04.02.11

Gemini version available ♊︎

Red Hat’s Obfuscated Patches Harm Small GNU/Linux Players and Help Microsoft/Novell

Posted in Oracle, Red Hat at 6:22 pm by Dr. Roy Schestowitz

James WhitehurstSummary: Suggestions to Red Hat, whose commitment to transparency has eroded somewhat and needs prodding for

TECHRIGHTS runs on top of CentOS, which relies on Red Hat for its updates. Earlier this week at work I was told that CentOS had not released patches since December, whereas RHEL patches are released at a pace of several per week. This may make one wonder about the new Scientific Linux, which might one day outpace CentOS and replace it as the de facto RHEL clone.

“Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches.”Red Hat defends its dubiously obfuscated patches by pointing the finger at Oracle, but let’s face it; it is often said that the most widely used distribution of GNU/Linux is the quiet giant, CentOS. Many Web hosts run it and they are not alone, sector-wise. Nobody knows just how many servers run CentOS, but it’s probably many millions. Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches. Oracle would be a convenient Goliath to blame, but is it really as dangerous as Red Hat wants us to believe while Red Hat’s financial numbers keep hitting new record highs? The subject of transparency at Red Hat was addressed here quite recently and Techrights will continue to pressure Red Hat to rectify these issues, both by explaining the Acacia settlement [1, 2, 3] and by providing GPL-friendly patches to those who require them. The GPL is designed to avoid exclusion, even if that means allowing Oracle to embrace other people’s work.

As we pointed out this morning, Novell is trying to take advantage of Red Hat’s practices, hoping to sell Microsoft-taxed SLE* at the expense of/instead of RHEL (there is also a peripheral article about it now). Who would that benefit?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. David Gerard said,

    April 2, 2011 at 6:34 pm

    Gravatar

    Well, now. This is anecdotal, but … I work for a company that has various web-based applications. These are written in Java. (Yes, we saw the Oracle-Google suit and several people had a good hard think about their career path.) They were running on Solaris, but Oracle is insane and on crack, so I strongly advised my boss and boss’s boss to ignore all our years of Solaris experience and move to Linux post-haste.

    We’re going to VM-based hosting. Oracle want £300 to run Solaris on non-Oracle hardware for a year. So we’re going Linux.

    The hosting company offered RHEL or … Ubuntu server. We went Ubuntu ‘cos we like Debian and it’s close enough for our purposes. (IT’S JUST RUNNING JAVA.)

    Supporting all the hardware ever is a big plus for RHEL … but not so much if people are hosting in VMs. And you know, Ubuntu is free as in beer too. (And you don’t have to put up with the hideous Unity interface on a server.)

    Dr. Roy Schestowitz Reply:

    Well, Ubuntu servers that I deploy are X-less. It should not be a problem. Debian is a safe bet, too.

    BenderBendingRodriguez Reply:

    Roy, do you realize that debian is at it’s default the least safe Linux distro out there?

    http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/

    http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/

    Granted it has been written on september but i really doubt that debian changed security wise

    twitter Reply:

    Calling Debian the “least safe Linux distro” is sort of like calling flint the most toxic of metamorphic rocks and glasses. I’m particularly wary of articles that complain that free software does not have tools that non free software inevitably needs to make up for mono cultural flaws and code staleness. Olympic athletes can use crutches too but generally don’t rate themselves on their ability to use them. Until we see successful attacks in the wild, most of these security articles are an academic exercise at best and FUD at worst.

    There’s a lot to recommend Debian. Complexity is itself a flaw that leads to exploitation and Debian sensibly avoids this unless forced. Debian also is one of the most package rich and platform diverse distributions, diversity that is both useful and protective. When and if there’s a problem, the Debian community can and will deploy these alternate tools.

    Dr. Roy Schestowitz Reply:

    If one depends on Debian’s well-tested patches, then there might be a delay between ‘real’ patch and Debian patch. But otherwise, people can always patch using whatever comes from the original source. I had this discussion in London some days ago. Calling Debian “the least safe Linux distro” is odd to me too.

DecorWhat Else is New


  1. Microsoft Corporation is Still Protecting a Violent Criminal Who Assaults Women (Employing Him as Manager, Protecting Him From Arrest, Paying Him a Salary)

    Ahead of court and amid arrest warrant Microsoft still deems this a good idea? Then again, this same company works for ICE, helping to kidnap babies from their mothers...



  2. Links 8/12/2021: Linux 5.15.7 Out, Linux Mint 20.3 is Near

    Links for the day



  3. Links 8/12/2021: Zorin OS 16 Milestone and Calculate Linux 22 Released; Kubernetes 1.23

    Links for the day



  4. A Call for Sources and Whistleblowers From Microsoft's GitHub

    Remarks on our publications from this morning and a call for more leakers and whistleblowers, who know GitHub better than anybody else (including lots of fools who still outsource all of their hard labour to Microsoft through GitHub)



  5. [Teaser] Rape is Not a Joke

    Having just uploaded a police report, we’re starting to move the ongoing series to the next phase, which will still be — for the most part — weekly installments on Mondays (for months to come)



  6. [Teaser] Meet Microsoft’s Chief Architect of GitHub Copilot, Balabhadra (Alex) Graveley (Updated)

    Alex Graveley, a serial abuser, has been protected by Microsoft; what does that say about Microsoft and about Nat Friedman, GitHub’s CEO whom Alex considers his "best friend"? Stay tuned as we have plenty more to show



  7. IRC Proceedings: Tuesday, December 07, 2021

    IRC logs for Tuesday, December 07, 2021



  8. Links 8/12/2021: FreeBSD 12.3, EasyOS 3.1.13, and WordPress 5.9 Beta 2

    Links for the day



  9. [Meme] EU Assurances

    The EPO‘s staff cannot be blamed for losing patience as elected public representatives completely fail to do their job (with few exceptions)



  10. Clare Daly (GUE/NGL) Does What Every Public Official in Europe Should Have Done About EPO Shenanigans

    There’s another (new) push to hold the EPO accountable, seeing that the overseers clearly do not do their job and instead cover up the abuses



  11. Links 7/12/2021: Firefox 96 Beta and Fedora 37 Abandons ARMv7

    Links for the day



  12. Links 7/12/2021: Plasma Mobile Gear 21.12 and Tails 4.25

    Links for the day



  13. All IRC Logs Now Available as GemText Over Gemini Protocol

    Today we've completed the transition from plain text over gemini:// to GemText over gemini:// for IRC logs



  14. IRC Proceedings: Monday, December 06, 2021

    IRC logs for Monday, December 06, 2021



  15. [Meme] Rowing to the Bottom of the Ocean

    The EPO‘s Steve Rowan (VP1) is failing EPO staff and sort of “firing” workers during times of crisis (not at all a crisis to the EPO’s coffers)



  16. EPO Gradually Reduced to 'Fee Collection Agency' Which Eliminates Its Very Own Staff

    Mr. Redundancies and Mr. Cloud are outsourcing EPO jobs to Microsoft and Serco as if the EPO is an American corporation, providing no comfort to long-serving EPO staff



  17. Linux Foundation 2021 Annual Report Made on an Apple Mac Using Proprietary Software

    Yes, you’re reading this correctly. They still reject both “Linux” and “Open Source” (no dogfooding). This annual report is badly compressed; each page of the PDF is, on average, almost a megabyte in size (58.8 MB for a report of this scale is unreasonable and discriminates against people in countries with slow Internet connections); notice how they’re milking the brand in the first page (straight after the cover page, the 1991 ‘creation myth’, ignoring GNU); remember that this foundation is named after a trademark which is not even its own!



  18. Links 7/12/2021: OpenIndiana Hipster 2021.10 and AppStream 0.15

    Links for the day



  19. Microsoft “Defender” Pretender Attacks Random Software That Uses NSIS for installation; “Super Duper Secure Mode” for Edge is a Laugh

    Guest post by Ryan, reprinted with permission



  20. Links 6/12/2021: LibreOffice Maintenance Releases, Firefox 95 Finalised

    Links for the day



  21. “Wintel” “Secure” uEFI Firmware Used to Store Persistent Malware, and Security Theater Boot is Worthless

    Guest post by Ryan, reprinted with permission



  22. No Linux Foundation IRS Disclosures Since 2018

    The publicly-available records or IRS information about the Linux Foundation is suspiciously behind; compared to other organisations with a "tax-exempt" status the Linux Foundation is one year behind already



  23. Jim Zemlin Has Deleted All of His Tweets

    The Linux Foundation‘s Jim Zemlin seems to have become rather publicity-shy (screenshots above are self-explanatory; latest snapshot), but years ago he could not contain his excitement about Microsoft, which he said was "loved" by what it was attacking. Days ago it became apparent that Microsoft’s patent troll is still attacking Linux with patents and Zemlin’s decision to appoint Microsoft as the At-Large Director (in effect bossing Linus Torvalds) at the ‘Linux’ Foundation’s Board of Directors is already backfiring. She not only gets her whole salary from Microsoft but also allegedly protects sexual predators who assault women… by hiring them despite repeated warnings; if the leadership of the ‘Linux’ Foundation protects sexual predators who strangle women (even paying them a salary and giving them management positions), how can the ‘Linux’ Foundation ever claim to represent inclusion and diversity?



  24. Microsoft GitHub Exposé — Part IX — Microsoft's Chief Architect of GitHub Copilot Sought to be Arrested One Day After Techrights Article About Him

    Balabhadra (Alex) Graveley has warrant for his arrest, albeit only after a lot of harm and damage had already been done (to multiple people) and Microsoft started paying him



  25. The Committee on Patent Law (PLC) Informed About Overlooked Issues “Which Might Have a Bearing on the Validity of EPO Patents.”

    In a publication circulated or prepared last week the Central Staff Committee (CSC) of the EPO explains a situation never explored in so-called 'media' (the very little that's left of it)



  26. Links 6/12/2021: HowTos and Patents

    Links for the day



  27. IRC Proceedings: Sunday, December 05, 2021

    IRC logs for Sunday, December 05, 2021



  28. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  29. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  30. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts