BlueDog White Paper

The Case for Gentoo

The case for a robust enterprise operating system

Secure: install only the operating system components

needed for the system.

High-Performance: kernel builds are optimized for the

CPU and other system hardware. Install only the
components necessary to reduce overhead.

Versatile and Reliable: the Gentoo Linux 2.4 version

kernel has been in wide use since 2003 and is used in
commercial Linux appliances, other federal agencies, and
driving many high-end systems.

Easy-to-Manage: the Portagé implementation of package

management means easy system maintenance that avoids
breaking working systems by checking/tracking
dependencies. In the end, this is a flavor of Linux, so any
Unix system administrator should be right at home.

www.bluedog.net 1 of 20
 The Gentoo Flavor of Linux
Gentoo is a distribution of GNU/Linux designed for
enterprise server environments, and is an open source
product. Gentoo is a special flavor of Linux that can be
automatically optimized and customized for just about any
application or need. Gentoo Linux is a source based
distribution, with a powerful package management system.
Extreme performance, configurability and a top-notch
developer and support community are all hallmarks of the
Gentoo experience.

Open Source Software are programs with licenses that give

users the freedom to run the program for any purpose, to
study and modify the program, and to redistribute copies of
either the original or modified program (without having to
pay royalties to previous developers). There is also a
community of developers around the world who support
these types of applications – not for direct income, but
because they want to. Of course developers make money
off of Open Source Software the same way commercial
vendors do – through support, upgrades, enhancements
and customization.

Why should one consider Open Source an alternative to

closed, commercial systems in the first place? Besides the
obvious up-front cost savings, four factors contribute to
making Open Source just plain better: First, many users
don't just report bugs, as they would do with commercial
software, but actually track them down to their root causes
and fix them.

Second, many developers are reviewing each other's code,

if only because it is important to understand code before it
can be changed or extended. It has long been known that
peer reviewing is the most effective way to find defects.

www.bluedog.net 2 of 20
 Third, the open source model seems to encourage a
meritocracy, in which programmers organize themselves
around a project based on their contributions. The most
effective programmers write the most crucial code, review
the contributions of others, and decide which of these
contributions make it into the next release.

Fourth, open source projects don't face the same type of

resource and time pressures that commercial projects do.
Open source projects are rarely developed against a fixed
timeline, affording more opportunity for peer review and
extensive beta testing before "release."

www.bluedog.net 3 of 20
 Purpose of This Paper
This white paper compares a commonly-used enterprise
operating system with a commonly-used proprietary one,
Solaris, to show that in certain situations and by certain
measures, Gentoo is at least as good or better than its
proprietary competition. This is not meant as a wide ranging
apology of Open Source -- some Open Source software is
technically poor, just as some proprietary software is
technically poor, and even very good software may not fit
specific needs. Although most people understand the need
to compare proprietary products before using them,
sometime others fail to even consider Open Source
products. This white paper is intended to explain why you
should consider Open Source as an alternative.

www.bluedog.net 4 of 20
 Exhibit 1

Summary: Why Go Gentoo?

Area of How Risks
Importance Gentoo Rates Mitigated
Performance During the build process, Gentoo is automatically optimized Leveraging the
and customized the architecture, yielding extreme cost-effective
performance and configurability. On a x86 architecture Dell (Intel)
Gentoo has proven to have among the fastest response platform with
times in data input/output categories, real-world web and its enterprise-
application serving situations, and other areas. class RAID, dual
Gentoo can be configured to utilize a feature of modern power supplies,
Intel-style chips. Intel (and AMD) CPUs support multiple hot-swap
pipelines, which essentially means they can do more then drives, and
one thing at a time. If you have two otherwise equivalent inexpensive
Pentium-based machines, one running a program that keeps Xeon multi-
both of its pipelines completely full, and the other running a processor
program which only utilizes one, in theory the former will configuration
have twice the performance of the latter. Combine that with means wringing
the fact that some optimizations speed up the program in the most
other non-processor-dependent ways, and one may see that performance
a multiplicative speed increase. In a multi-processor from the
environment, the same gains are possible. platform.
Speed optimization is not the only a reason to run Gentoo. Gentoo beats
Because it allows the engineer to very easily customize the Solaris hands-
features of all packages, you get a system designed for the down in this
job at hand. Also it is very easy to apply custom patches area.
and still have the package managed by the portage
(therefore knowing when there are a new versions or
patches available). Performance is easier to achieve in a
system customized for the task at hand. One of the driving
philosophies is to know exactly what's installed on the
system, and have nothing more.
For Java deployment, Gentoo is simply the best Linux
distro: The major JREs are integrated in to the packaging
system and the java-config utility allows developers to
easily switch from multiple JREs on the fly.

Reliability Gentoo’s package library is well-tested. Security packages Because the

are back-ported, keeping all packages in the distribution up portal and web
to date. presence are
Kernel-isolation means no reboots unless an emerged high visibility
package addresses the Kernel specifically. systems,
Portage package management is kept reliable by rsync reliability is a
synchronization for the source tree and ftp and http key issue. While
synchronization for the distribution tree. any flavor of
Whereas Solaris often runs up against hardware Unix is highly
incompatibilities, Gentoo mitigates driver problems with a reliable, Gentoo
vast selection found in the portage. offers an added
level of
dependability.
Patching every
subsystem (but
the kernel) can
happen with out
a reboot.

www.bluedog.net 5 of 20
 Summary: Why Go Gentoo?
Area of How Risks
Importance Gentoo Rates Mitigated

Support Because Gentoo is a distribution of Linux, it conforms to the In addition to

“Unix-like” model of all the popular operating systems – the resources of
Solaris, Linus, Irix, and OS X. Administrators comfortable in the NGIT
any of these environments can move freely to the others. engineering
As Open Source, Gentoo Linux is a volunteer-driven group, the
distribution and has a great Gentoo community that tests, Portal Team’s
helps and documents many aspects of the Gentoo engineer, Perry
distribution. Gentoo currently has over 200 developers and Golden, will
according to the group's statistics, "tens of thousands of manage the
users." It is not uncommon to direct support questions to installation,
the Gentoo Forums, Gentoo Mailing lists or Gentoo Chat configuration
Channels; they represent a major part of the "common" and
knowledge about Gentoo Linux. The Gentoo Handbook management of
[http://www.gentoo.org/doc/en/handbook/index.xml ] is the the systems.
starting point for information about software. Once built and
Bugs and patches are reported and made available via the certified by
Gentoo site and via the Portage. Scott Chudy for
security, the
systems will be
maintained by
periodic reviews
of the Portage,
which can be
run by any of
the Unix
administrators.

Ease of Portage is the heart of Gentoo Linux, and performs many Emerging
Maintenance key functions. For one, Portage is the software distribution packages form
and Control system for Gentoo Linux. Gentoo's portage downloads the the Portage
of the Build sources off a mirror and compiles them for your system, makes
automatically solving dependencies. maintenance
To get the latest software for Gentoo Linux, you type one much easier
command: emerge sync. This command tells Portage to than Solaris.
update your local "Portage tree" over the Internet. Your Control of the
local Portage tree contains a complete collection of scripts build matches
that can be used by Portage to create and install the latest the needs of the
Gentoo packages. Currently, we have nearly 7000 packages particular
in our Portage tree, with new ones being added all the time. server to the
operating
Portage is also a package building and installation system.
When you want to install a package, you type emerge system
components.
packagename, at which point Portage automatically builds a
custom version of the package to your exact specifications,
optimizing it for your hardware and ensuring that the
optional features in the package that you want are enabled -
- and those you don't want aren't.
Portage also keeps your system up-to-date. Typing emerge
-u world -- one command -- will ensure that all the
packages that you want on your system are updated

www.bluedog.net 6 of 20
 Summary: Why Go Gentoo?
Area of How Risks
Importance Gentoo Rates Mitigated
automatically.
Because you only install what you choose, you get a better
security posture and a less bloated system.
Gentoo's Portage system enables the building of a custom
Linux installation from a tree of over 6,000 maintained
packages. Gentoo’s from-source approach and total
flexibility means that it takes very little effort to deliver the
kind of customized system an enterprise environment
requires.

www.bluedog.net 7 of 20
 Linux vs. Solaris -- A Complex
Issue
The situation with Unix is complex; today’s Unix systems
include many Open Source components or software
primarily derived from Open Source. Comparing a single
proprietary Unix system to Open Source is often not as
clear-cut. We will use the term “Unix-like” to mean systems
intentionally similar to Unix; both Unix and GNU/Linux are
“Unix-like” systems. For example, Apple's MacOS OS X
presents the same kind of complications; older versions of
MacOS were wholly proprietary, but Apple’s OS has been
redesigned so that it’s now based on a Unix system with
substantial contributions from Open Source (BSD, most
notably). Indeed, Apple is now openly encouraging
collaboration with Open Source developers in the form of
Darwin.

Open Source is All Around Us

Some might think that a product is only a winner if it has
significant market share. While such logic is flawed, there is
a seed of rational discourse within the argument that can be
appropriate. Operating systems, for example, with big
market share get applications, trained users, and
momentum that reduces future risk. Some may argue
against Open Source in general or GNU/Linux specifically as
“not being mainstream”, but this view reflects the past, not
the present. There is no shortage of evidence that Open
Source has significant market share, and is in wide use at
many organizations:

• The most popular web server has always been Open

Source since such data have been collected. For
example, Apache is currently the number one web
server with over twice the market share of its next-

www.bluedog.net 8 of 20
 ranked competitor. Netcraft’s statistics on web servers
have consistently shown Apache dominating the public
Internet web server market ever since 1996. Its
predecessor was number one prior to that.
• Sendmail, an Open Source program, is the leading email
server. A survey between September and October 2001
by D.J. Bernstein of one million random IP addresses
successfully connected to 958 SMTP (email) servers
(such servers are also called mail transport agents, or
MTAs). Bernstein found that Unix Sendmail had the
largest market share (42% of all email servers),
followed by Windows Microsoft Exchange (18%), Unix
qmail (17%), Windows Ipswitch IMail (6%), Unix smap
(2%), UNIX Postfix (formerly VMailer, 2%) and Unix
Exim (1%).
• A survey in the second quarter of 2000 found that 95%
of all reverse-lookup domain name servers (DNS) used
bind, an OSS/FS product. The Internet is built from
many mostly-invisible infrastructure components. This
includes domain name servers (DNSs), which take
human-readable machine names (like “yahoo.com”) and
translate them into numeric addresses. Bill Manning has
surveyed (in April 2000) the in-addr domain and found
that 95% of all name servers performing this important
Internet infrastructure task are some version of “bind.”
This includes all of the DNS root servers, which are
critical for keeping the Internet functioning. Bind is an
OSS/FS program.
• Tomcat is the popular open source Servlet engine
frequently used during application development, and is
widely deployed, with market share just behind
WebSphere and WebLogic.
• GNU/Linux is the second-most-popular web serving
oeprating system on the public Internet (counting by
physical machine), according to a study by Netcraft
surveying March and June 2001. Some of Netcraft’s
surveys have also included data on OSes; two 2001
surveys (their June 2001 and September 2001 surveys)
found that GNU/Linux is the numerb two OS for web
servers when counting physical machines (and has been
consistently gaining market share since February 1999).
As Netcraft themselves point out, the usual Netcraft web
server survey counts web server hostnames rather than
physical computers, and so it does not measure such
specifics as the installed hardware base. Companies can
run several thousand web sites on one computer, and
most of the world’s web sites are located at hosting and
co-location companies.
• According to a 1999 survey of primarily European and
educational sites, GNU/Linux is the number one server
operating system on the public Internet (counting by

www.bluedog.net 9 of 20
 domain name), according to a 1999 survey of primarily
European and educational sites. This survey (Zoebelein,
April 1999) found that, of the total number of servers
deployed on the Internet in 1999 (running at least ftp,
news, or http) in a sample of domain names, the most
used was GNU/Linux at 28.5%. It’s important to note
that this survey used existing databases of servers from
the .edu and the RIPE databases, so this is not really a
survey of “the whole Internet” (it omits “.com” and
“.net”). This is a count by domain name (e.g., the text
name you would type into a web browser for a location)
instead of by physical computer, so what is being
counted is different from the Netcraft studies. Also, this
study counted servers providing ftp and news services
(not just web servers).

Perhaps the simplest argument that GNU/Linux will have a

significant market share is that Sun is modifying its Solaris
product to run GNU/Linux applications, and IBM has already
announced that GNU/Linux will be the successor of IBM’s
own AIX. In fact, Sun has announced plans to move Solaris
into the Open Source model. Sun wants to foster a better
internal software development process, work more closely
with the community and then be able to drive innovation
outside its own organization.
[http://www.eweek.com/article2/0,1759,1647606,00.asp ]

www.bluedog.net 10 of 20
 How does Gentoo measure up?
Gentoo compares favorably to Solaris and other enterprise
operating systems, such as Red Hat’s enterprise
distribution.

Similarities

Solaris and Gentoo can be thought of as different flavors of

Unix. File system structure, location of binaries, command
line interface, and other elements of each are either
identical or very similar. Unix, in all its variations (including
Linux), is a powerful computing environment,; to maximize
productivity users and administrators should understand the
"Unix way" of getting work done. Once mastered, the “Unix
way” is universal.

A moderately experienced Unix administrator can transfer

knowledge required to work with file and directory
permissions, user and group accounts, backups, device files,
and peripherals with little effort.

Performance

Gentoo provides the means to fine tune installation on

specific hardware configurations to wring the highest
performance from the CPU, I/O channel, and other
subsystems. Overall, GNU/Linux offers better performance;
with Gentoo’s customization, we can expect the highest
performance.

In performance tests by Sys Admin magazine, GNU/Linux

beat Solaris (on Intel), Windows 2000, and FreeBSD. The
article “Which OS is Fastest for High-Performance Network

www.bluedog.net 11 of 20
 Applications?” in the July 2001 edition of Sys Admin
magazine examined high-performance architectures and
found that GNU/Linux beat its competition when compared
with Solaris (on Intel), FreeBSD (an OSS/FS system), and
Windows 2000. They intentionally ran the systems “out of
the box” (untuned), except for increasing the number of
simultaneous TCP/IP connections (which is necessary for
testing multi-threaded and asynchronous applications).
They used the latest versions of OSes and the exact same
machine. They reported (by OS) the results of two different
performance tests.

Note: FreeBSD developers complained about these tests, noting

that FreeBSD by default emphasizes reliability (not speed) and
that they expected anyone with a significant performance need
would do some tuning first. Thus, Sys Admin’s re-did the tests for
FreeBSD after tuning FreeBSD. One change they made was
switching to “asynchronous” mounting, which makes a system
faster (though it increases the risk of data loss in a power failure) -
- this is the GNU/Linux default and easy to change in FreeBSD, so
this was a very small and reasonable modification. However, they
also made many other changes, for example, they found and
compiled in 17 FreeBSD kernel patches and used various tuning
commands. The other OSes weren’t given the chance to “tune” like
this, so comparing untuned OSes to a tuned FreeBSD isn’t really
fair.

Here are the results of two performance tests by Sys Admin

magazine:

• Their “real-world” test measured how quickly large

quantities of email could be sent using their email
delivery server (MailEngine). Up to 100 simultaneous
sends there was no difference, but as the number
increased the systems began showing significant
differences in their hourly email delivery speed. By 500
simultaneous sends GNU/Linux was clearly faster than
all except FreeBSD-tuned, and GNU/Linux remained at
the top. FreeBSD-tuned had similar performance to
GNU/Linux when running 1000 or less simultaneous
sends, but FreeBSD-tuned peaked around 1000-1500
simultaneous connections with a steady decline not
suffered by GNU/Linux, and FreeBSD-tuned had trouble
going beyond 3000 simultaneous connections. By 1500
simultaneous sends, GNU/Linux was sending 1.3 million
emails/hour, while Solaris managed approximately 1
million, and Windows 2000 and FreeBSD-untuned were
around 0.9 million.

www.bluedog.net 12 of 20
 • Their “disk I/O test” created, wrote, and read back
10,000 identically-sized files in one directory, varying
the size of the file instances. Here Solaris was the
slowest, with FreeBSD-untuned the second-slowest.
FreeBSD-tuned, Windows 2000, and GNU/Linux had
similar speeds at the smaller file sizes (in some cases
FreeBSD-tuned was faster, e.g., 8k and 16k file size),
but when the file sizes got to 64k to 128k the OSes
began to show significant performance differences;
GNU/Linux was the fastest, then Windows 2000, then
FreeBSD. At 128k, FreeBSD was 16% worse than
Windows 2000, and 39% worse than GNU/Linux; all
were faster than FreeBSD-untuned and Solaris. When
totaling these times across file sizes, the results were
GNU/Linux: 542 seconds, Windows 2000: 613 seconds,
FreeBSD-tuned: 630 seconds, FreeBSD-untuned: 2398
seconds, and Solaris: 3990 seconds.

Benchmarks comparing Sun Solaris x86 and GNU/Linux

found many similarities, but GNU/Linux had double the
performance in web operations. Tony Bourke’s October
2003 evaluation Sun Versus Linux: The x86 Smack-down
gave a general review comparing Sun Solaris x86 and Red
Hat Linux. [http://www.osnews.com/
printer.php?news_id=4867] He found that “Performance
was overall similar for most of the metrics tested, perhaps
with Linux in a very slight lead. However, with the web
operations test (arguably the most important and relevant),
Linux is a clear winner.” He found that, given the same web
serving programs and configuration, GNU/Linux supported
over 2,000 fetches/second while Solaris x86 supported less
than 1,000 fetches/second.

Reliability

An important reason to choose Gentoo over Solaris is

reliability.

There is quantitative data confirming that mature Linux

distributions are often more reliable than their commercial
counterparts.

www.bluedog.net 13 of 20
 • A University of Wisconsin analysis measured reliability
by feeding programs random characters and
determining which ones resisted crashing and freeze-
ups. This approach is unlikely to find subtle failures, yet
the study authors found that their approach still
manages to find many errors in production software and
is a useful tool for finding software flaws. Finally, this
approach is extremely fair and can broadly applied to
any program, making it possible to compare different
programs fairly.
• They found that Linux had higher reliability by this
measure. In section 2.3.1 they reported that, "It is also
interesting to compare results of testing the commercial
systems to the results from testing “freeware” GNU and
Linux. The seven commercial systems in the 1995 study
have an average failure rate of 23%, while Linux has a
failure rate of 9% and the GNU utilities have a failure
rate of only 6%. It is reasonable to ask why a globally
scattered group of programmers, with no formal testing
support or software engineering standards can produce
code that is more reliable (at least, by our measure)
than commercially produced code. Even if you consider
only the utilities that were available from GNU or Linux,
the failure rates for these two systems are better than
the other systems."
• IBM studies have found GNU/Linux to be highly reliable.
IBM ran a series of extremely stressful tests for 30 and
60 days, and found that the Linux kernel and other core
OS components -- including libraries, device drivers, file
systems, networking, IPC, and memory management --
operated consistently and completed all the expected
durations of runs with zero critical system failures. Linux
system performance was not degraded during the long
duration of the run, the Linux kernel properly scaled to
use hardware resources (CPU, memory, disk) on SMP
systems, the Linux system handled continuous full CPU
load (over 99%) and high memory stress well, and the
Linux system handled overloaded circumstances
correctly. IBM declared that these tests demonstrate
that “the Linux kernel and other core OS components
are reliable and stable ... and can provide a robust,
enterprise-level environment for customers over long
periods of time.”
• A study by Reasoning (www.reasoning.com) found that
the Linux kernel’s implementation of the TCP/IP Internet
protocol stack had fewer defects than the equivalent
stacks of several proprietary general-purpose operating
systems. It equaled the best of the embedded operating
systems.

Reasoning’s study compared six implementations of

TCP/IP. Besides the Linux kernel, three of the

www.bluedog.net 14 of 20
 implementations were part of commercial general-
purpose operating systems, and two were embedded in
commercial telecommunications equipment. The study
was not commissioned by any of the GNU/Linux vendors
or companies who might be competing with GNU/Linux,
and thus should be free of bias.

The company used automated tools to look five kinds of

defects in code: Memory leaks, null pointer
dereferences, bad deallocations, out of bounds array
access and uninitialized variables. Reasoning found 8
defects in 81,852 lines of Linux kernel source lines of
code (SLOC), resulting in a defect density rate of 0.1
defects per KSLOC. In contrast, the three proprietary
general-purpose operating systems (two of them
versions of Unix) had between 0.6 and 0.7
defects/KSLOC; thus the Linux kernel had a smaller
defect rate than all the competing general-purpose
operating systems examined.

A quick survey of the Solaris x86 packages finds a host of

niggling problems. By way of example, here are some
common ones: ACPI interface problems on Solaris are
solved by disabling the feature, versus working configs in
the Gentoo distro. Solaris places fixed limits on different
areas of the disk, meaning you have to guess the space
allocation by directory you think you will need. Solaris
duting installation does not require a default route out of
the segment so DNS does not work if you don't have a DNS
server in your LAN. The installer expects to find an A-record
matching the hostname and domain you entered into the
DNS configuration. If it can't query the DNS server or it gets
NXDOMAIN, an error is thrown and you can't configure DNS
while installing. Installing to pre-formatted partition can
throw an exception; the bug is known but has gone unfixed.
The solution to many hardware problems is to discard the
offending hardware. Overall, Solaris seems to have serious
deficiencies: little hardware driver support; limited or no
USB, video card or PCMCIA support; slow boot times; slow
performance.

www.bluedog.net 15 of 20
 Support

Unix administrators can support the platform. The

differences in the command sets between the flavors of Unix
are minimal and easily adjusted for by consulting the MAN
pages or a quick Google search. Innovative thinking in the
FOSS community even engenders commercial endeavors
such as Starnet’s Linux support [http://www.starnet.com/
linux_support/], where you can get Gentoo support for free.

Patches are handled typically via the Portage system.

Developers can also deploy their applications by employing
their own secure portage server, pushing binaries to
subscribing (and authenticated) servers over SSH.
Vulnerabilities, bug tracking, and upgrades are managed at
the Gentoo web site.

Gentoo's package management system is so robust and

powerful that there is currently an effort to port it to Solaris
( http://forums.gentoo.org/viewtopic.php?t=113387 ,
http://supportforum.sun.com/sunos/index.php?t=msg&goto
=1716&rid=0#msg_1716 ). The converse is not true.

The Portage package management system maintains the

latest stable secure code for the operating system and
allows for easy distribution with the issue of a few simple
commands. Solaris does not offer any such system.

Gentoo's "from source" system philosophy allows for code

to be compiled to take advantage of an architectures every
feature. In doing so binaries can be built to run optimally
for Xeon only processors whereas the binaries and kernel
for Solaris must maintain x86 backward compatibility
making them larger and slower.

The portage system mitigates much system management,

including addressing security vulnerabilities. As an example,
the month of September has seen two critical buffer

www.bluedog.net 16 of 20
 overflow vulnerabilities in Solaris Apache, whereas Gentoo's
"standards based" distribution of Apache saw one low rated
and one normal rated, both of which are mitigated simply
by running the current version in the portage repository.

Gentoo’s Handbook offers the most comprehensive

documentation on this distribution.

Gentoo will be providing periodic stable forks of the Portage

tree on a regular basis; a new quarterly release structure
unifies the releases. There is a snapshot of the Portage tree
every three months with the packages in it being very
stable. Gentoo's developers offer guaranteed support for
those packages including elements like security fixes for the
lifetime of that version.

Commercial Support Provider Contact Information

Direct System Support Inc. Corporate Office

http://www.directsystemssupport.com/ 9020 Kenamar Dr. Suite 201
San Diego, CA 92121-2431
P(858)-547-8307
info@directsystemssupport.com

IBM Partner
Interland Inc. Interland, Inc.
http://www.interland.com P.O. Box 406980
Atlanta, GA 30384-6980
1.877.504.0091

IBM Partner
Ineo Concepts Inc.
http://store.ineoconcepts.com/ 923 Pheonix Ave. Ste 1
Peekskill, NY 10566
Phone: (914) 737.4032

Cornerstone Systems Inc. Services, Security & Applications

http://www.csihome.com 27200 Tourney Road, Suite 315
Valencia, California 91355
661-799-3200

IBM Parner
Computer Applications Specialists, Inc. 6201 Chevy Chase Drive
http://www.comappspec.com Laurel, MD 20707
301.776.3400

IBM Partner

www.bluedog.net 17 of 20
 Alabanza Corp.
http://www.alabanza.com 10 East Baltimore Street
Suite 1500
Baltimore, MD 21202
(410) 779-1400

IBM Partner

www.bluedog.net 18 of 20
 Who Uses Gentoo?

Like many distributions of Linux, Gentoo is in wide use –

from individual developers to Federal government agencies,
cross-national corporations, and non-government
organizations. Here’s a sampling with brief descriptions.

Organization In What Environment?

National Security Gentoo Linux was chosen as the platform for this work
Agency because its growing success and open development
environment provided an opportunity to demonstrate that the
"Secure Enhanced" promoted by NSA and DoD functionality
can be successful in a mainstream operating system and, at
the same time, contribute to the security of a widely used
system. Additionally, the integration of these security research
results into Gentoo may encourage wide-spread adoption may
lead to additional improvement in system security.

U.S. Dept. of Operating system for portal to provide emergency response

Homeland Security personnel in 120+ cities with (sometimes classified)
(formerly Health information on fire, police, EMT and other emergency
and Human response plans related to anti-terror activities. High levels of
Services) security required for sub-topic areas pertaining to National
Pharmaceutical Stockpile and other important national quick-
response assets.

World Bank – Intranet portal servers that provide access to SAP R/3
General Services deployment, department-specific work flow applications (print
Division and multimedia job production tracking, digital asset
management, knowledge base).

U.S. Dept. of Installations at the Naval Research Lab - The Navy's corporate
Defense laboratory. NRL conducts a broadly-based multidisciplinary
program of scientific research and advanced technological
development directed toward maritime applications of new
and improved materials, techniques, equipment, system, and
other technologies.
Related: A report commissioned by the U.S. military concludes
that open source and free software should play a greater part
in the infrastructure of the world's remaining superpower.
Mitre Corporation's 152-page study addresses the extent of
FOSS-licensed (Free and Open Source Software) software use
in various branches: "…It's all over the place already, conclude
the authors, and there should be more of it . . ."

U.S. Department of Portal applications and web services run on Gentoo

www.bluedog.net 19 of 20
 Organization In What Environment?

Justice appliances. Provides services to 1,200 internal users and 10s

of thousands of external (general public) users.

Banca Populari di Web-based banking solution running Gentoo for web and
Vicenze (Italy) application tiers. High-availability, high-throughout and
locked-down systems were the main drivers in choosing
Gentoo Linux.

Other Commercial Tek Alchemy chose this distro because by itself Gentoo Linux
Installations is one of the most advanced GNU/Linux distributions available.
The Portage software management system delivers a great
deal of power and convenience for administrators who need to
keep software up-to-date for security reasons. A simple cron
job can download and install updates for the base distribution
plus whatever else you have installed. In many ways Gentoo
is a lot like other flavors of Unix; the installation,
configuration, and maintenance are very similar in practice.

Seven L Networks uses Gentoo Linux on almost all of its back

room production servers as well as most of the hosting and
dedicated servers that it rents out. It runs its mail services
and its own company Web site, and stores all of its data
backups on Gentoo-based computers.

www.bluedog.net 20 of 20