Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Oracle/Sun Enforces Pay-For-Security-Updates Plan

CmdrTaco posted more than 3 years ago | from the you-get-what-you-pay-for dept.

GNU is Not Unix 238

An anonymous reader writes "Recently, the Oracle/Sun conglomerate has denied public download access to all service packs for Solaris unless you have a support contract. Now, paying a premium for gold-class service is nothing new in the industry, but withholding critical security updates smacks of extortion. While this pay-for-play model may be de rigueur for enterprise database systems, it is certainly not the norm for OS manufactures. What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements since several of the Solaris cluster packs contain patches to GNU utilities and applications."

Sorry! There are no comments related to the filter you selected.

That's a nice server you got there (5, Funny)

bigredradio (631970) | more than 3 years ago | (#31584420)

It would be a shame is something was to happen to it.

Re:That's a nice server you got there (3, Funny)

Em Emalb (452530) | more than 3 years ago | (#31584472)

That's a nice joke you have there. It'd be a shame if someone were to moderate it. ;)

Re:That's a nice server you got there (1)

u-235-sentinel (594077) | more than 3 years ago | (#31584686)

That's a nice joke you have there. It'd be a shame if someone were to moderate it. ;)

Battle Control.... terminated ;-)

Re:That's a nice server you got there (1, Funny)

Em Emalb (452530) | more than 3 years ago | (#31584720)

Guess I picked the wrong day to threaten mafia jokes.

Re:That's a nice server you got there (0)

Anonymous Coward | more than 3 years ago | (#31585418)

... and the wrong week to stop smoking.

Re:That's a nice server you got there (5, Insightful)

ircmaxell (1117387) | more than 3 years ago | (#31584762)

Actually, that brings up a point. Since this is about security flaws in their distribution, wouldn't this make them liable if something happened to your sever? "They gave me faulty software which THEY KNEW WAS FAULTY because they wanted to charge me $xx to get the fix"...? This isn't about feature updates (which they could justify charging for), it's about flaws in what they gave out... Now sure, you could say that the flaws were outside of their control because they came from upstream. But if that was the case, how in the world could they justify charging for those updates as not being extortion?...

Re:That's a nice server you got there (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#31584830)

You mean except for the fact that they disclaim all warranties and liabilities in the license? Exactly what basis would you bring up this lawsuit when you agreed to their licensing terms?

Re:That's a nice server you got there (4, Insightful)

Zerth (26112) | more than 3 years ago | (#31584880)

The part that says(slightly paraphrased for clarity) "this disclaimer may not be valid in some states and does not prevent you from exercising your rights, but hopefully confuses you enough that you don't realize you have any"

Re:That's a nice server you got there (1)

sopssa (1498795) | more than 3 years ago | (#31585010)

But it's open source. Doesn't that mean people can fix it since they have the code? So what's the problem really? That's how FOSS works, for both of its advantage and disadvantage.

Re:That's a nice server you got there (1)

ircmaxell (1117387) | more than 3 years ago | (#31585208)

But this is not necessarily open source. Sure parts of it are, but they also include binary proprietary code in their distribution. So sure, you could fix the open source parts yourself, but how could you fix flaws in their proprietary code?

Re:That's a nice server you got there (0)

jank1887 (815982) | more than 3 years ago | (#31585514)

decompile. how hard could it be.

Re:That's a nice server you got there (1)

besalope (1186101) | more than 3 years ago | (#31585742)

decompile. how hard could it be.

But wouldn't that be reverse-engineering, a breach of copyright, a breach of DMCA due to the two aforementioned parts, and be opening a different can of worms for legal action against you.

Re:That's a nice server you got there (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585692)

So sure, you could fix the open source parts yourself, but how could you fix flaws in their proprietary code?

Patching the binary file. Duh. There are numerous patches that people have created to proprietary software to fix bugs and security flaws without even a single line of the original source code. Do you somehow think that game crackers have the game's source code when cracking the games or creating key gens? Are you really that ignorant?

Re:That's a nice server you got there (1)

ircmaxell (1117387) | more than 3 years ago | (#31585762)

So then you're saying that because there's an illegal fix to get around an extortion is an excuse for the extortion itself? Or am I missing something there?

Re:That's a nice server you got there (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585782)

Great dodge, man! Secondly, you keep claiming this is extortion with absolutely zero legal basis to back it up.

Re:That's a nice server you got there (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585178)

And I'm sure you have relevant case law to cite that shows that the universal disclaimer of warranty with regards to software (both proprietary and open source software) is not valid in some states or countries? Yeah, I'm not holding my breath.

Re:That's a nice server you got there (1)

HopeOS (74340) | more than 3 years ago | (#31585384)

There's no need. Disclaimers cannot trump the law.

Re:That's a nice server you got there (1)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585636)

And what specific law(s) are these disclaimers of warranty violating? If such warranty disclaimers are invalid it would be quite interesting that the lawyers for the FSF and UC Berkeley were unaware of them when drafting their licenses.

Re:That's a nice server you got there (1)

jimicus (737525) | more than 3 years ago | (#31585752)

Most countries have laws which state pretty clearly that goods and services must be fit for the purpose for which they are sold. In the UK you'd have the Sale of Goods Act, not sure what you'd have elsewhere.

This has been used on occasion by people who want a refund for a piece of software which didn't live up to the hype - though AFAIK the company selling the software has caved before it's reached court. My guess is that while they don't really want to refund, they're even more averse to the idea of establishing case law that proves that such disclaimers are worthless.

Re:That's a nice server you got there (4, Insightful)

ircmaxell (1117387) | more than 3 years ago | (#31584966)

A contract to perform an illegal act is not a valid contract... Considering here the threat is that you can be attacked through the vulnerabilities that were provided in the original software package, I think the argument could be made that this is extortion. And if it is extortion, then they would become responsible for any damages occurring because of the extortion. So even though they disclaimed liability, they could still be held liable (If it is found to be extortion). The disclaimer of liability can been thrown out in cases of criminal negligence (If they installed a back door on your server and then exploited it, they would be liable for the damages regardless of what was in the license)... So it really doesn't matter in this particular case if you agreed to their terms or not so long as a court would agree that this is extortion...

Re:That's a nice server you got there (1, Insightful)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585126)

So it really doesn't matter in this particular case if you agreed to their terms or not so long as a court would agree that this is extortion...

Which is highly unlikely and I doubt you have a shred of case law to back up any claim to the contrary.

Re:That's a nice server you got there (0)

Anonymous Coward | more than 3 years ago | (#31585262)

Where the fuck do you think case law comes from in the first place? Yeah, that's right, cases where there was no legal precedent.

Re:That's a nice server you got there (2, Insightful)

Lunix Nutcase (1092239) | more than 3 years ago | (#31585664)

So that's a no on having any relevant statutory or case law to back up the claim that they could be successfully sued for extortion? Yeah, I thought so.

Re:That's a nice server you got there (0)

Anonymous Coward | more than 3 years ago | (#31585768)

take your smug elsewhere.

Re:That's a nice server you got there (1)

sopssa (1498795) | more than 3 years ago | (#31585200)

This is no way extortion. You bought the current version of Solaris. That's what they're legally obligated to give you. Then you made sure you also have future support for the product.. you did that, right? And it's in your contract, right? right?

Re:That's a nice server you got there (1)

Icegryphon (715550) | more than 3 years ago | (#31585530)

Exactly, I feel so long as they keep the charges fair and
the Open Solaris Version (Beta) updates Free(Even this could be Debatable),I have no problem with this.
Also Agree that it is your job as an Admin to look at the contract that you sign and or contact the vendor,
When you have questions, ANY QUESTION!, even legalese questions.

+1 off topic.

Re:That's a nice server you got there (0, Troll)

commodore64_love (1445365) | more than 3 years ago | (#31585272)

You may be right.

But I don't think so. Look at how Microsoft fixed Vista vulnerabilities and memory problems* - told users to go buy Windows 7 (NT/vista 6.1). I don't see anyone prevailing against MS so I doubt they'd succeed with Sun.

*
* Refuses to run properly on my brother's 512 megabyte machine, even with everything turned off. The bug-fixed Vista called "7" works okay.

Re:That's a nice server you got there (1)

ircmaxell (1117387) | more than 3 years ago | (#31585570)

Well, the MS case is a little bit different. Are they withholding security fixes from Vista if you don't upgrade to 7? No.

Sure, you could make the argument that it not being able to work on low memory systems as being a "bug", but what are the damages there? Maybe the retail cost of Vista? What this is about is a case where the computer was compromised form a security vulnerability that they refuse to fix unless you pay them. The damages can be very high (potentially millions of $$$). Now, I doubt anyone that has millions to lose would not get the subscription, but that's beside the point.

Re:That's a nice server you got there (1)

jtdennis (77869) | more than 3 years ago | (#31585590)

Microsoft releases security updates to all of its currently supported OSes, even if they don't pass the activation process. The mindset is that even if it's a pirated version, security vulnerabilities can harm everyone if left unpatched. They don't allow pirated versions to get non-security updates.
Oracle should take a similar stance, with free security updates to your current version but anything above that should require some sort of support contract.

Re:That's a nice server you got there (0)

Anonymous Coward | more than 3 years ago | (#31585724)

Actually, that brings up a point. Since this is about security flaws in their distribution, wouldn't this make them liable if something happened to your sever? "They gave me faulty software which THEY KNEW WAS FAULTY because they wanted to charge me $xx to get the fix"...?

Cisco does that. I recall once buying an ASA 5500 series vpn router, and the vpn software it came with had known faults. They wouldn't provide an updated version of the software without a service contract.

On the other hand, Cisco does provide IOS router security updates for free (without a service contract), but make you jump through many hoops to get them.

Re:That's a nice server you got there (1)

LWATCDR (28044) | more than 3 years ago | (#31585778)

Not really.
Nothing is perfect including security. If you bought a lock and three years later someone found a way to pick it would you expect the company to give you a new lock?
I am not a FOSS zealot but if you buy a closed source OS that comes with a support system then you are silly if you expect updates for free for anything.
Even if the company you bought from does provide free security patches eventually the OS will be EOL and those will stop.
It takes money to patch security issues and issue updates that money has to come from somewhere.
So if you do not like it use FOSS and deal with it's issues or pick closed source and deal with it's issues. You have the freedom to pick your problems.

Now if could just kill software patents because they are as dumb as patenting a story, song, movie, or equation.

Just like Redhat (3, Informative)

shafty023 (993689) | more than 3 years ago | (#31584476)

This isn't any different from what Redhat does. They charge for security updates and no one has gone crying about it. Can't all jump on Oracle for wanting to be paid for the development time put in for security updates ppl

Re:Just like Redhat (5, Informative)

Anonymous Coward | more than 3 years ago | (#31584530)

o rly?

http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/

Re:Just like Redhat (0, Insightful)

Anonymous Coward | more than 3 years ago | (#31584580)

It's just a bunch of crying over nothing. Boo hoo I'm entitled and want everything MY way and if you don't give me my way then I'll use big words like EXTORTION.
If people don't like it then they don't have to use Solaris, plain and simple.

Re:Just like Redhat (3, Insightful)

jedidiah (1196) | more than 3 years ago | (#31584638)

Oracle is redistributing the works of others... just as if they were passing around copies of msoffice.

Now of course something like that comes with legal complications.

Merely claiming that this is another case of "entitlement mentality" is dishonest and *ssinine.

There's an easy solution to the GNU issue... (3, Interesting)

sean.peters (568334) | more than 3 years ago | (#31584862)

Just because they're selling the security updates doesn't mean they're in violation. I think it's highly likely that Sun/Oracle will go right ahead and sell their updates, and make the source code available (via the web?) for the GNU parts. Offering the source for the GNU packages wouldn't cut into their sales much, as most of their customers are probably not inclined to compile this code for themselves anyway (if they were, my thinking is that they probably wouldn't be running Sun). And even if they were, they'd miss out on updates to the proprietary parts of the code.

I'm having trouble seeing what the big deal is here.

Re:There's an easy solution to the GNU issue... (3, Insightful)

bill_mcgonigle (4333) | more than 3 years ago | (#31585296)

I'm having trouble seeing what the big deal is here.

Oracle is building a successful business around open source software in the full spirit of the GPL. They must be destroyed at all costs .. oh, wait.

Re:Just like Redhat (0)

Anonymous Coward | more than 3 years ago | (#31585772)

Oracle is redistributing the works of others... just as if they were passing around copies of msoffice.

What part of Solaris' kernel, libc, Sun Studio compiler, etc. was written by someone else?

Re:Just like Redhat (0)

yossarianuk (1402187) | more than 3 years ago | (#31584652)

It is a bit different, with Redhat at least ALL their code is open, thus allowing community distributions like Centos.

Personally I hate Centos, it has ancient software (php 5.1.6!!!!) that is not much use to anyone. It is always Centos servers that have issues with updates (never debian/ubuntu)

Re:Just like Redhat (1)

sopssa (1498795) | more than 3 years ago | (#31585050)

CentOS is bad example because it's actually a separate branch from Red Hat. Fedora is what you're looking for, and it's usually quite up to date.

Re:Just like Redhat (0)

Anonymous Coward | more than 3 years ago | (#31585270)

really all of their code is open ?

where is the source code for RHVE ?
where is the source code for the zstream errata ?
where is the source code for Real time ?

Re:Just like Redhat (0)

Anonymous Coward | more than 3 years ago | (#31585508)

Cent OS ship the same versions of the source that are released by the 'upstream vendor'.

Redhat Enterprise 5 comes with PHP 5.1.6 as well.

Centos (1)

Andrioid (1755390) | more than 3 years ago | (#31584836)

Actually, people DID cry about it and as all of the source was available, those wonderful persons behind Centos took the RHEL source and packaged it themselves. I am not sure how much of the Solaris code is available for repackaging, but maybe someone will do the same for Solaris.

Re:Centos (1)

sopssa (1498795) | more than 3 years ago | (#31585124)

OpenSolaris is that project.

Re:Centos (1)

X0563511 (793323) | more than 3 years ago | (#31585204)

So is Oracle just gone and shot off a foot, here?

Re:Just like Redhat (0, Flamebait)

BitZtream (692029) | more than 3 years ago | (#31585192)

Most certainly can jump on Oracle! Redhate is friend of GPL. Oracle is commercial company who doesn't give everything away for free.

Oracle is evil because they don't want to give everyone a free ride. Redhat is good because ... well, because GPL and Linux fan boys are generally fucking retarded, I can't come up with any other reason people are salivating to give them blowjobs.

The reality of it is, Oracle is just putting the nails in the Solaris coffin without actually saying thats what they are doing.

Yes, Oracle is cutting lots of 'free' as in money things out of Sun ... in case you didn't notice Sun wasn't going to survive for long the way it was going, if Oracle doesn't do something to stem the flow of cash out of Sun then Oracle will simply be next. While I'm sure there are plenty of idiots here who think that would be a good thing, you'd be wrong for a number of reasons.

Of course, the only way this is acceptable to me is if they start releasing versions of Solaris that they put the time and effort into testing and securing before release. The worlds current software development model is 'sell the customer a beta app, patch it over time, and when its finally at a 'release ready' point you EOL it, release the NEXT beta version of the software and get everyone to upgrade!'

If they continue to sell incomplete/untested software and then start charging you to finish the beta program well, they'll get by with it for a while, but it'll just be known as the start of the final nail in the solaris coffin.

If you don't like the game, change the rules? (1)

leereyno (32197) | more than 3 years ago | (#31585278)

The problem here is not that they are doing this, but that they are doing this NOW.

RHEL was pay-to-update from day one. Everyone considering RHEL knew this and could decide whether that was what they wanted to go with.

The difference here is that users who have been using Solaris for years and making do with critical updates are now unable to keep their systems secure.

Oracle is changing the rules of the game in mid-stream. That is where the problem is.

Were they to come out with Solaris 11 and proclaim THEN that security updates to THAT version of the OS would be pay-to-play, then that would be fine.

What isn't fine is yanking the rug out from under people. Especially in this economy.

I think this is a fine example of why users should be wary of freeware. (Not to be confused with open source). Sooner or later, you pay for what you get.

Re:If you don't like the game, change the rules? (1)

sopssa (1498795) | more than 3 years ago | (#31585436)

If the two options are either to stop the Solaris project because it's generating so big losses, or continue it with paid updates, which one is better? Sure suddenly starting to pay for updates might suck a bit, but it's better than not getting those updates at all.

The licensed the software, (0)

Anonymous Coward | more than 3 years ago | (#31584478)

they knew what they were getting in to. I say, let 'em crash.

Re:The licensed the software, (0, Flamebait)

BitZtream (692029) | more than 3 years ago | (#31584524)

You do realize GPL is a software license right?

Ignorant fanboy.

Re:The licensed the software, (0)

Anonymous Coward | more than 3 years ago | (#31584554)

And I'm sure you can download the source for the GPL updates. If you want a pre-built/tested package you have to pay them.

Re:The licensed the software, (-1, Troll)

trurl7 (663880) | more than 3 years ago | (#31584618)

Troll

Re:The licensed the software, (1, Funny)

Anonymous Coward | more than 3 years ago | (#31585366)

Funny

Re:The licensed the software, (0)

jedidiah (1196) | more than 3 years ago | (#31584670)

GNU is software, not a license.

GNU is not Oracle's personal property.

Who exactly is ignorant?

Oracle (0)

Anonymous Coward | more than 3 years ago | (#31584494)

"We have no morals."

CAPTCHA: Deplore.

Sidestep? (4, Insightful)

TheRaven64 (641858) | more than 3 years ago | (#31584506)

What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements since several of the Solaris cluster packs contain patches to GNU utilities and applications

The GPL doesn't prevent you from charging a fee for GNU software. It just stops you from preventing the people you sell it to from distributing it to everyone else. OpenSolaris is free and the source is available. If you are using Solaris (not OpenSolaris) then you are paying for a platform that has undergone some extra testing and comes with support guarantees. If this isn't important to you, then use OpenSolaris for free.

Re:Sidestep? (0)

hellraizer (1689320) | more than 3 years ago | (#31584572)

yes and as you said .... "If you are using Solaris (not OpenSolaris) then you are paying for a platform that has...." do i have to pay twice ? Once when i Buy the OS , AND to have updates? sounds freaky to me !!!!

Re:Sidestep? (1, Redundant)

inerlogic (695302) | more than 3 years ago | (#31584648)

Solaris is free to download and install...
you only pay for the support....

Re:Sidestep? (2, Informative)

hellraizer (1689320) | more than 3 years ago | (#31584682)

it may be so ... but .... Quoting Oracle's web page ... "Licensing Information By accessing the software on this Web site, you agree that (1)(a)you have already obtained a license from Sun, or a Sun partner, for your current use of the software; and (b) that your Sun License Agreement, Sun Partner Agreement, or other license agreement with Sun or a Sun partner, together with the applicable Entitlement or order document with Sun or a Sun partner, governs your use of the software, or (2) if you have not already obtained a license from Sun or a Sun Partner for your use of the software, the Sun Microsystems License Agreement on this Web site governs your use of the software for the time specified in such agreement. Note: Programs downloaded for trial use or downloaded as replacement media may not be used to update any unsupported programs " The word LICENCE comes up very often .... am i wrong about this ???

Re:Sidestep? (3, Informative)

spamcop (1714222) | more than 3 years ago | (#31585258)

Solaris is free to download and install and to use for ONLY 90 DAYS! They changed this licence only few days ago. http://www.sun.com/software/solaris/popup.jsp?info=17 [sun.com] Quote: Solaris 10 Download Customers bla bla bla... Please remember, your right to use Solaris acquired as a download is limited to a trial of 90 days, unless you acquire a service contract for the downloaded Software.

Re:Sidestep? (1)

hellraizer (1689320) | more than 3 years ago | (#31585564)

There you are... Oracle killing Solaris Softly ..... :P ... With his song.... :D

Re:Sidestep? (0)

Anonymous Coward | more than 3 years ago | (#31585592)

Solaris 10 is restricted like that. OpenSolaris is not. OpenSolaris is Solaris 11, and it will soon become Solaris 11, which will be another paid-support project. It's not altogether different than the arrangement of RHEL and Fedora (except OpenSolaris iterates much more slowly and stably).

Now I do see Oracle doing its damndest to kill off OpenSolaris, but as far as I can tell, they haven't done it yet.

Re:Sidestep? (3, Insightful)

flaptrap (1038180) | more than 3 years ago | (#31584594)

...and I quote (from gnu.org gpl-faq

        The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

        But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

        Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you. ...and...

If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer.

The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.

Mr. Opportunity (2, Interesting)

abbynormal brain (1637419) | more than 3 years ago | (#31584528)

... is knocking on the door of the competition.

There are many ways to take news like this. For those invested, it's a blow. For the free market and those looking for marketing opportunities (cough ... I'm talking to the competition) .... this is your opportunity to do something good to us looking for solutions and yourself (in recapturing market share). Make me an offer I can't refuse.

Feature-Pack vs Security Fix (0)

Anonymous Coward | more than 3 years ago | (#31584536)

It's one thing to hold back updates that add new features, it's entirely a different thing to prevent users from freely acquiring Security Updates. Heck, the OS is a free download for both SPARC and x86...but you have to *pay* for security fixes?

Wait a second, isn't most of the development for Solaris driven by the OpenSolaris group?

/me goes off to RTFA

Sidestepping Nothing (5, Insightful)

CritterNYC (190163) | more than 3 years ago | (#31584542)

They're not sidestepping anything GPL-wise. The OS patches contain some GPL binaries and some proprietary binaries. They are side by side, which means the proprietary binaries are not subject to the GPL. The entire patch package, therefor, can't be redistributed. The GPL bits within the patch can be freely redistributed. As can the source for those bits, which Sun/Oracle is (presumably) making available as they always have to comply with the GPL.

So, they are sidestepping nothing.

Re:Sidestepping Nothing (0)

Anonymous Coward | more than 3 years ago | (#31584914)

Don't 'presume'. ARE they offering the source code for the gpl portions of the patches? If they are, get those. If they aren't, it isn't side stepping, it's flat out breaking.

Additionally, there is NOTHING to stop Oracle from separating their GPL and non-GPL patch components such that the GPL programs can receive their patches freely without having everyone jump through hoops.

Re:Sidestepping Nothing (2, Interesting)

Wannabe Code Monkey (638617) | more than 3 years ago | (#31585234)

Don't 'presume'. ARE they offering the source code for the gpl portions of the patches? If they are, get those. If they aren't, it isn't side stepping, it's flat out breaking.

I think you'll find that 'not presuming' is exactly what the parent is doing. The summary said, "What may be more interesting is how Oracle/Sun is able to sidestep GNU licensing requirements". And the poster is saying, "Hey lets slow down a second, are we sure Oracle isn't giving access to the source code to their customers?" Remember, there's nothing stopping Oracle from charging for GPL source code, and they only have to provide access to the source code to the people they distribute the binaries to. So if you don't have a support contract with Oracle, they don't have to provide you with the source code because they're not providing you with the binaries either. However, if one of their customers decides to redistribute the source code, there's nothing Oracle can do about that.

Entirely Different (1)

CritterNYC (190163) | more than 3 years ago | (#31585250)

That's an entirely different topic than what we are discussing here (whether Oracle is side-stepping the GPL by only making patches available to paying customers). That's why I said presumably and don't feel like taking the time to download the full Solaris and OpenSolaris packages to see what source is where. Considering they have OpenSolaris with all the source available for all bits we'd be worried about up (and anything GPLed in Solaris is also in OpenSolaris), I think they're good. Either way, it doesn't affect the discussion here, which is that Oracle is within their rights to distribute the patches only to paying customers.

Additionally, there is NOTHING requiring Oracle to separate their GPL and non-GPL patch components to support people who aren't paying for support.

Linux (0, Flamebait)

pak9rabid (1011935) | more than 3 years ago | (#31584576)

This is one of many reasons why I run GNU/Linux...

Was to be exepected (3, Insightful)

Midnight Thunder (17205) | more than 3 years ago | (#31584606)

I don't want to sound negative, but I was always worried about Oracle buying Sun, for how it would impact negatively on Sun's business. For me the Oracle web site is so convoluted that it stinks of 'we designed this so that you to pay use to find it'. Everything feels designed to nickle and dime everything you try doing with them. This is based on experience of having get specific updates to fix certain known issues. If you don't agree with my perspective, I would gladly appreciate hearing about your experience.

I am a Java developer and I hope that they don't extend this to Java or any other Sun technologies with a more 'open' culture.

Re:Was to be exepected (4, Informative)

Capt James McCarthy (860294) | more than 3 years ago | (#31584764)

I don't want to sound negative, but I was always worried about Oracle buying Sun, for how it would impact negatively on Sun's business. For me the Oracle web site is so convoluted that it stinks of 'we designed this so that you to pay use to find it'. Everything feels designed to nickle and dime everything you try doing with them. This is based on experience of having get specific updates to fix certain known issues. If you don't agree with my perspective, I would gladly appreciate hearing about your experience.

I am a Java developer and I hope that they don't extend this to Java or any other Sun technologies with a more 'open' culture.

I agree. I cringe every time I venture into the quagmire of oracle.com to obtain a CPU or look up information/patches for an older version of oracle. Sun's site was much easier to navigate through for patch clusters or specific patches themselves. Now that sun's site is folded into oracle's site, finding hardware information has become a pain. I did find that going to sunsolve still is the way to go though.

Re:Was to be exepected (1)

MMC Monster (602931) | more than 3 years ago | (#31584908)

I don't want to sound negative, but I was always worried about Oracle buying Sun, for how it would impact negatively on Sun's business.

The Sun's business is keeping me warm during the day, providing a free energy source, and an excuse for me to wear sun glasses.

So long as it does that, I couldn't care less what any Oracle does with it.

Re:Was to be exepected (4, Funny)

hoggoth (414195) | more than 3 years ago | (#31585184)

I wanted to play with a particular technology from a company that was acquired by a company that was acquired by Oracle. I called Oracle and got passed from department to department. Nobody had ever even heard of this technology or the company they had acquired years ago. One rep was willing to sell me a license to use the technology for many thousands of dollars even though he himself couldn't find any mention of it inside Oracle, with the caveat that I would have to FIND IT myself because he didn't have any idea where it might be. After being transferred back to the same person the fourth or fifth time I gave up with the phone and started googling for the technology. I found a web page deep inside Oracle's website that had the entire thing, source code and all, available. There were no disclaimers, there was no license, just instructions on how to download it, compile it, install it, and use it.

So I did.

I suspect Oracle is run by the Department of Motor Vehicles.

Mod this up as hilarious. (1)

PerfectionLost (1004287) | more than 3 years ago | (#31585300)

Yea.

Re:Was to be exepected (1)

brit74 (831798) | more than 3 years ago | (#31585286)

I don't want to sound negative, but I was always worried about Oracle buying Sun, for how it would impact negatively on Sun's business.

Sun's business was already in the negative. At this point, I can't blame them for trying something new to turn-around Sun's profit/loss statement:

For the quarter that ended March 29 [2009], Sun posted a net loss of $201 million, or 27 cents a share. That’s a sharp downturn from the loss of $34 million, or 4 cents a share, it reported the same period last year.
http://www.nytimes.com/2009/04/29/technology/companies/29sun.html [nytimes.com]

Just another step... (2, Informative)

ak_hepcat (468765) | more than 3 years ago | (#31584630)

...and another 'I' dotted in Oracle's plan to kill off Solaris, and force Linux as their high-end product.

I only have one Solaris server left, and I'm rapidly losing any real need to keep using it.
In fact, I will probably end up migrating off of Solaris this year, just to be done with it.

Linux works just fine on my Sparc hardware, even my Ultra Enterprise 2, which hasn't seen
upgrades or replacement parts in over 10 years. (and why it's still up and running, I don't know...)

Re:Just another step... (2, Informative)

pedestrian crossing (802349) | more than 3 years ago | (#31584772)

This policy was in place -long- before the Oracle deal. It has been over 3 years since you needed a support contract to get patches...

Re:Just another step... (5, Informative)

Anonymous Coward | more than 3 years ago | (#31585156)

There's a big difference - it used to be you needed a contract to use their patch update manager (and one contract covered all machines), but not just download individual patches or patch clusters (which, BTW, are integrated into the latest full OS downloads, and in fact at least one Sun person I've seen has recommended just grabbing the latest full OS download and using that to apply updates!). Now, not only do you need a contract, but you need one for each machine and OS version separately, and you can't actually buy the contracts from Oracle anyway. There's NO way to purchase them online (in fact the one link that's been posted multiple times as "I've verified this works" by Sun/Oracle people takes you to the Oracle 404 page), and when you leave your name with the pre-sales people to have sales call you, you don't get called back (since there's no way to actually talk to a sales person directly).

I suspect that Oracle is doing everything they can to passively kill Solaris without admitting it, that way they can say it wasn't their fault (or plan all along) when the regulators and shareholders come asking questions... If I had my choice, I'd be off Solaris completely, but at least for right now I don't. What's really interesting is what this is going to do to all those proprietary software vendors who require Solaris as the server OS for software used in regulatory compliance-audited environments. Since no patching = non-compliance, the ripple-effect is gonna be HUGE...

Re:Just another step... (1)

bill_mcgonigle (4333) | more than 3 years ago | (#31585596)

...and another 'I' dotted in Oracle's plan to kill off Solaris, and force Linux as their high-end product.

Oracle isn't stupid about making money. They're probably seeing if Solaris can be made profitable on its own. If not, it gets the whack. But not giving it the full chance would be a foolish disposition of an asset.

Stop stepping. (2, Insightful)

wonkavader (605434) | more than 3 years ago | (#31585672)

Yes, that was certainly the plan a year ago.

It's no longer the plan. You'll soon need to flip it around.

Solaris is now a great tool to help Oracle force people to one and only one vendor (Oracle) for just about everything. That's the new plan. And Linux fits in that plan right now, but probably won't in a few years, if they can get people to trust them as hardware vendors, and they can keep the quality of Solaris testing up.

Oracle sees Sun as a company with a LOT of great stuff, but both weak and incompetent, since it didn't squeeze cash out of people on every single thing it did. Oracle is right now in an orgasmic frenzy to take everything Sun had and monetize it -- some at the start, though that's less important, but EVERYTHING must bring in cash via support and updates. Furthermore, expect to see every piece slowly being changed slightly to push you towards coupling with other Oracle tools.

Which is why open systems, like Linux, don't help Oracle in the long run. Open systems give you flexibility, and flexibility is bad. Oracle is pushing to get the whole enterprise, from soup to nuts. In the words of an IBM rep I was talking to about this: "We tried that 15 years ago, and it almost killed the company."

Oracle started doing Linux not because they like open systems (they don't), but because A. they could control it a little through their own distro and B. they could get the support contracts, instead of the money going to Red Hat. Now they have Solaris. They'll push that like crazy and move people onto it, since they can certainly control it a lot better than they can control Linux, and instead of some of the support dollars going to Oracle, ALL of the support dollars will go to them.

GPL requirements (1)

Tet (2721) | more than 3 years ago | (#31584634)

The fact that they're shipping GNU utilities is irrelevant here. The GPL compels you to distribute source and rights when you distribute a binary. There is no requirement to keep it up to date, and Sun/Oracle can do whatever they want with their Solaris cluster packs. What they can't do is distribute updates to paying customer and prevent those customers from passing the updates on to others (for the GPL-licensed parts, that is).

SUN has never been easy to deal with (1)

feenberg (201582) | more than 3 years ago | (#31584646)

Interestingly, we had support contracts for several SPARC machines until recently, but when the time
for renewal came around SUN didn't send any notice, and we let it go. I think of this as
"passive/aggressive" behavior on their part and seems typical of our experience with the administrative
side of SUN, although past adventures (such as wrong addresses on shipments) have been worse. .

The GPL does not apply here (2, Insightful)

jonwil (467024) | more than 3 years ago | (#31584718)

Presumably if you obtained the GPL binaries/source from SUN, its legal to redistribute those patches. But there is nothing in the GPL requiring SUN to give you those patches, code or binaries.

If they give you the binaries, they need to give you the source. But if they choose not to give you the binaries (i.e. you elect not to pay for a Solaris contract), they are not obligated to give you anything (binaries or source)

somewhere a bunch of Sparc boxes are.... (1)

FudRucker (866063) | more than 3 years ago | (#31584852)

getting fdisked and Debian GNU/Linux is getting installed on them as we speak.

Re:somewhere a bunch of Sparc boxes are.... (0)

Anonymous Coward | more than 3 years ago | (#31584964)

nope... that's not happening... why downgrade?

Re:somewhere a bunch of Sparc boxes are.... (0)

Anonymous Coward | more than 3 years ago | (#31585018)

I prefer Unbuntu!

from TFA (0)

Anonymous Coward | more than 3 years ago | (#31584854)

http://wikis.sun.com/display/SunSolve/How+Entitlement+Works?focusedCommentId=199106033#comment-199106033

Looks like they just made a mistake with their product catalog

"de rigueur for enterprise"? Not for DB2 (2, Informative)

Kenneth Stephen (1950) | more than 3 years ago | (#31584984)

I can't think of any IBM product on the "distributed platforms" (i.e not mainframe or i5OS) where the fixpacks are not available for free.

Mistake (1, Informative)

Anonymous Coward | more than 3 years ago | (#31585030)

The linked thread already points out that this was a mistake, not intentional, and provides a link to the Sun site with details.

Final Nail in the Coffin (1)

doublecuffs (914081) | more than 3 years ago | (#31585034)

So long to Solaris as a viable alternative to Linux and so long to OpenSolaris. Who's going to bother using an operating system that you have to pay to ensure it's secure.

This has been brewing for a long time... (1)

ArtFart (578813) | more than 3 years ago | (#31585046)

Prior to the merger with Oracle, Sun had been moving toward this for some time. They were gradually restricting access to more and more of the Sunsolve site, and it got a major rework last year. At that time, Solaris Recommended and Security patch bundles became available only to current subscribers.

whatever happened to OpenSolaris (0)

Anonymous Coward | more than 3 years ago | (#31585160)

"Prior to the merger with Oracle, Sun had been moving toward this for some time. They were gradually restricting access to more and more of the Sunsolve site, and it got a major rework last year. At that time, Solaris Recommended and Security patch bundles became available only to current subscribers"

Where, got any links to articles about this? How does this relate to OpenSolaris [wikipedia.org]

Industry-wide needs to pro-consumer policy (4, Insightful)

discojohnson (930368) | more than 3 years ago | (#31585170)

All security updates should be free as in beer. Patches that include features are for-pay. It's not my fault they released a product with security holes. I love car analogies, and it works pretty good here.

As a industry best practice... (4, Insightful)

Mr.Fork (633378) | more than 3 years ago | (#31585224)

This goes back to the story of the Scorpion and the Frog. A scorpion was travelling across the land when he came to a river. Wanting to get across, he approached a frog to help him get across.
The frog replied "Why should I help you across because you will sting me and we will both drown."

The scorpion said "I promise not to sting you."

They are half-way across the river then the scorpion is startled by a splash of water and stings the frog. The frog cries out as his body begins to paralyze "Fool! You have doomed us both as I predicted."

The scorpion replies "Fool? What did you expect Frog? I am a scorpion."

Oracle is a Scorpion. Anyone who thought otherwise when they purchased SUN is a fool.

Re:As a industry best practice... (1, Offtopic)

FreeUser (11483) | more than 3 years ago | (#31585780)

That is an old tale, but not told the way you wrote it. A (somewhat) corrected version:

A scorpion was travelling across the land when he came to a river. Wanting to get across, he approached a frog to help him get across.

The frog replied "Why should I help you across because you will sting me and we will both drown."

The scorpion said "I promise not to sting you."

They are half-way across the river then the scorpion is startled by a splash of water and stings the frog. The frog cries out as his body begins to paralyze "Why have you done this? You have doomed us both!"

The scorpion replies "What did you expect Frog? This is the middle-east."

One might substitute "This is business" for "This is the middle-east" and be closer to the mark, but in reality, it's more a pissing match between internal teams in Oracle/Sun, with the entrenched Oracle interests putting their newly acquired Sun lackeys in their place. It's a shame, because while I think the open development model of GNU and Linux give it a leg up over Solaris, with the advent of Open Solaris it really looked like we'd have a healthy eco-system with room for both. Thanks Oracle...for nothing.

Internal Conversation (1)

KiwiCanuck (1075767) | more than 3 years ago | (#31585388)

Sale rep to programmer: "Put more bugs in the software, I'm making a killing here!"

a case of programmed cell death - apoptosis (2, Interesting)

Anonymous Coward | more than 3 years ago | (#31585554)

I just want to congratulate Oracle on doing everything it can to kill off Solaris passively [sun.com] so they don't have to admit what they're doing. I need a Solaris support contract in order to keep a few systems running specialized software in a compiance-audited environment up to date. This is software that is run in many environments where the inability to keep them patched is a showstopper. However, I can't seem to purchase a support contract. The only page that even lists the ability to purchase it is broken (see dpfloyd's comment), and I have not receved a call back from Oracle/Sun sales in nearly a week (and that was after getting bounced through 6 different people to a support person who at least knew to forward my info to a Sun-related salesperson, or so they said). Additionally, if you click the "How to Purchase a Contract" it provides no actual info on how to do that, and the link it has to "Learn More" takes you into an infinite loop of "click here, now click here, now click here - oh, wait, I'm back where I started" when you try to find out about Sun Solaris support.

I hope I'm wrong about what's happening, but I can't say that any of this gives me the warm fuzzies. I'd say that if I had control over the platform I'd migrate those systems off of Solaris to another OS, but I'm guessing that's exactly what Oracle wants...

Can SOMEONE at Oracle/Sun please tell me how to purchase a support contract to download OS patches? If not, can someone from Oracle/Sun officially tell me to bugger off so I can tell my boss that we're never going to be able to update those servers again and we can start planning on how we're going to get around that issues?

Thanks.

U.S.A. three letter orgs dropping Sun? (1)

Culture20 (968837) | more than 3 years ago | (#31585626)

Does this mean that CIA, DoD, et al will be dropping Sun requirements since this is now a foreign company that likes to change the rules (although I'm sure they all have support contracts, so technically nothing changes for them)? I was told by a CIA headhunter once that Sun was the only *nix they used due to some Congressional mandate of some sort (although that was almost a decade ago).

Charging customers to fix your broken crap (0)

Anonymous Coward | more than 3 years ago | (#31585776)

This reminds me of all those PPL downloading IOS images from Russia because they are too poor to pay Cisco to prevent their routers from being 0wned.

Guess vendors will do whatever they can get away with even if their actions are morally questionable. At least MS has a reasonable policy WRT paid support if the problem is caused by a defect in their software the fees can be waived.

Oracle is stuck in the dark ages. Its security record is absolutely abysmal compared to its competition in the RDBMS space. Unbreakable? As a HPC cluster for botnets - certainly.

Yes I'm just pissed off at Oracle because I accidently forgot I had an instance of Oracle running and my system got rooted as a result. Its really quite sad considering their first customers were three-letter-agency.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?