Linked by Thom Holwerda on Sun 19th Nov 2006 19:08 UTC, submitted by Neti
Databases "I had a few minutes to burn today, so I did what I'm sure you were doing: I read the Oracle Enterprise Linux Services Agreement. It's funny what you find when you start digging around in the legalese that governs the Big Announcement that Oracle made. It makes 'Unbreakable Linux' look a little flimsy."
Order by: Score:
"Indemnification"-induced paralysis
by b3timmons on Sun 19th Nov 2006 21:26 UTC
b3timmons
Member since:
2006-08-26

Oracle's "indemnifation" flub is funny. But it's also sad because it's yet another reminder of how much corporate powers use this concept to exploit and divide communities. And what of innovation?

Of course, "Indemnify" is a perfectly good word.

Indemnify: To save harmless; to secure against loss or damage; to insure.

A counterweight to the corporate whimsy is to seek indemnification for your software freedoms (http://www.gnu.org/philosophy/free-sw.html) with a license such as the coming GPLv3 (http://gplv3.fsf.org/wiki/index.php/GPLv3_Draft).

Reply Score: 3

vlado Member since:
2005-10-26

Just do not use it. By the way, would you chose MySQL or Postgress?

Reply Score: 2

wirespot Member since:
2006-06-21

I would say "it depends". To each job, the right tool. Sometimes MySQL it perfect, sometimes Postgres, sometimes Oracle, sometimes something else.

Reply Score: 1

stestagg Member since:
2006-06-03

Interesting Question.

I want to try PgSQL but the Postgree website puts me off, it just looks too amature.

Also, some versions of CygWin uses PgSQL and I seem to have config problems with it. I've never had problems with MySQL.

If anyone can prove to me that PG is more performant than MY, I'll convert immediately ;) . Although, having read about transaction safety, I don't think performance is the selling point of PgSQL.

Edited 2006-11-21 23:16

Reply Score: 1

Ugh
by Sphinx on Sun 19th Nov 2006 21:34 UTC
Sphinx
Member since:
2005-07-09

Reading EULA's reminds me of making sausage.

Reply Score: 3

RH indemnification
by molnarcs on Sun 19th Nov 2006 21:45 UTC
molnarcs
Member since:
2005-09-10

I don't think there's much to worry about around indemnification of RHEL (whatever Microsoft may think), but it's interesting just how weak Oracle's indemnity really is.

The author forgets to mention RedHat's indemnification. Only if one looks at RH's offer will see just how weak Oracle's is.

1) Open Source Assurance (extending to all packages provided by RH)
http://www.redhat.com/rhel/details/assurance/faq/

2) They will provide an indemnification program as well. See:
http://www.redhat.com/promo/believe/
(towards the bottom)

Reply Score: 4

v Oracle isn't interested
by NotParker on Sun 19th Nov 2006 23:40 UTC
RE: Oracle isn't interested
by manmist on Mon 20th Nov 2006 00:19 UTC in reply to "Oracle isn't interested"
manmist Member since:
2005-12-18

"
Oracle wants to destroy RedHats business as a platform for Oracle, not as a platform for other packages. "

... but they claim to be a complete replacement for RHEL and not merely as a Oracle appliance which means that their claim contradictory reality. If Oracle had said that they just want a kernel for their database thats acceptable and realistic. You cant just care for a kernel and then boast to be equivalent of RHEL

Reply Score: 1

RE[2]: Oracle isn't interested
by bakanekov3 on Mon 20th Nov 2006 01:02 UTC in reply to "RE: Oracle isn't interested"
bakanekov3 Member since:
2005-07-06

It doesn't matter anyway, as usual, the PHBs will be praised for "reducing costs", while all the other IT guys will be reprimanded for "not delivering."

Reply Score: 1

RE[2]: Oracle isn't interested
by Jody on Mon 20th Nov 2006 03:45 UTC in reply to "RE: Oracle isn't interested"
Jody Member since:
2005-06-30

It isn't just a replacement for RHEL it /is/ RHEL. So much so that the first version is named "Enterprise Linux 4 update 4" (the same version RHEL is on).

I don't know what there success will be with everything else, but I do think they will succeed at least as being an Oracle appliance.

When stuff breaks in a multi-vendor environment they tend to fingerpoint at each other and companies like having one number to call.

Since OEL is mostly repackages Linux this alone will probably be enough to sustain it, and although it won't be a large customer base it will be enough to impact RH's bottom line.

I will say that the FOSS community really gains nothing from Oracle's entry, not that Oracle would care.

Reply Score: 1

RE: Oracle isn't interested
by libray on Mon 20th Nov 2006 14:18 UTC in reply to "Oracle isn't interested"
libray Member since:
2005-08-27

Agreed. Oracle is not interested in the software bundle that Red Hat includes. The author makes it seem as if these 1.9 million tools are created by Red Hat; they are not.

I have a feeling that Oracle has been bitten by Linux's lack of a stable ABI platform and so makes it clear that they support the pertinent kernel in a distro, regardless of the OS "version #" of the distro or the included bundle of tools.

Reply Score: 1

Indemnification madness
by buff on Mon 20th Nov 2006 04:19 UTC
buff
Member since:
2005-11-12

Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?

Can someone actually point out all the examples of patent violations in a standard distribution of Linux for me or is this all just legal FUD. Is my kernel safe? Are the patent violations in the proprietary Nvidia drivers I have installed? Is Gnome minus Mono safe? But shouldn't this patent examination problem extend to Microsoft also? Shouldn't their closed source be examined by a 'neutral' legal team to make certain there is no GPL code in there? I am really beginning to see why people are not too fond of software patents. If you can patent the Amazon one-click then will development come to a standstill as licenses for clicking on a hyperlink must first be obtained. I always thought software was about good design and programming with a touch of vision but apparently you will have to add in a legal team to evaluate each new feature you add.

Edited 2006-11-20 04:25

Reply Score: 3

RE: Indemnification madness
by b3timmons on Mon 20th Nov 2006 07:42 UTC in reply to "Indemnification madness"
b3timmons Member since:
2006-08-26

Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?

IMO, it is just legal nonetheless effective FUD. E.g., it will drive some to Novell instead of to a legitimate vendor. Hundreds of patent violations in the kernel were apparently once tallied but not disclosed. In any case, the probability of violation is ridiculously high with any substantial program.

Crying about the patent insanity has its place, but I see efforts such as the GPLv3 as a more effective response, especially in light of recent nastiness.

Reply Score: 4

RE[2]: Indemnification madness
by happycamper on Mon 20th Nov 2006 11:57 UTC in reply to "RE: Indemnification madness"
happycamper Member since:
2006-01-01

/* I see efforts such as the GPLv3 as a more effective response, especially in light of recent nastiness.*/

with all the recent nastiness, and ms probably on the verge of a massive lawsuit against linux. i wonder if linus still feels the same about the GPLv3?

Edited 2006-11-20 12:06

Reply Score: 1

RE: Indemnification madness
by UglyKidBill on Mon 20th Nov 2006 12:41 UTC in reply to "Indemnification madness"
UglyKidBill Member since:
2005-07-27

Precisely.

Open Source developers. and specially volunteer ones, can´t affor such a legal team to be safe, there lies the attack to OSS at a world wide level.

Also, people get´s concerned and will tend (like in ´feels there is not other safe choice´) to choose big name vendors wich would look more reliable, thus reducing the vendor un-lock effect of OSS. There lies a more narrowed attack, mainly a at USA market level, which is none the less a very important one in terms of the market/business direction.

Of course they are trying to widen this ange by "convincing" Europe to apply sw patents too.

Reply Score: 1

RE[2]: Indemnification madness
by b3timmons on Mon 20th Nov 2006 15:12 UTC in reply to "RE: Indemnification madness"
b3timmons Member since:
2006-08-26

"Open Source developers. and specially volunteer ones, can´t affor such a legal team to be safe, there lies the attack to OSS at a world wide level."

There needs to be greater awareness of the following source of help, the Software Freedom Law Center:
http://www.softwarefreedom.org/

The enormous financial cost of the SCO hostilities spooked the likes of IBM, Google, Nokia, etc. into investing millions in the SFLC to address your very concerns.

The following *splendid* interview covers this and more generally undoes some of the FUD out there. It is with SFLC director Professor Eben Moglen a couple months ago:
http://www.twit.tv/floss13
(Google supports the show and the quality is evident.)

"Of course they are trying to widen this ange by "convincing" Europe to apply sw patents too."

Not enough credit has been given to the various individuals who have held them at bay in Europe, the same people who have helped the EU to wake up about Microsoft. Some of these people are highly active developers working on interoperability and were among the first to publicly cast doubt on the MS/Novell "partnership".

Reply Score: 1

RE: Indemnification madness
by wirespot on Mon 20th Nov 2006 14:01 UTC in reply to "Indemnification madness"
wirespot Member since:
2006-06-21

Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?

All this indemnifying is just bullshit, if you'll pardon my French. It relies on the implied presence of patented code in some of the tens of thousands of software package that make up GNU/Linux. Or in the Linux kernel, that's the preferred target because it's so central.

Why is it bullshit? Due to these two simple facts:

1. Patented code has not been shown anywhere so far. The SCO case failed to produce any proof. Microsoft claims they have proof but we have yet to see it.

2. Let's assume for a second that there is patented code somewhere in the software used by GNU/Linux. Protection (and indemnifying) would mean purchasing a license from the patent rights holder, or face legal action. But that can't happen, because the GPL (yes, v2!) forbids you from distributing the software with the purpose of setting up people to force them to purchase such licenses later. Which would make the Microsoft-Novell deal illegal first of all.

Now, of course GPL can't indemnify you. GPL is not a corporation or a legal entity, it's a license to distribute. But the FSF is, and you can bet they'll jump at the throat of the first one who tries to piss on the GPL.

Reply Score: 2

RE[2]: Indemnification madness
by Soulbender on Tue 21st Nov 2006 02:42 UTC in reply to "RE: Indemnification madness"
Soulbender Member since:
2005-08-18

"Why is it bullshit? Due to these two simple facts: "
It's actually bullshit for a much simpler reason:
Consumers cant be sued for patent infringement.

Reply Score: 1

The inevitable is happening
by JeffS on Mon 20th Nov 2006 17:18 UTC
JeffS
Member since:
2005-07-12

The two biggest software companies in the World, Microsoft and Oracle, whose revenue streams rely entirely on proprietary licenses, and support contracts, are making their attacks on Linux.

Linux and OSS are threats to Oracle's and Microsoft's extremely lucrative business models.

With Oracle, they made a direct attack on Red Hat, the biggest of the Linux commercial distros, in an attempt to both lower Red Hat's stock price, and to turn RHEL into an Oracle only appliance (which, of course, makes the Oracle version a proprietary lock-in product).

With Microsoft, they made the pact with Novell, purely for the purpose of setting patent licensing precedence. Look at Ballmer's recent comments that Linux violates MS IP, and Linux users owe Microsoft.

But alas, Oracle's "Unbreakable Linux" initiative is pretty much DOA. The release itself is buggy and non-functional, even though they took other people's already bug free and functional code. If a small community CentOS developers can fully re-implement RHEL, with a release that is fully functional, compatible, and relatively bug free, why can't multi-billion dollar Oracle? Then there is the fact that, as the linked article here reveals, Oracle's indemnity is less than useless. Finally, there is the fact that Oracle will be issuing it's own patches, breaking compatibility, and creating a lock-in appliance. And with the a lock-in appliance, Oracle's huge licensing fees and support fees will come into play, and the customer's wallet will be thoroughly "Hoover'ed".

In short, only a complete idiot would pay for / use Oracle's "Unbreakable Linux".

With Microsoft, they are trying to either create more FUD on Linux, or they are planning an all out assault on Linux companies, developers, and users, using their huge patent portfolio, army of lawyers, and limitless funds. They are creating a virtual extortion racket, where they don't have to prove any IP violation, much less provide specifics, with the threat of being sued by huge Microsoft being enough to cause many people and companies complete financial disaster.

The good news is that most of the world is wise to Microsoft's tactics. And if they do decide to sue someone, it will re-open the anti-trust can of worms, it will piss off limitless current and potential MS customers, it will cause counter suits from the FSF, where MS code will be subpoenaed, for public examination, big patent counter suits from MS competitors may very well happen, it might cause actual criminal filings against MS (suing for IP violation without proof is extortion, and extortion is a federal crime), and of course, Microsoft PR will go down the toilet.

Ultimately, now matter how big MS and Oracle are, no matter how much money they have, they simply can't change what the market wants. Linux/FOSS are a tsunami and no matter how many cutthroat dirty tactics Oracle and MS try, they can't stop the tide.

Reply Score: 2

RE: The inevitable is happening
by NotParker on Mon 20th Nov 2006 17:48 UTC in reply to "The inevitable is happening"
NotParker Member since:
2006-06-01

The release itself is buggy and non-functional, even though they took other people's already bug free and functional code.

Very funny. Linux kernel is full of bugs and security holes. As are the packages distributed with RedHat.

Here are the "errata": https://rhn.redhat.com/errata/rhel4ws-errata.html

Notice how they made the last digits 0xxx? They are getting ready to go over the 1000 mark. They are already at 0742.


I predict that Oracle Linux will be no more buggy or insecure than RedHat (which means it will be really buggy and insecure) and Oracle will stop certifying Oracle on RedHat.

Reply Score: 0

markjensen Member since:
2005-07-26

NotParker, I don't agree with most of what you tend to spout here in OSNews, as your hatred toward all things Open Source or Linux is readily apparent.

However, your post does make an accurate correction of a mis-statement that stated that the code Oracle used from Red Hat was "bug free".

It would have been more accurate for the previous poster to say "tested and debugged", as "debugging" means a process of identifying and removing bugs, not necessarily that the remaining code will be "free of all bugs for all time".

The rest of your post is just your usual being controversial, but doesn't seem to violate any rules. I'm up-modding it from its current 0. I am pretty sure that if you take Red Hat's well-maintained commercial offerings as "buggy and insecure", that you consider all OSes in the exact same category.

Reply Score: 2

RE[2]: The inevitable is happening
by JeffS on Mon 20th Nov 2006 19:28 UTC in reply to "RE: The inevitable is happening"
JeffS Member since:
2005-07-12

"Very funny. Linux kernel is full of bugs and security holes. As are the packages distributed with RedHat."

I never meant to suggest that RHEL, or any Linux, is "bug free".

All software has bugs. The difference is how those bugs are handled, debugged, and patched. RHEL, and most Linux distros, do a fantastic job of fixing bugs.

What I was getting at in my post (among other things) is that "Unbreakable Linux" is available for download, and has been reviewed. Well, the reviews so far have been terrible. It seems tons of stuff does not work (like a menu button in the top Gnome panel), and security patches are way behind RHEL and CentOS.

Don't you think that this is rather pathetic?

Don't you think that with all of Larry Ellison's chest thumping bravado, and call his Linux "Unbreakable", he would have put out a rock solid, kick-butt version?

Both RHEL and CentOS (a great RHEL clone made by a small group of fee developers). are fully functional, and have up to date security patches / bug fixes. Then along comes Oracle, the second largest software company in the world possessing an army of programmers and billions in the bank, and they can't even take existing, functioning code and produce a fully functional, up to date system - all this when all they had to do is re-brand the existing code.

It's quite laughable, really.

Reply Score: 4

NotParker Member since:
2006-06-01

Don't you think that with all of Larry Ellison's chest thumping bravado, and call his Linux "Unbreakable", he would have put out a rock solid, kick-butt version?

Not particularly. Oracle has never been one to worry about being way behind on security.

Having read one of the "reviews" of Oracle Linux I really got the impression of nitpicking.

Essentially RedHat became a piece of cr*p the minute Oracle took it over based on a couple of totally inconsequential items caused by an imperfect removal of RedHat trademarks.

Its amazing how a distro can go to hell once it is contaminated by proprietary company cooties.

The hypocrisy amazes me.

I mean, one minute RedHat was the good guy running proprietary Oracle, but the exact same distro distributed by proprietary Oracle is suddenly EVIL!

The bad news from this review: http://www.linuxformat.co.uk/modules.php?op=modload&name=News&file=...

"Our advice? Wait a few months for the dust to settle and then consider a switch to Enterprise Linux."

Why switch? I guess it was price. I mean, the closer to free means the closer to the GPL god RSM right?

Not great for RedHat shareholders ... but kind of funny for us non-GPL cultists.

To many of us it will justify our belief that GPL'd software is a race to the bottom in terms of making money. If you give away your products source doe, it was inevitable someone was going to come around and take it and repackage it and sell it for less.

Who is going to pay all those programmers working for RedHat if they lose a big chunk of their business to Oracle? If Ubuntu starts to make some money supporting its package, what will stop Oracle from repackaging that?

Or, even worse, what will be the incentive for Oracle to certify Oracle on any distro other than their distro? Companies wanting to run Oracle will have 4 choices: Oracle Linux, Unix, OpenVMS and Windows.

Oracle now controls Linux's usage of Oracle.

Oracle can say NO.

Edited 2006-11-21 01:32

Reply Score: 1

biteydog Member since:
2005-10-06

....but the exact same distro distributed by proprietary Oracle....

....but it isn't, heaven alone knows how but they've managed to break it.

Reply Score: 1

RE[2]: The inevitable is happening
by stestagg on Tue 21st Nov 2006 19:21 UTC in reply to "RE: The inevitable is happening"
stestagg Member since:
2006-06-03

Given that RHEL packages well over 1,000 Software packages, the fact that there are only 742 Security (some are feature) updates is pretty good. I believe that there is only one Microsoft product that has never had a security update. 742 updates spread over approx. 1,500( http://www.redhat.com/rhel/details/ ) packages is pretty good going.

Reply Score: 1

NotParker Member since:
2006-06-01

742 updates spread over approx ...

Well ... this kernel one is actually 8 security holes fixed:

https://rhn.redhat.com/errata/RHSA-2006-0689.html

This one is 9: https://rhn.redhat.com/errata/RHSA-2006-0617.html

etc etc.

Not so good going ...

Reply Score: 1

stestagg Member since:
2006-06-03

as opposed to 532 for Microsoft,

http://www.microsoft.com/technet/security/current.aspx.

hmm. what was the quote?
Oh yeah: Not so good going ...

Reply Score: 1

stestagg Member since:
2006-06-03

I had a look at the security alerts that you linked.

A significant number of them were:
"allowed a local user to cause a denial of service attack."

Now forgive me if i'm wrong, but where in Windows XP can a user NOT cause a DOS / Superuser action / system format?

Oh and also: how to crash Windows XP as a normal user:
#include <stdio.h>
void main(void){for(int i = 0; i < 5 ; i++)printf("ttbbb")}

http://www.hackwire.com/comments.php?id=51&catid=9

try killing off services.exe processes in task manager.

http://www.windowscrash.com/modules.php?set_albumName=pictures&op=m...
^^ Most of these happen WITHOUT ANY user intervention ;)


and for comic relief:
http://www.poppyfields.net/filks/00266.html

Reply Score: 1

NotParker Member since:
2006-06-01

A significant number of them were:
"allowed a local user to cause a denial of service attack."


Both allowed remote users to do stuff:

#1) "a remote user could cause a denial of service
(panic) by accessing socket buffers memory after freeing them."

#2) "allowed a remote user to cause a denial of service (crash) or potential memory corruption "

Several allow root escalation.

"Now forgive me if i'm wrong, but where in Windows XP can a user NOT cause a DOS / Superuser action / system format?"

It depends whether the user is a "User", "Power User" or "Administrator".

Reply Score: 1

stestagg Member since:
2006-06-03

Both allowed remote users to do stuff:

You mentioned 17, claiming that this was a big number. I was pointing out that at least 7 of those, were issues that are present (LOCAL user DOS) and unfixable in Windows XP (assuming default install (i.e. not with special privilege restrictions) - which we must when talking about security advisories)

It depends whether the user is a "User", "Power User" or "Administrator".

No. Users, Power Users and Administrators can DOS/Crash the System, without system patches, anyway.

Reply Score: 1

NotParker Member since:
2006-06-01

and unfixable in Windows XP (assuming default install (i.e. not with special privilege restrictions) - which we must when talking about security advisories)

A "user" in a domain has very low privledges in XP.

Reply Score: 1