Usually, very practical factors determine product choices for IT managers. When it comes to Linux and open source products, however, emotions — particularly conscience and loyalty — battle with reason.
While writing about Jim Klein’s decision to stop using Novell NetWare and SUSE, I searched for other stories on similar subjects. I came across Don McAskill’s thoughtful post on “The Enterprise Linux problem” on his SmugBlog.
In this post, Askill — CEO of an online photo-sharing company called SmugMug – describes his company’s experiences with several operating systems, ranging from SUSE to Red Hat to Solaris. He also laments the dilemma of a lot of people who want their purchases to reflect their beliefs: When push comes to shove, can you afford to pay a higher price for a product — in this case, Red Hat Linux — because its maker follows principles you believe in?
I really enjoyed reading this blog and the comments.
Leaving Novell, despite years of loyalty, for Red Hat Linux
At Red Hat Summit last week, I talked to a Novell NetWare diehard whose relationship with and love for Novell died, well, hard.
This is just one IT manager’s story, but it mirrors that of a number of NetWare users I’ve met, even those who have hung on to NetWare (mostly in a limited way).
Like many users, Jim Klein realized a few years ago that NetWare was a “dead-end street”. Once a market leading network operating system and a popular choice for file-and-print sharing on commodity Intel-based servers, NetWare offered a good alternative to Unix. Then Microsoft Windows for Intel servers came on strong in the mid-1990s with sharing capabilities, GUI installation and brilliant marketing. Novell didn’t keep up on the marketing or ease of installation. Although loyalists, particularly in the education marketplace, held on, the roadmap for NetWare just didn’t look promising.
Klein, IT services/technology director at Santa Clarita, Calif.-based Saugus Union School District (SUSD), began looking for alternatives. He ruled out Microsoft Windows because management costs were higher, security problems were rampant then, and he didn’t want to get locked into Microsoft’s upgrade routine.
“When you come from a NetWare shop, you’re used to running pretty lean, with a low administrator per server ratio. Running Windows would have taken us in the opposite direction.”
At first glance, Mac OS X 10 Server looked good, and SUSD was forming a deployment plan on that platform when Novell acquired SUSE Linux. Klein’s group then saw the opportunity to stay with Novell and get an operating system with a lot of life in it.
Unfortunately, SUSE glitches caused trouble, and Novell didn’t offer much help to fix problems.
“We tried it, tried to get Novell to help us make it all come together, but Novell didn’t come through.”
Frustrated, Klein tested Red Hat’s distribution in file servers. It worked well, and support was good, too. He tried it for Web services, and then moved on and found out that it worked well for almost all SUSD’s systems and applications.
For the most part, Red Hat — though a proprietary products vendor — stays true to the community spirit of open source software. For instance, Red Hat bought Netscape Directory Server and threw it on open source and gave it to the community, Klein said.
“Once I bought into the community, I became community-oriented. That’s Red Hat’s strength, and that’s where Novell falls short. To me, it looks like Novell just uses Linux as an entry to selling proprietary products to put on top of it. As for open source, it looks like Novell tosses its dead products out to the community.”
The partnership between Microsoft and Novell takes that approach — using Linux as a hook to sell proprietary products — a giant leap forward, in Klein’s opinion.
“It looks like they’re trying to influence the bench-sitters, those who have wanted to go down the Linux path but play it safe.”
On the flip side, a number of educational institutions I know of have stuck with Novell, NetWare, GroupWise and SUSE. I wonder: Does Novell’s reach extend beyond that market? I’d like to hear from some users. Did your Novell NetWare and SUSE experience end in divorce, or is it still a love affair? Let me know by commenting or writing to me a firstname.lastname@example.org
Comments made today by LinuxToday editor Brian Proffit on his blog The Hoosier Penguin resonate with what IP attorney John Rabena told me yesterday in our interview, “Microsoft’s anti-Linux patent claims: Arm-twisting for Novell-like deals.”
The Hoosier Penguin:
In pool, specifically Nine Ball, there is a phrase known as “rolling the cheese,” where you hit one ball into the nine ball and hope that the nine ball actually ends up in a pocket. Microsoft is rolling the cheese by threatening customers and developers alike with these allegations, but that is not their real goal. Their nine ball is Red Hat.
I believe the big reason why Redmond is trying this stale tactic again is to get one specific thing: a cross-licensing or covenant agreement with Red Hat, similar to the one they have with Novell. That is the real goal here–anything else, like customers fleeing Linux for Microsoft, would simply be a bonus.
In our interview with Rabena, he said pretty much the same thing without naming Red Hat specifically. “The biggest targets by far are the larger users of Linux and open source software … By targeting them, Microsoft is either trying to get together more Novell deals with those companies or is getting together some type of global agreement with providers,” he said.
Red Hat’s vice president of enterprise applications Tim Yeaton told me at the Red Hat Summit last week that Red Hat has no intention of pursing an interoperability or patent strategy with Microsoft in any way, shape of form. Brian over at LT says Red Hat told him (paraphrased here) that it would be akin to doing a deal with the devil. I think that’s basically what Yeaton told me in our one-on-one interview, albeit with a tad more politeness.
Microsoft is ramping up the patent debate once again not as an effort to frighten customers, but to rope Red Hat into a Novell patent covenant-type arrangement. Thing is, Red Hat’s message has remained constant since October/November 2006, when they were hit on two fronts by Oracle Linux and the MS-Novell deal. This week’s patent saber rattling by Redmond doesn’t seem to have had any effect either.
Major features included in the 3.0.25 code base include:
- Significant improvements in the winbind off-line logon support.
- Support for secure DDNS updates as part of the ‘net ads join’ process.
- Rewritten IdMap interface which allows for TTL based caching and per domain backends.
New plug-in interface for the “winbind nss info” parameter.
- New file change notify subsystem which is able to make use of inotify on Linux.
- Support for passing Windows security descriptors to a VFS plug-in allowing for multiple Unix ACL implements to running side by side on the Same server.
- Improved compatibility with Windows Vista clients including improved read performance with Linux servers.
- Man pages for IdMap and VFS plug-ins.
The three Security Fixes included in the Samba 3.0.25 release can be found in our post from yesterday.
A tidbit from an upcoming SearchEnterpriseLinux.com Q&A with Red Hat vice president of enterprise applications Tim Yeaton:
What was behind the data management-related Meta Matrix Data acquisition?
Yeaton: The way I like to describe it is ‘federated data access and integration.’ Imagine having a middleware layer mediating between your core applications and other applications, like EAI and ESBs. What Meta Matrix adds is the ability to delegate with multiple heterogeneous data sources in an abstract way. The application goes to the Meta Matrix layer, or the data federation layer, and it can access any data source it is authorized to regardless of type or location. What this is good for is applications that have to access multiple heterogeneous data sources like portals, business intelligence, enterprise reporting and dashboards; where the application is accessing 20-30 data sources. Some are relational and some are not, but the user wants a unified view of that application without having to hand code access to those data sources.
Red Hat is really making a push to be the single point provider for much of the software stack running in today’s enterprises. They’re covering middleware with JBoss, file and print sharing with that stable of Samba developers who came over after the Microsoft-Novell partnership fallout, and now Meta Matrix for its data management needs. They also have a bunch of ID management expertise left over from the Netscape days, too. No wonder Yeaton was summarily unfazed by my questions about Oracle Linux and Microsoft moving in on their turf.
Is Microsoft becoming the next SCO? Linux-Watch.com seems to think so, especially in light of this week’s patent posturing.
Yesterday, Microsoft CEO Steve Ballmer said that “Linux violates over 228 patents. Someday, for all countries that are entering WTO [the World Trade Organization], somebody will come and look for money to pay for the patent rights for that intellectual property.”
The Internet is positively in a tizzy over the remarks, which were reiterated in a second interview with Fortune magazine, as users scramble to decipher if they mean MS is again on the hunt for patent violations of its intellectual property.
This time around, Microsoft claims that the Linux kernel violates 42 of its patents, while the Linux graphical user interfaces break another 65. In addition, the Open Office suite of programs infringes 45 more, an assortment of email programs violate 15 others, and an assortment of free and open-source programs allegedly transgress 68 more patents.
In a statement obtained by eWEEK, Microsoft’s vice president of intellectual property and licensing, Horacio Gutierrez claims that “Even the founder of the Free Software Foundation, Richard Stallman, noted last year that Linux infringes well over 200 patents from multiple companies The real question is not whether there exist substantial patent infringement issues, but what to do about them.”
What’s interesting is this is strikingly similar to posturing made by the infamous SCO way back in the day when its trial against Linux and IBM still had legs to stand on (today it’s more like stubs, no?). Then , as it is now, it was “vague threatening IP claims without any facts” says Stephen J. Vaughan-Nichols at Linux-Watch.
The FUD (fear, uncertainty, doubt) comes at a tough time for Microsoft, which may be exactly the point. Vista is for all intents and purposes sputtering; Dell is cozying up to Linux on the desktop; and the anti-Microsoft/Novell GPLv3 nears completion. What better time to muddy the waters, right?
I said “kitchen sink” but I’m not seeing it, so maybe this was just a figure of speech. Anyway, the latest on the Linux kernel, courtesy of Linus Torvalds:
Ok, the merge window has closed, and 2.6.22-rc1 is out there.
The diffstat and shortlogs are way too big to fit under the kernel mailing
list limits, and the changes are all over the place. Almost seven thousand
files changed, and that’s not double-counting the files that got moved
Architecture updates, drivers, filesystems, networking, security, build
scripts, reorganizations, cleanups.. You name it, it’s there.
You want a new firewire stack? We’ve got it. New wireless networking
infrastructure? Check. New infiniband drivers? Digital video drivers? A
totally new CPU architecture (blackfin)? Check, check, check.
That said, I think (and certainly hope) that this will not be nearly as
painful as the big fundamental timer changes for 2.6.21, and while there
are some pretty core changes there (like the new SLUB allocator, which
hopefully will end up replacing both SLAB and SLOB), it feels pretty
solid, and not as scary as ripping the carpet from under the timer
So give it a good testing. We’ll see how the regression tracking ends up
working, but in order to actually track that, we want people actively
testing -rc1 and making good reports!
Dig around. Post your thoughts.
A trio of Samba security vulnerabilities dropped into my inbox today. The first:
This bug was originally reported against the anonymous calls to the SamrChangePassword() MS-RPC function in combination with the “username map script” smb.conf option (which is not enabled by default).
After further investigation by Samba developers, it was determined that the problem was much broader and impacts remote printer and file share management as well. The root cause is passing unfiltered user input provided via MS-RPC calls to /bin/sh when invoking externals scripts defined in smb.conf. However, unlike the “username map script”
vulnerability, the remote file and printer management scripts require an authenticated user session.
When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon’s internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish additional means of gaining root access to the server.
Various bugs in Samba’s NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.
A patch against Samba 3.0.23d/3.0.24 has posted at http://www.samba.org/samba/security/
Red Hat kicked off and is closing its user confab in San Diego with virtual appliance announcements. One seems right up IT pros’ alley. The other one may be a bit of a stretch. The opening sally, a partnership with Intel on building desktop management appliances, seems a step in a good direction, according to users I canvassed today. The other, a Sybase Adaptive Server Enterprise (ASE) virtual appliance, may be taking virtual appliances further upstream than IT managers would prefer.
I talked to about a dozen Red Hat customers today, and most felt that virtual appliances should be relegated to management tasks. In particular, they feel comfortable with appliances that handle security.
Jim Klein, the director of information services and technology at the Santa Clarita, Calif.-based Saugus Union School District, said he believed a security appliance that you can deploy rapidly could be a good fit for some people, especially those who run firewall appliances anyway.
“A virtual security appliance could replace that appliance box that’s taking up space. In a virtualized environment you gain benefits of reliability and flexibility, and that would be a big plus. It would be nice to buy a firewall appliance in a virtual form, rather than having to buy another piece of hardware.”
However, firewall appliances took some time to mature, and virtual appliances will, too, said Vinod Kutty, lead engineer in the open systems Group at the Chicago Mercantile Exchange..
“What tends to happen, if you look at the model for firewalls, a new technology emerges and it takes many years for the software to get to the point where it’s mature. [Then] it’s easy to embed it in an appliance, but I wouldn’t trust a new product in a virtual appliance until the product had gone through several generations,” he said.
IT pros said that putting mission-critical apps in appliances doesn’t seem like a good idea for a different reason: It gives vendors too much control.
When users begin to move up the stack with appliances, however, then they must begin to rely on an appliance vendor
for optimization and updates, Kutty said. “We are essentially mechanics, and we want to get under the hood. We want to know what’s under the hood.”
Klein views virtual appliances as task-oriented tools meant to eliminate excess hardware, but they aren’t an IT manager’s panacea just yet. “On the other hand, I see virtual appliances as an opportunity for vendor lock-in in a virtualization setting,” he said.
It’s true that Sybase ASE is a proprietary product, and lock-in could be an issue. That said, Sybase has been Linux-friendly for years. Also, it could be called a management tool. It’s just a tad bigger than a firewall. Then again, ASE is not a new kid on the block, so there need not be fear, uncertainty and doubt about the product’s maturity.
Is a database virtual appliance too much too soon? Well, for Red Hat, it’s probably better to go that route too soon than watch Oracle waltz away with the market.
I can’t find any commentary on this deal on any blogs yet. If you do, drop me a link via the comment box below or my email box at email@example.com.
That job was to inform the audience here at the Red Hat Summit that the Red Hat Exchange (RHX) was live and ready for downloads. Taking the stage to detail the launch of RHX was Red Hat director of online services Matt Maddox.
“There should be a place to go to find trusted online services. For that, we’re launching RHX,” he said (there was applause). “[RHX] demonstrates the core Red Hat belief; a belief in the inevitable expansion of open source.”
Maddox told attendees that RHX, now open for business at www.redhat.com/rhx would include open source products from vendors like SugarCRM, collaboration technology from Zimbra and Scalix, as well as a slew of other offerings, including business intelligence (BI). There are 14 members in all. Products are available directly from the web site or via Red Hat’s channel partners, Maddox said.
According to Red Hat, all applications are purchased, delivered and supported via a single, standardized Red Hat subscription agreement with consolidated billing covering the complete application stack. At the RHX web site, customers have access to application profiles, user ratings and reviews, free trials and online purchase options for all applications, a la Amazon.com (a comparison Red Hat execs were ready to make time and again). Red Hat will coordinate with ISV partners while providing customers with a single point of contact for all support issues throughout the application stack. In addition, RHX may be purchased through a select set of Red Hat’s Value-Added Reseller Channel partners that can also provide additional services in support of the RHX offerings.
The announcement wasn’t exactly a surprise. When Red Hat Enterprise Linux 5 (RHEL 5) launched in March, Red Hat’s director of engineering Paul Cormier made the first mention of the program, stating it would be available soon. Today, it seems, is soon.