against, however, is the fact that RSA used that single, annoying little patent to stiffle deployment and, I'm sure to some extent, development of more robust, open solutions to the same problem. That's RSA's fault...not the patent office.
Thomas Dorris
Organizations usually protect their patents from expiration by securing similar/dependent patents that expire at different times.
We're definitely including ext3, and experimenting with ReiserFS.
This message is provided under the terms outlined at http://www.bero.org/terms.html
There were a couple of bugs in 6.1 (tight release schedule) - most of the known ones have been fixed by now. Did you download the updated boot images?
This message is provided under the terms outlined at http://www.bero.org/terms.html
In my mind RSA is not a company that stands for open solutions. They have horded patents for the last 17 years that allowed them to monopolize the whole concept of assymetric crypto, and even attempted to keep some of their symmetric algorithms as trade secrets.
You could claim that it is more their fault than anything else that crypto didn't become reality for the common man until the last couple of years (though, before I get flamed, they also did make many great discoverees).
I'm not sure I'm happy to see Redhat in bed with them..
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Redhat paid fees to RSA quite some time ago and has been passing along the result in the "Secure" and "Commerce" (now called "Professional") editions of its distro since at least 5.2. They use the same mod_ssl and openSSL packages you can download for free but aren't legally allowed to use for commercial deployment in North America.
Redhat is paying RSA's "toll" for using their patented algorithms in North America. In other words, they make it legal for commercial sites in the US to run Apache with mod_ssl, making for a cheap, first-rate alternative to Raven or Stronghold.
As far as I can tell, this PR blitz is mostly RSA stock trying to ride in Redhat's jetstream.
The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:
The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?
I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Its good buisness to get ahead of future competitors.