“I had a few minutes to burn today, so I did what I’m sure you were doing: I read the Oracle Enterprise Linux Services Agreement. It’s funny what you find when you start digging around in the legalese that governs the Big Announcement that Oracle made. It makes ‘Unbreakable Linux’ look a little flimsy.”
Oracle’s “indemnifation” flub is funny. But it’s also sad because it’s yet another reminder of how much corporate powers use this concept to exploit and divide communities. And what of innovation?
Of course, “Indemnify” is a perfectly good word.
Indemnify: To save harmless; to secure against loss or damage; to insure.
A counterweight to the corporate whimsy is to seek indemnification for your software freedoms (http://www.gnu.org/philosophy/free-sw.html) with a license such as the coming GPLv3 (http://gplv3.fsf.org/wiki/index.php/GPLv3_Draft).
Just do not use it. By the way, would you chose MySQL or Postgress?
I would say “it depends”. To each job, the right tool. Sometimes MySQL it perfect, sometimes Postgres, sometimes Oracle, sometimes something else.
Interesting Question.
I want to try PgSQL but the Postgree website puts me off, it just looks too amature.
Also, some versions of CygWin uses PgSQL and I seem to have config problems with it. I’ve never had problems with MySQL.
If anyone can prove to me that PG is more performant than MY, I’ll convert immediately . Although, having read about transaction safety, I don’t think performance is the selling point of PgSQL.
Edited 2006-11-21 23:16
Reading EULA’s reminds me of making sausage.
I don’t think there’s much to worry about around indemnification of RHEL (whatever Microsoft may think), but it’s interesting just how weak Oracle’s indemnity really is.
The author forgets to mention RedHat’s indemnification. Only if one looks at RH’s offer will see just how weak Oracle’s is.
1) Open Source Assurance (extending to all packages provided by RH)
http://www.redhat.com/rhel/details/assurance/faq/
2) They will provide an indemnification program as well. See:
http://www.redhat.com/promo/believe/
(towards the bottom)
Oracle isn’t interested in the 17,000 versions of emacs (or whatever).
Oracle wants to destroy RedHats business as a platform for Oracle, not as a platform for other packages.
I think they will succeed.
”
Oracle wants to destroy RedHats business as a platform for Oracle, not as a platform for other packages. ”
… but they claim to be a complete replacement for RHEL and not merely as a Oracle appliance which means that their claim contradictory reality. If Oracle had said that they just want a kernel for their database thats acceptable and realistic. You cant just care for a kernel and then boast to be equivalent of RHEL
It doesn’t matter anyway, as usual, the PHBs will be praised for “reducing costs”, while all the other IT guys will be reprimanded for “not delivering.”
It isn’t just a replacement for RHEL it /is/ RHEL. So much so that the first version is named “Enterprise Linux 4 update 4” (the same version RHEL is on).
I don’t know what there success will be with everything else, but I do think they will succeed at least as being an Oracle appliance.
When stuff breaks in a multi-vendor environment they tend to fingerpoint at each other and companies like having one number to call.
Since OEL is mostly repackages Linux this alone will probably be enough to sustain it, and although it won’t be a large customer base it will be enough to impact RH’s bottom line.
I will say that the FOSS community really gains nothing from Oracle’s entry, not that Oracle would care.
Agreed. Oracle is not interested in the software bundle that Red Hat includes. The author makes it seem as if these 1.9 million tools are created by Red Hat; they are not.
I have a feeling that Oracle has been bitten by Linux’s lack of a stable ABI platform and so makes it clear that they support the pertinent kernel in a distro, regardless of the OS “version #” of the distro or the included bundle of tools.
Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?
Can someone actually point out all the examples of patent violations in a standard distribution of Linux for me or is this all just legal FUD. Is my kernel safe? Are the patent violations in the proprietary Nvidia drivers I have installed? Is Gnome minus Mono safe? But shouldn’t this patent examination problem extend to Microsoft also? Shouldn’t their closed source be examined by a ‘neutral’ legal team to make certain there is no GPL code in there? I am really beginning to see why people are not too fond of software patents. If you can patent the Amazon one-click then will development come to a standstill as licenses for clicking on a hyperlink must first be obtained. I always thought software was about good design and programming with a touch of vision but apparently you will have to add in a legal team to evaluate each new feature you add.
Edited 2006-11-20 04:25
Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?
IMO, it is just legal nonetheless effective FUD. E.g., it will drive some to Novell instead of to a legitimate vendor. Hundreds of patent violations in the kernel were apparently once tallied but not disclosed. In any case, the probability of violation is ridiculously high with any substantial program.
Crying about the patent insanity has its place, but I see efforts such as the GPLv3 as a more effective response, especially in light of recent nastiness.
/* I see efforts such as the GPLv3 as a more effective response, especially in light of recent nastiness.*/
with all the recent nastiness, and ms probably on the verge of a massive lawsuit against linux. i wonder if linus still feels the same about the GPLv3?
Edited 2006-11-20 12:06
Precisely.
Open Source developers. and specially volunteer ones, can´t affor such a legal team to be safe, there lies the attack to OSS at a world wide level.
Also, people get´s concerned and will tend (like in ´feels there is not other safe choice´) to choose big name vendors wich would look more reliable, thus reducing the vendor un-lock effect of OSS. There lies a more narrowed attack, mainly a at USA market level, which is none the less a very important one in terms of the market/business direction.
Of course they are trying to widen this ange by “convincing” Europe to apply sw patents too.
“Open Source developers. and specially volunteer ones, can´t affor such a legal team to be safe, there lies the attack to OSS at a world wide level.”
There needs to be greater awareness of the following source of help, the Software Freedom Law Center:
http://www.softwarefreedom.org/
The enormous financial cost of the SCO hostilities spooked the likes of IBM, Google, Nokia, etc. into investing millions in the SFLC to address your very concerns.
The following *splendid* interview covers this and more generally undoes some of the FUD out there. It is with SFLC director Professor Eben Moglen a couple months ago:
http://www.twit.tv/floss13
(Google supports the show and the quality is evident.)
“Of course they are trying to widen this ange by “convincing” Europe to apply sw patents too.”
Not enough credit has been given to the various individuals who have held them at bay in Europe, the same people who have helped the EU to wake up about Microsoft. Some of these people are highly active developers working on interoperability and were among the first to publicly cast doubt on the MS/Novell “partnership”.
Oracle will indemnify its Redhat users, Microsoft will indemnify its Novell users. Can the GPL indemnify Linux for the rest of us that just want to use Linux without facing legal action?
All this indemnifying is just bullshit, if you’ll pardon my French. It relies on the implied presence of patented code in some of the tens of thousands of software package that make up GNU/Linux. Or in the Linux kernel, that’s the preferred target because it’s so central.
Why is it bullshit? Due to these two simple facts:
1. Patented code has not been shown anywhere so far. The SCO case failed to produce any proof. Microsoft claims they have proof but we have yet to see it.
2. Let’s assume for a second that there is patented code somewhere in the software used by GNU/Linux. Protection (and indemnifying) would mean purchasing a license from the patent rights holder, or face legal action. But that can’t happen, because the GPL (yes, v2!) forbids you from distributing the software with the purpose of setting up people to force them to purchase such licenses later. Which would make the Microsoft-Novell deal illegal first of all.
Now, of course GPL can’t indemnify you. GPL is not a corporation or a legal entity, it’s a license to distribute. But the FSF is, and you can bet they’ll jump at the throat of the first one who tries to piss on the GPL.
“Why is it bullshit? Due to these two simple facts: ”
It’s actually bullshit for a much simpler reason:
Consumers cant be sued for patent infringement.
The two biggest software companies in the World, Microsoft and Oracle, whose revenue streams rely entirely on proprietary licenses, and support contracts, are making their attacks on Linux.
Linux and OSS are threats to Oracle’s and Microsoft’s extremely lucrative business models.
With Oracle, they made a direct attack on Red Hat, the biggest of the Linux commercial distros, in an attempt to both lower Red Hat’s stock price, and to turn RHEL into an Oracle only appliance (which, of course, makes the Oracle version a proprietary lock-in product).
With Microsoft, they made the pact with Novell, purely for the purpose of setting patent licensing precedence. Look at Ballmer’s recent comments that Linux violates MS IP, and Linux users owe Microsoft.
But alas, Oracle’s “Unbreakable Linux” initiative is pretty much DOA. The release itself is buggy and non-functional, even though they took other people’s already bug free and functional code. If a small community CentOS developers can fully re-implement RHEL, with a release that is fully functional, compatible, and relatively bug free, why can’t multi-billion dollar Oracle? Then there is the fact that, as the linked article here reveals, Oracle’s indemnity is less than useless. Finally, there is the fact that Oracle will be issuing it’s own patches, breaking compatibility, and creating a lock-in appliance. And with the a lock-in appliance, Oracle’s huge licensing fees and support fees will come into play, and the customer’s wallet will be thoroughly “Hoover’ed”.
In short, only a complete idiot would pay for / use Oracle’s “Unbreakable Linux”.
With Microsoft, they are trying to either create more FUD on Linux, or they are planning an all out assault on Linux companies, developers, and users, using their huge patent portfolio, army of lawyers, and limitless funds. They are creating a virtual extortion racket, where they don’t have to prove any IP violation, much less provide specifics, with the threat of being sued by huge Microsoft being enough to cause many people and companies complete financial disaster.
The good news is that most of the world is wise to Microsoft’s tactics. And if they do decide to sue someone, it will re-open the anti-trust can of worms, it will piss off limitless current and potential MS customers, it will cause counter suits from the FSF, where MS code will be subpoenaed, for public examination, big patent counter suits from MS competitors may very well happen, it might cause actual criminal filings against MS (suing for IP violation without proof is extortion, and extortion is a federal crime), and of course, Microsoft PR will go down the toilet.
Ultimately, now matter how big MS and Oracle are, no matter how much money they have, they simply can’t change what the market wants. Linux/FOSS are a tsunami and no matter how many cutthroat dirty tactics Oracle and MS try, they can’t stop the tide.
The release itself is buggy and non-functional, even though they took other people’s already bug free and functional code.
Very funny. Linux kernel is full of bugs and security holes. As are the packages distributed with RedHat.
Here are the “errata”: https://rhn.redhat.com/errata/rhel4ws-errata.html
Notice how they made the last digits 0xxx? They are getting ready to go over the 1000 mark. They are already at 0742.
I predict that Oracle Linux will be no more buggy or insecure than RedHat (which means it will be really buggy and insecure) and Oracle will stop certifying Oracle on RedHat.
NotParker, I don’t agree with most of what you tend to spout here in OSNews, as your hatred toward all things Open Source or Linux is readily apparent.
However, your post does make an accurate correction of a mis-statement that stated that the code Oracle used from Red Hat was “bug free”.
It would have been more accurate for the previous poster to say “tested and debugged”, as “debugging” means a process of identifying and removing bugs, not necessarily that the remaining code will be “free of all bugs for all time”.
The rest of your post is just your usual being controversial, but doesn’t seem to violate any rules. I’m up-modding it from its current 0. I am pretty sure that if you take Red Hat’s well-maintained commercial offerings as “buggy and insecure”, that you consider all OSes in the exact same category.
“Very funny. Linux kernel is full of bugs and security holes. As are the packages distributed with RedHat.”
I never meant to suggest that RHEL, or any Linux, is “bug free”.
All software has bugs. The difference is how those bugs are handled, debugged, and patched. RHEL, and most Linux distros, do a fantastic job of fixing bugs.
What I was getting at in my post (among other things) is that “Unbreakable Linux” is available for download, and has been reviewed. Well, the reviews so far have been terrible. It seems tons of stuff does not work (like a menu button in the top Gnome panel), and security patches are way behind RHEL and CentOS.
Don’t you think that this is rather pathetic?
Don’t you think that with all of Larry Ellison’s chest thumping bravado, and call his Linux “Unbreakable”, he would have put out a rock solid, kick-butt version?
Both RHEL and CentOS (a great RHEL clone made by a small group of fee developers). are fully functional, and have up to date security patches / bug fixes. Then along comes Oracle, the second largest software company in the world possessing an army of programmers and billions in the bank, and they can’t even take existing, functioning code and produce a fully functional, up to date system – all this when all they had to do is re-brand the existing code.
It’s quite laughable, really.
Don’t you think that with all of Larry Ellison’s chest thumping bravado, and call his Linux “Unbreakable”, he would have put out a rock solid, kick-butt version?
Not particularly. Oracle has never been one to worry about being way behind on security.
Having read one of the “reviews” of Oracle Linux I really got the impression of nitpicking.
Essentially RedHat became a piece of cr*p the minute Oracle took it over based on a couple of totally inconsequential items caused by an imperfect removal of RedHat trademarks.
Its amazing how a distro can go to hell once it is contaminated by proprietary company cooties.
The hypocrisy amazes me.
I mean, one minute RedHat was the good guy running proprietary Oracle, but the exact same distro distributed by proprietary Oracle is suddenly EVIL!
The bad news from this review: http://www.linuxformat.co.uk/modules.php?op=modload&name=News&file=…
“Our advice? Wait a few months for the dust to settle and then consider a switch to Enterprise Linux.”
Why switch? I guess it was price. I mean, the closer to free means the closer to the GPL god RSM right?
Not great for RedHat shareholders … but kind of funny for us non-GPL cultists.
To many of us it will justify our belief that GPL’d software is a race to the bottom in terms of making money. If you give away your products source doe, it was inevitable someone was going to come around and take it and repackage it and sell it for less.
Who is going to pay all those programmers working for RedHat if they lose a big chunk of their business to Oracle? If Ubuntu starts to make some money supporting its package, what will stop Oracle from repackaging that?
Or, even worse, what will be the incentive for Oracle to certify Oracle on any distro other than their distro? Companies wanting to run Oracle will have 4 choices: Oracle Linux, Unix, OpenVMS and Windows.
Oracle now controls Linux’s usage of Oracle.
Oracle can say NO.
Edited 2006-11-21 01:32
….but the exact same distro distributed by proprietary Oracle….
….but it isn’t, heaven alone knows how but they’ve managed to break it.
Given that RHEL packages well over 1,000 Software packages, the fact that there are only 742 Security (some are feature) updates is pretty good. I believe that there is only one Microsoft product that has never had a security update. 742 updates spread over approx. 1,500( http://www.redhat.com/rhel/details/ ) packages is pretty good going.
742 updates spread over approx …
Well … this kernel one is actually 8 security holes fixed:
https://rhn.redhat.com/errata/RHSA-2006-0689.html
This one is 9: https://rhn.redhat.com/errata/RHSA-2006-0617.html
etc etc.
Not so good going …
as opposed to 532 for Microsoft,
http://www.microsoft.com/technet/security/current.aspx.
hmm. what was the quote?
Oh yeah: Not so good going …
I had a look at the security alerts that you linked.
A significant number of them were:
“allowed a local user to cause a denial of service attack.”
Now forgive me if i’m wrong, but where in Windows XP can a user NOT cause a DOS / Superuser action / system format?
Oh and also: how to crash Windows XP as a normal user:
#include <stdio.h>
void main(void){for(int i = 0; i < 5 ; i++)printf(” ”)}
http://www.hackwire.com/comments.php?id=51&catid=9
try killing off services.exe processes in task manager.
http://www.windowscrash.com/modules.php?set_albumName=pictures&op=m…
^^ Most of these happen WITHOUT ANY user intervention
and for comic relief:
http://www.poppyfields.net/filks/00266.html
A significant number of them were:
“allowed a local user to cause a denial of service attack.”
Both allowed remote users to do stuff:
#1) “a remote user could cause a denial of service
(panic) by accessing socket buffers memory after freeing them.”
#2) “allowed a remote user to cause a denial of service (crash) or potential memory corruption ”
Several allow root escalation.
“Now forgive me if i’m wrong, but where in Windows XP can a user NOT cause a DOS / Superuser action / system format?”
It depends whether the user is a “User”, “Power User” or “Administrator”.
Both allowed remote users to do stuff:
You mentioned 17, claiming that this was a big number. I was pointing out that at least 7 of those, were issues that are present (LOCAL user DOS) and unfixable in Windows XP (assuming default install (i.e. not with special privilege restrictions) – which we must when talking about security advisories)
It depends whether the user is a “User”, “Power User” or “Administrator”.
No. Users, Power Users and Administrators can DOS/Crash the System, without system patches, anyway.
and unfixable in Windows XP (assuming default install (i.e. not with special privilege restrictions) – which we must when talking about security advisories)
A “user” in a domain has very low privledges in XP.
Doesn’t stop him from being able to crash an unpatched box in many ways.