Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Cloud

Fedora 21 Released 106

Posted by Soulskill
from the can-now-drink-in-the-U.S. dept.
linuxscreenshot writes: The Fedora Project has announced the release of Fedora 21. "As part of the Fedora.next initiative, Fedora 21 comes in three flavors: Cloud, Server, and Workstation. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new "Atomic" image streamlined for running Docker containers. The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you've previously seen from the Fedora desktop." Here are screenshots for Fedora 21: GNOME, KDE, Xfce, LXDE, and MATE.
Operating Systems

Fedora 21 Beta Released 56

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: The Fedora Project has been critical to the development Red Hat Enterprise Linux — RHEL version 7 was largely based off Fedora version 19. Fedora is continuing to evolve with the announcement of Fedora 21 Beta, now available from the Fedora Project website. To make the release ready for Beta testing required addressing 50 beta blocker bugs. If the Fedora Project developers are able to keep up with the final release blocker bugs, then Fedora 21 is expected to be released on December 9th. As a result, support for Fedora 19 is expected to end around the beginning of 2015. Released back in July 2013, Fedora 19 will have been supported for over 540 days by 2015. Previously, the longest a Fedora release was supported was Fedora Core 5 at 469 days. Users of Fedora 19 will be encouraged to upgrade to Fedora 20 or 21 to continue to get critical updates.
Unix

Dangerous Vulnerability Fixed In Wget 58

Posted by Soulskill
from the under-the-radar dept.
jones_supa writes: A critical flaw has been found and patched in the open source Wget file retrieval utility that is widely used on UNIX systems. The vulnerability is publicly identified as CVE-2014-4877. "It was found that wget was susceptible to a symlink attack which could create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP," developer Vasyl Kaigorodov writes in Red Hat Bugzilla. A malicious FTP server can stomp over your entire filesystem, tweets HD Moore, chief research officer at Rapid 7, who is the original reporter of the bug.
Red Hat Software

Fedora 21 Alpha Released 37

Posted by timothy
from the every-release-represents-years-of-work dept.
An anonymous reader writes Fedora 21 Alpha has been released. After encountering multiple delays, the first development version is out for the Fedora.NEXT and Fedora 21 products. Fedora 21 features improved Wayland support, GNOME 3.14, many updated packages, greater server and cloud support, and countless other improvements with Fedora 20 already being nearly one year old.
Data Storage

Fedora To Get a New Partition Manager 170

Posted by timothy
from the nostalgia-is-a-hard-force-to-overcome dept.
sfcrazy writes Developer Vratislav Podzimek has announced the next-gen partition manager for Fedora, blivet-gui. It is eventually going to replace GParted, the most popular GUI based partition manager, found in all major distros. The new tool is named blivet-gui after the blivet python library (originally Anaconda's storage management and configuration tool). The need of a new partition manager stems from the fact that none of the existing GUI partitioning tools supports all modern storage technologies. Fedora's Anaconda base supports all, though, and is hence chosen as the back-end for this new tool. The application is only a few months old but is already looking nice and useful. Features like RAID and BTRFS support are being worked on. Vojtech Trefny is the other developer working with Vratislav on blivet-gui. Here's the announcement.
Cloud

Bringing New Security Features To Docker 29

Posted by timothy
from the password-is-stevedore dept.
Czech37 writes SELinux lead Dan Walsh wrote last month that Docker "containers do not contain" and that the host system isn't completely protected. Today, Walsh details the steps that Docker, Red Hat, and the open source community are taking to make Docker more secure: "Basically, we want to put in as many security barriers to break out as possible. If a privileged process can break out of one containment tool, we want to block them with the next. With Docker, we are want to take advantage of as many security components of Linux as possible. If "Docker" isn't a familiar word, the project's website is informative; the very short version is that it's a Linux-based "open platform for developers and sysadmins to build, ship, and run distributed applications"; Wikipedia has a good explanation, too.
Red Hat Software

Brian Stevens Resigns As Red Hat CTO 39

Posted by timothy
from the more-time-with-family dept.
darthcamaro (735685) writes Since November of 2001, Brian Stevens has been the CTO of Red Hat. As of August 28, that's no longer the case. Under Stevens' tenure, Red Hat transformed its business, adding Red Hat Enterprise Linux, acquiring JBoss, Qumranet, Gluster and Ceph as well as joining (and now leading) the OpenStack Foundation. So why did he leave? No official word, but apparently it is to pursue a new opportunity that Stevens just could not pass up.
Red Hat Software

How Red Hat Can Recapture Developer Interest 232

Posted by Soulskill
from the cookies-will-do-the-trick dept.
snydeq writes: Developers are embracing a range of open source technologies, writes Matt Asay, virtually none of which are supported or sold by Red Hat, the purported open source leader. "Ask a CIO her choice to run mission-critical workloads, and her answer is a near immediate 'Red Hat.' Ask her developers what they prefer, however, and it's Ubuntu. Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two."
Linux Business

Red Hat CEO: Open Source Goes Mainstream In 2014 65

Posted by Unknown Lamer
from the year-of-the-linux-lightbulb dept.
ashshy (40594) writes Red Hat CEO Jim Whitehurst likes to post "state of the union" addresses at the end of every year. Last December, he said that open source innovation is going mainstream in 2014. In an interview with The Motley Fool, Whitehurst matches up his expectations against mid-year progress. Spoiler alert: It's mostly good news.
Open Source

Open Source Pioneer Michael Tiemann On Open Source Business Success 41

Posted by Unknown Lamer
from the smash-the-system dept.
ectoman (594315) writes Opensource.com has a summary of an interview with Michael Tiemann, co-founder of Cygnus Solutions and one of the world's first open source entrepreneurs. Now VP of Open Source Affairs at Red Hat, Tiemann offers an historical perspective on what makes open source businesses successful, and shares how he dealt with the open source movement's early skeptics. "A lot of the skepticism is a response to the abstract; it's a response to the unknown," Tiemann says, "And when you bring a concrete success story with just absolutely stellar credentials that doesn't just outperform the field, but embarrasses the field, then the skeptics begin to look like they're on the wrong side." The full audio interview on Hacker Public radio (~1 hour).
Businesses

Ask Slashdot: How Many Employees Does Microsoft Really Need? 272

Posted by Soulskill
from the might-be-time-to-reevaluate-the-Clippy-department dept.
An anonymous reader writes: Yesterday, word came down that Microsoft was starting to lay off some 18,000 workers. As of June 5th, Microsoft reported a total employee headcount of 127,005, so they're cutting about 15% of their jobs. That's actually a pretty huge percentage, even taking into account the redundancies created by the Nokia acquisition. Obviously, there's an upper limit to how much of your workforce you can let go at one time, so I'm willing to bet Microsoft's management thinks thousands more people aren't worth keeping around. How many employees does Microsoft realistically need? The company is famous for its huge teams that don't work together well, and excessive middle management. But they also have a huge number of software projects, and some of the projects, like Windows and Office, need big teams to develop. How would we go about estimating the total workforce Microsoft needs? (Other headcounts for reference: Apple: 80,000, Amazon: 124,600, IBM: 431,212, Red Hat: 5,000+, Facebook: 6,800, Google: 52,000, Intel: 104,900.)
Operating Systems

CentOS Linux Version 7 Released On x86_64 125

Posted by Unknown Lamer
from the keeping-costs-down dept.
An anonymous reader writes "Today, CentOS project unveiled CentOS Linux 7 for 64 bit x86 compatible machines. CentOS conforms fully with Red Hat's redistribution policy and aims to have full functional compatibility with the upstream product released in last month. The new version includes systemd, firewalld, GRUB2, LXC, docker, xfs instead of ext4 filesystem by default. The Linux kernel updated to 3.10.0, support for Linux Containers, 3d graphics drivers out of the box, OpenJDK 7, support for 40G Ethernet cards, installations in UEFI secure Boot mode on compatible hardware and more. See the complete list of features here and here. You can grab this release by visiting the official mirror site or via torrents. On a related note there is also a CentOS Linux 7 installation screencast here."
Red Hat Software

Red Hat Assistant General Counsel Analyses Supreme Court's Patent Ruling 43

Posted by samzenpus
from the break-it-down dept.
ectoman (594315) writes The U.S. Supreme Court issued a groundbreaking decision concerning software patents, claiming that abstract ideas are not by themselves patentable. The ruling was a cause for celebration among those opposed to software patent abuse, like Red Hat's Vice President and Assistant General Counsel, Rob Tiller. Here, Tiller analyzes and offers some context for the Court's ruling, which "uses the traditional common law methodology of comparing one case to previous similar cases and harmonizing with those most similar."
Red Hat Software

Red Hat Enterprise Linux 7 Released 231

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Today, Red Hat unveiled Red Hat Enterprise Linux 7, with new features designed to meet both modern datacenter and next-generation IT requirements for cloud, Linux Containers, and big data. The new version includes Linux containers (LXC), which let Linux users easily create and manage system or application containers, improved MS Active Directory / Identity Management (IdM) integration, XFS as the default file system, scaling to 500 TB (additional file system choices such as btrfs, ext{3,4} and others are available), a new and improved installation experience, managing Linux servers with OpenLMI, enhancements to both NFS and GFS2, optimized network management, bandwidth, the use of KVM Virtualization technology and more. See the complete list of features here (PDF). CentOS 7 shouldn't be lagging too far behind due to recent cooperation between Red Hat and CentOS project.
Encryption

GnuTLS Flaw Leaves Many Linux Users Open To Attacks 127

Posted by Soulskill
from the with-many-eyes-all-maintainers-are-grumpy dept.
A new flaw has been discovered in the GnuTLS cryptographic library that ships with several popular Linux distributions and hundreds of software implementations. According to the bug report, "A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code." A patch is currently available, but it will take time for all of the software maintainers to implement it. A lengthy technical analysis is available. "There don't appear to be any obvious signs that an attack is under way, making it possible to exploit the vulnerability in surreptitious "drive-by" attacks. There are no reports that the vulnerability is actively being exploited in the wild."
Red Hat Software

Matthew Miller Named New Fedora Linux Project Leader 24

Posted by timothy
from the congratulations-and-good-luck dept.
darthcamaro (735685) writes "Barely a week after Robyn Bergeron announced her intention to step down, Red Hat today announced that Matthew Miller is now the new Fedora Project Leader. Miller is the guy that came up with the whole Fedora.next proposal which is now reshaping Red Hat's community Linux project. Miller has a clear view of how his leadership will work in the cat-herding world of open source: 'As the FPL, you've got the responsibility, but no actual authority to tell anyone to do things,' Miller said. 'So you have to find people that have an interest and are aligned with the direction you want to go.'"
Red Hat Software

Why Should Red Hat Support Competitors' Software? 111

Posted by timothy
from the just-for-fun-vs-bottom-line-reality dept.
colinneagle (2544914) writes "The Wall Street Journal recently reported that, based on documents it reviewed, Red Hat "has chosen not to provide support to its commercial Linux customers if they use rival versions of OpenStack." But the big question is: Why would customers have expected that in the first place? Gartner analyst Lydia Leong told Network World that Red Hat isn't really doing anything wrong here. Customers shouldn't have an expectation that Red Hat would support competitors' software. "The norm would be to expect that non-Red Hat software is treated like any other third-party software," Leong says. If Red Hat has done anything wrong, it's that it has not clearly articulated its positioning and support for non-Red Hat OpenStack distros. Red Hat did not immediately respond to a question asking for a clarification on its support policy. The complication in all this comes from the fact that OpenStack is an open source project and there are misconceived notions that all OpenStack clouds are interoperable with one another. But Leong says just because OpenStack is open source doesn't change the expectations around vendors supporting competitors' products."
Linux Business

Red Hat Acquires InkTank, Ceph Maintainers 18

Posted by Unknown Lamer
from the now-throw-some-money-at-openafs dept.
An anonymous reader writes "Red Hat announced their pending acquisition of Inktank this morning. Sage Weil and a team of researchers at University of California Santa Cruz first published the architecture in 2007. Sage joined DreamHost after college and continued development on Ceph until DreamHost spun off a Inktank, a company focused solely on Ceph. In Sage's blog post on the acquisition, he says 'In particular, joining forces with the Red Hat team will improve our ability to address problems at all layers of the storage stack, including in the kernel.' Sage goes on to announce that Inktank's proprietary management tools for Ceph will now be open sourced, citing Red Hat's pure open source development and business models.

Ceph has seen wide adoption in OpenStack customer deployments, alongside Red Hat's existing Gluster system."
Ceph looks pretty cool if you're doing serious storage: CERN has a 3 Petabyte "prototype" cluster in use now (Only tangentially related, but still interesting, is how CERN does storage in general).
Security

OpenSSL Bug Allows Attackers To Read Memory In 64k Chunks 303

Posted by Unknown Lamer
from the check-your-bounds dept.
Bismillah (993337) writes "A potentially very serious bug in OpenSSL 1.0.1 and 1.0.2 beta has been discovered that can leak just about any information, from keys to content. Better yet, it appears to have been introduced in 2011, and known since March 2012." Quoting the security advisory: "A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server." The attack may be repeated and it appears trivial to acquire the host's private key. If you were running a vulnerable release, it is even suggested that you go as far as revoking all of your keys. Distributions using OpenSSL 0.9.8 are not vulnerable (Debian Squeeze vintage). Debian Wheezy, Ubuntu 12.04.4, Centos 6.5, Fedora 18, SuSE 12.2, OpenBSD 5.4, FreeBSD 8.4, and NetBSD 5.0.2 and all following releases are vulnerable. OpenSSL released 1.0.1g today addressing the vulnerability. Debian's fix is in incoming and should hit mirrors soon, Fedora is having some trouble applying their patches, but a workaround patch to the package .spec (disabling heartbeats) is available for immediate application.
Debian

Not Just Apple: GnuTLS Bug Means Security Flaw For Major Linux Distros 144

Posted by timothy
from the holes-to-plug dept.
According to an article at Ars Technica, a major security bug faces Linux users, akin to the one recently found in Apple's iOS (and which Apple has since fixed). Says the article:"The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical 'goto fail' flaw that for months put users of Apple's iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug." And while Apple can readily fix a bug in its own software, at least for users who keep up on patches, "Linux" refers to a broad range of systems and vendors, rather than a single company, and the affected systems include some of the biggest names in the Linux world, like Red Hat, Debian, and Ubuntu.

An authority is a person who can tell you more about something than you really care to know.

Working...