Bonum Certa Men Certa

For Real Security, Use CentOS -- Never RHEL -- and Run Neither on Amazon's Servers

Red Hat logo



Summary: Never run Red Hat's "Enterprise Linux", which cannot be trusted because of NSA involvement; Amazon, which pays Microsoft for RHEL and works with the CIA, should never be used for hosting

SEVERAL years ago CentOS almost died; now it's being embraced by Red Hat and one pundit from tech tabloid ZDNet is moving to CentOS Linux on the desktop [1,2].



CentOS is still in the news [3], with the CentOS project leader (Karanbir Singh) giving an interview to the Linux Foundation [4]. We trust CentOS, whereas trusting Red Hat is hard. RHEL is binary and based on news from half a decade ago, the NSA is said to be involved in the building process, as well as SUSE's, whereas CentOS is built from source (publicly visible). Microsoft and the NSA do the same thing with Windows and it's now confirmed that Windows has NSA backdoors.

Earlier this month vulnerabilities in RHEL's openssl and RHEL's gnupg [5,6], contributed even less to trust. RHEL is so standard in the industry that it would probably be simpler than other distributions to exploit; the NSA may as well have off-the-shelf exploits for all major RHEL releases, which are deployed in many countries' servers (even so-called 'rogue' countries). Based on the NSA leaks, Fedora -- not RHEL -- is being used by the NSA itself to run its spying operations (e.g. collecting radio signals from afar). Fedora is not truly binary-compatible and its source code makes secrets hard to keep.

Lastly, mind the latest of Red Hat's Fog Computing hype [7,8], including the CIA's partner Amazon that's lumped onto Red Hat [9,10] as part of a conference [11,12]. Avoid Amazon at all costs. It's a malicious trap for many reasons. Amazon also pays Microsoft for RHEL after a patent deal with Microsoft, as we pointed out years ago. Suffice to say, Microsoft's servers are as bad as Amazon's for privacy.

RHEL and its derivatives continue to be deployed in many large networks of systems [13], so it's clear why the NSA would drool over the possibility of back doors in RHEL. Watch out for that. Given the way NSA infiltrated standards bodies and other institutions, it's not impossible that there are even moles at Red Hat or Fedora. There used to be some at Microsoft (we know about those who got caught).

Red Hat's CEO is now telling his story in a Red Hat site [14] and one needs to remember who he used to work for (close to Boeing, which is primarily an army company), not just the country he is based on (hence the rules that apply to him, especially when he wishes to appeal to government contractors, DoD/Pentagon etc. which are the most lucrative contracts).

It should be noted that my Web sites are mostly running CentOS and the same goes for the host of Techrights, who focuses on security. With CentOS you can get the source code and redistribute; with Red Hat's RHEL you can't (it's sold as binary).

There is definitely a good reason to trust CentOS security more than RHEL security. As for Oracle ("Unbreakable"), well... just read Ellison's public statements in support of the NSA (never mind the company's roots and the CIA). That tells a lot.

The bottom line is, blind faith in binary distributions is a bad thing. Blind faith in NSA partners (Red Hat collaborates with the NSA not just in SELinux) is even worse.

Related/contextual items from the news:



  1. Taking the long view: Why I'm moving to CentOS Linux on the desktop


  2. Is CentOS ready for the Linux desktop?
    CentOS is a very interesting and different choice for a desktop distribution. I haven't heard of many people using it that way. Whenever somebody brings it up it's usually within the context of running a server.


  3. Fedora and CentOS Updates, Linux for Security, and Top Seven


  4. CentOS Project Leader Karanbir Singh Opens Up on Red Hat Deal
    In the 10 years since the CentOS project was launched there has been no board of directors, or legal team, or commercial backing. The developers who labored to build the community-led version of Red Hat Enterprise Linux (RHEL) worked largely unpaid (though some took a few consulting gigs on the side.) They had a few hundred dollars in their bank account to pay for event t-shirts and that was it. And the project's direction was decided based on the developers' immediate needs, not a grand vision of future technology.


  5. Red Hat: 2014:0015-01: openssl: Important Advisory
  6. Red Hat: 2014:0016-01: gnupg: Moderate Advisory


  7. Red Hat Invests in Open Source IaaS, Cloud Talent


  8. Red Hat Academy Expands Training, Includes OpenStack Coursework


  9. Red Hat Launches Test Drives on AWS
    At its annual Partner conference in Scottsdale, Arizona this week Red Hat (RHT) announced new Test Drives on Amazon Web Services (AWS) with three Red Hat partners – CITYTECH, Shadow-Soft, and Vizuri. Through the AWS Test Drive program, users can quickly and easily explore and deploy ready-made solutions built on Red Hat technologies.



  10. Why Red Hat Needs OpenStack ... And AWS
    OpenStack, the cloud's community darling, desperately needs leadership, and Red Hat seems the ideal leader. But OpenStack isn't the only needy party here. As good as Red Hat's growth has been over the last decade, it pales in comparison to that of VMware, a later entrant that has grown much faster than Red Hat. And the open source leader still trails well behind Microsoft.


  11. Google, Amazon Clouds Invade Red Hat Partner Conference
    Google Cloud Platform and Amazon Web Services executives are set to address Red Hat Partner Conference attendees on Jan. 13 in Arizona. No doubt, the keynotes will seek to ensure Linux resellers understand how to move customer workloads into the Google and AWS public clouds, respectively.


  12. 7 Surprises At Red Hat Partner Conference 2014


  13. How to deploy OSSEC across a large network of systems from RPMs


  14. Teens and their first job: How to get on the path to a happy career
    I grew up in the 1980s in Columbus, Georgia. You needed a car to get around, so I did not work until I could drive. Within months of getting my driver's license, I got my first job as a part-time computer programmer for a stockbroker.


Comments

Recent Techrights' Posts

Red Hat's Owner is Called "America's Worst Tech Company" (IBM) and Microsoft's Liabilities Grow
Microsoft has about a quarter of a trillion (yes, trillion with a "T") in liabilities
How the SLAPPs From Microsoft Staff Are Connected to the Corrupt OSI, Whose Majority of Money Comes From Microsoft for Openwashing, LLM Hype, and Whitewashing GPL Violations During Class Action Trial
Let's explain how some of these things are connected
 
What Happened to the Open Source Initiative (OSI) Elections: Missed Deadline
they helped expose a number of other scandals
Links 12/05/2025: Measles Rising and Taliban Outlaws Chess in Afghanistan
Links for the day
Gemini Links 12/05/2025: Advice, Iorist Ethics, and Touchscreens
Links for the day
The Finances of GAFAM Aren't as They Seem
MICROSOFT FINANCIAL PYRAMID revisited
Links 12/05/2025: US Brain Drain and Reminder That "Microsoft's Lobbying Efforts Eclipsed Enron" (Fraud Coverup)
Links for the day
The Enshittification of Royal Mail (Post Office/Postal Services) Continues
Enshittification is a thing, not only in the digital realm
If the Gossip is True, Today Microsoft Has "Large M1 Meetings" to Discuss Almost 30,000 More Microsoft Layoffs in 2025
the claim is that Microsoft is preparing to lay off 10% of its staff
Microsoft Has a Long and Proven History of Funding Meritless Lawsuits Against Rivals and Critics (It Always Backfires)
It also looks like the solicitor used by two Microsofters to SLAPP us is being urgently replaced
Links 12/05/2025: Gardens and Kitchens
Links for the day
Links 12/05/2025: Media Being Attacked (New Forms of Attack on the Press), Many Data Breaches
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 11, 2025
IRC logs for Sunday, May 11, 2025
Links 11/05/2025: Pyotr Wrangel and Kubernetes With FreeBSD
Links for the day
What Happened to the Open Source Initiative (OSI) Elections: A Moment of Silence and Revisionism Amid US Government Investigation and Community Uproar
Not a word this month
Microsoft Florian Becomes Patent Troll, Arranges to Sue Companies (Extorting Money Out of Them)
From campaigner against software patents to paid Microsoft shill to "FOSS patents" (actually attacking FOSS) to revisionism as "books" (for Microsoft)... and now this
Links 11/05/2025: China's Fentanylware (TikTok) Tells Kids to Vandalise Schools' Chromebooks and Increased Censorship in India
Links for the day
You Need Not Be a Big Company to Defeat Microsoft If You Can Successfully Challenge Its Core "Ideas"
Maybe that's just a sign that the ideas of RMS have become too effective and thus "dangerous"
Gemini Links 11/05/2025: Yeeting Oligarch Tech, Offline Browsing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 10, 2025
IRC logs for Saturday, May 10, 2025
One is Simply Doomed to Fail When Working for Violent Men From Microsoft and Attacking Women as Well as People Who Merely Expose Crimes or Report Real Crimes
Imagine saying to people that you "practice law" or "exercise law"
The Tariffs Are Accelerating Microsoft's Decline in China
Judging by the way things are going, there will be considerable adoption of GNU/Linux in years to come, China being one major contributing factor.
Control Your Systems, Control All Your Data
what does it take for us to control our own systems and data?
Misplacing Blame for Security Problems, Sometimes With LLM Slop That Blames "Linux" for Microsoft's Failures
Broken telephones and stochastic parrots beget plenty of Fear, Uncertainty, Doubt (FUD)
Links 10/05/2025: WW2 Revisionism, Further Tit-for-tat in India-Pakistan Conflict
Links for the day
Links 10/05/2025: Germany Considers Smartphone Ban in Schools, Right to Repair Bills
Links for the day
Gemini Links 10/05/2025: Git Server and Great LLM DDoS of 2025
Links for the day
Blizzard/Microsoft Unions Grow Ahead of Mass Layoffs at Microsoft, Apparently Starting Next Week (as Many as 30,000 Workers Laid Off by Year's End)
Microsoft already fired about 5,000-6,000 workers this year by our estimates; that's not counting resignations compelled through pressure (i.e. pushed, did not jump) and contractors
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 09, 2025
IRC logs for Friday, May 09, 2025