Slashdot Mirror
Red Hat Has a Rocking Week
bgarcia writes "There is a PR Newswire story stating that Red Hat and RSA Security have signed an agreement to include RSA's BSAFE SSL software in Red Hat Linux Professional Edition." And Wired tells us Red Hat is coming out with with a new version that improves large system performance and speeds crash recovery. (Click below for more)
Plus, earlier this week we read about the e-commerce product they're working on with Oracle and their rumored Cygnus acquisition. Hot stuff, especially for corporate Linux users.
It looks like Red Hat is back on track, doing great Linux stuff, instead of fooling around with peripheral things like their Linux version of MSNBC (with Salon, The Industry Standard, and The Register jointly playing NBC).
According to a friend of mine who dabbles in the stock market, Red Hat's stock is up nicely as a result of their decision to go back to doing more of what they do best: improving Linux and extending its marketability.
Mazeltov!
In fact, it sounds like they continue to cater more and more towards corporate users or purchasers of their commercial package. Which is fine, except that they also have a certain responsibility to those of us who AREN'T paying customers. Strange but true.
Frankly, I think that RedHat is going to be in seriouis trouble once a lot of people realize that they're recent releases (4.0, 5.0, 6.0, 6.1 for instance) are horrible and that the competition (Linux-Mandrake for instance) is way ahead in terms of actually getting things working correctly.
I've used RedHat for a long, long time now; but the other night I formatted and moved on. First they didn't have the quality to warrant my money, and now they don't have the quality to warrant my bandwidth.
> Is this just a new version of RSAREF, or what?
:-( This is very unfortunate because RSA can and will charge an arm and a leg, literally, for the privledge of using their super-cool algorithms in a commercial product. Nevermind the fact that they aren't the only game in town with it comes to cryptography.
It's RSA's implementation of their crypto algorithms. Here's an example of how one might find one's self in need of this (speaking from unfortunate experience). Let's say you wish to write a monitoring product that will submit queries to a secure web server and check that the applications being accessed are functional. In order to do this, one would need to construct a secure socket. In order to do this, one would need to implement a cipher suite that matches one of the cipher suites supported by the web server being accessed.
Non of this implies use of RSA algorithms. However, RSA has their own little monopoly thing going where the ONLY cipher suites supported by the Netscape Enterprise webserver and Microsoft's IIS make use of RSA-patented algorithms.
It's just very frustrating to be forced into a licensing agreement with a company because they hold a stanglehold on the market. There are plenty of good, FREE crypto algorithms out and about, but this doesn't matter. You can't use them because the webservers you wish to talk to don't support them. I assume RSA forced Netscape and Microsoft into some sort of exclusive arrangement that prevents them from using anything other than RSA stuff, but I don't know that for sure.
It's just bad business practice and it hurts us all.
Anyway, the BSAFE SSL-C library allows an application to make use of RSA algorithms over secure socket connections. I just wish Red Hat had also gotten a license for the SSL-J stuff as well...about 90% of my work these days is in Java. Yet another C library that I'd have to write wrappers around in Java just doesn't help me much.
Thomas Dorris
As far as I understand it, the RSA software will not be released as Free Software (am I wrong?). If this is in fact the case, then RedHat is actively supporting the development of proprietary software. The question is: is this a Good Thing? I seriously doubt it.
bye
schani
Sure there is. OpenSSL. It's just not usable in the US (at least for commercial use, and only if you use RSAREF), because of stupid software patents.
But next year, the patent *finally* goes away, and we should be able to use OpenSSL at long last.
Argh. Software patents suck!
--
Interested in XFMail? New XFMail home page
Consider that there continues to be no open-source alternative at the strength and dependibility of the RSA product. Consider also that this is an area key to the viability of Linux as a serious alternative operating system.
In other words, consider this a stopgap. I've noticed that OSS is normally better than the proprietary alternatives and can evolve at a staggering rate (witness KDE and Gnome), but they don't always do so. So, in order to not be viewed as falling behind, we need to get something in place until the OSS products catch up.
It's also worth considering that commercial software is a good solution is some cases (note: this is not necessarily one of them). For example, the OSS paradigm has yet to produce a really killer game (except, of course, xBill), a good set of office applications or a competetive financial app (yeah, I know, GNUCash. It doesn't hold a candle to MS Money).
Free software is a good development alternative because the end products are generally superior. I pride myself on being able to choose the superior solution, both for myself and for the people I work or consult for. Red Hat's partnering with RSA and use of their product puts them at the head of the pack, and that's what really counts.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Deals like these reinforce my opinion that RedHat is firmly set on making a profit -- and despite much of the rhetoric on /., that's a fine thing to do, as long as it's balanced, and I think they've shown that they're planning on staying true to their Open Source roots for a long time. I think a lot of investors have been or still are waiting to see if Linux will be truly commercially viable (I know, I know, but don't preach to the choir!) and these jumps are typically people who are finally convinced, to whatever degree, that RedHat might actually someday make a profit.
"You can never have too many elephants on your team."
I wouldn't say that. RHAT settled in the $80-$85 range about a month ago, and hasn't moved either way with a comparatively low trading volume. That was until the Microsoft decision came down. On Monday after the decision, the stock jumped $16 to about $105. It's been a bit volatile this week, with heavier than normal trading volume.
It looks to me like the stock is going to settle again in the $95-$100 range. Those PR announcements regarding RSA and ReiserFS did not appear to be much of a factor. In fact, Yahoo reported that the RSA announcement was more of a factor on RSA's stock, then anything else.
This does appear to be an interesting pattern: announcements of some RHAT deal or partnership having very little effect on RHAT stock, but causing a rally in the other company's stock.
--
These are crucial times for Redhat. I'm glad to see they are using the newfound $$$ to address the needs that many Fortune 500 Co.'s see as important for a commercial server.
I am currently reading a book called "Insanely Great" by Steven Levy. The book takes a look at Apple in the early days, and the development of the Macintosh. One of the issues it talks about is the changes Apple went through after they went public.
Many suits and professional manegement types were brought in to deal with the needs of a rapidly growing company. This of course clashed with the free-flowing free-spirit atmosphere that Apple started with. Creativity doesn't always mix well with Suits and endless meetings and paperwork. (One could make the point this was part of the downward slide of Netscape.)
IMHO this is probably something RedHat is dealing with now. I would be interested in hearing from some employees at RedHat about how this transition is going. What is the atmosphere like ?
The good news, though, is that most application crashes can be recovered from without a hard restart. If you have another machine around, you can often telnet or ssh into your frozen box, even if the keyboard and console are giving you no love. It appears to be possible for apps to lock up your input devices without freezing the rest of the system. So just telnet in, su to root, and check out the process table to see what's got your system in a headlock. Sometimes you have to do more drastic things, like /sbin/init 3 (I run in 5, ususally), or /sbin/init 6 to reboot, if you can't figure out any other way to unlock the thing. This does force a reboot, but at least it'll shut down clean and come back up without fsck'ing. It also gives you a chance to warn people and put the system in a reasonable state.
This is one of the things I love most about linux (as opposed to, say, windows). I find that about 90% of system freezes can be dealt with safely, and considering that system freezes are pretty rare to begin with, things tend to go smoothly more often than not.
----
Morning gray ignites a twisted mass of colors shapes and sounds
There is no K5 cabal.
I am not the real rusty.
You're not an "insider". Just a programmer. If may be a different case if you were working for Redhat on some secretive project. But you're not. Even then, you'd probably be in the clear, because a software project on it's own is not going to have a DEFINITE impact on a single companies stock price. The work you're doing is presumably in the open, and even if it's not, you have no guarentees that Redhat or any other company is going to adopt whatever you've done.
Insider trading is mainly enforced when:
1 - Someone (CEO, CFO, buddy of a guy in accounting) finds that the company is going to produce a larger than expected loss and sells their stock before that information is disclosed to the rest of the investing public.
2 - Someone again involved with the company in some way, finds that they're about to take over another company, and buys up stock in the second company knowing that it's about to be bought out, but prior to it becoming general knowledge.
Well, it doesn't hurt RSA. Monopolies, de-facto and otherwise, are very profitable.
And important thing to note here is that this is not an example of the patent system breaking down: this is an example of the patent system working as intended. A patent is a grant of a time-limited monopoly, with the condition of full disclosure of the technique. The US government granted RSA a monopoly on these algorithms, and so it's not terribly surprising that they've been able to parlay that into market domination.
I point this out because it's important to understand the differences between bad things that happen when the patent system is working as intended, versus when it's not working as intended. Most of the time, the patent-related complaints we hear are about bogus patents, patents that were obvious or trivial or already in the prior art. Those are examples of the patent system breaking down.
But if you fixed the problems at the patent office that caused bogus patents to be issued, and caused the patent office to execute their mandate correctly, situations like the RSA one would still occur.
In other words, if you're against the recent Amazon patent, you're against stupid patents. If you're against the RSA patents, you're against software patents.
I don't understand the importance of this inclusion as I figured that it was already in their secure server version. As far as I understand RSA will not allow you to license their stuff in the USA without it's use.
I think that it's perfectly legit (i.e. non-hypocritical) for RedHat to sell their basic RedHat Linux system, which comprises all free software, and then to additionally sell more commercialized versions which include non-free software.
Note that RedHat has in the past included non-free software on their CDs, but it's only on the CD that you buy (i.e. it's not available via FTP), and it has been non-core parts of the OS. (The flak over KDE was because KDE was a core OS component, and therefore it was dangerous to support it.)
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
Something just doesn't sit right between BSAFE and I.
Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE.
After all--we know the design justifications behind everything in the original version of PGP, and the various algorithms contained with SSLeay. I can't imagine how I could ever have the same kind of faith in a company whose very existence is dependant upon the agencies whose primary agenda is to stifle the spread of encryption technologies.
Protocols are proved by unique implementations--just ask NASA, which has multiple unique implementations of all critical systems, so a major bug in one doesn't cause the primary mission to fail. That RSA Inc. specifically tries to suppress unique implementations tells me that any software based on their code is unproved.
That's my opinion, and I'm sticking to it.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Why is it everyone's all bent out of shape about RSA's patents??? They did discover their algorithm.
IF someone else had first, then they couldn't be awarded the patent.
IF someone else had devised a suitable alternative, then you'd be free to use that implementation as well or instead of.
The truth is they spent a lot of time in developing and testing (read: INVENTING) their algorithm. That time could have been spent in a more risk-free setting, working on already "proven" technologies. Would we be better off? Would their technology ever have made it past the intellegence community and to us? Doubtfully.
Patents are here to protect the inventors. Some companies abuse them, by letting their implentations be subject to widespread use prior to notifying users of their intent to collect royalties, like Unisys and LZW. RSA has always charged fees to use their products.
If patents hadn't been around to protect theirs and countless other inventions, I doubt that even computers as they are today would have been possible. Why would someone want to take the risk of spending huge amounts of time and money on a project only to allow others to profit from it?
By the way, isn't Diffie-Hellman considered equivilant? Why don't you people simply use that? Apache's opensource, Netscape fully documents their API's, and Microsoft provides enough access to theirs so that you could make plug-ins for all the major servers. Likewise for browsers. Or is it that RSA's implentation is more proven?
We're definitely including ext3, and experimenting with ReiserFS.
This message is provided under the terms outlined at http://www.bero.org/terms.html
In my mind RSA is not a company that stands for open solutions. They have horded patents for the last 17 years that allowed them to monopolize the whole concept of assymetric crypto, and even attempted to keep some of their symmetric algorithms as trade secrets.
You could claim that it is more their fault than anything else that crypto didn't become reality for the common man until the last couple of years (though, before I get flamed, they also did make many great discoverees).
I'm not sure I'm happy to see Redhat in bed with them..
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Redhat paid fees to RSA quite some time ago and has been passing along the result in the "Secure" and "Commerce" (now called "Professional") editions of its distro since at least 5.2. They use the same mod_ssl and openSSL packages you can download for free but aren't legally allowed to use for commercial deployment in North America.
Redhat is paying RSA's "toll" for using their patented algorithms in North America. In other words, they make it legal for commercial sites in the US to run Apache with mod_ssl, making for a cheap, first-rate alternative to Raven or Stronghold.
As far as I can tell, this PR blitz is mostly RSA stock trying to ride in Redhat's jetstream.
The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:
The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?
I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell