At OpenStack Summit in Vancouver, Canada this week, Canonical CEO and Ubuntu Linux founder Mark Shuttleworth came out firing at two of his major enterprise OpenStack competitors: Red Hat and VMware. He claimed that Canonical OpenStack is a better deal than either Red Hat or VMware's OpenStack offerings. From a report: Shuttleworth opened quietly enough, saying, "Mission is to remove all the friction from deploying OpenStack. We can deliver OpenStack deployments with two people in less two weeks anywhere in the world." So far, so typical for a keynote speech. But, then Shuttleworth started to heat things up: "Amazon increased efficiency, so now everyone is driving down cost of infrastructure. Everyone engages with Ubuntu, not Red Hat or VMware. Google, IBM, Microsoft are investing and innovating to drive down the cost of infrastructure. Every single one of those companies works with Canonical to deliver public services."

Then, Shuttleworth got down to brass tacks: "Not one of them engages with VMware to offer those public services. They can't afford to. Clearly, they have the cash, but they have to compete on efficiencies, and so does your private cloud." So, Canonical is rolling rolling out a migration service to help users shift from VMware to a "fully managed" version of Canonical's Ubuntu OpenStack distribution. Customers want this, Shuttleworth said, because, "When we take out VMware we are regularly told that our fully managed OpenStack solution costs half of the equivalent VMware service."

An anonymous reader quotes The Register: Late last month, open-source contributor Raymond Nicholson proposed a change to the manual for glibc, the GNU implementation of the C programming language's standard library, to remove "the abortion joke," which accompanied the explanation of libc's abort() function... The joke, which has been around since the 1990s and is referred to as a censorship joke by those supporting its inclusion, reads as follows:

25.7.4 Aborting a Program... Future Change Warning: Proposed Federal censorship regulations may prohibit us from giving you information about the possibility of calling this function. We would be required to say that this is not an acceptable way of terminating a program.

On April 30, the proposed change was made, removing the passage from the documentation. That didn't sit well with a number of people involved in the glibc project, including the joke's author, none other than Free Software Foundation president and firebrand Richard Stallman, who argued that the removal of the joke qualified as censorship... Carlos O'Donnell, a senior software engineer at Red Hat, recommended avoiding jokes altogether, a position supported by many of those weighing in on the issue. Among those voicing opinions, a majority appears to favor removal.
But in a post to the project mailing list, Stallman wrote "Please do not remove it. GNU is not a purely technical project, so the fact that this is not strictly and grimly technical is not a reason to remove this." He added later that "I exercise my authority over glibc very rarely -- and when I have done so, I have talked with the official maintainers. So rarely that some of you thought that you are entirely autonomous. But that is not the case. On this particular question, I made a decision long ago and stated it where all of you could see it."

The Register reports that "On Monday, the joke was restored by project contributor Alexandre Oliva, having taken Stallman's demand as approval to do so."

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.
See the detailed release notes here.

To mark Red Hat's 25th anniversary, TechCrunch spoke with the company's CEO Jim Whitehurst to talk about the past, present and future of the company, and open-source software in general. An excerpt: "Ten years ago, open source at the time was really focused on offering viable alternatives to traditional software," he told me. "We were selling layers of technology to replace existing technology. [...] At the time, it was open source showing that we can build open-source tech at lower cost. The value proposition was that it was cheaper." At the time, he argues, the market was about replacing Windows with Linux or IBM's WebSphere with JBoss. And that defined Red Hat's role in the ecosystem, too, which was less about technological information than about packaging. "For Red Hat, we started off taking these open-source projects and making them usable for traditional enterprises," said Whitehurst.

About five or six ago, something changed, though. Large corporations, including Google and Facebook, started open sourcing their own projects because they didn't look at some of the infrastructure technologies they opened up as competitive advantages. Instead, having them out in the open allowed them to profit from the ecosystems that formed around that. "The biggest part is it's not just Google and Facebook finding religion," said Whitehurst. "The social tech around open source made it easy to make projects happen. Companies got credit for that." He also noted that developers now look at their open-source contributions as part of their resume. With an increasingly mobile workforce that regularly moves between jobs, companies that want to compete for talent are almost forced to open source at least some of the technologies that don't give them a competitive advantage.
In October, Whitehurst also answered questions from Slashdot readers.

Microsoft is joining Red Hat, Facebook, Google and IBM in committing to extending right to "cure" open source licensing noncompliance before taking legal measures. From a report: On March 19, officials from Microsoft -- along with CA Technologies, Cisco, HPE, SAP and SUSE -- said they'd work with open together with the already-committed vendors to provide more "predictability" for users of open source software. "The large ecosystems of projects using the GPLv2 and LGPLv2.x licenses will benefit from adoption of this more balanced approach to termination derived from GPLv3," explained Red Hat in a press release announcing the new license-compliance partners. The companies which have agreed to adopt the "Common Cure Rights Commitment" said before they file or continue to prosecute those accused of violating covered licenses, they will allow for users to cure and reinstate their licenses.

An anonymous reader quotes BleepingComputer: Red Hat is releasing updates for reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715) after customers complained that some systems were failing to boot. "Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot," the company said yesterday. "The latest microcode_ctl and linux-firmware packages are reverting these unstable microprocessor firmware changes to versions that were known to be stable and well tested, released prior to the Spectre/Meltdown embargo lift date on Jan 3rd," Red Had added.

Instead, Red Hat is recommending that each customer contact their OEM hardware provider and inquire about mitigations for CVE-2017-5715 on a per-system basis. Besides Red Hat Enterprise Linux, other RHEL-based distros like CentOS and Scientific Linux are also expected to be affected by Red Hat's decision to revert previous Spectre Variant 2 updates, so these users will also have to contact CPU/OEM vendors.
At least one site "characterized the move as Red Hat washing its hands of the responsibility to provide customers with firmware patches," writes Data Center Knowledge, arguing instead that Red Hat "isn't actually involved in writing the firmware updates. It passes the microcode created by chipmakers to its users 'as a customer convenience.'" "What I would have said if they'd asked us ahead of time is that microcode is something that CPU vendors develop," Jon Masters, chief ARM architect at Red Hat, told Data Center Knowledge in a phone interview Thursday. "It's actually an encrypted, signed binary image, so we don't have the capability, even if we wanted to produce microcode. It's a binary blob that we cannot generate. The only people who can actually generate that are the CPU vendors."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Bruce Perens writes: Red Hat, IBM, Google, and Facebook announced that they would give infringers of their GPL software up to a 30-day hold-off period during which an accused infringer could cure a GPL violation after one was brought to their attention by the copyright holder, and a 60 day "statute of limitations" on an already-cured infringement when the copyright holder has never notified the infringer of the violation. In both cases, there would be no penalty: no damages, no fees, probably no lawsuit; for the infringer who promptly cures their infringement.
Perens sees the move as "obviously inspired" by the kernel team's earlier announcement, and believes it's directed against one man who made 50 copyright infringement claims involving the Linux kernel "with intent to collect income rather than simply obtain compliance with the GPL license."

Unfortunately, "as far as I can tell, it's Patrick McHardy's legal right to bring such claims regarding the copyrights which he owns, even if it doesn't fit Community Principles which nobody is actually compelled to follow."

You asked, he answered!

For Slashdot's 20th anniversary -- and the 23rd anniversary of the first release of Red Hat Linux -- here's a special treat.

Red Hat CEO Jim Whitehurst has responded to questions submitted by Slashdot readers. Read on for his answers...

Bill Gates uses an Android phone now. "It may not be the most surprising revelation, given profits are sinking faster than a boat without a hull and big-name partners are jumping ship left and right, but the founder of Microsoft has presumably left Windows Mobile," reports Neonwin. Long-time Slashdot reader Billly Gates (no relation) writes: I would assume this is the final nail in the coffin for Windows Phone and the rumored Surface Phone which may never see the light of day. Over the past few months we have seen a change in Microsoft with them being friendly to Linux with stories of porting .NET core over to Linux, helping write a custom Linux kernel, as well as introducing the not-so-popular-on-slashdot WSL Ubuntu for WIndows 10.
Noting the Android emulators in Visual Studio, he's wondering if the company's ambitions go beyond developers, and if they're planning a Microsoft version of Android, "as the tools are in place with Ubuntu, Node.js, Python, Microsoft Code editor, and the Visual Studio 2017 Community Edition."

His original submission points out that 10 years ago these stories would have been unimaginable, but he also asks a second question: has Microsoft really changed? "Could we be seeing a new Microsoft now that the world is moving to mobile and they have no operating system in it?"

Tech analyst James Governor reports on what he learned from Red Hat's "Analyst Day": So it turns out Red Hat is pretty good at being Red Hat. By that I mean Red Hat sticks to the knitting, carries water and chops wood, and generally just does a good job of packaging open source technology for enterprise adoption. It's fashionable these days to decry open source -- "it's not a business". Maybe not for you, but for Red Hat it sure is. Enterprises trust Red Hat precisely because it makes open source boring. Exciting and cool, on the other hand, often means getting paged in the middle of the night. Enterprise people generally don't like that kind of thing...

Red Hat remains an anomaly -- it makes money in open source. It has new revenue streams opening up. It is well positioned to keep doing the basics, but also now have a conversation with the C-suite about transformation.
The article notes the popularity of OpenShift, Red Hat's Kubernetes distribution for managing container-based applications. (OpenShift Container Platform, Red Hat's on-premises private PaaS product, now has 400 paying enterprise customers). And it also applauds Red Hat's 2016 launch of Open Innovation Labs -- a enterprise consulting service "to jumpstart innovation and software development initiatives using open source technology and DevOps methods."

Billly Gates writes: Microsoft recently released Visual Studio 15.3 for Windows and Visual Studio 7.1 for Mac with .NET core 2.0. In addition to porting Microsoft Code and SQL Server to Linux, they have ported .NET. Redhat will bundle .NET in their software offerings instead of relying on Mono. .NET core is Microsoft's open-source .NET platform which is not based off Mono and available for Linux, Mac, and Windows here.

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.
Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.

An anonymous reader quotes InfoWorld: The next edition of standard Java had been proceeding toward its planned July 27 release after earlier bumps in the road over modularity. But now Red Hat and IBM have opposed the module plan. "JDK 9 might be held up by this," Oracle's Georges Saab, vice president of development for the Java platform, said late Wednesday afternoon. "As is the case for all major Java SE releases, feedback from the Java Community Process may affect the timeline..."

Red Hat's Scott Stark, vice president of architecture for the company's JBoss group, expressed a number of concerns about how applications would work with the module system and its potential impact on the planned Java Enterprise Edition 9. Stark also said the module system, which is featured in Java Specification Request 376 and Project Jigsaw, could result in two worlds of Java: one for Jigsaw and one for everything else, including Java SE classloaders and OSGI. Stark's analysis received input from others in the Java community, including Sonatype.
"The result will be a weakened Java ecosystem at a time when rapid change is occurring in the server space with increasing use of languages like Go," Stark wrote, also predicting major challenges for applications dealing with services and reflection. His critique adds that "In some cases the implementation...contradicts years of modular application deployment best practices that are already commonly employed by the ecosystem as a whole." And he ultimately concludes that this effort to modularize Java has limitations which "almost certainly prevent the possibility of Java EE 9 from being based on Jigsaw, as to do so would require existing Java EE vendors to completely throw out compatibility, interoperability, and feature parity with past versions of the Java EE specification."

An anonymous reader quotes Fedora Magazine: Both MP3 encoding and decoding will soon be officially supported in Fedora. Last November the patents covering MP3 decoding expired and Fedora Workstation enabled MP3 decoding via the mpg123 library and GStreamer... The MP3 codec and Open Source have had a troubled relationship over the past decade, especially within the United States. Historically, due to licensing issues Fedora has been unable to include MP3 decoding or encoding within the base distribution... A couple of weeks ago IIS Fraunhofer and Technicolor terminated their licensing program and just a few days ago Red Hat Legal provided the permission to ship MP3 encoding in Fedora.

An anonymous reader writes: According to multiple reports on Twitter, the Fedora Infrastructure Status page, and the #fedora-admin Freenode IRC channel, Red Hat is suffering a massive network outage at their primary data center. Details are sketchy at this point, but it looks to be impacting the Red Hat Customer Portal; as well as all their repositories (including Fedora, EPEL, Copr); their public build system, Koji; and a whole host of other popular services. There is no ETA for restoration of services at this point.

Jim Whitehurst joined Red Hat in 2008, as its valuation rose past $10 billion and the company entered the S&P 500. He believes that leaders should engage people, and then provide context for self-organizing, and in 2015 even published The Open Organization: Igniting Passion and Performance (donating all proceeds to the Electronic Frontier Foundation). The book describes a post-bureaucratic world of community-centric companies led with transparency and collaboration, with chapters on igniting passion, building engagement, and choosing meritocracy over democracy.

Jim's argued that Red Hat exemplifies "digital disruption," and recently predicted a world of open source infrastructure running proprietary business software. Fortune has already called Red Hat "one of the geekiest firms in the business," and their open source cloud computing platform OpenStack now competes directly with Amazon Web Services. Red Hat also sponsors the Fedora Project and works with the One Laptop Per Child initiative.

So leave your best questions in the comments. (Ask as many questions as you'd like, but please, one per comment.) We'll pick out the very best questions, and then forward them on for answers from Red Hat CEO Jim Whitehurst.

An anonymous reader summarizes the highlights of Fortune's new interview with Red Hat CEO James Whitehurst: A recruiter told Whitehurst the culture at Red Hat was "a little bit like that Blues Brothers movie, when Dan Aykroyd says, 'We're on a mission from God.'" But Whitehurst says geeky passion "makes it a great place to be a part of," and even argues that the success of Microsoft in the 1990s can be attributed to its Microsoft Developer Network, which led developers into Microsoft's platform and infrastructure. "Developers now are heavily using open-source tools and technology and, bluntly, I think that's why Microsoft had to open source .NET and why they're embracing more open source in general. Because open source is where innovation is coming from and is what developers are consuming, it forces vendors to participate."

Looking towards the future, Whitehurst says "A rough line would be almost to say most infrastructure is going to be open source and most business functionality above it is going to be proprietary." And he also warns open source companies, "if you don't have the unique business model that allows you to add value on top of the free functionality, in the end you're going to fail... a lot of open source companies have come and gone because they've been more focused on the functionality versus how they add value around the functionality."

Long-time Slashdot reader jrincayc shares news from Red Hat's Fedora Engineering Manager, Tom Callaway. On the Fedora-legal mailing list, Callaway announced: Red Hat has determined that it is now acceptable for Fedora to include MP3 decoding functionality (not specific to any implementation, or binding by any unseen agreement). Encoding functionality is not permitted at this time.
And the same day Christian Schaller announced on the Gnome blog that mp3 playback would be supported in Fedora Workstation 25. You should be able to download the mp3 plugin on Day 1 through GNOME Software or through the missing codec installer in various GStreamer applications. For Fedora Workstation 26 I would not be surprised if we decide to ship it on the install media.
He added, "I know this has been a big wishlist item for a long time for a lot of people..."

Speaking at the "All Things Open" conference, Red Hat CEO Jim Whitehurst remembered when Linux "was just a 'bunch of geeks' getting together figuring it all out on an 8286 chip" 25 years ago. An anonymous reader quotes BizJournals: "It went from being kind of a hacker movement to truly what I'll say [is] a viable alternative to traditional software," Whitehurst says, adding that Red Hat was a part of that push. Over the years, it came out from under the radar, being what Whitehurst calls "the default choice for a next-generation of infrastructure," particularly when it comes to cloud architectures... He points to Google, Microsoft and Facebook, all having open sourced their machine learning systems. "They recognize the company that builds the community around that piece of technology, that technology is going to win."