Posted on 09/04/2003 2:16:53 PM PDT by Paleo Conservative
TAIPEI, Taiwan -- An alliance between Hewlett-Packard Co. and Chinese Linux developer Red Flag Software Co. Ltd. established last month should lead to cooperation between the two companies on technology development and marketing of Red Flag Linux to companies in China and around the world.
The announcement, made in Beijing on Aug. 20, strengthens a long-standing relationship between the two companies and represents a milestone in Red Flag's plans to expand its business outside the world's most populous country.
The two companies plan to first focus their cooperative efforts in China, and then expand their work to include Asia-Pacific and the rest of the world, according to a joint statement released last month by the two companies. No timeframe was given for when Red Flag plans to expand its enterprise software business beyond China.
(Excerpt) Read more at infoworld.com ...
As big a sellout as Microsoft giving China access to portions of its source code?
They can have those with people working on Linux derivatives. But if you're telling me that they can't implement a proprietary flavor of Linux across their enterprise without serious problems, then you're telling me that they cannot possibly manage a Microsoft enterprise architecture, because Microsoft keeps admins extremely busy.
That's quite a reach. How about addressing your previous statement that the supposed NSA code would be more secure if it was restricted, which I inquired?
I didn't say that the NSA B1 Linux would be more secure; it would be extremely secure either way. The point is that if the NSA keeps the source closed, then that system can't be used outside of the US government, and that means that OTHER organizations will not be able to acquire it.
I'm aware of your point, but it is incorrect.
Actually, it isn't.
"Classification" of government information is a science of procedures whereby information is kept secret to reduce exposure and eventual duplication.
And Microsoft source code is FAR less accessible than most US government classified information.
But it still has massive security holes that get exploited on a nauseatingly regular basis.
Things like the security system of the US Capital would not be more secure if it was posted on the internet, likewise withholding immediate access to source code is a deterent to it's theft or exploitation.
One more time: Microsoft's source code is not available to the people who write things like Blaster.
But the stuff works. "Security through obscurity" is a very bad joke.
That's interesting, surprised you don't know more about M$/Government interaction.
I probably know a great deal more than you actually do.
There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever.
Actually, what happens is that when the first symptoms of attack appear, they close every port into and out of the network, and pretty much cripple their operations until they're sure they've patched the vulnerability.
Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.
Assuming that Microsoft does a competent job. Big assumption.
And a poorly-designed patch can break other software, as you note. You do NOT want your network admin to clobber the CIWS or the RAM launcher with a routine update, especially when you're toe-to-toe with the bad guys.
No, not nearly, considering they were "peeks" at Redmond simply to counter Linux.
Priceless, dude.
Perhaps you should notify the proprietor of his error?
No, not nearly, considering they were "peeks" at Redmond simply to counter Linux.
I suspect that you answered that question opposite to your intention. Eh?
You think maintaining a completely separate branch of Linux including grow your own security patches and feature upgrades is easier than deploying M$ and maintaining it through Windows Update etc? Ridiculous.
The point is that if the NSA keeps the source closed, then that system can't be used outside of the US government, and that means that OTHER organizations will not be able to acquire it.
Sure that's another reason for closed source, but doesn't undercut wanting to keep it secret so that it can't be exploited.
And Microsoft source code is FAR less accessible than most US government classified information.
LMAO. Ever heard of a dissasembler?
I probably know a great deal more than you actually do.
Not from the looks of your last post. I haven't seen anything correct yet.
they close every port into and out of the network, and pretty much cripple their operations until they're sure they've patched the vulnerability.
No they don't. They don't have to plug anything, if they have the very lastest patches installed. User curiosity with attachments that no A/V signatures exist for is one of the few successful methods against 100% patching of the O/S.
Assuming that Microsoft does a competent job. Big assumption.
It's not an assumption. These people (again not our organization) grew into relying on Windows Update. If it ever fails them, they will quit using it. So far, rock solid. But our security is more robust. You can't even ping our boxes without us getting a log.
Back to the thread at hand - Do you or do you not support HP helping the Chicoms build their software?
I must yield to your brilliant use of the Chewbacca defense.
I know people who were on NMCI when Blaster hit.
They got shut down for most of the day.
What were you yammering about again?
Sure that's another reason for closed source, but doesn't undercut wanting to keep it secret so that it can't be exploited.
How many Linux exploits out there? How many Windows exploits out there?
Hmm...
LMAO. Ever heard of a dissasembler?
That explains all those copies of the Windows kernel source code available for download out there...
Oh. Nevermind.
These people (again not our organization) grew into relying on Windows Update. If it ever fails them, they will quit using it.
Wait until some enterprising hacker spoofs the Windows Update server and installs his malware on every Windows box in the world.
Only for unimportant applications where you can actually risk losing your server, or even take the time to reboot your server once a week for that matter. I run Windows Update on my desktop about once a week (or right away if I hear of a new vulnerability), but that is fine because it is only my desktop. If our servers were bounced more than once or twice a year for any reason the sysadmin would be fired, and anything necessitating patching the kernel better be rare indeed. Much better to use a more securable and less bug-prone operating system and not have to worry about downtime. Which could be a lot of operating systems, but it isn't Windows.
What does redhat stand to lose? their ISO's are free, and if I get my hands on Redflag I can make Redhat look act, and infact be the same system..
Too bad for them. We never missed a beat.
How many Linux exploits out there? How many Windows exploits out there?
About the same. Especially when you include the packaged Linux apps.
That explains all those copies of the Windows kernel source code available for download out there...
Totally illegal. And difficult. But not as difficult as obtaining classified info, which was your point.
Wait until some enterprising hacker spoofs the Windows Update server and installs his malware on every Windows box in the world.
Sounds like a fantasy of yours.
No as far as I can tell Harpseal and I agree on most if not all issues. But I asked Demensio if he was American after some anti-American comments he made (you can't ever tell with these annonymous Linux guys, many are foreigners) and he said something like, "Yes, I am Amerecan." I'm still not convinced that he is.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.