China's Red Flag Linux to step onto global stage

InfoWorld ^ | September 04, 2003 | By Sumner Lemon, IDG News Service

[Paleo Conservative]

China's Red Flag Linux to step onto global stage

Alliance with HP strengthened as prelude to worldwide expansion of development effort

TAIPEI, Taiwan -- An alliance between Hewlett-Packard Co. and Chinese Linux developer Red Flag Software Co. Ltd. established last month should lead to cooperation between the two companies on technology development and marketing of Red Flag Linux to companies in China and around the world.

The announcement, made in Beijing on Aug. 20, strengthens a long-standing relationship between the two companies and represents a milestone in Red Flag's plans to expand its business outside the world's most populous country.

The two companies plan to first focus their cooperative efforts in China, and then expand their work to include Asia-Pacific and the rest of the world, according to a joint statement released last month by the two companies. No timeframe was given for when Red Flag plans to expand its enterprise software business beyond China.

[per loin]

Well I don't believe it's the Red China version of Linux, which HP is apparently helping build now. This is a sellout of the highest order.

As big a sellout as Microsoft giving China access to portions of its source code?

[Poohbah]

But they have a lot more control over these projects, like security clearances for those working on them.

They can have those with people working on Linux derivatives. But if you're telling me that they can't implement a proprietary flavor of Linux across their enterprise without serious problems, then you're telling me that they cannot possibly manage a Microsoft enterprise architecture, because Microsoft keeps admins extremely busy.

That's quite a reach. How about addressing your previous statement that the supposed NSA code would be more secure if it was restricted, which I inquired?

I didn't say that the NSA B1 Linux would be more secure; it would be extremely secure either way. The point is that if the NSA keeps the source closed, then that system can't be used outside of the US government, and that means that OTHER organizations will not be able to acquire it.

I'm aware of your point, but it is incorrect.

Actually, it isn't.

"Classification" of government information is a science of procedures whereby information is kept secret to reduce exposure and eventual duplication.

And Microsoft source code is FAR less accessible than most US government classified information.

But it still has massive security holes that get exploited on a nauseatingly regular basis.

Things like the security system of the US Capital would not be more secure if it was posted on the internet, likewise withholding immediate access to source code is a deterent to it's theft or exploitation.

One more time: Microsoft's source code is not available to the people who write things like Blaster.

But the stuff works. "Security through obscurity" is a very bad joke.

That's interesting, surprised you don't know more about M$/Government interaction.

I probably know a great deal more than you actually do.

There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever.

Actually, what happens is that when the first symptoms of attack appear, they close every port into and out of the network, and pretty much cripple their operations until they're sure they've patched the vulnerability.

Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.

Assuming that Microsoft does a competent job. Big assumption.

And a poorly-designed patch can break other software, as you note. You do NOT want your network admin to clobber the CIWS or the RAM launcher with a routine update, especially when you're toe-to-toe with the bad guys.

[Coral Snake]

Yes, there was always the BSD choice. ;-).

[Golden Eagle]

As big a sellout as Microsoft giving China access to portions of its source code?

No, not nearly, considering they were "peeks" at Redmond simply to counter Linux.

[Poohbah]

Heck, you quesiton the citizenship of people who make typing errors.

Priceless, dude.

[per loin]

Yes, there was always the BSD choice. ;-).

Perhaps you should notify the proprietor of his error?

[per loin]

As big a sellout as Microsoft giving China access to portions of its source code?

No, not nearly, considering they were "peeks" at Redmond simply to counter Linux.

I suspect that you answered that question opposite to your intention. Eh?

[Golden Eagle]

But if you're telling me that they can't implement a proprietary flavor of Linux across their enterprise without serious problems, then you're telling me that they cannot possibly manage a Microsoft enterprise architecture

You think maintaining a completely separate branch of Linux including grow your own security patches and feature upgrades is easier than deploying M$ and maintaining it through Windows Update etc? Ridiculous.

The point is that if the NSA keeps the source closed, then that system can't be used outside of the US government, and that means that OTHER organizations will not be able to acquire it.

Sure that's another reason for closed source, but doesn't undercut wanting to keep it secret so that it can't be exploited.

And Microsoft source code is FAR less accessible than most US government classified information.

LMAO. Ever heard of a dissasembler?

I probably know a great deal more than you actually do.

Not from the looks of your last post. I haven't seen anything correct yet.

they close every port into and out of the network, and pretty much cripple their operations until they're sure they've patched the vulnerability.

No they don't. They don't have to plug anything, if they have the very lastest patches installed. User curiosity with attachments that no A/V signatures exist for is one of the few successful methods against 100% patching of the O/S.

Assuming that Microsoft does a competent job. Big assumption.

It's not an assumption. These people (again not our organization) grew into relying on Windows Update. If it ever fails them, they will quit using it. So far, rock solid. But our security is more robust. You can't even ping our boxes without us getting a log.

Back to the thread at hand - Do you or do you not support HP helping the Chicoms build their software?

[tortoise]

You wouldn't have crumbling software companies in the US while Red China and other advesaries build up their own arsenal of software. This is just like the loss of manufacturing to over there, but now it's software engineering.

I must yield to your brilliant use of the Chewbacca defense.

[Poohbah]

No they don't. They don't have to plug anything, if they have the very lastest patches installed. User curiosity with attachments that no A/V signatures exist for is one of the few successful methods against 100% patching of the O/S.

I know people who were on NMCI when Blaster hit.

They got shut down for most of the day.

What were you yammering about again?

Sure that's another reason for closed source, but doesn't undercut wanting to keep it secret so that it can't be exploited.

How many Linux exploits out there? How many Windows exploits out there?

Hmm...

LMAO. Ever heard of a dissasembler?

That explains all those copies of the Windows kernel source code available for download out there...

Oh. Nevermind.

These people (again not our organization) grew into relying on Windows Update. If it ever fails them, they will quit using it.

Wait until some enterprising hacker spoofs the Windows Update server and installs his malware on every Windows box in the world.

[VeniVidiVici]

Well, I hope Red Flag buys new equip for their website. It's slower than hell...

Think they need new translators too. Here is an excerpt (faux pas?) from there announcement concerning working with HP:

The Red Flag Software Company cooperates with HP Company, and jointly works out Itanium2 solution
Time:2003-05-29

"¡¡¡¡April 21st 2003, ¡°make good use of chances, and detonate popularity¡± ¨Cthe press release of HP Itanium2 solution is being held in Shanghai. "

Personally I think o/s wars aren't the best use of time. Gave it up trying to beat the Warped users over the head. Use what's best. I can make money off of either :-)

[Dimensio]

And documented. He did it to me. Apparently, because I mistyped "American", I'm obviously not a US citizen even though I was born in Raleigh, NC. If I'm not mistaken, being born on US soil makes one a US citizen (and it probably helped that my parents were also natural-born US citizens as well).

[Poohbah]

I wonder if he questions whether or not harpseal is an American citizen because of all teh times he mispells "the."

[Coral Snake]

Actually I think that if BSD had used something other than a devil for its mascot it would actually hold the position that Linux does now. Mascotts MEAN things just as words do.
Not that I'm saying that BSD is wicked, just careless in realizing this. If BSD would have dumped the devil and came up with the penguin or some other cute little bird or animal Linux would have never stood a chance against it.

[per loin]

I can't fault you on your sense of humor.

[tortoise]

There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever. Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.

Only for unimportant applications where you can actually risk losing your server, or even take the time to reboot your server once a week for that matter. I run Windows Update on my desktop about once a week (or right away if I hear of a new vulnerability), but that is fine because it is only my desktop. If our servers were bounced more than once or twice a year for any reason the sysadmin would be fired, and anything necessitating patching the kernel better be rare indeed. Much better to use a more securable and less bug-prone operating system and not have to worry about downtime. Which could be a lot of operating systems, but it isn't Windows.

[N3WBI3]

" That is completely wrong. Red Flag is the official operating system of the People's Republic of China, and is managed by their communist government. How you can honestly try to compare a US Company to them?"

What does redhat stand to lose? their ISO's are free, and if I get my hands on Redflag I can make Redhat look act, and infact be the same system..

[Golden Eagle]

I know people who were on NMCI when Blaster hit. They got shut down for most of the day.

Too bad for them. We never missed a beat.

How many Linux exploits out there? How many Windows exploits out there?

About the same. Especially when you include the packaged Linux apps.

That explains all those copies of the Windows kernel source code available for download out there...

Totally illegal. And difficult. But not as difficult as obtaining classified info, which was your point.

Wait until some enterprising hacker spoofs the Windows Update server and installs his malware on every Windows box in the world.

Sounds like a fantasy of yours.

[Golden Eagle]

I wonder if he questions whether or not harpseal is an American citizen because of all teh times he mispells "the."

No as far as I can tell Harpseal and I agree on most if not all issues. But I asked Demensio if he was American after some anti-American comments he made (you can't ever tell with these annonymous Linux guys, many are foreigners) and he said something like, "Yes, I am Amerecan." I'm still not convinced that he is.

[Golden Eagle]

So go ahead and wrap it up, I've got other things to do. You think this is a great thing, right, cause you like Linux, and you don't like M$. Otherwise, I really don't see what all your (incorrect) points were about.