Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Linux Business

HP To Sell Custom High-Security GNU/Linux Distro 227

Posted by timothy from the what-about-settling-on-debian dept.
bc90021 writes: "CNET has this story about Hewlett Packard's new secure version of Linux. Using 2.4.2, it can supposedly detect attacks as they happen. (At $3,000, I think it should counter-attack, too.) It will be available on HP servers (duh), or on servers that pass the RedHat 7.1 server qualification tests."
This discussion has been archived. No new comments can be posted.

HP To Sell Custom High-Security GNU/Linux Distro More

HP To Sell Custom High-Security GNU/Linux Distro

Comments Filter:

  • They ship a IDS ? (Score:2, Interesting)

    by jneves ( 448063 )
    Is it really worth to pay $3,000 for a distro with an Intrusion Detection System like snort [snort.org] configured ?
    • ...just for dumbass-suits who are simply too stupid to even use their own mailreaders.
      Oh, no, wait - no, these people won't buy something someone told them to be "secure", they would buy some Java/XML/SAP/Buzzword-of-the-month compatible stuff...

    • One would assume that companies are paying for more support then just the distro with IDS configured.

      -Scott

    • Is it really worth to pay $3,000 for a distro with an Intrusion Detection System like snort [snort.org] configured ?
      I'd say the distro would pay for itself in about 2 seconds if it actually did what it is advertised to do. $3000 isn't much to pay to have HP say "This thing is guaranteed to be configured correctly, and work as advertised.
      Sure beats have the monkeys from sysadmin bollocks around for a whole day on getting the config 'correct', only to find out when it's too late that they misunderstood something.
      If you're going to pay for redundant power supplies, redundant cooling, RAID hard drives and dual NICs to make sure your hardware is done properly, then what's another $3k to make sure your intrusion detection works properly and you can call someone for help if it doesn't?
      (Of course I'm assuming HP will actually answer the phone....)
      • HP will most certainly answer the phone. Their firstline techs are often better than some companies senior techs. We're talking Enterprise class here, not Mom and Pop ISP.
    • You'll be getting more than that, but yes - why not?

      Why should every sysadmin go through locking down and beefing up each and every install? What a waste of time... Much better to start with a known level and improve on that (or leave it as is).

      Remember this isn't just about software - it's about support... $3000 isn't much anyway!

    • Yep, HP does ship an IDS, but AFAIK it is not on Linux yet. It's called IDS/9000 and it is NOT a network intrusion detection system. I've seen a briefing on it and as a network security researcher I'd say it is the most advanced IDS out there. It looks for very general patterns that indicate attacks--not specific signatures that may indicate an attack.

      This could be a sign that IDS/9000 may be coming for Linux though. And it would definitely be worth more than $3000 for IDS/9000 on a large multi-user server.

  • *gasp* (Score:1)

    by tubby ( 73242 )
    So what they are saying, is that they have installed snort by default?

    What a deal!

  • Counter-Attack? (Score:5, Funny)

    by BiggestPOS ( 139071 ) on Wednesday August 22, 2001 @07:26AM (#2203531) Homepage
    Your DHCP server detects a buffer-overflow attack from some jack-ass running WindowsXP. It goes into action, hitting bugtraq to find the latest exploits for the offending OS, found. It firewalls itself off, then passes the appropriate counter-measure information to your mail server. The mail server hacks the machine, shuts down the offending process, and patches the TCP/IP stack with one that DOESN'T have raw socket access. After only a few moments, one less XP machine is 1337.

    • Your DHCP server detects a buffer-overflow
      Uhh... okay... thats a real bright design.

      then passes the appropriate counter-measure information to your mail server. The mail server hacks the machine, shuts down the offending process, and patches the TCP/IP stack with one that DOESN'T have raw socket access.
      Hmm more bright design. Why not just turn my web server into a honeypot while I'm at it.

      SOMEONE has been reading too-fucking-much Steve Gibson. WindowsXP has 0 to do with this. So not only is this post off subject its complete FUD. Take a look here [antioffline.com] for a more enlightened view of XP and a realistic view of Gibson's worthless RANTs on XP and its access to raw sockets.

      If the 5 this comment rated was for FUD I wouldn't even need to be posting this. Pfft.
      • Both your comment and the article you referenced should be dismissed as flamebait. The article, written in a juvenile, profane and offensive style, utterly misses the point that Gibson is careful to make, which is that with Windows XP providing raw socket access, it becomes easier to create malware that runs on Windows. It's not that it's impossible now, but there's this funny thing about people: when something becomes easier, they do it a lot more.

        Tim

  • I presume they mean selling their *addons* to Linux, and the service of bundling them all together.
    (Expensive service, too)

    AFAIK, they can't "sell Linux" as such without breaching the GPL.

    I assume the wording is just unclear, as otherwise it could start a riot :)

  • GNU/Linux WTF is that? (Score:1, Funny)

    by Anonymous Coward
    Is that like Linux?
    • It was a typo. They meant to say GUN/Linux, Eric Raymond's new distribution. Nothing says security like cold steel, you know...
    • Actually, HP is NOT selling a "GNU/Linux" distro. According to the article they are calling their product "HP Secure OS Software for Linux". I believe their choice of terminology represent a deliberate statement about their feelings of the significance of the GNU software within their total offering. Most distros feel similarly, as do most customers of Linux.

      Clearly HP feels that the fact that GNU re-implemented "ls", "grep" and a few other commodity commands is not worthy of recognition within the name of their product. Perhaps the glibc library is a critical brand worthy component, but since the leader of that project hasn't asked to refer to distros as "glibc/Linux", this is a non-issue.

  • OEM Distributions (Score:2, Interesting)

    by Torulf ( 214883 )
    It's really surprising that so few hardware manufacturers have their own Linux distributions. At least to me it would really just make sense for a hardware company to tailor a version of Linux (or maybe *BSD) to their own hardware and sell it pre installed.

    The costs in doing so would, as far as I can tell, not be too large and this could give them more bargaining power against software companies (MS).
    • Er, that would be VA, and look what happened to them...
    • It's really surprising that so few hardware manufacturers have their own Linux distributions. At least to me it would really just make sense for a hardware company to tailor a version of Linux (or maybe *BSD) to their own hardware and sell it pre installed.

      Yes but they're hardware manufacturers. I'd assume that they have a limited number of software guys especially ones with lots of experience in this area as they tend to be expensive just to have hanging around. Anyway with everyone downsizing at the moment who are the hardware guys going to get rid of first? The designers of the next generation hardware which they need or a load of expensive software guys which bring political problems with them (see next comment).

      The costs in doing so would, as far as I can tell, not be too large and this could give them more bargaining power against software companies

      You can imagine just how popular they would be with MS if they did this e.g. no more large discounts, last to get the latest updates, bug issues remaining unresolved etc. The cost itself probably wouldn't be the issue, more the political concequences.
    • The people who run Hardware companies are, mostly, still thinking total propriety controll over anything that deals with there product.

      They also don't want to do things that cost them more money then they think they need to spend. those two concepts have been the biggest stalling ground for linux driver development.

      A hardware company that had truly revolutionary products would just open-up the proper information to the public, and someone would create the linux/BSD/whatever/ driver for them. Except MS products, very few MS programmer could actual develop anything that didn't have pre-designed API's and a Help system full of examples to copy from.
      Since I am talking kernel, there is no need for GNU.
  • It would have been nice if the article had described what, exactly, the HP additions are supposed to do. We get some vague platitudes about "tightly controlling communications" and "detecting attacks". This could be anything from a well-written iptables setup and a syslog monitor to a full-blown, user-space stateful filtering/SNMP and "page-the-sysop-we-are-being-DDOSed" application.

    Does anybody have any REAL info on what HP is doing that is so wonderful?
  • I guess this just increases the false sense of security. those who are security aware, are capable of securing their own distro. those who are not, are only spending loads of money. reasonable defaults are ok, but changing them, means probably opening a hole, or weakening the overall security. installing a secure distro is ok, but remember security is a *process*.
    • What you buy is accountability.
      I install Red Hat and set it up. We get hacked. Tough, I goofed.
      I tell the boss to buy $3k's worth of HP stuff. We get hacked. We sue/ claim compensation from HP for not doing their job right.
      • You can only sue them if you can prove, that you have all patches installed. because it's your responsibility to keep the hosts security thight. they can sell you a secure distro if you happen to install a not secure package, or fail to upgrade. then it's your fault.

        btw, can't we sue microsoft for all the damage done by the codered family?

        just buying a distro is not enough. you need competent sec staff.

        • same logic as you said above... microsoft provided a patch (nomatter how late, they still did... now if someone had sued before the patch...) and some idiots decided it wasn't worth having (hence codered II)... can't sue microsoft, because they can't force you to install the patch(no matter how much they try with that windows update shit)
      • Show me one case where a company has successfully sued an OS maker after an intrusion.

  • HP-LX (Score:5, Informative)

    by MikeCamel ( 6264 ) on Wednesday August 22, 2001 @07:35AM (#2203554) Homepage
    A search on HP's site yields a training course [hp.com] which has been available for around a month. The name of the product seems to be "HP-LX".

    Here are some of the issues listed on the page:

    • secure administration model
    • lockdown
    • process containment (compartmentalization)
    • file system protection (MAC)
    • auditing.
    So I presume that these will all be central to the new product. It seems fairly sensible - and it will be interesting to find out the details of exactly what they've implemented, and how.

    • Re:HP-LX (Score:3, Interesting)

      by Shirotae ( 44882 )

      A search for "documentation security" on the HP site takes you to an interesting page - follow the hp-tlx [hp.com] link in the index for Administration Guide, Installation Guide and Release Notes.

      The paper "An Operating System Approach to Securing e-Services" published in Communications of the ACM Feb 2001 [acm.org] is also of interest since it describes some of the features of the system.

    • So in addition to the fact that HP-SUX, apparently now HP-LIX, too!! :)

  • $3000? (Score:1, Flamebait)

    by EvlPenguin ( 168738 )
    <a href="http://www.openbsd.org">OpenBSD</a> is free. "Four years without a remote hole in the default install!"
    • Yeah, and can you run Oracle on OpenBSD?
      • No, but I can run MySQL on OpenBSD just fine.

        If you were serious about security you wouldn't be using Linux. I don't care how secure HP says its new distro will be. There will probably be sevral remote root exploits within a few weeks.
    • That doesn't do much good if you need something more than the default install provides.
    • Hell... a win2k box would have no security holes if i turned off all the damn ports too... gotta love theo

  • No seriously, perhaps the motto should not be *HP Invent* but *HP Reinvent*, HP is seriously screwed because of the overhead of the PA RISC line of systems. Customers are sick of paying so much for them plus the support.

    Now, I am not saying they're PA RISC line is bad, some of the systems kick major ass running HP-UX && HP-UX 11.XX and 11i have some pretty cool stuff - but the operating costs are just too bloody high - esp. now.

    What cracks me up is HP is really using the Linux branding to get a head, unlike IBM who sort of made their branding from Linux which almost seems to indicate they (IBM) has greater faith in their core product.

    Of course this is all hogwash until the Dist. hits the streets :)

  • Service=money (Score:5, Interesting)

    by peripatetic_bum ( 211859 ) on Wednesday August 22, 2001 @07:53AM (#2203588) Homepage Journal
    In all honestly, I do hope the HP does well selling these $3,000 linux boxes. Not because of that its in there, but service/skill it took to actually took to configure the box right.
    (I assum of course that the box does what it says it does)

    Just like the thought that musicians will give their the music away (via the internet) but charge for real live preformances, the new economy (excuse me) may well be based very much on what the acutally person can do and what can not be replicated digitally. Ie, Doctors don't charge for the information they have and tell you, they charge for the skill in which they apply it to you. That is, all the information about treating asthma is in books, but I doubt ou would want to read the man page asthma and just treat yourself, but you pay the doctor to apply his skill to treat you.

    Thus HP is charging for the skill it takes to make more-secure internet boxes and perhaps, in this age, $3000 is a good start and in the future that skill may be worth even more.

    Anyway, thanks
    • Ummm... They're not selling $3,000 Linux boxes, they're selling $3,000 Linux....
    • In all honestly, I do hope the HP does well selling these $3,000 linux boxes. Not because of that its in there, but service/skill it took to actually took to configure the box right.

      This should not be a problem.

      After all Microsft has sold a version of NT that was claimed as being completely secure in compliance with some high level government standard. That particular configuration was one that had no network attached.

      - - -
      Radio Free Nation [radiofreenation.com]
      is a news site based on Slash Code
      "If You have a Story, We have a Soap Box"
      - - -

    • Ie, Doctors don't charge for the information they have and tell you, they charge for

      Among other things, the legal right to write perscriptions.

  • one word..

    ouch
  • Really quickly:
    • Is this under GPL? If not, does that mean the FSF can now sue HP, to get the GPL status clarified once and for all?
    • As many have pointed out already, how is this different than from installing Snort and others pre-configured?
    • Does this includes all the NSA-supplied patches? with source code included?
    • Finally, how on earth is HP going to sell this for an outrageous amount of money while things like Linux-Bastille are free?? (Not to mention OpenBSD, yadda, yadda, yadda...)

    Just my US$ 0.02...
    • $3000 is nothing for a large company.

      Image being a manager facing peers and your boss after machines you are incharge of were deflowered. Would you rather say "but, I had the long haired unshaved Linux admin who shows up for work around noon install 'snort'", or "but, I bought a secure Linux install from HP".

      It doesn't have anything to do with technologies involved. It has to do with perception, and job preservation.

      Joe
    • I'm just guessing here (since the article didn't say SQUAT), but I would think that you get some extra stuff from HP:
      • Support (yes, I realize Snort gives you source, but this way you can let *someone else* deal with the source/configuration)
      • A responsible company (PHB's love this. I work for a huge company that only deals with MS for software because we would pretty much swamp any other company...MS is one of few, if any, companies big enough to support us)
      • I'm sure there are others, but I need to get back to working for said big company...
    • Really quickly

      You have no understanding of the GPL, do you? Companies are allowed to sell additional software with their distros, and they never have to give it away for free. You sir, are a cheapskate. You would demand that a company that spent a major amount of money on developing a comprehensive trusted system on your favorite OS just give away all their work for free. You must be unemployed or working outside of the software-engineering industry to hold such a view.
      This is much different from Snort, but then again, you must be relying on michael's (as usual) braindead summary of the article and Linux distro in question. If he had actually done some research on it (like just about any journalist with anything approaching integrity would), he would have written that this distro will have many components of a truely "trusted" status operating system, such as a filesystem supporting mandatory access control lists, compartmentalization, and several other things that have nothing to do with "I checked this code a bazillion times for security holes and we're screwed if we want to add features" and everything to do with a design that tolerates coding errors and doesn't allow an attacker to take advantage of them.


      Just my US $0.02...
    • GPL just means source code.

      It does NOT mean implementation.

      Presumably, what HP is selling here, is a tricked out, tuned, stripped to minimal configuration, that they've had "many eyeballs" look at.

      They don't have to release word one about how they set up the software, or even WHICH software. Just any changes to code that they had to do to get it to work.
      • or even WHICH software...

        That is wrong. If I buy this software package, I am being licensed a good portion of it under the GPL, which means I can request the source code for any software package in the distribution. However, if you did NOT buy the software, you have no rights to request the source from HP. Someone else bought the software from HP has every right to offer it to you (all non-proprietary parts).
        • Er, uh, point of clarification:

          I wrote:

          I am being licensed a good portion of it under the GPL, which means I can request the source code for any software package in the distribution.

          I meant: which means I can request the source code for any software package in the distribution that happens to be GPL.
        • Good point, I was presuming the viewpoint of a non-customer, IE: just somebody off the street looking for a cheap route to getting the same product that HP is providing.

          But just to be pedantic: you're not buying the software, you're buying a particular arrangement and configuration of the software. One isn't OK under the GPL (HP doesn't have the rights to sell something it has no copyright to) but the other is entirely up to them.

          As to the last item, I would guess that all depends on the EULA that they release their configuration under.

  • Technical paper available (Score:3, Interesting)

    by MikeCamel ( 6264 ) on Wednesday August 22, 2001 @07:56AM (#2203596) Homepage
    More information seems to be appearing (or I didn't find it on my original search): there's a technical discussion [hp.com] (pdf) with more information. Seems to be based on compartmentalisation: "The key concept of our trusted operating system is the compartment. Services and applications on the machine are run within separate compartments."

    This is the place to go for more information on the product. Quite a lot of technical information, including kernel information. It seems that it's intended to be installed over RedHat in a "layered installation" - diagrams included, as well as performance data.

    • Compartmentalization? Would that be like the FreeBSD jail feature?

      JAIL(8) FreeBSD System Manager's Manual JAIL(8)

      NAME
      jail - imprison process and its descendants

      SYNOPSIS
      jail path hostname ip-number command ...

      DESCRIPTION
      The jail command imprisons a process and all future descendants.

      [...]
    • This sounds like it's just using HP's VirtualVault product. It does thinks like break up the root functions into separate mini-accounts. (In addition to more traditional IDS functionality.)

      • This sounds like it's just using HP's VirtualVault ...

        VirtualVault runs on a modified version of HP-UX, on PA-RISC hardware. It is also rather expensive (a lot more than $3000). That the new product has some of the features that made VirtualVault a success is not really surprising, after all, the people who worked on it can get all that secret internal information from the VirtualVault team because that are part of the same company.

  • Kernel Component of Secure Linux is Under GPL (Score:5, Informative)

    by Bruce Perens ( 3872 ) <bruce@perens.com> on Wednesday August 22, 2001 @07:58AM (#2203600) Homepage Journal

    I am announcing this product in an hour. Shankland loves to jump the gun.

    The kernel component of HP Secure Linux is under the GPL license. All of the other Linux security vendors currently hide their security mods to the kernel in binary-only modules, IMO abusing the modules exception to the kernel. HP would rather not play games of getting around the GPL. The user-mode component of Secure Linux is not GPL-ed, but we understand that given the kernel drivers, programmers can roll their own.

    Thanks

    Bruce

    • Hi Bruce [we met at Defcon last year]

      This (All the other...) isn't totally true, there are Linux security vendors doing Open Source work, such as Enguarde and some promising things coming out of the RSBAC camp (Alt.Castle?)

      Will there be a feature comparison to RSBAC (http://www.rsbac.de) and the NSA-sponsored stuff available anywhere soon?

      Thanks,

      Paul

  • Testing (Score:1, Funny)

    by Wind_Walker ( 83965 )
    ...that pass the Red Hat 7.1 qualification test

    Come on, everybody knows that those tests are culturally biased. When are people going to learn that computers who don't have a beige box are economically and societally discriminated against? Non-beige boxes have a higher crime rate, higher drop-out rate, and generally are used for menial tasks.

    Stop the cultural profiling!

    • Come on, everybody knows that those tests are culturally biased. When are people going to learn that computers who don't have a beige box are economically and societally discriminated against?

      Umm, please don't mention this in response to the Red Hat 7.1 qualification test - we've made sure quite a number of black boxes (such as IBM's) are included. ;)
  • by comparing RedHat's Stock quotes with HP.
    RED HAT INC RHAT 3.75 0.00

    HEWLETT-PACKARD HWP 24.70 0.00

    I'm sad. ::weep::

  • Readers of /. yesterday, will recall Caldera's announcement [linuxprogramming.com] regarding releasing pieces of the Original UNUX codebase to OSS. That announcement along with today's announcement from HP that they're gettinng into the Linux distro business signals a major shift in the market perception of the value of Open Source.

    --CTH
  • Can someone explain something to me? If they create a secure version of linux, don't they have to give away the source code with it? So then what's the point of selling this for $3000? Who's gonna buy it when they could just ask for the source code and compile it themselves??? Or may be I just Don't Get It.
    • They can sell addon software, which is what I assume they are doing.
    • When you buy enterprise systems from HP or Sun or another big player you pay for far more than a box with a CPU and bunch of wires and a CD or two. They build to spec and install software. If you buy enough from them they'll even set it up for your network, even with proper IP and users. If you pay a bit more they'll come out and put it in the rack and power it up for you. It's not like buying a PC from Dell.
    • Actually, according to the GPL, they only have to give the source code to the people that they give the software to. Most companies/groups give GPL'd source to anyone that asks - but they don't have to.

      OTOH, the GPL also states that anyone who gets the software can redistribute it however they want - as long as they make the source available to the people they gave the binaries to (just like the original seller). I just can't see a company that buys software for $3000 giving it away to everyone else for free, however.

      NOTE: if you read some of the information on the HP site (as point to in other messages), HP is making their Linux changes available for everyone. They do have non-GPL'd software available in their distribution (whaich can't be given away). This is also within the terms of the GPL.

  • Why I chose FreeBSD (Score:2, Insightful)

    by Anonymous Coward
    Yup....

    As a person who's first love was Linux, I feel qualified to commment on the reasons to migrate away from Linux. I started with Slackware in 97 from a cd in the back of my html book, basically a cheap way to get apache running without having to own an expensive risc machine. Anyways, I've toiled with linux thru the early hacker/academic days, thru the hype-days from 98 to 99, and still every-now-and-then install it for a friend in need. I've probably install Redhat over 100+ times at the Linux Users Group here in Dallas, and have installed Slackware upwards of 50+ times, Deb/suse/others upwards of 20+ each. Inversly, I've probably installed FreeBSD only a few times since I toned-down my OS-install fever. It gets old, really fast installing linux for the install project. Anyways.... as a seasoned Finux vet, I think that FreeBSD is better in many ways, except the userbase, and application base. There are more Finux users, and more Finux developers by several orders of magnitude compared to all the BSD distro's combined.

    What I have noticed from this large group of Finux users is the fact that they are overtly insecure about their feelings of "elite-ness". In other words they tend to feel threatened by people who donn't join their band-wagon.... of finux evangelism. In fact, such a large majority of Finux userrs started using Finux simply because they percieve that Microsoft is a Monopoly, and or in some way they have negative feelings about microsoft. Other time sI find that they had feelings of inadiqatcies in their microsoft envrironment, and seeked an area where they are different.... again thsi goes back into the elitism aspect, and the need thereof to be elite, and/or different. In this wway they can justify putting Microsoft users down, by advertising that they are now Finux users.

    The above being said, leads this very specific class of Finux users feelings insecure when they hear about an even more elite group of people, a smaller comunity, of more-often ex-finux users..... using something called BSD. The typical reactio is that they are not with us, therefor against us... type reaction... and the hostility, and missunderstandings ensue.

    Most anti-BSD rehtoric posted on Slashdot is from the narrow minded Group of finux users taht simply feel threatened by something they simply don't understand. My Favorite argument to shootdown first is the hords of Finux folks, and windows folks that say Unix is 20 years old! Ha... 20 years ago unix was entirly different, and FreeBSD, compared to some old Unix systems of the 80's is like HUGE in all the different ways. Most of the time people have read this in some website, from an un-educated reporter. In reality, unix has had many huge changes over the years, as have os design and implementation over the years.... a direct result of CS students striving to push the limits. The word micro-kernel comes to mind, yes.. we now have modulare kernels too.... oh my... and don't forget about ever popular virtual memory idea... geeze... Unix sure is darn different that it was 20 years ago.

    The fact is, and I can do a google search I find the Linus quote of how he would nto have ever created the Linux kernel if he had know about the Berkly System Dist. He was only aware of the Car-mellon like Minux system. Yup, he has said it, and you can find the quote on google, and past /. articles. Anyways.....

    I find taht most of the FreeBSD folsk are people tired of all the Linux hype.... I mean... we have tried all the distro's, played with all the various package systems, recompiled the finux kernel a time or two... doen some programming, etc, etc, etc..... Then, its liek FreeBSd is sitting right there, simple, eligant, beutiful. The first thing that most linux converts claim got them is the FreeBSD ports system. Really it is such a simple idea that we are suprised it hasn't caught on in the Finux world originally. Basically you have a cvs tree of all the software taht has been ported to the FreeBSD OS. To get updated versions of software, it is simple to just cvsup the entire ports collections, and then travel to the the software you want...say apache, and run "make install". Simpel as that... the latest, greated Apache with all the freebsd patches, and optimisatiosn are applied. No toiling with rpms, and the dreaded hunt for dependencies. The porsts systems checks for dependencies, downloading the latest version of Gmake if needed, or whatnot.

    Other nice fetures about FreeBSD, and the other bsd's is taht the stability is paramount... a recent comparison of Unixes on sys admin magazine ranked FreeBSD the lowest of "out-of-the-box" installs for performance. Thsi is nto suprising since FreeBSD is build for stability (out-of the box), and many Finux distro's are optimised at the time of burnign the distro to CDROm, is highly optimised, and unstable.... so little tweaks are needed out of the box to make the system unstable... in other worlds the Finux systsm typically are more prone to instability under heavy loads that freeBSD. I won't bore you with teh technical details, as the lay-man won't get the jist of what I'm sayigng.

    That being said... I'd advise the person who wrote the high-performance tuning guide, linked inthe article, to tone down a bit his kernel conf. It appeas to lean on the unstable side, especially with the extreamly high buffs lines under the useers line in the kern conf. oh well... it will push things to the extream limit.
  • HP is trying to be one Microsoft of the Linux Market. Sell you for a very expensive price what you can get, the most and important part, for free.

    That can be good for the Corporate World where you have to sell to the suits a non-microsoft os with a good support (=expensive $).
  • I don't think this is really focusing on the real problem at hand. I've seen it all too many times before... you can have the best OS, with the most security features, but if the stupidest person is running the show, well... game over.

    I think spending $3000 on an OS, albeit secured to *some* extent (there will always be new flaws found out) is a bit much, especially in the Linux world. Anyone with a decent knowledge of security and access to the net can build a pretty secure Linux server system.

    So basically what I am saying is, the emphasis should be more on the people running the things, rather than the OS itself. It will make people slack in the efforts to secure their servers, especially in the business market where this is crucial.
    • Have you hired a competent System Admin lately? Or better yet, and more accurately, have you hired a competenet System Admin lately and not given him five times more work than he can do adequately? If I can buy a server, like an enterprise class HP box, with security features built in and well documented, I'll do it rather than relying on the overworked or underskilled SA. Too often they say "Trust me." while they sneaks in after hours to patch the holes he didn't get to when he told me he did it.
  • Some people are so stuck in their ways that they cannot imagine that "it's free" and "it rocks" are NOT mutually exclusive. Well - these people will perhaps be MORE willing to adopt Linux if they pay a lot of money for it along with receiving some propaganda (true or not) of how much more secure than free Linux this distrobution really is, than if they download the ISO and hand it to the local (very capable) sysadmin.
    Basically, HP will make some dough on Linux. They deserve it. HP/UX is supposedly a pretty sweet OS. It's been part of what kept Unix afloat in the middle of the NT reverse-revolution. I don't think that making a bit of dough on Linux is in any way bad - as long as there are free, good quality alternatives available.

    So we can use Trustix and OpenBSD and Bastille and even roll our own distrobution, while some people will pay $3000 for a brand name.

    If we're supportive/lucky, we might even see HP releasing some products under the GPL. If they're relatively moral, they'll give back some of their new technology to the society that gave them the platform for all that profit.

    And heck - if they fall to the ground, they'll prolly release the full code. Win-win for us, folks!

    • while some people will pay $3000 for a brand name.

      Let me quantify this further: Some people will pay 3000 dollars for SOMEBODY ELSE'S EXPERTISE AND GUARANTEE.

      And if you argue that if you don't know security, you shouldn't have a server, I can extend that arguement to if you can't write your own kernel, you shouldn't be using an OS.
    • And heck - if they fall to the ground, they'll prolly release the full code. Win-win for us, folks!

      No, not win-win for us. It repulses me every time I hear someone say this. How short-sighted can you be? There can only be so many large companies that embrace Linux and fail before they all get the idea that it's just not worth it.

      Want to support and promote Linux? Wish HP all the luck in the world pulling this off. By selling and supporting a distro like this, Linux may get a strong foothold inside corporate data centers. Now that's definately a win-win for us. With a substantial Linux corporate userbase we will see more industrial strength apps and tools being released for the platform we all love.

      Do you want the Linux community to be viewed as nothing more than a bunch of scavengers? Vultures circling overhead just hoping that a great initiative will fail so we can scoop down and eat up the remains?

      I think not.

      Best of luck, HP! You've made a great decision in choosing to support Linux, and we all hope that it brings in loads of money for your company for many years to come.

  • *Note: This is not entirely off topic, more of a summation of the last couple days worth of linux nes*...I wonder if they honestly thought fucking big businesses (the ibms, compaqs, hps, etc) in the ass would help cement their world dominance for all eternity (doesn't satan want to do that too???)... Lets face it, they (microsoft) are very good at what they do... business (haha... and you were thinking software???), maybe even better than anyone else. But they left out one little unthinkable at the time detail... open source. So the community of hundreds of thousands develops this OS which begins to mature... becomes the media darling... and is taken as the potential OS of choice for IBM's top of the line servers, HP's servers, and is also an influencial key-note in caldera's decision to open Unix. While this doesn't immediatly hurt MS, I think that all this coverage and definitly the support on the part of these companies (Oh... so IBM and HP have decided to put linux on the tens of thousands of dollars servers??? maybe i should try that...) is going to help linux in the long run.
  • This appears to be a feature install for new HP servers only, just like any other OS option so it appears that they're merely charging you for the labor to install and vett the system with some development recovery thrown in. That is, it doesn't look like you can call your local HP boyscout and ask for brand new rockhard HP Linux CD for $3000, though the articel indicated that that might be a future option.

  • The Price Tag (Score:4, Insightful)

    by AnotherSteve ( 447030 ) on Wednesday August 22, 2001 @08:39AM (#2203694)

    To most /. readers three kilo-bucks is a little much to pay for something you can download. To understand why this makes sense for business sales you have to think like a manager. A lot of managers don't care so much about what something costs as the reputation of the vendor.

    Consider these two options:

    A) The bearded, long-haired, overly-caffeinated freak from down the hall says "Hey, I can download this stuff for free off the internet. It'll make us really secure, honest." (Disclaimer: I am a bearded, long-haired, overly-caffeinated freak.)

    B) A well-respected vendor has a $3000 product that will make the computers really secure. If it doesn't work, we can call them up and bitch at them. Furthermore, we have someone outside the company to blame if it breaks.

    Now, you're the manager. You choose. This is a savvy move by HP - in addition to whatever actual value-added there is in their product, they are also cashing in a little on their name and reputation. They're selling percieved value as much as actual value.

    • Well put. The other thing is that a lot of l33t haxxhor types think $3000 is a lot of money. That's peanuts for a guarantee of security.

      To put it in perspective, on a site that I'm involved with that runs credit reports, we were required to pay $20,000 to a company to "review" our architecture (joke) and do periodic port scans. I'm sure sometimes the port scans find vulnerabilities, but it's still pretty pricy.

      On the hand, it's a good barrier to entry for the business. :)

  • If we can just get 150 people to put $20 in each, we can buy a copy of this and then mirror it!!!

    Isn't the GPL great? ;0)
  • Hmm, how about I just install RSBAC, snort/hogwash and iptables for free? :)

  • I can do better than HP (Score:4, Interesting)

    by defile ( 1059 ) on Wednesday August 22, 2001 @09:08AM (#2203759) Homepage Journal

    Check this out..

    For $2,500/year, I can certify that your Linux box is 100% secure, and do whatever is necessary to make it secure and keep it secure.

    If your box is ever hacked, I will dole out $10,000 on the spot.

    There, beat that HP. :)

    I'm only half serious, but would be glad to work something like this out if there were any takers.

    The point of this exercise is to show that you don't need to buy Linux from a big slow vendor to get support. But most of you already knew that.

    • Can you do that for 2000 customers, who have over 250 servers each? Can Redhat do this? Mandrake? SuSe? Can you do it on an enterprise class K or V series server?

      I'm going to trust HP, thank you.
  • Is HP going to make this distro up to the HP-UX standard we're accustomed to? Will it have the Glance Plus Pack available for server monitoring? Will it integrate well with HP Open View and other tools? If so, it's going to be well worth the $3K they're asking. If they're writing that class of software for Linux they've certainly been through the compilers and libraries with a fine comb. I'd certainly trust their distro more than anything out there now. I've developed on HP-UX since '95 and I've grown to trust their OS and their tools. If they can give me the same feeling with Linux I'd be grateful.

  • docs on HP website (Score:2, Informative)

    by patmfitz ( 517089 )
    There's no concise product brief yet, but the following might answer some questions.

Slashdot Top Deals

God made the integers; all else is the work of Man. -- Kronecker

Close