Final Red Hat Enterprise Linux 7 Version Released (zdnet.com) 69
RHEL 7.7 users can also use Red Hat's new predictive problem shooter: Red Hat Insights. This uses a software-as-a-service (SaaS)-based predictive analytics approach to spot, assess, and mitigate potential problems to their systems before they can cause trouble. For developers, RHEL 7.7 comes with Python 3.6 interpreter, and the pip and setup tools utilities. Previously, Python 3 versions were available only as a part of Red Hat Software Collections. Moving on to the cloud, RHEL 7.7 Red Hat Image Builder is now supported. This feature, which is also in RHEL 8, enables you to easily create custom RHEL system images for cloud and virtualization platforms such as Amazon Web Services (AWS), VMware vSphere, and OpenStack. To help cloud-native developers, RHEL 7.7 includes full support for Red Hat's distributed-container toolkit -- buildah, podman, and skopeo -- on RHEL workstations. After building on the desktop, programmers can use Red Hat Universal Base Image to build, run, and manage containerized applications across the hybrid cloud.
IBM Closes Its $34 Billion Acquisition of Red Hat (cnbc.com) 95
'Java Web Start Is Dead. Long Live Java Web Start!' (openwebstart.com) 62
From OpenWebStart.com: Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions. This means that clients that have the latest version of Java installed can no longer use JWS-based applications. And since public support of Java 8 has ended in Q2/2019, companies no longer get any updates and security fixes for Java Web Start.
This is why we decided to create OpenWebStart, an open source reimplementation of the Java Web Start technology. Our replacement will provide the most commonly used features of Java Web Start and the JNLP standard, so that your customers can continue using applications based on Java Web Start and JNLP without any change.
Red Hat is apparently involved in its parent project, IcedTea-Web, which it distributes as part of their Windows OpenJDK distribution.
Red Hat Changes Logo After Customers Call It 'Sinister', 'Secretive' (redhat.com) 180
When we decided to undertake an evolution of the Red Hat logo -- the first in nearly 20 years -- we set two guiding principles for ourselves. First, we'd do the work the Red Hat way, in the open. And second, we'd take this opportunity not just to improve our logo, but to make a bold statement about the ways Red Hat has evolved over its 26-year history... In December 2017, I announced our plans to update our look with a global invitation to collaborate. And since then, Red Hat's Brand team has been collecting feedback from customers and partners, coordinating work with well-known design consultancy Pentagram, poring over survey data, and iterating, iterating, iterating on the new design -- which we're now ready to unveil....
The new logo reflects Red Hat's evolution -- from a scrappy upstart "sneaking" into data centers with boxed copies of a Linux-based operating system (not to mention mugs and t-shirts) to the world's leading provider of open source solutions for enterprise hybrid cloud environments, someone working daily with the largest companies and agencies in the world to develop and run mission-critical solutions. We've truly stepped out of the shadows.
Does Open Source Have a 'Working For Free' Problem? (tidelift.com) 191
There's nothing wrong with doing stuff for fun and exposure, or making donations, as an option. It becomes a problem when the free work is expected and the donations are seen as enough... What would open source be like if we had a professional class of independent maintainers, constantly improving the code we all rely on?
The essay suggests some things consider, including asking people to pay for:
- Support requests
- Security audits/hardening and extremely good test coverage
- Supporting old releases
- License-metadata-annotation practices that are helpful for big companies trying to audit the code they use, but sort of a pain in the ass and nobody cares other than these big companies.
"Right now many users expect, and demand, that all of this will be free. As an industry, perhaps we should push back harder on that expectation. It's OK to set some boundaries..."
"Of course this relates to what we do at Tidelift -- the company came out of discussions about this problem, among others... In our day-to-day right now we're specifically striving to give subscribers a way to pay maintainers of their application dependencies for additional value, through the Tidelift Subscription. But we hope to see many more efforts and discussions in this area.... [I]n between a virtual tip jar and $100 million in funding, there's a vast solution space to explore."
Red Hat Takes Over Maintenance of OpenJDK 8 and OpenJDK 11 From Oracle (infoworld.com) 55
SUSE Will Soon Be the Largest Independent Linux Company (qz.com) 57
Last year SUSE's revenue grew by 15 percent in fiscal year 2018, and the business is about to surpass the $400 million revenue mark for the first time. SUSE, which sees not quite half of its business in Europe, is also seeing revenue growth around the world. North America, for example, now accounts for almost 40 percent of SUSE's revenues. The company is also expanding. SUSE added more than 300 employees in the last 12 months. For the most part this has been in engineering followed by sales and services. SUSE staff is now approaching 1,750 globally and its plans on continuing to hire aggressively.
Red Hat Rejects MongoDB's 'Discriminatory' Server Side Public License (zdnet.com) 106
Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution....
The business point behind MongoDB's license change is to force cloud companies to use one of MongoDB's commercial cloud offerings. This hasn't worked either. AWS just launched DocumentDB, a database, which "is designed to be compatible with your existing MongoDB applications and tools," wrote AWS evangelist Jeff Barr.
Red Hat Enterprise Linux Comes To Windows 10 in the Form of WLinux Enterprise (betanews.com) 124
Red Hat is Planning To Deprecate KDE on RHEL By 2024 (theregister.co.uk) 203
'Open Source Creators: Red Hat Got $34 Billion and You Got $0. Here's Why.' (tidelift.com) 236
And just like you don't have time to sell to large companies, they don't have time to buy from you alongside a thousand other open source creators, one at a time. Sure, big companies know how to install and use your software. (And good news! They already do.) But they can't afford to put each of 1100 npm packages through a procurement process that costs $20k per iteration. Red Hat solved this problem for one corner of open source by collecting 2,000+ open source projects together, adding assurances on top, and selling it as one subscription product. That worked for them, to the tune of billions. But did you get paid for your contributions?
Red Hat Enterprise Linux 7.6 Released (lwn.net) 53
"TPM 2.0 support has been added incrementally over recent releases of Red Hat Enterprise Linux 7, as the technology has matured," Steve Almy, principal product manager, Red Hat Enterprise Linux at Red Hat, told eWEEK. "The TPM 2.0 integration in 7.6 provides an additional level of security by tying the hands-off decryption to server hardware in addition to the network bound disk encryption (NBDE) capability, which operates across the hybrid cloud footprint from on-premise servers to public cloud deployments."
Fedora 29 Released (techrepublic.com) 31
"Additionally, UEFI for ARMv7 is now supported in Fedora 29, which also benefits Raspberry Pi users," reports TechRepublic. "Fedora already supported UEFI on 64-bit ARM devices."
IBM To Buy Red Hat, the Top Linux Distributor, For $34 Billion (bloomberg.com) 398
IBM and Red Hat will be strongly positioned to address this issue and accelerate hybrid multi-cloud adoption. Together, they will help clients create cloud-native business applications faster, drive greater portability and security of data and applications across multiple public and private clouds, all with consistent cloud management. In doing so, they will draw on their shared leadership in key technologies, such as Linux, containers, Kubernetes, multi-cloud management, and cloud management and automation. IBM's and Red Hat's partnership has spanned 20 years, with IBM serving as an early supporter of Linux, collaborating with Red Hat to help develop and grow enterprise-grade Linux and more recently to bring enterprise Kubernetes and hybrid cloud solutions to customers. These innovations have become core technologies within IBM's $19 billion hybrid cloud business. Between them, IBM and Red Hat have contributed more to the open source community than any other organization.
New SystemD Vulnerability Discovered (theregister.co.uk) 204
OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.
Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.
Trivial Bug In X.Org Server Gives Root Permissions On Linux, BSD Systems (bleepingcomputer.com) 114
An advisory on Thursday describes the problem as an "incorrect command-line parameter validation" that also allows an attacker to overwrite arbitrary files. Privilege escalation can be accomplished via the -modulepath argument by setting an insecure path to modules loaded by the X.org server. Arbitrary file overwrite is possible through the -logfile argument, because of improper verification when parsing the option. Apart from OpenBSD, other operating systems affected by the bug include Debian and Ubuntu, Fedora and its downstream distro Red Hat Enterprise Linux along with its community-supported counterpart CentOS.
Windows 10 Will Banish Spectre Slowdowns With Google's Retpoline Patch (zdnet.com) 61
"The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have," reports ZDNet.
TCP Flaw Lets Remote Attackers Stall Devices With Tiny DoS Attack (zdnet.com) 54
It lists a number of network-equipment vendors, PC and server manufacturers, mobile vendors, and operating-system makers that may be affected but notes that it hasn't confirmed whether any of them actually are. But, given the widespread use of Linux, the bug could affect every vendor from Amazon and Apple through to Ubuntu and ZyXEL. A remote attacker could cause a DoS by sending specially modified packets within ongoing TCP sessions. But sustaining the DoS condition would mean an attacker needs to have continuous two-way TCP sessions to a reachable and open port. The bug, dubbed "SegmentSmack" by Red Hat, has "no effective workaround/mitigation besides a fixed kernel."
Red Hat Changes Its Open-Source Licensing Rules (zdnet.com) 160
When the GPLv3 was released, it came with an express termination approach that offered developers the chance to cure license compliance errors. This termination policy in GPLv3 provided a way for companies to repair licensing errors and mistakes... Other companies -- CA Technologies, Cisco, HPE, Microsoft, SAP, and SUSE -- have taken similar GPL positions... In its new position statement, Red Hat explained that the GPLv2 and LGPL, as written, has led to the belief that automatic license termination and copyright infringement claims can result from a single act of inadvertent non-compliance.
"We hope that others will also join in this endeavor," says Red Hat's senior commercial counsel, Richard Fontana, "to reassure the open source community that good faith efforts to fix noncompliance will be embraced."
ZDNet points out that the move to new licenses "doesn't apply, of course, to Linux itself. Linus Torvalds has made it abundantly clear that Linux has been, will now, and always shall be under the GPLv2."