EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.02.14

Red Hat Should Keep Its Distance From NSA Facilitator Microsoft

Posted in Microsoft, Red Hat, Security, Windows at 6:27 am by Dr. Roy Schestowitz

Dragonfly

Summary: Criticism of Red Hat’s increasing proximity to some of the very same bits of proprietary software which are accompanied by back doors (for the NSA)

THE DANGERS of Microsoft are very real, as a former foe of Microsoft, Novell, helped prove. Five years ago Red Hat consented to playing an active part in Microsoft VM hosts, despite knowing (even back then) about Microsoft’s relationship with the NSA, which meant that VMs running RHEL would be accessible (to the NSA) from the back door, Microsoft Windows.

There are many back doors in Windows and therefore in Hyper-V, which sits on top of Windows (back doors further down the stack). Microsoft tells the NSA about these back doors. To give the latest example of back doors, see this new report [2] which says: “Nearly 30 days after reports of a zero-day flaw being exploited in the wild, Microsoft will finally patch this critical vulnerability.”

Relying on Microsoft for technology means that one should also expect and accept back doors. A reader showed us this new article, claiming that “Mono [is] infecting Android,” but it’s not just Android. Even Red Hat is now making such mistakes, in addition to hiring from Microsoft for management of virtualisation. Based on [2,3], Red Hat now accommodates Microsoft .NET applications, despite them being proprietary and potential back doors. A week or so ago some speculated that Microsoft might buy Red Hat (one day) [4,5] and yesterday we found the article “Why Microsoft Will Pick Off Red Hat” (logic of investors, not technical people).

Microsoft is now knowingly abandoning hundreds of millions of Windows users, leaving them with permanent back doors [6,7], so why should Red Hat trust Microsoft .NET applications or anything that comes from Microsoft, including Hyper-V? Articles like [8-10] remind us that in GNU/Linux the main flaw is human error (not changing default passwords or not applying patches, which Red Hat is making easier to apply without any downtime [11]).

The bottom line is, Red Hat’s relationship with the NSA withstanding, it oughtn’t connect too much to Microsoft components like .NET and Hyper-V because these constitute back doors that jeopardise security of GNU/Linux users.

Related/contextual items from the news:

  1. Microsoft to Fix an Internet Explorer Zero-Day Flaw
  2. Red Hat Adds Microsoft .NET to Its OpenShift PaaS
  3. A Red Hat stunner: ‘Miccosoft .NET apps on OpenShift’ Yes, you read correctly

    On Wednesday, Working with Uhuru Software, Red Hat is now incorporate a rival Microsoft product – .NET – to its three-year-old OpenShift platform-as-a-service. Really? Red Hat even published a blog to explain what’s going on to those who might find the concept a bit unbelievable.

    Chris Morgan, the OpenShift Partner Ecosystem Technical Director for Red Hat, wrote the blog – and even he acknowledged the incredulity of it all that something from Microsoft, which for years has been an enemy of Red Hat, Linux and Open Source, would be incorporated into OpenShift.

  4. An Indecent Proposal: Microsoft and Red Hat?
  5. Reviews, Indecent Proposal, and Ubuntu Graduation

    Today brings two new reviews. Jesse Smith reviews Linux Mint Debian Edition 201403 in today’s Distrowatch Weekly and Jamie Watson posts his latest hands-on. Steven J. Vaughan-Nichols says folks don’t care about operating systems anymore. Matt Hartley has a few suggestions for those ready to graduate from Ubuntu. All this and more in tonight’s Linux news review.

    Jesse Smith tested the latest LMDE in this week’s Distrowatch Weekly. He found a few bugs but Smith says it “lives up to its description” of having “rough edges.” With all its “nasty surprises” Smith suggests folks just stick with the Ubuntu-based version of Mint. But see his full review for all the details.

  6. Perspective: Microsoft risks security reputation ruin by retiring XP

    A decade ago, Microsoft kicked off SDL, or Security Development Lifecycle, a now-widely-adopted process designed to bake security into software, and began building what has become an unmatched reputation in how a vendor writes more secure code, keeps customers informed about security issues, and backs that up with regular patches.

  7. Positive Feedback: M$ Uses XP To Publish The Insecurity Of Using That Other OS
  8. Flaws In People And Their Software
  9. Red Hat Risk Reflex (The Linux Security Flaw That Isn’t)

    News headlines screaming that yet another Microsoft Windows vulnerability has been discovered, is in the wild or has just been patched are two a penny. Such has it ever been. News headlines declaring that a ‘major security problem’ has been found with Linux are a different kettle of fish. So when reports of an attack that could circumvent verification of X.509 security certificates, and by so doing bypass both secure sockets layer (SSL) and Transport Layer Security (TLS) website protection, people sat up and took notice. Warnings have appeared that recount how the vulnerability can impact upon Debian, Red Hat and Ubuntu distributions. Red Hat itself issued an advisory warning that “GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification… An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid.” In all, at least 200 operating systems actually use GnuTLS when it comes to implementing SSL and TLS and the knock-on effect could mean that web applications and email alike are vulnerable to attack. And it’s all Linux’s fault. Or is it?

  10. Linux Bugs, Bugs Everywhere

    “We are seeing a lot of crypto bugs surfacing lately because these libraries are suddenly getting a lot of review thanks to Snowden’s revelations,” suggested blogger Chris Traver. “I think one has to separate the crypto bugs from others because they are occurring in a different context. “From what I have read about gnutls, though, it seems to me that this is probably the tip of the iceberg.”

  11. Introducing kpatch: Dynamic Kernel Patching

    In upstream development news, the kernel team here at Red Hat has been working on a dynamic kernel patching project called kpatch for several months. At long last, the project has reached a point where we feel it’s ready for a wider audience and are very excited to announce that we’ve released the kpatch code under GPLv2.

03.14.14

Fedora News: Fedora 21 Features, Fedora 20 Updates, and Ojuba

Posted in GNU/Linux, Red Hat at 4:33 am by Dr. Roy Schestowitz

03.07.14

Red Hat Joins the Joke Which is Amazon’s ‘Secure’ Federal ‘Cloud’

Posted in Red Hat, Servers at 10:15 am by Dr. Roy Schestowitz

Summary: Another Red Hat move which puts citizens’ data in the hands of unaccountable spies and their corporate partners/accomplices

Amazon, which is a very special partner of the CIA* (we gave dozens of references before in order to highlight this), has already earned Ubuntu some tough words and a snub from the EFF, FSF, as well as many others (nongroups). For Red Hat to play buddies with Amazon makes little or no sense. Amazon not only does many disgusting things (to customers, staff, externalities) but it also pays Microsoft for GNU/Linux, including RHEL. Like with Azure (as we explained repeatedly before), putting any computational resource on Amazon ‘clouds’ is like handing it all over to the NSA (for surveillance, interception, interference, censorship, modification leading to framing, and so on). Red Hat is said to have joined some nonsense programme that involves AWS [1-4], marketed as “secure” and “federal”. Who is this secure from? The Federal government of the United States? Surely not, unless of course you happen to be the government itself. The whole thing sounds so dodgy and it won’t give Red Hat much credibility now that Red Hat’s relationship with the NSA [1, 2, 3] is debated in some circles (it was last mentioned in an article from Sam Varghese earlier this week).

Making things even worse, Red Hat makes an approach [5] towards something which resembles Mono and promotes Microsoft APIs. This is not a wise move, for reasons that we are going to deal with in the next post.

Red Hat’s CEO speaking of himself as a “great leader” (without saying so directly) in Red Hat’s self-serving Web site that’s now treated as a news site by Google News [6]. Some say that Red Hat is a one-of-a-kind [7], but if Red Hat leans towards the NSA, puts customers’ data on Microsoft-taxed and NSA-eavesdropped ‘clouds’, hires executive staff from Microsoft and even promotes/spreads .NET and Hyper-V (which provides an NSA back door into GNU/Linux guests through Windows hosts**), then maybe it’s better to promote alternatives to Red Hat as a flag bearer and GNU/Linux leader. Red Hat recently found itself in somewhat of a scandal involving OpenStack [8-10] while it also formed OpenStack partnerships [11-15]. Red Hat really can do and should do more to embrace and disseminate freedom, not cages like AWS. Red Hat’s middleware business is a good example of this [16,17] as business (as in revenue/sales [18], like IBM's) becomes the top priority, even when Red Hat makes public appearances [19,20].

Perhaps what we need now is more strength for community projects like Arch and Debian. They, unlike Red Hat, don’t share a bed with malicious companies that violate users’ rights.
____
* The CIA was, just earlier this week, found to be illegally spying on government officials that act as watchdogs.

** Proprietary virtualisation software is the issue here. VMware is not much better because it’s run by former Microsoft executives (Microsoft is the top NSA partner) and is owned by EMC, which also runs RSA, the NSA’s notorious back doors partner.

Related/contextual items from the news:

  1. AWS launches Red Hat Enterprise GNU/Linux in AWS GovCloud (US)
  2. Red Hat Enterprise GNU/Linux now on Amazon’s GovCloud
  3. Red Hat Courts Government Customers with GNU/Linux for AWS GovCloud
  4. Red Hat GNU/Linux now available on Amazon’s secure federal cloud

    If you’re a government worker and have been wanting to run Red Hat Enterprise Linux securely on your Amazon cloud, it’s your lucky day. The popular open-source operating system is finally available on Amazon Web Services.

  5. Red Hat brings Microsoft .NET Apps to its OpenShift cloud

    Uhuru was founded just over two years ago by veteran ex-Microsoft executives: former vice president Jawad Khaki and former general manager Jawaid Ekram. They are self-proclaimed experts in bringing Windows to Open Source PaaS.

  6. Great leaders are comfortable with who they are

    Over the last 25 years of my career—from serving as a partner at the Boston Consulting Group (BCG), to my time at Delta Air Lines, to my current role as president and CEO of Red Hat—I’ve been exposed to my fair share of leaders. I’ve learned that leaders and leadership styles can vary greatly depending on the company culture, industry and size, but there’s one commonality I’ve noticed among all of them: to be effective, leaders must be respected.

  7. A Formula for Launching the RedHats of the Future

    The bottom line, therefore, is that in order for the model promoted by Levine to succeed, it’s predicated on the existence of underlying projects that achieve the balance of benefits that I alluded to above. Without the right scope of opportunity, sufficient success in recruitment, and abundant skill in execution, there will be no more RedHats emerging from this new model than the last. But where this methodology is understood and followed, not only will such opportunities emerge, but they will do so with far greater predictability than in the past.

  8. Piston OpenStack 3.0 Arrives, Focused on Private Clouds
  9. GNU/Linux Ebb & Flow, Red Hat Oops, and Chakra Reviewed

    There’s rarely a dull moment when looking through Linux newsfeeds. Today we find Jesse Smith has reviewed Chakra GNU/Linux 2014.02. LinuxInsider.com looks at why distributions gain popularity then disappear. And finally, The Register covers a bit of convention confusion between Red Hat and cloud newcomer Piston.

  10. The importance of a community-focused mindset

    Piston, an Openstack-in-a-box vendor[1] are a sponsor of the Red Hat[2] Summit this year. Last week they briefly ceased to be for no publicly stated reason, although it’s been sugggested that this was in response to Piston winning a contract that Red Hat was also bidding on. This situation didn’t last for long – Red Hat’s CTO tweeted that this was an error and that Red Hat would pay Piston’s sponsorship fee for them.

  11. Red Hat Increases its Focus on OpenStack Partnerships

    Red Hat originally made a name for itself as the only U.S.-based public company exclusively focused on open source, as it has proved that its Linux-focused strategy could be very profitable. But the company’s future is increasingly being tied to cloud computing and OpenStack in particular. This week, Red Hat marks two years of collaborating with contributors and developers on key OpenStack.org projects “to bring OpenStack from a project to a product.”

  12. Red Hat Enterprise GNU/Linux OpenStack Platform Leveraged by Alcatel-Lucent, CloudBand ™ as Part of Its Network Functions Virtualization (NFV) Platform
  13. Alcatel-Lucent to deploy Red Hat Enterprise GNU/Linux OpenStack Platform
  14. Alcatel-Lucent deploys Red Hat Enterprise GNU/Linux platform

    Red Hat, a provider of open source solutions announced that Alcatel-Lucent deployed Red Hat Enterprise GNU/Linux OpenStack platform based on Red Hat Enterprise Linux and Kernel-based Virtual Machine (KVM), as the common platform for its Network Functions Virtualization (NFV) solution, CloudBand.

    “Alcatel-Lucent specifically chose Red Hat Enterprise GNU/Linux OpenStack Platform for use in managing CloudBand Nodes, the turn-key, all-in-one compute, storage and network node system that interfaces with the CloudBand Management System, along with any other OpenStack-enabled nodes,” the company said.

  15. Alcatel-Lucent Embraces OpenStack, as Network Function Virtualization Efforts Expand

    A key part of the overall solution is Alcatel-Lucent’s Cloudband technology which is the company’s NFV platform that provides the server, storage and networking infrastructure with the Cloudband Node. Cloudband also includes management and orchestration functionality to deploy and manage network functions deployed on the infrastructure.

  16. Red Hat Launches a 3-fer for Enterprise BPM Users

    Red Hat’s new JBoss BPM Suite is in part the result of its 2012 acquisition of Polymita, noted 451 Research analyst Carl Lehmann. The addition of that technology and other new features brings Red Hat’s BPM offering on par with other BPM suites and “gives Red Hat some competitive differentiation in the market,” he said. “I think they did a pretty good job there.”

  17. Red Hat’s Polymita acquisition to spawn new products

    That’s according to a Red Hat spokesperson who gave me some additional insight into a press conference that the Raleigh-based open source software company will hold on Tuesday at 11 a.m. to announce new products in middleware.

  18. Red Hat Executives Named 2014 CRN Channel Chiefs
  19. Red Hat to Webcast Middleware Press Conference on March 4
  20. Videos From Red Hat’s DevConf.cz Conference Now Online

    Videos from the DevConf.cz conference that happened earlier this month in Brno, Czech Republic, are now available online from the Red Hat focused event.

Fedora 21 Release Just 7 Months Away

Posted in GNU/Linux, Red Hat at 9:12 am by Dr. Roy Schestowitz

Summary: Red Hat’s Fedora 21 will come out in the middle of October, according to a newly-published schedule

AFTER much anticipation and speculation [1] it turns out that the next release of Fedora will be in late autumn, some time in the middle of October [2]. Phoronix, which recently wrote some in-depth analysis (with a lot of links) about Fedora, also explained how Mesa 10 packages were made available for Fedora 20 [3].

The nice thing about the Fedora project, as we pointed out before, is not only its insistence on free/libre graphics drivers but also extensive work on such drivers. Without Fedora we would all be losing a lot.

Fedora does not need to look ‘ugly’ or ‘not polished’ (it got this reputation some years ago when poor releases were made). Fedora has no consistent ‘face’ because it’s highly customisable and unlike Ubuntu (which demotes “alternative” desktops/themes) it comes in several very different ‘flavours’ [4] which are all managed and distributed (as equal) by Red Hat. Fedora 20 looks like a solid option and half a year from now we will see another fine release of Fedora, which is always getting better. I have used many release of Fedora over the years and I was always mostly satisfied.

Related/contextual items from the news:

  1. Fedora 21′s Schedule Is Closer To Being Figured Out

    Fedora.Next is bringing lots of changes as the longstanding distribution seeks to effectively remake itself and move forward with greater vigor. When it comes to this next major distribution update, Fedora 21 already has lined up support for non-KMS drivers to be abandoned, other old GPU support removal, out of the box OpenCL support, Wayland support improvements, Hawkey usage, and many other changes, besides simply having updated upstream open-source Linux packages.

  2. Fedora 21 Being Planned For Mid-October Release

    The next Fedora Linux release is being postponed until October since if shipping in August they are left midway between GNOME 3.12 and 3.14. GNOME 3.14 will be released by late September and thus if shipping in mid-to-late October would allow time for a fresh GNOME 3.14 desktop to be incorporated into the release. October/November release targets have also been what’s long been sought after by Fedora (among other distributions) for nailing close to the GNOME release time-frame and other software projects.

  3. Mesa 10 Packages For Fedora 20

    While Fedora 20 is looking to land GNOME 3.12 as a stable release upgrade, the developers normally shipping a bleeding-edge Linux graphics stack haven’t sent down any stable release updates for the much-improved Mesa 10 drivers. Fortunately, there’s some unofficial choices.

  4. The Flat Owl Linux Desktop

    Lifehacker reader Royale with Cheese has a sharp-looking flat desktop that looks like OS X at first glance. It’s actually Fedora 20, and it’s smooth as butter. Here’s how he set it up.

Debian’s Importance is Growing

Posted in Debian, GNU/Linux, Red Hat at 8:48 am by Dr. Roy Schestowitz

Summary: Updates and news from the Debian camp, focusing on the silent or lesser-acknowledged role of this international project in computing

Linux Mint, which does not come with Amazon spyware (unlike Ubuntu, which fell behind Mint in DistroWatch), seems to be leaning more and more towards Debian with this new release [1] which was reviewed some hours ago (in the publication sense) [2] and surely has momentum [3]. Even the release candidate (RC) [4] received such coverage [5] (mind the UEFI ‘secure’ boot rant), proving that there is definitely some interest from users (Jim Lynch’s/IDG’s sensationalist headline merely links to screenshots like these [6]).

Debian recently added OpenRISC support [7,8] (Debian is perhaps best known for huge hardware diversity) and there is a new project for better security [9] (think of it like SELinux, except intervention of the criminal NSA, which wants back doors in Linux [1, 2, 3, 4]). Red Hat's Systemd may not be the only option [10], but we don’t know for sure yet. Someone needs to continue to offer alternatives to Systemd. Debian is very important with its many new derivatives [11], role in hardware [12] and embedded domination [13] (bar Android and closed Linux-based systems), hence the importance of its decision on init systems.

A strong Debian (and derivatives like Ubuntu) acts as an essential regulating force in the face of Red Hat/CentOS domination; lack of diversity, history teaches, limits security and increases vulnerability.

Related/contextual items from the news:

  1. Linux Mint Debian 201403 released!

    The team is proud to announce the release of LMDE 201403.

  2. Debian, Mint (LMDE), SolydX and Tanglu, compared and contrasted

    The four distributions obviously have a lot in common; Debian is well known as one of the oldest, best established and most respected Linux distributions, Linux Mint Debian Edition (LMDE) is derived from Debian, with a lot of the goodies which have been developed for the Linux Mint ‘main’ distribution added, and both SolydXK and Tanglu are derived from a combination of those two plus a good bit of work in packaging, repositories, updates, appearances and such.

  3. Are there enough users for Linux Mint Debian Edition to survive?

    The Linux Mint blog is reporting that Linux Mint Debian Edition 201403 has been released. LMDE is a semi-rolling distro that is based on Debian Testing. It is a good alternative for those who want the features of Linux Mint without having to use Ubuntu as its base.

  4. Linux Mint Debian 201403 RC released!

    We look forward to receiving your feedback. Thank you for using Linux Mint and have a lot of fun testing the release candidate!

  5. Hands-on with Linux Mint Debian Edition 201403 release candidate

    The installation was absolutely routine with the exception of the well-known difficulty with UEFI firmware configuration on the HP Pavilion. There was even good news on that system, though, because the very difficult wi-fi adapter (Ralink 3290) seems to work just fine.

  6. Linux Mint 201403 Debian Cinnamon
  7. Debian for OpenRISC
  8. Debian Ported To OpenRISC Architecture
  9. Debian Mempo Still Aiming For Better Security

    Mempo is a project started in H2’2013 that’s been trying to provide a secure yet robust Debian platform that currently classifies itself in a “pre-alpha” state. Mempo is patching Debian packages with better security and privacy, providing newer versions of packages than what’s found in Debian, using a hardened “GrSecurity” Linux kernel, and is working to support other work in and outside of Debian.

  10. Debian TC Won’t Pass Resolution Over Init System Coupling

    Since the Debian technical committee decided they will use systemd over Upstart, the latest vote on their agenda was over init system coupling and how Debian developers maintaining packages should deal with different init systems or what guidance the technical committee should send to these package maintainers.

  11. A look at Tanglu 1.0 ‘Aequorea Victoria’ GNOME

    Tanglu is a fairly young project and perhaps has flown under the radar somewhat. The 1.0 release is a major milestone for the distribution, which is based on a mixture of Debian Testing, Debian Unstable and in some cases even Debian Experimental.

  12. Debian 7: PCI Serial, at last
  13. Tiny ARM/FPGA Zynq COM does Debian

    PLDA has launched an SODIMM-like computer-on-module claimed to be the smallest Xilinx Zynq COM yet, supported with a carrier board and Debian Linux BSP

03.04.14

Skype Chief Executive Quits Microsoft Amid NSA Scandals

Posted in Red Hat at 8:36 am by Dr. Roy Schestowitz

Summary: A day or so after Yahoo was revealed to have been used to illegally spy on users’ webcams the former Skype chief executive resigns (effective immediately)

SOMETHING TRULY ugly is happening at Microsoft. Not only did Microsoft collude with the criminal NSA but it also turned Skype into a surveillance machine. To make matters worse, Microsoft is now shamelessly hoovering up personal data from Windows PCs (article in German) and executives are fleeing (can anyone blame them?).

“Tony Bates, the former Skype chief executive and currently head of Microsoft’s business development, is to leave the company immediately,” says this article (titled “Microsoft Loses Two Top Executives”), “while Reller, co-head of Microsoft’s Windows unit, will stay on board during a transition period” (damage control).

Yesterday we wrote about Microsoft’s Kinect as a target of surveillance (mentioned in the context of Yahoo). It doesn’t get any worse, does it? Even video of people who use Microsoft products seems to be intercepted and saved, obviously against the law (millions are affected, so there is no reasonable suspicion). The timing of this immediate resignation is interesting to say the very least because it overlaps reports about Yahoo video chats as targets of interception and mass violations (GCHQ is said to have watched and probably recorded hundreds of thousands of innocent people masturbating). Based on previous leaks (about Skype), it is reasonable to say that Skype is not exempted from this and its violations are no different. We just haven’t seen enough documents about it (yet).

Meanwhile, as Sam Varghese notes [1], Red Hat is failing to exploit these scandals to its own advantage, perhaps because Red Hat too has something to hide [1, 2, 3].

It would be nice if more people started to appreciate Free software, at the very least because of privacy (which a lot of people understand and value).

Related/contextual items from the news:

  1. Linux companies never miss an opportunity to miss an opportunity

    It would be heartening to see James Whitehurst, the head of Red Hat Linux, the biggest commercial Linux outfit, and one that has seen billing go above the billion-dollar mark, deliver a speech at some official forum that underlined the fact that his company’s product – and that of other commercial Linux companies – provides a guarantee against the insertion of backdoors.

03.03.14

Open Source Initiative, Free Software Foundation, SFLC, Red Hat and Others Fight Against Software Patents at SCOTUS Level

Posted in America, FSF, Law, OIN, OSI, Patents, Red Hat at 5:58 am by Dr. Roy Schestowitz

Summary: The debate about software patents in the United States is back because many Free software advocacy groups and companies (not Open Invention Network though) are getting involved in a Supreme Court (SCOTUS) case

OVER THE past 6 months or so there have not been many debates about software patents. There were debates about trolls and other such distracting debates; many of them were ‘pre-approved’ by corporations and covered by the corporate press. We had highlighted this appealing trend several dozens of times before pretty much abandoning this debate and giving up on involvement; generally speaking, providing coverage for these debates is basically helping those who create obstacles for small players (monopolies/oligopolies) just shift the public’s attention away from patent scope.

Debates about software patents returned about a week ago. The Open Invention Network (OIN) was mentioned in the article “Software patents should include source code”, but it’s such an offensive idea because it helps legitimise software patents, which is what the Open Invention Network often does anyway. To quote the article: “Computer-implemented inventions that are patented in Europe should be required to fully disclose the patented invention, for example by including working, compilable source code, that can be verified by others. This would be one way to avoid frivolous software patents, says Mirko Boehm, a Berlin-based economist and software developer working for the OpenInvention Network (OIN).”

Why on Earth does the Open Invention Network get involved in pushing the idea of software patents in Europe? Source code or not, software patents are not legal in Europe and the same goes in most of the world, including India where lawyers’ sites still try to legitimise them.

In another blog post, one from a proprietary software company, the ludicrous notion of “Intellectual Property” is mentioned in the context of Free software and patents. The author is actually pro-Free software, but the angle he takes helps warp the terminology and warp the discussion somewhat. To quote him: “My usual response to the question, “Do I have to worry about patent trolls and copyright infringement in open source software?” is another question, “Does your proprietary vendor offer you unlimited liability for patent trolls and copyright infringement and what visibility do you have into their source code?” In the proprietary world I think you’d be hard-pressed to find a vendor who provides unlimited liability for their products against IP infringement, or even much over the cost of the products or services rendered. How often do you review their source code and if given the opportunity are you able to share your findings with other users. In open source that’s simply table stakes.”

Contrary to all the above, the Software Freedom Law Center, together with the FSF and the OSI (Simon Phipps and Luis Villa) actually fight the good fight. To quote Phipps: “How important are software patents? We know they’re a threat to the freedom of developers to collaborate openly in communities, chilling the commercial use of shared ideas that fuels engagement with open source. We know that the software industry was established without the “incentive” of software patents. But the importance of the issue was spotlighted yesterday in a joint action by two leading open source organizations.”

Here is how Phipps concludes his article at IDG: “I endorse and welcome this joint position calling for firm clarity on software patents. (I was obviously party to the decision to take it, although I’m not writing on OSI’s behalf here.) With 15 years of history behind us, there’s far more that unites the FSF and the OSI than divides us. We’ve each played our part in the software freedom movement that has transformed computing. Now all of us in both communities need to unite to end the chilling threat of software patents to the freedom to innovate collaboratively in community.”

Red Hat too is joining this battle and announcing this to shareholders, making some press coverage in the process amid many articles about SCOTUS in the post-Bilski case era (see some coverage in [1, 2, 3, 4, 5, 6, 7, 8, 910]).

Software patents are finally in the headlines again (not much sympathy for them), but there is also some focus on trolls, courtesy of companies like Samsung and Apple. Other recent reporting about patents covered patent lawyers’ business, the role of universities in patents (they help feed trolls these days), and also USPTO reform (that was a fortnight ago). None of this dominated the news, however, as much as the debate was on software patents. So, perhaps it’s time to get back to covering patents on an almost daily basis.

Software patents are the most important issue as they are the biggest barrier to Free software. We just need to have the subject of software patents and their elimination publicly discussed.

02.06.14

Poll: Only 39% Trust Red Hat Over Back Doors

Posted in Red Hat, Security at 6:00 am by Dr. Roy Schestowitz

Red Hat poll

Summary: News about Red Hat, including renewed suspicions that the company is too close to the NSA, not merely a business partner

wE BEGAN writing about Red Hat and NSA as its major client only a few months ago [1,2], mainly because we had found a claim by Red Hat staff that patches from the NSA were being passed to Torvalds via Red Hat. We later had that confirmed by Red Hat staff. This definitely does not inspire confidence because we already know that the NSA wanted to put back doors in Linux.

The latest such post about Red Hat and the NSA comes from FOSS Force, where Christine concludes: “If Red Hat isn’t working hand-in-hand with the NSA in its efforts to spy on us, then this poll obviously represents a public relations problem for the Raleigh, North Carolina based company. Although it’s doubtful that many, if any, of those taking this poll are Red Hat customers, we can only assume that results such as we’re seeing here indicate a potential problem of perception even outside the free software community. It wouldn’t bode well for Red Hat if these sentiments were to spread to include it’s user base.”

Christine is being very kind to Red Hat. She may be right, but many of her readers seem to agree that Red Hat could have been used by the NSA for back doors. Less than 40% trust Red Hat.

In other news about Red Hat (more positive news), here are the latest press releases, which barely received any press coverage:

News about Red Hat also still revolves around CentOS (the CentOS news is old, but it’s still abound [1]), OpenStack [2,3,4], or ‘cloud’, which usually means surveillance-friendly setups, sometimes with CIA in the loop [5]. Virtualisation too is in Red Hat’s pitch [6,7,8], not to mention Red Hat staff [9]. There seems to be a recruitment drive in Red Hat’s OpenSource.com, with emphasis on women this month [10-17]. Only one other site [18] seems to have dedicated an article to women in FOSS/software in the same period of time. There is nothing wrong with that, it’s just an observation.

The bottom line is this: we need clarifications from Red Hat where it matters. The silence on this matter has been deafening and if Red Hat says nothing to alleviate these worries, then this may actually contribute further to distrust. Red Hat is developing many core components in GNU/Linux systems and when NSA is using Red Hat to submit patches (created by the NSA) we do need some reassurances. It’s not just SELinux. Red Hat should identify very clearly which patches have come from the NSA so that extra scrutiny can be applied. Knowing what the NSA has done to NIST, RSA etc. it would also be wise to ostracise the NSA when it comes to patches.

Related/contextual items from the news:

  1. Linux Top 3: CentOS Dons a Red Hat, SteamOS Gets Hardware, Kali Linux Nukes Security
  2. Red Hat’s Love-Hate Affair With The Cloud

    Among the several reasons for Red Hat to embrace CentOS, its erstwhile copycatting nemesis, one explanation has largely been overlooked: The cloud made them do it. More specifically, OpenStack made them do it.

    Red Hat had all but sewn up the market for Linux in the data center. But in the cloud, the market for Linux is both wide open—and perhaps nonexistent.

  3. Red Hat Upgrades OpenStack Cloud Infrastructure Platform
  4. Red Hat Promotes Open Source Software-Defined Storage

    If the advent of object-based storage à la OpenStack Swift is one sign of the decline of traditional storage technologies, the momentum of software-defined storage is yet more evidence that the future of data storage for the cloud and the enterprise is changing. And open source giant Red Hat (RHT) is the latest vendor to jump on board, with the announcement of new software-defined storage options for Red Hat partners that could have a wide impact across the channel.

  5. Red Hat, Partners Collaborate on AWS New Test Drive Demos
  6. Red Hat ups its virtualization and cloud game
  7. Red Hat shops get KVM updates, scalability in RHEL 6.5
  8. Red Hat Enterprise Virtualization 3.3 Gets Real

    The RHEV 3.3 release is built on top of the open-source oVirt project, which is led by Red Hat. The new release adds support for the Red Hat Enterprise Linux 6.5 platform, improves performance and supports a wider array of systems.

  9. Findings from working on Red Hat’s installer

    I believe that the open source community as a whole would benefit if more open source developers considered the API and associated bindings as primary and the CLI as of secondary importance. Ideally, applications would be designed from the start with a well-defined API, a set of bindings that evolved with the API, and a CLI (if one was necessary) that was defined in a scripting language that made use of the bindings. Not only would this make the application ripe for automation, but it would likely have the added benefit of making the API better defined and more robust.

  10. Engage women, have fun, get more out of your open source project

    There are few women developers and even proportionately less working in open source communities. However, a career in OSS is ideal for women who are seeking balance in their lives whether the balance is starting a family or maintaining balance with friends and a strenuous and engaging hobby. It’s well established that there’s a shortage of women pursuing careers in computer science. UCLA’s Higher Education Research Institute found that just 0.3% of students majoring in technology-related fields are female, despite the high demand for those skills. As few as 1.5% of open source contributors are women.

  11. Heard of the GNOME Outreach Program for Women? Learn more today.

    Marie Nordin is one of the OPW interns for the Fedora Project. She is the visual designer currently in charge of badge design for Fedora Badges, an open badges based web application that helps to encourage contributors in the Fedora community by awarding them with badges for their efforts. (For example, Marie is the proud recipient of the “Pixel Ninja” badge for her work on the Fedora Design team.) I interviewed Marie, and she shared how she came to open source, what open source projects she’s currently involved with, and her advice for other young women interested in getting involved.

  12. The Women of OpenStack talk outreach, education, and mentoring

    In the open source world, a women-only event seems counter-intuitive. Yet I am finding reasons for such events the more I attend them.

    At the OpenStack Summit, a twice-a-year event where OpenStack contributors get together to plan the next release, the Women of OpenStack group has set up events where we invite the women first. Men aren’t excluded, but our hope is to get more OpenStack women together. I can hardly capture the value of getting together with other women in OpenStack at the Summit, but here goes.

  13. Make money and have fun in open source

    We’re familiar with the statistics, and we’ve seen the photos from the tech conferences. Seas full of men. It requires patience to scan for the odd female in those auditoriums. It’s a popular topic, this scarcity of women in technology, one of the hip things to whine about these days. It’s politically correct to blame the male “priesthood” in Silicon Valley. Ask Paul Graham. He took it in the ribs after a few reckless comments about the funding practices of his startup seed accelerator, Y Combinator. He was quoted as saying, “God knows what you would do to get 13 year old girls interested in computers. I would have to stop and think about that,” in a recent article. Ouch. But, really, is he so wrong?

  14. Advice from 5 Joomla! project leaders: Part 1

    The Joomla! community, inside and outside the company, is diverse and multi-cultural. It is made up of all sorts of people with two things in common: a love for Joomla! and a willingness to reach out and help others on the other side of the keyboard.

  15. Advice from 5 Joomla! project leaders: Part 2
  16. The participatory nature of the Internet strengthens fan communities

    Whether the big media producers like it or not, digital technologies have made it easier than ever for popular culture fans to create remixes or derivative works from their favorite movies, TV shows, books, and other media. And the participatory nature of the Internet has arguably helped broaden the popular definition of a “fan community” from something exclusive to comic and sci-fi fans to being inclusive of many genres and people. This includes giving wider exposure to a vast and yet often overlooked demographic in pop fandom—women—and their influence on mainstream media stories.

  17. Golden opportunity for public libraries to meet digital needs of women

    Women use the Internet 17% more than their male counterparts yet are underrepresented in programming and open source. Public libraries (and public schools) have a critical role to play with improving the dearth of diversity in coding and open source.

  18. Girls and Software

    December 2013′s EOF, titled “Mars Needs Women”, visited an interesting fact: that the male/female ratio among Linux Journal readers, and Linux kernel developers, is so lopsided (male high, female low) that graphing it would produce a near-vertical line. I was hoping the piece would invite a Linux hacker on the female side of that graph to step up and move the conversation forward. And sure enough, here we have Susan Sons aka @HedgeMage.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts