04.02.11

Gemini version available ♊︎

Red Hat’s Obfuscated Patches Harm Small GNU/Linux Players and Help Microsoft/Novell

Posted in Oracle, Red Hat at 6:22 pm by Dr. Roy Schestowitz

James WhitehurstSummary: Suggestions to Red Hat, whose commitment to transparency has eroded somewhat and needs prodding for

TECHRIGHTS runs on top of CentOS, which relies on Red Hat for its updates. Earlier this week at work I was told that CentOS had not released patches since December, whereas RHEL patches are released at a pace of several per week. This may make one wonder about the new Scientific Linux, which might one day outpace CentOS and replace it as the de facto RHEL clone.

“Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches.”Red Hat defends its dubiously obfuscated patches by pointing the finger at Oracle, but let’s face it; it is often said that the most widely used distribution of GNU/Linux is the quiet giant, CentOS. Many Web hosts run it and they are not alone, sector-wise. Nobody knows just how many servers run CentOS, but it’s probably many millions. Red Hat can improve its bottom line by sticking a cork in CentOS and preventing access to RHEL-targeted patches. Oracle would be a convenient Goliath to blame, but is it really as dangerous as Red Hat wants us to believe while Red Hat’s financial numbers keep hitting new record highs? The subject of transparency at Red Hat was addressed here quite recently and Techrights will continue to pressure Red Hat to rectify these issues, both by explaining the Acacia settlement [1, 2, 3] and by providing GPL-friendly patches to those who require them. The GPL is designed to avoid exclusion, even if that means allowing Oracle to embrace other people’s work.

As we pointed out this morning, Novell is trying to take advantage of Red Hat’s practices, hoping to sell Microsoft-taxed SLE* at the expense of/instead of RHEL (there is also a peripheral article about it now). Who would that benefit?

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

5 Comments

  1. David Gerard said,

    April 2, 2011 at 6:34 pm

    Gravatar

    Well, now. This is anecdotal, but … I work for a company that has various web-based applications. These are written in Java. (Yes, we saw the Oracle-Google suit and several people had a good hard think about their career path.) They were running on Solaris, but Oracle is insane and on crack, so I strongly advised my boss and boss’s boss to ignore all our years of Solaris experience and move to Linux post-haste.

    We’re going to VM-based hosting. Oracle want £300 to run Solaris on non-Oracle hardware for a year. So we’re going Linux.

    The hosting company offered RHEL or … Ubuntu server. We went Ubuntu ‘cos we like Debian and it’s close enough for our purposes. (IT’S JUST RUNNING JAVA.)

    Supporting all the hardware ever is a big plus for RHEL … but not so much if people are hosting in VMs. And you know, Ubuntu is free as in beer too. (And you don’t have to put up with the hideous Unity interface on a server.)

    Dr. Roy Schestowitz Reply:

    Well, Ubuntu servers that I deploy are X-less. It should not be a problem. Debian is a safe bet, too.

    BenderBendingRodriguez Reply:

    Roy, do you realize that debian is at it’s default the least safe Linux distro out there?

    http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/

    http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/

    Granted it has been written on september but i really doubt that debian changed security wise

    twitter Reply:

    Calling Debian the “least safe Linux distro” is sort of like calling flint the most toxic of metamorphic rocks and glasses. I’m particularly wary of articles that complain that free software does not have tools that non free software inevitably needs to make up for mono cultural flaws and code staleness. Olympic athletes can use crutches too but generally don’t rate themselves on their ability to use them. Until we see successful attacks in the wild, most of these security articles are an academic exercise at best and FUD at worst.

    There’s a lot to recommend Debian. Complexity is itself a flaw that leads to exploitation and Debian sensibly avoids this unless forced. Debian also is one of the most package rich and platform diverse distributions, diversity that is both useful and protective. When and if there’s a problem, the Debian community can and will deploy these alternate tools.

    Dr. Roy Schestowitz Reply:

    If one depends on Debian’s well-tested patches, then there might be a delay between ‘real’ patch and Debian patch. But otherwise, people can always patch using whatever comes from the original source. I had this discussion in London some days ago. Calling Debian “the least safe Linux distro” is odd to me too.

DecorWhat Else is New


  1. Gemini Space/Protocol: Taking IRC Logs to the Next Level

    Tonight we begin the migration to GemText for our daily IRC logs, having already made them available over gemini://



  2. Links 6/12/2021: Gnuastro 0.16 and Linux 5.16 RC4

    Links for the day



  3. Links 5/12/2021: Touchpad Gestures in XWayland

    Links for the day



  4. Society Needs to Take Back Computing, Data, and Networks

    Why GemText needs to become 'the new HTML' (but remain very simple) in order for cyberspace to be taken away from state-connected and military-funded corporations that spy on people and abuse society at large



  5. [Meme] Meanwhile in Austria...

    With lobbyists-led leadership one might be led to believe that a treaty strictly requiring ratification by the UK is somehow feasible (even if technically and legally it's moot already)



  6. The EPO's Web Site is a Parade of Endless Lies and Celebration of Gross Violations of the Law

    The EPO's noise site (formerly it had a "news" section, but it has not been honest for about a decade) is a torrent of lies, cover-up, and promotion of crimes; maybe the lies are obvious for everybody to see (at least EPO insiders), but nevertheless a rebuttal seems necessary



  7. The Letter EPO Management Does Not Want Applicants to See (or Respond to)

    A letter from the Munich Staff Committee at the EPO highlights the worrying extent of neglect of patent quality under Benoît Battistelli and António Campinos; the management of the EPO did not even bother replying to that letter (instead it was busy outsourcing the EPO to Microsoft)



  8. IRC Proceedings: Saturday, December 04, 2021

    IRC logs for Saturday, December 04, 2021



  9. EPO-Bribed IAM 'Media' Has Praised Quality, Which Even EPO Staff (Examiners) Does Not Praise

    It's easy to see something is terribly wrong when the people who do the actual work do not agree with the media's praise of their work (a praise motivated by a nefarious, alternate agenda)



  10. Tux Machines is 17.5 Years Old Today

    Tux Machines -- our 'sister site' for GNU/Linux news -- started in 2004. We're soon entering 2022.



  11. Approaching 100

    We'll soon have 100 files in Git; if that matters at all...



  12. Improving Gemini by Posting IRC Logs (and Scrollback) as GemText

    Our adoption of Gemini and of GemText increases; with nearly 100,000 page requests in the first 3 days of Decembe (over gemini://) it’s clear that the growing potential of the protocol is realised, hence the rapid growth too; Gemini is great for self-hosting, which is in turn essential when publishing suppressed and controversial information (subject to censorship through blackmail and other ‘creative’ means)



  13. Links 4/12/2021: IPFire 2.27 Core Update 162 and Genode OS Framework 21.11

    Links for the day



  14. Links 4/12/2021: Gedit Plans and More

    Links for the day



  15. Links 4/12/2021: Turnip Becomes Vulkan 1.1 Conformant

    Links for the day



  16. IRC Proceedings: Friday, December 03, 2021

    IRC logs for Friday, December 03, 2021



  17. Links 4/12/2021: EndeavourOS Atlantis, Krita 5.0.0 Beta 5, Istio 1.11.5, and Wine 6.23; International Day Against DRM (IDAD) on December 10th

    Links for the day



  18. Another Gemini Milestone: 1,500 Active Capsules

    This page from Balázs Botond plots a graph, based on these statistics that now (as of minutes ago) say: “We successfully connected recently to 1500 of them.” Less than a fortnight ago more than 1,800 capsules overall were registered by Lupa, almost quadrupling in a single year



  19. [Meme] António Campinos and Socialist Posturing

    Staff of the EPO isn’t as gullible as António Campinos needs it to be



  20. António Campinos as EPO President is Considered Worse Than Benoît Battistelli (in Some Regards) After 3.5 Years in Europe's Second-Largest Institution

    The EPO's demise at the hands of people who don't understand patents and don't care what the EPO exists for is a real crisis which European media is unwilling to even speak about; today we share some internal publications and comment on them



  21. Media Coverage for Sale

    Today we're highlighting a couple of new examples (there are many other examples which can be found any day of the year) demonstrating that the World Wide Web is like a corporate spamfarm in "news" clothing



  22. Links 3/12/2021: GNU Poke 1.4 and KDDockWidgets 1.5.0

    Links for the day



  23. IRC Proceedings: Thursday, December 02, 2021

    IRC logs for Thursday, December 02, 2021



  24. Links 3/12/2021: Nitrux 1.7.1 and Xen 4.16 Released

    Links for the day



  25. Links 2/12/2021: OpenSUSE Leap 15.4 Alpha, Qt Creator 6

    Links for the day



  26. The EPO's “Gender Awareness Report”

    There’s a new document with remarks by the EPO’s staff representatives and it concerns opportunities for women at the EPO — a longstanding issue



  27. IRC Proceedings: Wednesday, December 01, 2021

    IRC logs for Wednesday, December 01, 2021



  28. EPO Staff Committee Compares the Tactics of António Campinos to Benoît Battistelli's

    The Central Staff Committee (CSC) of the EPO talks about EPO President António Campinos, arguing that “he seems to subscribe to the Manichean view, introduced by Mr Battistelli…”



  29. Prof. Thomas Jaeger in GRUR: Unified Patent Court (UPC) “Incompatible With EU Law“

    The truth remains unquestionable and the law remains unchanged; Team UPC is living in another universe, unable to accept that what it is scheming will inevitably face high-level legal challenges (shall that become necessary) and it will lose because the facts are all still the same



  30. Links 1/12/2021: LibrePlanet CFS Extended to December 15th and DB Comparer for PostgreSQL Reaches 5.0

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts