Red Hat Has a Rocking Week

bgarcia writes "There is a PR Newswire story stating that Red Hat and RSA Security have signed an agreement to include RSA's BSAFE SSL software in Red Hat Linux Professional Edition." And Wired tells us Red Hat is coming out with with a new version that improves large system performance and speeds crash recovery. (Click below for more)

Plus, earlier this week we read about the e-commerce product they're working on with Oracle and their rumored Cygnus acquisition. Hot stuff, especially for corporate Linux users.

It looks like Red Hat is back on track, doing great Linux stuff, instead of fooling around with peripheral things like their Linux version of MSNBC (with Salon, The Industry Standard, and The Register jointly playing NBC).

According to a friend of mine who dabbles in the stock market, Red Hat's stock is up nicely as a result of their decision to go back to doing more of what they do best: improving Linux and extending its marketability.

Mazeltov!

Re:What's BSAFE SSL?

[twdorris]

> Is this just a new version of RSAREF, or what?

It's RSA's implementation of their crypto algorithms. Here's an example of how one might find one's self in need of this (speaking from unfortunate experience). Let's say you wish to write a monitoring product that will submit queries to a secure web server and check that the applications being accessed are functional. In order to do this, one would need to construct a secure socket. In order to do this, one would need to implement a cipher suite that matches one of the cipher suites supported by the web server being accessed.

Non of this implies use of RSA algorithms. However, RSA has their own little monopoly thing going where the ONLY cipher suites supported by the Netscape Enterprise webserver and Microsoft's IIS make use of RSA-patented algorithms. :-( This is very unfortunate because RSA can and will charge an arm and a leg, literally, for the privledge of using their super-cool algorithms in a commercial product. Nevermind the fact that they aren't the only game in town with it comes to cryptography.

It's just very frustrating to be forced into a licensing agreement with a company because they hold a stanglehold on the market. There are plenty of good, FREE crypto algorithms out and about, but this doesn't matter. You can't use them because the webservers you wish to talk to don't support them. I assume RSA forced Netscape and Microsoft into some sort of exclusive arrangement that prevents them from using anything other than RSA stuff, but I don't know that for sure.

It's just bad business practice and it hurts us all.

Anyway, the BSAFE SSL-C library allows an application to make use of RSA algorithms over secure socket connections. I just wish Red Hat had also gotten a license for the SSL-J stuff as well...about 90% of my work these days is in Java. Yet another C library that I'd have to write wrappers around in Java just doesn't help me much.

Thomas Dorris

Very important question

[schani]

As far as I understand it, the RSA software will not be released as Free Software (am I wrong?). If this is in fact the case, then RedHat is actively supporting the development of proprietary software. The question is: is this a Good Thing? I seriously doubt it.

bye
schani

Stopgaps

[Skyshadow]

Well, I prefer to look at it this way:

Consider that there continues to be no open-source alternative at the strength and dependibility of the RSA product. Consider also that this is an area key to the viability of Linux as a serious alternative operating system.

In other words, consider this a stopgap. I've noticed that OSS is normally better than the proprietary alternatives and can evolve at a staggering rate (witness KDE and Gnome), but they don't always do so. So, in order to not be viewed as falling behind, we need to get something in place until the OSS products catch up.

It's also worth considering that commercial software is a good solution is some cases (note: this is not necessarily one of them). For example, the OSS paradigm has yet to produce a really killer game (except, of course, xBill), a good set of office applications or a competetive financial app (yeah, I know, GNUCash. It doesn't hold a candle to MS Money).

Free software is a good development alternative because the end products are generally superior. I pride myself on being able to choose the superior solution, both for myself and for the people I work or consult for. Red Hat's partnering with RSA and use of their product puts them at the head of the pack, and that's what really counts.

----

Very important times for RedHat

[Zoltar]

These are crucial times for Redhat. I'm glad to see they are using the newfound $$$ to address the needs that many Fortune 500 Co.'s see as important for a commercial server.

I am currently reading a book called "Insanely Great" by Steven Levy. The book takes a look at Apple in the early days, and the development of the Macintosh. One of the issues it talks about is the changes Apple went through after they went public.

Many suits and professional manegement types were brought in to deal with the needs of a rapidly growing company. This of course clashed with the free-flowing free-spirit atmosphere that Apple started with. Creativity doesn't always mix well with Suits and endless meetings and paperwork. (One could make the point this was part of the downward slide of Netscape.)

IMHO this is probably something RedHat is dealing with now. I would be interested in hearing from some employees at RedHat about how this transition is going. What is the atmosphere like ?

Re:Insider Trading Question..

[um...+Lucas]

You're not an "insider". Just a programmer. If may be a different case if you were working for Redhat on some secretive project. But you're not. Even then, you'd probably be in the clear, because a software project on it's own is not going to have a DEFINITE impact on a single companies stock price. The work you're doing is presumably in the open, and even if it's not, you have no guarentees that Redhat or any other company is going to adopt whatever you've done.

Insider trading is mainly enforced when:
1 - Someone (CEO, CFO, buddy of a guy in accounting) finds that the company is going to produce a larger than expected loss and sells their stock before that information is disclosed to the rest of the investing public.

2 - Someone again involved with the company in some way, finds that they're about to take over another company, and buys up stock in the second company knowing that it's about to be bought out, but prior to it becoming general knowledge.

Re:Back on track?

[kuro5hin]

...once a lot of people realize that they're recent releases (4.0, 5.0, 6.0, 6.1 for instance) are horrible and that the competition (Linux-Mandrake for instance) is way ahead in terms of actually getting things working correctly.

Have you used any of these products? I've used all of them, and uniformly, the ones you mention have been the best distro's available when they were released. I have a feeling that you're just talking smack, because if you had any idea what you were talking about, you wouldn't have pointed at the good releases as examples of how bad redhat is.

In fact, they have had some weak releases. 5.1 and 5.2 leap to mind as miserable piles of crap. Even this was not really redhat's fault, since both of these were released in the midst of the general libc5->glibc->glibc2 shuffling, not to even mention all the gtk incompatibilities. Basically, the 5 series is not particularly strong. They did the best they could with what was available, though, and 5.0 is not bad.

6.0 and 6.1 in particular, I've found to be outstanding. 6.1 especially. For a .1 version number, it has a lot of nice improvements. I installed it on a Toshiba Satellite laptop two days ago, expecting lots of problems, and had none whatsoever. It just works, beautifully.

RedHat continues to gain market share because they put out the most balanced distribution. Debian hobbles themselves with Free Software fanatacism (NOT that this is a bad thing, they just serve a different market sector, and one that is not likely to ever be the majority), SuSe, I've found, tends to run behind the curve in terms of functionality (SuSe 6.0 included ancient versions of KDE and Gnome, not to even mention WindowMaker). and tries to make up for it by piling everything under the sun onto their 6 CD's. And slackware... well, never mind.

I'm sure mandrake is a good distro. It's redhat. You simply can't have mandrake be really good and redhat be really bad. It doesn't make any sense!

Anyway, this wasn't supposed to be a "my distro's better than yours" flame. I just see a lot of this "RedHat sucks" talk around, and it mystifies me. Where is the great distro that puts redhat to shame, if it's so bad? And why have I not had these "horrible problems" with it that no one ever specifically names? I don't know...

----
Morning gray ignites a twisted mass of colors shapes and sounds

Re:What's BSAFE SSL?

[Jamie+Zawinski]

It's just bad business practice and it hurts us all.

Well, it doesn't hurt RSA. Monopolies, de-facto and otherwise, are very profitable.

And important thing to note here is that this is not an example of the patent system breaking down: this is an example of the patent system working as intended. A patent is a grant of a time-limited monopoly, with the condition of full disclosure of the technique. The US government granted RSA a monopoly on these algorithms, and so it's not terribly surprising that they've been able to parlay that into market domination.

I point this out because it's important to understand the differences between bad things that happen when the patent system is working as intended, versus when it's not working as intended. Most of the time, the patent-related complaints we hear are about bogus patents, patents that were obvious or trivial or already in the prior art. Those are examples of the patent system breaking down.

But if you fixed the problems at the patent office that caused bogus patents to be issued, and caused the patent office to execute their mandate correctly, situations like the RSA one would still occur.

In other words, if you're against the recent Amazon patent, you're against stupid patents. If you're against the RSA patents, you're against software patents.

Re:What's BSAFE SSL?

[StormCrow99]

BSAFE is a commercial toolkit from RSA used for integrating RSA's patented algo's into software. I can not speak on the quality of this library, but I am under the impression that if you want to include RSA's algorithms in your program and sell it in the USA, you need to buy a copy of this toolkit and use their (RSA's) implementations of their algorithms. For more info click here

I don't understand the importance of this inclusion as I figured that it was already in their secure server version. As far as I understand RSA will not allow you to license their stuff in the USA without it's use.

BSAFE Demands scare me most

[Effugas]

Something just doesn't sit right between BSAFE and I.

Ever since RSA insisted that PGP not use its independantly developed implementations of public key technology, and rather switch to the RSA codebase, I've been unable to trust BSAFE.

After all--we know the design justifications behind everything in the original version of PGP, and the various algorithms contained with SSLeay. I can't imagine how I could ever have the same kind of faith in a company whose very existence is dependant upon the agencies whose primary agenda is to stifle the spread of encryption technologies.

Protocols are proved by unique implementations--just ask NASA, which has multiple unique implementations of all critical systems, so a major bug in one doesn't cause the primary mission to fail. That RSA Inc. specifically tries to suppress unique implementations tells me that any software based on their code is unproved.

That's my opinion, and I'm sticking to it.

Yours Truly,

Dan Kaminsky
DoxPara Research
http://www.doxpara.com

ext3. Re:Which Jounleing f/s anyone know yet ??

[bero-rh]

We're definitely including ext3, and experimenting with ReiserFS.

Selling out...

[Hobbex]

In my mind RSA is not a company that stands for open solutions. They have horded patents for the last 17 years that allowed them to monopolize the whole concept of assymetric crypto, and even attempted to keep some of their symmetric algorithms as trade secrets.

You could claim that it is more their fault than anything else that crypto didn't become reality for the common man until the last couple of years (though, before I get flamed, they also did make many great discoverees).

I'm not sure I'm happy to see Redhat in bed with them..

-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.

Insider Trading Question..

[Weezul]

The rummor is that ths announcment did not really have much influence on RedHat's stock, but as the investors become more clueful over time we may even begin to see open source announcment have an effect on stock price. My question is:

The Law regulates what the CEO, etc. do with their stock to make a quick buck, but do these laws say anything about somebody not even imployed by the company? i.e. If some open source project I am quietly working on is going to bump up RedHat stock assuming I release it with optimal timing and lots of fanfair.. is there anyhting to keep me from casing in on the jump in stock price?

I know currently the release of open source projects appears to have no influence n stock prices, but this could change.. and with improvments to especially relivant programs like Apache, Samba, or the Kernel this is not impossible.

Jeff