A default RedHat install, running no servers, has hardly any open ports, and any that are open are blocked by IPtables.
So no, there aren't any exploitable holes on a default RedHat install - unless you yourself open them up, and turn off the firewall.
Except for sendmail. WHY they would enable sendmail to autostart for any install is beyond me. But its just a matter of mv S80sendmail K80sendmail , and./K80sendmail stop , then run LOKKIT if you want to plug the the port or pico/etc/sysconfig/iptables manually. I need sendmail for a lot of scripts, but prefer to call it when needed only (dont need external access to it). This is something RedHat needs to look at, it should NOT automatically be started in a stock install. At least the relay isn't open in a stock install anymore:p
Other than that, it is pretty secure stock, much much more so than any of my windows boxes.
Most people just have their computer and their dialup/dsl/cable connection to worry about and probably don't need a firewall.
Actually, if you are running windows, you want a firewall on every stand along computer anyway. The windows msg service bug (still not fixed) lets people send messages to you (spam) and you can't shut the service down without breaking some stuff in windows. It is like the old winpopup program that is the problem, but with xp you need it.
I have norton firewall on some computers, and zonealarm on some others. I prefer zone alarm, which is free for a basic copy. the norton is a bit more of a pain, and you cant update after a year (unless you set your clock back one year and then press update, duh). But I recommend anyone on Linux or Windows run a basic firewall. Its not that hard, and its a nice single step in your security. Now i use squirrelmail, so i can block ALL traffic on port 25, which is handy too, in case I were to get infected with a spam bug.
you can get zone alarm for free from download.com and rid yourself of over half the potential problems.
Actually, I like the idea you are presenting, but its not enough. I won't put a list here, but we can figure out what names they are looking for based on just the pacman incident. what we need is to flood our own ftp servers with small text files with names that would imply a violation. In other words, create so much noise that their scanning becomes useless. I am sure someone here can add to this concept and come up with a better simple plan to impliment this. A list of potential infringing names, or better yet a link to it, would be a good start.
We dont need to pretend that they are not really "pacman" by hiding the name in another. Just calling them "pacman-rom", "matrix-divx" or "galaga-rom" is fine, or similar. its not illegal to name a file any damn name you want. Its your text file, call it what you want. Now someone go make us a list so that we can can create a text file and cp it to death (or ln -s it):D
No worries. I'm the father of 8 month old twin boys and _I_ found it funny.
Its always funny until someone has to pay a dual royalty for having two children. At $2499 each, that means you own SCO 5 grand, and that price will double in less than a year when they hit 18 months! Still laughing?
The article didn't mention if you received a license for one cpu along with the immunity from the standard baby killing. I couldn't find out on the SCO website either...
I find it interesting that the Russian Space Agency objected to this because they thought he was showboating and it would be an unappropriate, yet seem to have no problem launching boy-band members into space if they have the coin.
Lol, damn good point. But it seems like its getting easier and easier for many European countries to be against anything we do in America.
Perhaps the --cache=off option might be useful, so we really retrieve stuff from there server. And with recursive, you're reusing the connection, not spawning new daemons. I'm not aware of a wget option where you can have force it to create a new connection.
I thought of that, but I noticed that as long as you used the --delete-after option, it would see the file as a different size (0 vs 0) and would refetch. Then again, it was hard to tell since i spawned about 12 in the same shell, and with all that noise, it was hard to read. I was also hard to kill. sent several killall -9 but it wouldn't die until i shelled in again and picked off the first few instances.
As far as using a new connection using --no-http-keep-alive, that is a pretty good idea, and will use that if I am wget'ing alone, but since i put the script up for the lazy on/., im pretty sure there are enough people hitting it that its a moot point, lol.
yea, i could, but my/dev/null partition is almost full;-) yea, either way is fine, both take as much to type, guess im just used to the built in way of doing it.
If open a few more shells or vt's, and get like 4 or 12 or 50 wget's going with -m and -p, its a nice way to make the server thrash as well, assuming the site has considerably more content than ram (which it probably does, with all the media files i saw). I went from pulling 80k to 50k currently, so they have bandwidth and cpu to spare. need to hammer them a bit more i guess. I just started a few more instances, we will see if that helps them.
i already posted mine before i saw yours. my solution was
while true do wget --delete-after -m -p http://www.geology.smu.edu/ done
which has the advantage of not only hammering their bandwidth, but since it requests everything on the entire site, including images and many multiple mb files, then the server cant cache it all, and will have to read from the disk alot. also, since it deletes after downloading, it doesn't take up your precious drive space, lol.
but nice to know another sick fucker had the same basic idea.
then again, we COULD just wget the whole damn site, delete and re-wget it again. simple "while true" script it would seem. that would tend to increase the hits at an exponential level.
while true do wget --delete-after -m -p http://www.geology.smu.edu done
or some of us who once we see the site is/.ed, wait a while before trying again. or give up since it cant be that damn important. or someone (often) posts a mirror of the/.ed article. or someone quotes it.
there is probably more of an explanation than just a short attention span. Wait, that is what you were talking about, right?;-)
broken links that open up other pages in the middle of a frame, they claim to support linux, even tho it appears they have no employees that speak chinese (for their version of linux).
also, could not find a computer for sale with linux on their site. which brings me to another point: who ever it was that designed their site should be taken out and shot. that has to be the worst designed ecommerce site, their outpost.com site that is. actually, all of their sites. links that dont work right, very bad descriptions. they dont say what OS the computers use at all, just XP in the title of the computer. this is the kind of crap you expected in 1998 when most companies were new to the web, but any company that has a site this bad doesn't deserve any business.
they DO do this, very easily. i have checked links and found my own email address, exactly as you state, which is easy to parse from logs as verified addresses. this is why i set squirrelmail for text only (the default) and changed my Yahoo email account to not show images or html.
redhat has updated the kernel to version 9 twice since it came out. if you dont have rhn, and want updates that are even easier than windows, get rhn. for 60 a year, its a steal. i can update my computer by scheduling it, even if im not there. even schedule updates for all my computers, in one web browser. they have really got it down with this program.
Actually, no, I would rather have my governement make the most effective use of MY tax dollars. If Linux has the lower TCO and increased employee productivity, then choose Linux. Same goes for Windows. I want the best government for my money. Spending less on IT allows governement to spend more providing value to us citizens.
I agree, and perhaps I didn't make myself very clear on that point. I use Windows and Linux, myself. For many purposes, Linux IS the tco leader. web servers, dns servers, unix like workstations, etc. Not all yet, but many.
Linux' development model creates some good products, but few people want to actively change those products - they want someone else to do it for them.
This is simply NOT true for larger institutions. Maybe you dont change it for your home use, but a larger corporation or entity generally WILL to some extent.
As you mention, support needs to be bought, so what's to stop those organisations buying off govt officials? Having the blueprints to the trucks your local council buys doesn't stop people being bought off, nor would source code being available for applications when services are being sold around those apps.
Because the public can SEE every expendature that a govt. makes. If MS (for example) buys off Sen. Smith to use windows products, you may not know, because the price quoted is from the only source. If RedHat tries to bribe Sen. Smith, and the public sees that they are 'buying' copies of redhat for $150 each, or paying $1200 an hour for support, we have something to compare to, since RedHat is not the only company that supports Linux. No one said Linux makes people bribe proof, it simply makes the system somewhat more accountable since you have a larger reference to judge it against.
Linux is POSIX compatable, and based upon the Unix standard, which IS a standard. This is why you can run *most* software designed for AIX, OSX, BSD, or even SCO if you have the source and can make (usually) minor modifications. Because much of this software is OSS, it is free. They don't pay for sendmail, apache, GCC, BIND, vsftp/proftp/wuftp, squirrelmail, and the hundreds of other standard programs you would have to pay for with Unix or MS. You also don't pay a per seat or per cpu license, or have to pay someone to keep up with license auditing, so less, by being an open and fully supported standard (ie: *nix) it IS cheaper.
No government uses only one vendor for critical services.
What about all the Windows NT4 boxes the govt. uses?
Why would that be a good idea for most code? The government is not in the business of supplying people with free code.
if the govt. creates an improvement to SENDMAIL (for example) that they need, then yes, it would be a good idea to release the code, even tho the GPL doesn't require it. If the CIA makes changes for internal reasons, and those changes may prove methods then it would not be a good idea. So, for most code, it IS a good idea, only because there is no reason to not. If they create some networking tools, testing tools, add to apache, create new libraries, and they dont affect security, why NOT release them?
I had thought they were still govt. owned, which is a common practice in the EU. If they are no longer govt. owned, my mistake, although the comment is still valid, if not as applicable.
if you ever unpicked a RH 2.4.x kernel in RH8 or 9, you'd notice more similarities to the 2.5.x tree than 2.4.x
They have picked several pieces of 2.5 to put in their 2.4, but I see this as a good thing, not a bad. This allows them to go to market on the cutting edge, but still tested and stable. Technically, EVERY Linux kernel is experimental to a degree, since they are still developing it. But from my experience, RedHat kernels are pretty stable, and easily upgraded with an RPM. Not perfect, but neither is any kernel you don't roll on your own. Frankly, they are probably more stable than 90% of the home rolled kernels, too.
I have been using stock RH kernels on one 7.2 server for several years (and on other servers for less) and have never had a problem with them. I install with the RPM and reboot remotely, and haven't had one fail to boot correctly (I DO have someone nearby to call on the phone if it did crap out). Not perfect, but worth the $60 a year per box I shell out for RHN, and even better for the average home hacker downloading for free.
I'm not smart enough to be a kernel snob, I'm too busy using Linux in the business to actually earn money. Personally, I like Redhat even tho they are not perfect.
Actually, using open source software is probably a good idea for ANY govt., since it not only gives them the opportunity to inspect the code, but also make changes. As long as the govt. doesn't get into the distribution business, it doesn't even have to put their changes back into the pool, although it would be a good idea for most code.
Another benefit is you don't have to worry about the vendor of the OS 'buying off' govt. officials to use their operating system. Since their is no one company that produces linux, it means they always have choices.
The other benefits are price. its not that linux is free, price wise, because its really not considering you usually need support as you would with any OS. But you can choose from more companies for support, different flavors of Linux for different projects (and still have it being compatable) Also, since it is an open standard it is cheaper to maintain. Since governments pay for all this software with their citizens taxes, a system that has the potential to save millions means more money in taxpayers pockets, or at least being spent on other projects.
Microsoft or no Microsoft, do YOU feel comfortable with your government having only ONE vendor and source for operating systems for critical services?
Where do you run your server? Just so I can avoid ever getting any hosting there, since you obviously have a fetish for upgrading everything to the latest unstable releases.
They are for a private corporation, and we have development servers specifically for this purpose, not production machines. We also do not run every unstable kernel, as I have not yet tried any of the 2.5 series, but will start testing the 2.6 series immediately. This is how we can stay on the cutting edge without risking any security problems.
As I stated (and you conveniently neglected to quote), I don't put any 2.x.0 kernels on production machines, stable or not. We wait until a couple releases down the line, when the kernel is a bit more mature. This is not unusual, as a matter of fact, for production machines, its more common than not.
I just went to windowsupdate.com and get all my udpates, works flawlessly. Why do you linux people struggle so hard with simple things like installing updates? And you think Linux can propser on the desktop? Looks to me like you need to hire some UI people... oh wait, it is open sores, you can't afford to hire anyone! This is the problem with linux... its made BY nerds, FOR nerds.
Actually between IBM and RedHat, i get very good support. Most people running these new kernels are doing so on a server, not the desktop. Most nerds are familiar with linux and windows, plus other operating systems as well, such as BSD, OSX, OS/2 and Dos. The only people struggling with updates on Linux are those who are wanting to learn more and increase their awareness and experience with their operating system. Most consider the desire to learn more a good quality.
Since you obviously use Windows only, and only know how to click a button to update your computer, its easy to understand why you don't see any significance to this. Not everyone wants to learn, we understand this. This is why we think Windows is a good thing, especially for little old ladies and people with learning disabilities.
You won't see an official rpm from redhat on an experimental kernel. typically, redhat released kernels lag a couple months anyway. You might find 3rd party RPMs, but your mileage will REALLY vary.
You really don't want to install an rpm of an experimental kernel anyway, you should build it yourself. If you are not familiar with building your own kernel (not trivial, but not that difficult) then you should probably stick with stock kernels, since experimental and/or release candidates tend to have bugs that can break things. Also, anytime to upgrade from 2.4x to 2.6x you can expect potential to break things anyway.
The best thing is to install the source on a spare box, and compile it yourself, or learn how to if you don't know how. Its not THAT hard, but expect to screw it up a few times at first. Just be sure to update GRUB or LILO (and run lilo).
I use pretty much stock kernels now, although I will build them on my test boxes, to get a better understanding of changes. The stock kernels from RedHat are pretty good and functional from my experience, unless you need UberOptimized kernels.
It will likely be a few months AFTER 2.6 is released officially before RH issues and official version. Keep in mind that any 2.x.0 kernel is going to have the MOST bugs anyway. Most production boxes should wait for 2.x.2 releases anyway, unless they absolutely NEED the new features, or you love living on the edge (which if that is the case, you would be building your own kernel anyway).
No, I found sco in the changelog... so it's only a matter of time before payments are required. It's gonna cost big.
Various schemes failed; immediately deregistering while in the diSCOnnect routine causes crashes because the videodev layer sets some.. stack, and which had gone out of SCOpe...
Maybe this means they will reduce the price for licensing 2.4 kernels to $499, and charge the $699 for the 2.6 kernels, making 2.4 affordable to most people. I bet they are even nice enough to let you upgrade your 2.4 license to a 2.6 license for only $399. Thank god SCO has been so understanding during this time of potential IP infringement.
Think I will go buy some of their stock now. Surely if they go with this type of licensing of Linux, it will generate lots of good will in the community.
A default RedHat install, running no servers, has hardly any open ports, and any that are open are blocked by IPtables.
./K80sendmail stop , then run LOKKIT if you want to plug the the port or pico /etc/sysconfig/iptables manually. I need sendmail for a lot of scripts, but prefer to call it when needed only (dont need external access to it). This is something RedHat needs to look at, it should NOT automatically be started in a stock install. At least the relay isn't open in a stock install anymore :p
So no, there aren't any exploitable holes on a default RedHat install - unless you yourself open them up, and turn off the firewall.
Except for sendmail. WHY they would enable sendmail to autostart for any install is beyond me. But its just a matter of mv S80sendmail K80sendmail , and
Other than that, it is pretty secure stock, much much more so than any of my windows boxes.
Most people just have their computer and their dialup/dsl/cable connection to worry about and probably don't need a firewall.
Actually, if you are running windows, you want a firewall on every stand along computer anyway. The windows msg service bug (still not fixed) lets people send messages to you (spam) and you can't shut the service down without breaking some stuff in windows. It is like the old winpopup program that is the problem, but with xp you need it.
I have norton firewall on some computers, and zonealarm on some others. I prefer zone alarm, which is free for a basic copy. the norton is a bit more of a pain, and you cant update after a year (unless you set your clock back one year and then press update, duh). But I recommend anyone on Linux or Windows run a basic firewall. Its not that hard, and its a nice single step in your security. Now i use squirrelmail, so i can block ALL traffic on port 25, which is handy too, in case I were to get infected with a spam bug.
you can get zone alarm for free from download.com and rid yourself of over half the potential problems.
Actually, I like the idea you are presenting, but its not enough. I won't put a list here, but we can figure out what names they are looking for based on just the pacman incident. what we need is to flood our own ftp servers with small text files with names that would imply a violation. In other words, create so much noise that their scanning becomes useless. I am sure someone here can add to this concept and come up with a better simple plan to impliment this. A list of potential infringing names, or better yet a link to it, would be a good start.
:D
We dont need to pretend that they are not really "pacman" by hiding the name in another. Just calling them "pacman-rom", "matrix-divx" or "galaga-rom" is fine, or similar. its not illegal to name a file any damn name you want. Its your text file, call it what you want. Now someone go make us a list so that we can can create a text file and cp it to death (or ln -s it)
No worries. I'm the father of 8 month old twin boys and _I_ found it funny.
Its always funny until someone has to pay a dual royalty for having two children. At $2499 each, that means you own SCO 5 grand, and that price will double in less than a year when they hit 18 months! Still laughing?
The article didn't mention if you received a license for one cpu along with the immunity from the standard baby killing. I couldn't find out on the SCO website either...
Is that the classic where Ralph dresses up as the man from space?
actually, its many episodes. it was a running gag.
I find it interesting that the Russian Space Agency objected to this because they thought he was showboating and it would be an unappropriate, yet seem to have no problem launching boy-band members into space if they have the coin.
Lol, damn good point. But it seems like its getting easier and easier for many European countries to be against anything we do in America.
"One of these days Alice, POW! To the moon!"
If you don't understand that, you don't watch enough TV Land or just entirely too young.
Two remarks:
/., im pretty sure there are enough people hitting it that its a moot point, lol.
Perhaps the --cache=off option might be useful, so we really retrieve stuff from there server.
And with recursive, you're reusing the connection, not spawning new daemons. I'm not aware of a wget option where you can have force it to create a new connection.
I thought of that, but I noticed that as long as you used the --delete-after option, it would see the file as a different size (0 vs 0) and would refetch. Then again, it was hard to tell since i spawned about 12 in the same shell, and with all that noise, it was hard to read. I was also hard to kill. sent several killall -9 but it wouldn't die until i shelled in again and picked off the first few instances.
As far as using a new connection using --no-http-keep-alive, that is a pretty good idea, and will use that if I am wget'ing alone, but since i put the script up for the lazy on
yea, i could, but my /dev/null partition is almost full ;-) yea, either way is fine, both take as much to type, guess im just used to the built in way of doing it.
If open a few more shells or vt's, and get like 4 or 12 or 50 wget's going with -m and -p, its a nice way to make the server thrash as well, assuming the site has considerably more content than ram (which it probably does, with all the media files i saw). I went from pulling 80k to 50k currently, so they have bandwidth and cpu to spare. need to hammer them a bit more i guess. I just started a few more instances, we will see if that helps them.
i already posted mine before i saw yours. my solution was
while true
do
wget --delete-after -m -p http://www.geology.smu.edu/
done
which has the advantage of not only hammering their bandwidth, but since it requests everything on the entire site, including images and many multiple mb files, then the server cant cache it all, and will have to read from the disk alot. also, since it deletes after downloading, it doesn't take up your precious drive space, lol.
but nice to know another sick fucker had the same basic idea.
then again, we COULD just wget the whole damn site, delete and re-wget it again. simple "while true" script it would seem. that would tend to increase the hits at an exponential level.
while true
do
wget --delete-after -m -p http://www.geology.smu.edu
done
or something like that.
or some of us who once we see the site is /.ed, wait a while before trying again. or give up since it cant be that damn important. or someone (often) posts a mirror of the /.ed article. or someone quotes it.
;-)
there is probably more of an explanation than just a short attention span. Wait, that is what you were talking about, right?
broken links that open up other pages in the middle of a frame, they claim to support linux, even tho it appears they have no employees that speak chinese (for their version of linux).
also, could not find a computer for sale with linux on their site. which brings me to another point: who ever it was that designed their site should be taken out and shot. that has to be the worst designed ecommerce site, their outpost.com site that is. actually, all of their sites. links that dont work right, very bad descriptions. they dont say what OS the computers use at all, just XP in the title of the computer. this is the kind of crap you expected in 1998 when most companies were new to the web, but any company that has a site this bad doesn't deserve any business.
worst ecommerce site ever.
they DO do this, very easily. i have checked links and found my own email address, exactly as you state, which is easy to parse from logs as verified addresses. this is why i set squirrelmail for text only (the default) and changed my Yahoo email account to not show images or html.
redhat has updated the kernel to version 9 twice since it came out. if you dont have rhn, and want updates that are even easier than windows, get rhn. for 60 a year, its a steal. i can update my computer by scheduling it, even if im not there. even schedule updates for all my computers, in one web browser. they have really got it down with this program.
Actually, no, I would rather have my governement make the most effective use of MY tax dollars. If Linux has the lower TCO and increased employee productivity, then choose Linux. Same goes for Windows. I want the best government for my money. Spending less on IT allows governement to spend more providing value to us citizens.
I agree, and perhaps I didn't make myself very clear on that point. I use Windows and Linux, myself. For many purposes, Linux IS the tco leader. web servers, dns servers, unix like workstations, etc. Not all yet, but many.
Linux' development model creates some good products, but few people want to actively change those products - they want someone else to do it for them.
This is simply NOT true for larger institutions. Maybe you dont change it for your home use, but a larger corporation or entity generally WILL to some extent.
As you mention, support needs to be bought, so what's to stop those organisations buying off govt officials? Having the blueprints to the trucks your local council buys doesn't stop people being bought off, nor would source code being available for applications when services are being sold around those apps.
Because the public can SEE every expendature that a govt. makes. If MS (for example) buys off Sen. Smith to use windows products, you may not know, because the price quoted is from the only source. If RedHat tries to bribe Sen. Smith, and the public sees that they are 'buying' copies of redhat for $150 each, or paying $1200 an hour for support, we have something to compare to, since RedHat is not the only company that supports Linux. No one said Linux makes people bribe proof, it simply makes the system somewhat more accountable since you have a larger reference to judge it against.
Linux is POSIX compatable, and based upon the Unix standard, which IS a standard. This is why you can run *most* software designed for AIX, OSX, BSD, or even SCO if you have the source and can make (usually) minor modifications. Because much of this software is OSS, it is free. They don't pay for sendmail, apache, GCC, BIND, vsftp/proftp/wuftp, squirrelmail, and the hundreds of other standard programs you would have to pay for with Unix or MS. You also don't pay a per seat or per cpu license, or have to pay someone to keep up with license auditing, so less, by being an open and fully supported standard (ie: *nix) it IS cheaper.
No government uses only one vendor for critical services.
What about all the Windows NT4 boxes the govt. uses?
Why would that be a good idea for most code? The government is not in the business of supplying people with free code.
if the govt. creates an improvement to SENDMAIL (for example) that they need, then yes, it would be a good idea to release the code, even tho the GPL doesn't require it. If the CIA makes changes for internal reasons, and those changes may prove methods then it would not be a good idea. So, for most code, it IS a good idea, only because there is no reason to not. If they create some networking tools, testing tools, add to apache, create new libraries, and they dont affect security, why NOT release them?
I had thought they were still govt. owned, which is a common practice in the EU. If they are no longer govt. owned, my mistake, although the comment is still valid, if not as applicable.
if you ever unpicked a RH 2.4.x kernel in RH8 or 9, you'd notice more similarities to the 2.5.x tree than 2.4.x
They have picked several pieces of 2.5 to put in their 2.4, but I see this as a good thing, not a bad. This allows them to go to market on the cutting edge, but still tested and stable. Technically, EVERY Linux kernel is experimental to a degree, since they are still developing it. But from my experience, RedHat kernels are pretty stable, and easily upgraded with an RPM. Not perfect, but neither is any kernel you don't roll on your own. Frankly, they are probably more stable than 90% of the home rolled kernels, too.
I have been using stock RH kernels on one 7.2 server for several years (and on other servers for less) and have never had a problem with them. I install with the RPM and reboot remotely, and haven't had one fail to boot correctly (I DO have someone nearby to call on the phone if it did crap out). Not perfect, but worth the $60 a year per box I shell out for RHN, and even better for the average home hacker downloading for free.
I'm not smart enough to be a kernel snob, I'm too busy using Linux in the business to actually earn money. Personally, I like Redhat even tho they are not perfect.
Actually, using open source software is probably a good idea for ANY govt., since it not only gives them the opportunity to inspect the code, but also make changes. As long as the govt. doesn't get into the distribution business, it doesn't even have to put their changes back into the pool, although it would be a good idea for most code.
Another benefit is you don't have to worry about the vendor of the OS 'buying off' govt. officials to use their operating system. Since their is no one company that produces linux, it means they always have choices.
The other benefits are price. its not that linux is free, price wise, because its really not considering you usually need support as you would with any OS. But you can choose from more companies for support, different flavors of Linux for different projects (and still have it being compatable) Also, since it is an open standard it is cheaper to maintain. Since governments pay for all this software with their citizens taxes, a system that has the potential to save millions means more money in taxpayers pockets, or at least being spent on other projects.
Microsoft or no Microsoft, do YOU feel comfortable with your government having only ONE vendor and source for operating systems for critical services?
Where do you run your server? Just so I can avoid ever getting any hosting there, since you obviously have a fetish for upgrading everything to the latest unstable releases.
They are for a private corporation, and we have development servers specifically for this purpose, not production machines. We also do not run every unstable kernel, as I have not yet tried any of the 2.5 series, but will start testing the 2.6 series immediately. This is how we can stay on the cutting edge without risking any security problems.
As I stated (and you conveniently neglected to quote), I don't put any 2.x.0 kernels on production machines, stable or not. We wait until a couple releases down the line, when the kernel is a bit more mature. This is not unusual, as a matter of fact, for production machines, its more common than not.
I just went to windowsupdate.com and get all my udpates, works flawlessly. Why do you linux people struggle so hard with simple things like installing updates? And you think Linux can propser on the desktop? Looks to me like you need to hire some UI people... oh wait, it is open sores, you can't afford to hire anyone! This is the problem with linux... its made BY nerds, FOR nerds.
Actually between IBM and RedHat, i get very good support. Most people running these new kernels are doing so on a server, not the desktop. Most nerds are familiar with linux and windows, plus other operating systems as well, such as BSD, OSX, OS/2 and Dos. The only people struggling with updates on Linux are those who are wanting to learn more and increase their awareness and experience with their operating system. Most consider the desire to learn more a good quality.
Since you obviously use Windows only, and only know how to click a button to update your computer, its easy to understand why you don't see any significance to this. Not everyone wants to learn, we understand this. This is why we think Windows is a good thing, especially for little old ladies and people with learning disabilities.
You won't see an official rpm from redhat on an experimental kernel. typically, redhat released kernels lag a couple months anyway. You might find 3rd party RPMs, but your mileage will REALLY vary.
You really don't want to install an rpm of an experimental kernel anyway, you should build it yourself. If you are not familiar with building your own kernel (not trivial, but not that difficult) then you should probably stick with stock kernels, since experimental and/or release candidates tend to have bugs that can break things. Also, anytime to upgrade from 2.4x to 2.6x you can expect potential to break things anyway.
The best thing is to install the source on a spare box, and compile it yourself, or learn how to if you don't know how. Its not THAT hard, but expect to screw it up a few times at first. Just be sure to update GRUB or LILO (and run lilo).
I use pretty much stock kernels now, although I will build them on my test boxes, to get a better understanding of changes. The stock kernels from RedHat are pretty good and functional from my experience, unless you need UberOptimized kernels.
It will likely be a few months AFTER 2.6 is released officially before RH issues and official version. Keep in mind that any 2.x.0 kernel is going to have the MOST bugs anyway. Most production boxes should wait for 2.x.2 releases anyway, unless they absolutely NEED the new features, or you love living on the edge (which if that is the case, you would be building your own kernel anyway).
No, I found sco in the changelog... so it's only a matter of time before payments are required. It's gonna cost big.
.. ..
Various schemes failed; immediately deregistering while in the diSCOnnect routine causes crashes because the videodev layer sets some
stack, and which had gone out of SCOpe.
Maybe this means they will reduce the price for licensing 2.4 kernels to $499, and charge the $699 for the 2.6 kernels, making 2.4 affordable to most people. I bet they are even nice enough to let you upgrade your 2.4 license to a 2.6 license for only $399. Thank god SCO has been so understanding during this time of potential IP infringement.
Think I will go buy some of their stock now. Surely if they go with this type of licensing of Linux, it will generate lots of good will in the community.