Every good work of software starts by scratching a developer's personal itch. -- Eric Steven Raymond.
Red Flag Linux was created to scratch the itch of the burgeoning Chinese information technology industry. As Chinese business was growing, and the World Trade Organization began cracking down on widespread copyright infringements, there was a need for a localized version of a free operating system.
Hence, Red Flag was born out of cooperation between the Software Research Institute of the Chinese Academy of Sciences and NewMargin Venture Capital, a venture arm of the Chinese government.
The Linux community reacted negatively upon hearing the first rumors of the distribution in 1999, and many claimed the entire thing was a hoax to discredit the growing popularity of the Open Source movement. It was a common FUD (Fear Uncertainty and Doubt) tactic at the time to compare Open Source and Free Software to Communism. To the uninitiated, there are some striking similarities between the two philosophies, but the rumors put the community into bigger hysterics when it was announced that the Chinese government was making Linux the official operating system. And, oh by the way, they were going to ban Windows 2000 on all Chinese computers.
Linux advocates were caught off-balance. Some claimed that with the world's most populated nation using Linux, there could be no stopping world domination. Others, including Eric Raymond, contended that, "any 'identification' between the values of the open-source community and the repressive practices of Communism is nothing but a vicious and cynical fraud. [We] would not care to be associated with the totalitarian and murderous government of Communist China -- unrepentant perpetrators of numerous atrocities against its own people."
It was easy for me to visualize hordes of penguins strutting across the vastness of the Asian steppes like so many lemmings, carrying red flags over their shoulders, spreading a uniquely Communist free software viewpoint. Or perhaps hundreds of programmers hunched over a keyboard in a dark factory cranking out lines of code, after doing their daily exercises and patriotic singing.
The reality is far different. The rumors that Windows was being banned in China turned out to be false, although Red Flag Linux does seem to have an edge in many of the bidding wars for IT projects due to its close associations with the Chinese government. In contrast to some of the expectations, Red Flag is following a business model very similar to Red Hat Linux. In fact, Red Flag Linux can be purchased from its Web site or ISO images can be downloaded from its FTP site.
My first challenge as a reviewer came in obtaining these ISO images. I tried for several days to download the several hundred megabyte desktop image with no success. The relative obscurity of this distribution means it hasn't yet been mirrored around the world, and at the time of this writing the only place to download it is from China itself. After leaving a shell downloading the images in a screen session over several days, I was able to obtain a good binary.
I burned the English version onto a CD-ROM and loaded it into my virtual machine.
Right away, I suspected that Red Flag was based on Red Hat. I hit return to boot into graphical mode to see how the installer would handle the graphical mode while running under VMware. After the kernel scrolled for a little while, the Red Flag desktop installer came up in an ugly 16-color X server. It was obvious at this point that this was indeed a modified Red Hat installer. Not reading many Kanji, I selected the only option I could understand, English, and proceeded.
Like its cousin, Red Flag allows you to either upgrade a previous installation or to install from scratch. It seemed to have added an uninstall option with a humorous icon of Tux being dumped ungraciously into the Windows recycle bin.
I proceeded through the install, sticking to the defaults wherever possible. Interestingly, Red Flag chose to use KDE as the default GUI. Possible future flame-war material? Its developers have also chosen to go with the journaled Reiser File System instead of ext3.
For the typical install, the Red Flag Linux 2.4 desktop creates a root partition of 1,235 megabytes, and then appears to allocate the rest of the free space for /home and swap.
For reasons I couldn't determine, Red Flag was installing slower than Tux on a Sunday evening after gorging himself with fish. I minimized the VMware window and proceeded on to other work. After an hour of installing, suddenly my screen blanked, and it I was dumped to the console. No matter what I tried, I couldn't switch back into X. If I'd had another machine on the network, I suspect I could have SSHed back into the machine and fixed things, but I instead I gave my machine the three finger salute (but not before I gave it my one finger salute).
When I finally came back online, I decided to go with the text install instead of the GUI. Inexplicably, this not only installed much faster, it didn't decide to lock my machine.
I rebooted my virtual machine, and selected Linux from the LILO prompt. I thought I had botched something as the screen sat there blank after, "Uncompressing Linux ... Ok, booting the kernel." I gave it some time to think, and eventually the familiar login prompt appeared. For reasons unknown, these Chinese hackers have eliminated all printk's in the kernel as well as startup messages in the init scripts! I can only guess that they eventually intend to replace it with some sort of localized or graphical version of boot-up.
Unlike a Red Hat install, I was never prompted to create a user or set a root password. I had visions of having to crack my own installation to even log in. I tentatively typed in root, and wondered if I could guess what a Chinese developer would set as a default password, when I was presented with a root prompt!
That's right, they don't set a root password, and seem to expect users will be running as root right from the start. That's surely not the best way to introduce a newbie to best practices. I poked around the system a little bit and didn't notice anything much different from a stock Red Hat 7 install.
Reiser seemed to be working fine, and the kernel was 2.4.2. I tried to get into X and was immediately kicked out. I gambled and tried typing Xconfigurator, like I would do on a normal Red Hat machine. Though this brought up the expected program, it had an interesting copyright message, "(C) 2000 Red Flag Software and others." Certainly the GPL doesn't require an advertising clause, but it's funny to see how they seemed to search and replace Red Hat with Red Flag.
Xconfigurator didn't want to work, so I tried installing 3.3.6, along with the VMware tools. After a little bit of tweaking to the font paths in the /etc/X11/XF86Config, I was able to load KDE.
Here again, there doesn't seem much difference from stock KDE except for some custom colors and backgrounds, although one thing I immediately noted was that they included Xine, which plays DVDs, DivX, AVI, and other media. XMMS, the MP3 player, was also prominently linked on the desktop.
I grepped around through the menus, looking for anything out of the ordinary. All I found were a couple of generic icons labeled "application." One of them seemed to be some sort of localized rxvt, and the other an English-to-Chinese dictionary. Not exactly what I was expecting. Everything seemed very hastily thrown together. I'm not sure if this was because I was using the English version, or if the Chinese version also had shoddy construction.
Though it's semi-hidden, there is an older version of Ximian GNOME installed by default. In fact, the packages are old enough to use their former name, Helix Code. I started up GDM and tried out the GNOME side of things. It seems completely stock, which is probably why it doesn't appear by default.
Being curious, I wondered if there were any insidious back-doors snuck in by the Chinese government, so I did a quick NMAP port-scan of every port on the machine and obtained the following:
[root@takauji root]# nmap -O -p 1-65535 192.168.6.128 Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.6.128): (The 65524 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 79/tcp open finger 98/tcp open linuxconf 111/tcp open sunrpc 113/tcp open auth 513/tcp open login 514/tcp open shell 515/tcp open printer 1030/tcp open iad1 6000/tcp open X11 No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi). TCP/IP fingerprint: SInfo(V=2.54BETA22%P=i386-redhat-linux-gnu%D=2/20%Time= 3C746F6C%O=21%C=1) TSeq(Class=RI%gcd=1%SI=3AF64A%IPID=C%TS=100HZ) TSeq(Class=RI%gcd=1%SI=3AEF51%IPID=C) TSeq(Class=RI%gcd=1%SI=3ACFE9%IPID=C%TS=100HZ) T1(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T2(Resp=N) T3(Resp=Y%DF=Y%W=16A0%ACK=S++%Flags=AS%Ops=MNNTNW) T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=Y%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK= E%UCK=E%ULEN=134%DAT=E) Uptime 0.267 days (since Wed Feb 20 14:29:55 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 43 seconds
For some reason, NMAP was unable to fingerprint the TCP/IP stack, which probably requires some investigation at a later date. There were plenty of services running open by default that shouldn't have been. I'm sure several of them are ripe for exploits. It also wasn't clear what was running on port 1030.
I didn't find any unique SUID root programs, other than what seemed to be some sort of input program called rfinput. I couldn't get it to load, but perhaps I was missing something in the English version.
Overall, Red Flag Linux seems a positive move by the Chinese, but I wouldn't recommend it for English-speaking users, who have many other options available. It makes a lot of sense for the Chinese to run something Open Source and free. They can audit the code, whereas who knows what kinds of trojans and back-doors get inserted into foreign versions of Windows. It is clear that Linux in China will continue to grow, and hopefully we'll be able to see more collaboration between their programmers and others throughout the world, helping to bridge a cultural gap.