Slashdot Mirror

An anonymous reader writes "Best Buy and Barnes and Noble have a problem with showrooming — shoppers checking out the merchandise in their stores and then proceeding to order the goods at a discounted prices online. And Red Hat might have a similar problem with people (not just college kids and software professionals boning up on their skills at home, either) using the free-as-in-beer CentOS rather than licensing Red Hat Enterprise Linux and paying support fees. But according to CEO Jim Whitehurst, Red Hat's competitive position may actually be helped by CentOS in the same way that counterfeit Windows products sold on the streets in the Far East may have helped Microsoft — by cementing their position as the technology standard, in a marketplace that also includes entrants from SuSE, Debian, Oracle, and Ubuntu, just among Linux-based entrants. Who does Whitehurst consider to be Red Hat's most direct threat? VMWare."

First time accepted submitter PAjamian writes "Maintainers of the Anaconda installer in Fedora have taken it upon themselves to show passwords in plaintext on the screen as they are entered into the installer. Following on the now recanted statements of security expert Bruce Schneier, Anaconda maintainers have decided that it is not a security risk to show passwords on your screen in the latest Alpha release of Fedora 19. Members of the Fedora community on the Fedora devel mailing list are showing great concern over this change in established security protocols." Note: the change was first reported in the linked thread by Dan Mashal.

netbuzz writes "A federal judge in Texas, presiding over a district notorious for favoring patent trolls, has summarily dismissed all claims relating to a case brought by Uniloc USA against Rackspace for [Linux] allegedly infringing upon [Uniloc's] patents. Red Hat defended Rackspace in the matter and issued a press release saying: 'In dismissing the case, Chief Judge Leonard Davis found that Uniloc's claim was unpatentable under Supreme Court case law that prohibits the patenting of mathematical algorithms. This is the first reported instance in which the Eastern District of Texas has granted an early motion to dismiss finding a patent invalid because it claimed unpatentable subject matter.'" You can't patent floating point math after all.

hypnosec writes "Red Hat has announced the availability of a preview version of its OpenStack Distribution that would enable it to compete with the likes of Amazon which is considered one of the leaders in infrastructure-as-a-service cloud services. The enterprise Linux maker was a late entrant into the OpenStack world where players like Rackspace, HP and Internap have already made their mark. Red Hat's OpenStack distribution enterprises can build and manage private, public, and hybrid infrastructure-as-a-service clouds. These companies will not only be competing with the likes of Amazon, but will also be competing against themselves to get a bite out of the IaaS cloud. What started as a project has quickly developed into an open source solution that enables organizations to achieve performance, features and greater functionality from their private and/or public clouds. The announcement of OpenStack Foundation acted as a catalyst toward the fast-paced development of the platform."

Tmack writes "The last time we had a leap second, sysadmins were taken a bit by surprise when a random smattering of systems locked up (including Slashdot itself) due to a kernel bug causing a race condition specific to the way leap seconds are handled/notified by ntp. The vulnerable kernel versions (prior to 2.6.29) are still common amongst older versions of popular distributions (Debian Lenny, RHEL/CentOS 5) and embedded/black-box style appliances (Switches, load balancers, spam filters/email gateways, NAS devices, etc). Several vendors have released patches and bulletins about the possibility of a repeat of last time. Are you/your team/company ready? Are you upgraded, or are you going to bypass this by simply turning off NTP for the weekend?" Update: 07/01 03:14 GMT by S : ZeroPaid reports that this issue took down the Pirate Bay for a few hours.

darthcamaro writes "You don't really buy an open source company — since the tech is all open. But then again, Red Hat 'buys' open source companies all the time, they just bought one this week. So when does it makes sense for Red Hat to buy a company versus just building it on their own? Apparently, it all comes down to community. 'When you buy an open source company, if the people aren't coming and passionate about staying then you spend a lot of money for what? Because you don't get a lot of intellectual property,' Red Hat CEO Jim Whitehurst said."

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.

mask.of.sanity writes with this excerpt from SC Magazine: "Australian researcher Silvio Cesare has released a tool capable of automatically detecting bugs and vulnerabilities in embedded Linux libraries. The script correlates vulnerability advisory CVEs for third-party libraries to determine if holes have carried over to Linux platforms or have not been patched. Such holes often escape the eye of developers because the libraries may not be kept updated with sources. This is further compounded because vulnerabilities in cross distributed packages can leave Linux platforms vulnerable."

AdamWill writes "Fedora 16 Alpha is released today, featuring GNOME 3.1.4 with a unified input indicator for keyboard layouts and input methods, KDE 4.7, GRUB 2 on new installations (with GPT disk labels) and several other major changes. You can download it now. Remember to read the important information in the release notes and common bugs page."

wiredmikey writes "Red Hat today released Red Hat Enterprise Linux 6.1, the first update to the platform since Red Hat Enterprise Linux 6 back in November 2010. The latest version brings improvements in system reliability, scalability and performance, and support for upcoming system hardware. The latest version also delivers patches and security updates as well as enhancements in virtualization, file systems, scheduler, resource management and high availability." The Register, too, outlines the new release.

An anonymous reader writes "It was way back on 2006-09-07 when Red Hat released its first public beta of Enterprise Linux 5. Today, after more than three years, Red Hat finally releases its first public beta of its next-generation OS: RHEL 6 public beta 1. From the news release: 'We are excited to share with you news of our first public step toward our next major Red Hat Enterprise Linux platform release with today's Beta availability of Red Hat Enterprise Linux 6. Beginning today, we are inviting our customers, partners, and members of the public to install, test, and provide feedback for what we expect will be one of our most ambitious and important operating platform releases to date. This blog is the first in a series of upcoming posts that will cover different aspects of the new platform.'"

AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."

AdamWill writes "After the controversy over Fedora 12's controversial package installation authentication policy, including our discussion this week, the package maintainers have agreed that the controversial policy will be tightened to require root authentication for trusted package installation. Please see the official announcement and the development mailing list post for more details."

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

eqisow writes "The new default policy for Fedora 12 allows local, unprivileged users to install signed packages without root access. This change apparently went mostly unnoticed until after the Fedora 12 GA release, at which point it sparked a mailing list thread that is, as of this writing, over 100 posts long."

An anonymous reader writes "The fourth update in the Red Hat Enterprise Linux 5 family is released. From the press release — this version includes kernel-based virtual machine (KVM) virtualization, alongside of Xen virtualization technology. The scalability of the Red Hat virtualization solution has been incremented to support 192 CPUs and 1GB hugepages. Other updates including GCC 4.4 and a new malloc(), clustered, high-availability filesystem to support Microsoft Windows storage needs on Red Hat Enterprise Linux. This article covers the upgrade procedure for RHEL 5.4 from the previous version."

Icemaann writes "ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level."

An anonymous reader writes "'Linux vendor Red Hat, and 17 other vendors, have protested a Swiss government contract given to Microsoft without any public bidding. The move exposes a wider Microsoft monopoly that European governments accept, despite their lip service for open source, according to commentators. The Red Hat group has asked a Swiss federal court to overturn a three-year contract issued to Microsoft by the Swiss Federal Bureau for Building and Logistics, to provide Windows desktops and applications, with support and maintenance, for 14M Swiss francs (£8M; $15M) each year. The contract, for 'standardized workstations,' was issued with no public bidding process, Red Hat's legal team reports in a blog — because the Swiss agency asserted there was no sufficient alternative to Microsoft products.'"

tobiasly writes "I administer several Ubuntu desktops and numerous CentOS servers. One of the biggest headaches is keeping them up-to-date with each distro's latest bugfix and security patches. I currently have to log in to each system, run the appropriate apt-get or yum command to list available updates, determine which ones I need, then run the appropriate install commands. I'd love to have a distro-independent equivalent of the Red Hat Network where I could do all of this remotely using a web-based interface. PackageKit seems to have solved some of the issues regarding cross-distro package maintenance, but their FAQ explicitly states that remote administration is not a goal of their project. Has anyone put together such a system?"

I Believe in Unicorns writes "Red Hat's patent policy says 'In an attempt to protect and promote the open source community, Red Hat has elected to... develop a corresponding portfolio of software patents for defensive purposes. We do so reluctantly...' Meanwhile, USPTO Application #: 20090063418, 'Method and an apparatus to deliver messages between applications,' claims a patent on routing messages using an XQuery match, which is an extension of the 'unencumbered' AMQP protocol that Red Hat is helping to make. Is this a defensive patent, or is Red Hat cynically staking out a software patent claim to an obvious extension of AMQP? Is Red Hat's promise to 'refrain from enforcing the infringed patent' against open source a reliable contract, or a trap for the unwary? Given the Microsoft-Red Hat deal in February, are we seeing Red Hat's 'Novell Moment?'" Reader Defeat_Globalism contributes a related story about an international research team who conducted experiments to "quantify the ways patent systems and market forces might influence someone to invent and solve intellectual problems." Their conclusion was that a system which doesn't restrict prizes to the winner provides more motivation for innovation.

mjasay writes "For years Microsoft has insisted that open-source vendors acknowledge its patent portfolio as a precursor to interoperability discussions. Today, Microsoft shed that charade and announced an interoperability alliance with Red Hat for virtualization. The nuts-and-bolts of the agreement are somewhat pedantic, providing for Red Hat to validate Windows Server guests to be supported on Red Hat Enterprise virtualization technologies, and other technical support details. But the real crux of the agreement is what isn't there: patents. Red Hat has long held that open standards and open APIs are the key to interoperability, even as Microsoft insisted patents play a critical role in working together, and got Novell to buy in. Today, Red Hat's vision seems to have won out with an interoperability deal heavy on technical integration and light on lawyers."

snydeq writes "Smart coders always optimize the slowest thing. But what if 'the slowest thing' is the code supplied by your vendor? That was exactly the situation Vipul Ved Prakash discovered when he tinkered with a company Linux box on which Perl code was running at least 100 times slower than expected. The code, he found, was running on CentOS Linux, using Perl packages built by Red Hat. So Prakash got rid of the Perl executable that came with CentOS, compiled a new one from stock, and the bug disappeared. 'What's more disturbing,' McAllister writes, 'is that this Red Hat Perl performance issue is a known bug,' first documented in 2006 on Red Hat's own Bugzilla database. Folks affected by the current bug have two options: sit tight, or compile the Perl interpreter from source — effectively waiving your support contract. If a Linux vendor can't provide comprehensive maintenance and support for the open source software projects you depend on, McAllister asks, who ever will?"

An anonymous reader writes "In an email sent to the fedora-announce mailing list, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. Red Hat has released a security advisory and a script to detect potentially compromised openssh packages."

An anonymous reader writes "In an email sent to the fedora-announce mailing list, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. Red Hat has released a security advisory and a script to detect potentially compromised openssh packages."

An anonymous reader writes "In an email sent to the fedora-announce mailing list, it has been revealed that both Fedora and Red Hat servers have been compromised. As a result Fedora is changing their package signing key. Red Hat has released a security advisory and a script to detect potentially compromised openssh packages."

hweimer writes "Most problems when opening Word documents under GNU/Linux are due to missing fonts. Therefore, Red Hat published a set of fonts metric-compatible with the Windows core fonts last year. However, there were some concerns regarding the licensing that prevented many other distros to ship them. We finally managed to settle these problems, leading to better document interoperability for all GNU/Linux users."

deadearth writes "At their annual summit, Red Hat announced they are open-sourcing the Red Hat Network Satellite product, calling it Spacewalk. This will be the new upstream for the Satellite system management solution. Here is the Wiki."

Bruce Perens writes "Red Hat has settled patent suits with Firestar Software, Inc., Amphion, and Datatern on a patent covering the Object-Relational Database Model, which those companies asserted was used in the jBoss Hibernate package — not in Red Hat Linux. The settlement is said to protect upstream developers and derivative works of the upstream software, thus protecting the overall Open Source community. Full terms of the settlement and patent licenses are not available at this time." Reader Koohoolinn adds a link to RedHat's own report of the settlement and adds that the deal "is GPLv2 and even GPLv3-compatible." Koohoolinn also points out commentary on Groklaw that this deal "means that those who claim the GPL isolates itself from standards bodies' IP pledges are wrong. It is possible to come up with language that satisfies the GPL and still acknowledges patents, and this is the proof. That means Microsoft could do it for OOXML if it wanted to. So who is isolating whom?"

Joyce writes "Novell today announced the availability of SUSE Linux Enterprise 10 Service Pack 2 (SP2), containing enhancements in virtualization, management, hardware enablement and interoperability. Several improvements specific to SUSE Linux Enterprise Desktop 10 and SUSE Linux Enterprise Real Time 10 are also included. Delivering Xen version 3.2, SP2 includes several virtualization advances, including support for fully virtualized Windows Server 2008 and Windows Server 2003 and the live migration of those Windows Server guests across physical machines. Advances in high availability and storage management such as updates to Heartbeat 2 and OCFS2 are also included." And an anonymous reader points out today's release of Red Hat Enterprise Linux version 5.2, which brings "a broad refresh of hardware support and improved quality, combined with new features and enhancements in areas such as virtualization, desktop, networking, storage & clustering and security. Virtualization of very large systems, with up to 64 CPUs and 512 GB of memory, is now possible. Red Hat Enterprise Linux 5.2 Desktop includes enhanced support for laptop suspend/hibernate and resume, updated graphics drivers and a comprehensive update of desktop applications, including OpenOffice 2.3 and Firefox v3," and points out this guide for upgrading your RHEE system.

According to a post made yesterday to the Fedora announce mailing list, a Fedora 9 preview has been cleared for launch. "This is a Preview release, it is fairly close to what the final product will be like. This is the most critical release for the Fedora community to use and test and report bugs on. This is the last major public release before the final GOLD Fedora 9 release on May 13th (we hope). [...] Live images, KDE Live images, CDs and DVD options are available. http://torrent.fedoraproject.org has a section marked 'F9-Preview.'"

eldavojohn writes "We recently discussed the Linux Foundation's decision to leave desktop Linux alone but Red Hat is also steering clear of that goal. The reason? It's too tough. From the company blog: 'It's worth pointing out what's missing in the list above: we have no plans to create a traditional desktop product for the consumer market in the foreseeable future. An explanation: as a public, for-profit company, Red Hat must create products and technologies with an eye on the bottom line, and with desktops this is much harder to do than with servers.'"

eldavojohn writes "RedHat went to the Federal Circuit Court of Appeals asking for limits on software patents yesterday. They have not uploaded their full brief yet online, but promise to post it soon. Here's a tidbit: 'Given the litigation risk, some open source companies, including Red Hat, acquire patents for the sole purpose of asserting them defensively in the event they are faced with a future lawsuit. Red Hat also provides open source intellectual property protections through our Open Source Assurance Program that protects our customers and encourages them to deploy with confidence. Our strategy is a prudent one and mitigates the risk of patent lawsuits, but it would be unnecessary if the system itself were fixed.'"

DigDuality writes "With the news that Windows 2008 (recently discussed on Slashdot) will have GUI-less installs and be fully scriptable, that they've opened up their communication protocols for non-commercial usage and are providing a patent covenant (Redhat Responds), and now finally an interesting rumor floating around that Microsoft will be taking on GNU directly. Has Microsoft totally switched gears in how it is approaching the Unix and FOSS sector for direct competition? According to an anonymous email leaked from a Microsoft employee, it seems Microsoft will be developing a framework that will be completely GNU compatible. Microsoft CEO, Steve Ballmer, said on Friday (23 February) that they are aiming to restore a Unix-like environment to its former proprietary glory, at the same time proving that Microsoft is committed to interoperability. Ballmer emphasized that Microsoft's new strategy is to provide users with a complete package, and this includes users who like Unix environments. According to the supposedly leaked email, UNG, which stands for UNG's not GNU, is set to be released late 2009."

mrcgran writes "Eweek is reporting on Red Hat's assurances that can continue to deploy Linux without fear of legal retribution from Microsoft. This, despite the increasingly vocal threats emanating from Redmond. 'In a scathing response to Ballmer's remarks, Red Hat's IP team said the reality is that the community development approach of free and open-source code represents a healthy development paradigm, which, when viewed from the perspective of pending lawsuits related to intellectual property, is at least as safe as proprietary software. "We are also aware of no patent lawsuit against Linux. Ever. Anywhere," the team said in a blog posting.'"

juanignaciosl writes "The first beta of Red Hat Developer Studio was published yesterday. RHDS seems promising. This IDE is a bunch of Eclipse plugins that comes from the fusion of JBoss IDE and Exadel Studio. The main advantages it offers are: JSF development improved, in particular integrating RichFaces and Ajax4JSF libraries; Seam (next J2EE middleware standard?) integration; and plugins for JBoss, Hibernate... Here are my first impressions."

MoxFulder writes "Henri Richard, AMD's VP of sales, has promised to deliver open-source drivers for ATI graphics cards (recently acquired by AMD) at the recent Red Hat Summit. A series of good news for proponents of open-source device drivers. In the last year, Intel, the leading provider of integrated graphics cards, has opened their drivers as well. But ATI and NVidia, the only two players in the market for high-performance discrete graphics cards, have so far released only closed-source drivers for their cards. This has created numerous compatibility, stability, and ethical problems for users of Linux and other open source OSes, and prompted projects like Nouveau to try and reverse-engineer NVidia drivers. Hopefully AMD's decision will put pressure on NVidia to release open-source drivers as well!"

Kelson writes to tell us about a Fedora Weekly News article reporting that, beginning with Fedora 7, the distinction between Core and Extras will cease to exist. This development comes out of the Fedora summit held in November. From the article: "Starting with Fedora 7, there is no more Core, and no more Extras; there is only Fedora. One single repository, built in the community on open source tools, assembled into whatever spins the Fedora community desires." Kelson adds: "The post goes on to list three 'spins' they plan to introduce at Fedora 7's April release: server, desktop and KDE. Presumably these would be 1-disc installation sets, with further packages downloaded over the network, rather than the 5-CD collection needed to install Fedora 6."

-=Moridin=- writes "The Fedora Project has announced plans to revitalize RPM, the package manager used by many Linux distros. According to the announcement, 'Job #1 is to take the current RPM codebase and clean it up, and in doing so work with all the other people and groups who rely on RPM to build a first-rate upstream project.' For more information, see the the RPM web site and the new wiki-based RPM FAQ. The issue of RPM's upstream development has been a thorny issue ever since Jeff Johnson, the original maintainer of RPM, left Red Hat."

peterdaly writes "MythDora 3 is the first MythTV 'in-a-box' style distribution to include MythTV 0.20. Based on Fedora Core 5, MythDora 3 is designed to format your hard drive then install everything needed for a fully functional MythTV System. Here is a walkthrough of the entire MythDora installation process, including screenshots and a screencast."

netbuzz writes, "A fellow teaching himself Seam has come up with a clever Web app called 10 Minute Mail. It gives you a valid e-mail address — instantly — for use in registering at Web sites. Ten minutes later (more if you ask), it's gone. You can read mail and reply to it from the page where you create the throw-away address. Limited utility, yes, but easy and free."

Shadowman writes "Fedora Core 6 has been released. Recommended download method is via BitTorrent. For more information, see the release notes or the Fedora homepage. Slashdot interviewed the Fedora Project Leader back in August."

Shadowman writes "Fedora Core 6 has been released. Recommended download method is via BitTorrent. For more information, see the release notes or the Fedora homepage. Slashdot interviewed the Fedora Project Leader back in August."

Shadowman writes "Fedora Core 6 has been released. Recommended download method is via BitTorrent. For more information, see the release notes or the Fedora homepage. Slashdot interviewed the Fedora Project Leader back in August."

Max Spevack writes: "Hi everyone. I'm looking forward to answering all of the questions, but before I start diving into that, I guess it would be useful to give a little bit of perspective about me and my role within Fedora and Red Hat, because it will offer some context around the things I have to say."

The Fedora Project, as many of you know, is a partnership between Red Hat and the OSS community. The highest level of decision-making within Fedora is the Fedora Project Board, a group that is empowered to make the decisions about Fedora policy, to set priorities, and to hold the rest of the Fedora sub-projects accountable for what they are doing. The Fedora Board has nine members, five of whom are Red Hat employees, and four of whom are community members. That breakdown is not set in stone -- that's just what we started with. It is my hope that down the road, the majority of the Board will be Fedora's community leaders.

In addition, the Board has a Chairman, and that person is whoever happens to hold the position of "Fedora Project Leader" within Red Hat -- since February of this past year, that's been me.

As much as possible, we try to conduct our business within the confines of the Fedora Advisory Board, which is a larger group (about 50) of the most prominent contributors to Fedora. This is an open mailing list with public archives and open-posting, and its participation is strong both from @redhat.com and community contributors.

For more information -- http://fedoraproject.org/wiki/Board

In the spirit of complete transparency, a word about the answers:

All of them were composed directly by me -- it's my voice and writing style that you're reading. But, I didn't answer them all by myself without speaking to anyone else. I discussed some of them with folks on the Fedora Advisory Board mailing list, with various colleagues at Red Hat, and a draft of the responses was shown to Red Hat's corporate communications team (not because they have any editorial control over what I say, but as a sign of respect) and a draft was also shown to Fedora Advisory Board.

=========================

1) Why such a divide?
(Score:5, Insightful)
by dsginter

It seems to me that 'Linux should be Linux'. Rather, we're seeing articles about one linux distro killing another. We never see "Windows Professional is killing Windows Home". IMHO, Ubuntu's success should be a boon for all Linux distros.

Unfortunately, package management seems to be the great divide. What are you doing to bring One Package Manager to all Linux?

Max:

I agree with your initial comment -- one of the great powers of OSS is that when you have a strong upstream in place that is always having changes fed back to it, success for one distribution translates to success for all distributions.

When you look at the landscape of all the many Linux distros out there, it isn't surprising that there's some level of competition among them. Most people want to feel like they are the best at what they do, and a certain amount of competition among distros is healthy. It keeps people innovating, it keeps them working hard, etc. Personally, I think it's important not to lose the perspective that in the end, everyone who works on OSS -- regardless of whether they run Fedora, Ubuntu, Slackware, or any other distro -- is ultimately working to promote more or less the same core set of principles (more on this later).

To speak directly about Fedora:

First, we believe very strongly in working with various upstreams. The diff between any package that we ship in Fedora and the upstream version is as small as possible at any given time, and we are constantly submitting our patches and changes upstream for consideration.

To your point about "one package manager to rule them all" -- well, I think it's an admirable goal. Do I think it would be a good thing for Linux to begin to standardize on a single package manager? Yes, I do. Does Red Hat have strong ties to RPM? Of course. But what does that mean for Fedora? Well, Fedora is also tied to RPM (yum is our application-layer package management tool, with RPM providing the lower-level work) -- but that doesn't mean that the Board is not open to considering the idea of change. RPM is the reality of the moment. If there's a better solution that gains a critical mass of Fedora engineers who are interested in experimenting with it, then we will try it out.

You ask specifically what Fedora is doing to bring about "one package manager to all Linux" -- well, I guess there's a couple of directions that Fedora could go:

1) Try to convince anyone not using RPM to do so. I don't like that idea very much -- if RPM is the tool you want to use, feel free. If you've got something that works better for you, that's fine too.

2) Fedora could abandon RPM in favor of another package manager. Like I said -- if Fedora engineers want to start the "Fedora $OTHER_PACKAGE_MANAGER Project" and see how far they can get and how the technology works, that would be a great learning experience. We're set up in a way that a project like that could be possible, without getting in the way of the mainline Fedora releases.

3) Try to create something entirely new, that everyone will love. Call me cynical, but trying to build a consensus before you actually have any code just seems like a waste of time.

I guess the "problem" with package managers is that they are so integral to the rest of a distro that it's a major endeavor to switch them. One reason is that a switch of that kind would break the upgrade chain.

Technical challenges like that lead to a high level of inertia, and therefore require a tremendous added benefit that is gained by making a switch.

=========================

2) Drivers Vs Linux
(Score:5, Interesting)
by eldavojohn

A lot of people I talk to say they don't like Linux due to lack of driver support. Is there anyway you see this problem being eliminated? How do you court vendors to support their hardware on your flavor of Linux?

Max:

Linux enjoys a large amount of driver support in general, but proprietary software drivers remain a problem. From the perspective of Fedora, our stance is clear. It has and will always be our goal to create a distribution that is 100% free and open source. We want to show the world what Free software can do, and we want developers and users to know where the limits of the software are, so that we can address them.

Fedora Core 5 and Fedora Core 6 Test 2 have tremendous amounts of driver support, as a result of the work of many people within the community, and also as a result of the millions of dollars that Red Hat has invested into certification, testing, and development over the years, which has played a role in getting things to the point at which they are right now.

The rub, of course, is that having a giant pile of open source drivers is wonderful, but as soon as a single user runs into a single piece of hardware that doesn't work for them under Linux, then all of a sudden Linux "driver support" is terrible. I'm not saying that's what the poster of the question thinks -- I'm just saying that's a general problem of perception that Linux deals with.

One way to deal with this, or course, is to vote with your wallet. When there are drivers and hardware that don't work under Linux because of proprietary limitations, state those limitations honestly and transparently, and let the users decide whether or not to buy them.

From Red Hat's perspective as a company, we do a lot of work with hardware providers -- Dell, HP, Intel, Fujitsu, etc., and that work is often done directly in Fedora. We've worked with Broadcom on network drivers, and with Promise on SATA. We're hoping to bring more and more into the fold, and we're hoping that the open testing and certification system that is being developed (and was announced at the Red Hat Summit) will allow partners and individuals to help us bring even greater driver support to Fedora.

But ultimately for Fedora the goal is Free software. Including support for proprietary drivers in our distribution would violate that tenet, but we believe it is important enough that we don't compromise. All distributions face this challenge, and it is at times a difficult question to answer. But I am proud of the fact that Fedora's choice has been consistently in favor of freedom in software.

By choosing not to ship any proprietary or binary drivers, Fedora does differ from other distributions. Ubuntu is one example, as there is very strong language about their commitment to Free and open source software, right up until the line stating that they include binary-only drivers on their CDs and in their repositories.

http://www.ubuntu.com/ubuntu/philosophy
http://www.ubuntu.com/ubuntu/licensing

=========================

3) What's changed?
(Score:5, Interesting)
by KDan

You mention that opinions are rooted in the world of 5 years ago. What do you think has changed in the Linux world since then, and how does it affect Fedora development?

Max:

Well when I said that I thought opinions were rooted in the past, I was referring more specifically to the fact that I find it personally frustrating that a lot of opinions about Red Hat have not evolved past the anger and frustration surrounding the Red Hat Linux/Fedora split a couple of years ago. But I spend some time on that later on, so here I'll answer your more generic question about what's changed in Linux in the past five years.

I remember walking into the lobby of Red Hat's headquarters two years ago when I showed up for my job interview, and in big letters, the first thing you see is "First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi wasn't talking about Linux, but I am inspired by that quote every day.

In the last five years, Linux has moved along down that path, most certainly. Market share increases. Mind share increases -- I see open source mentioned in magazine and newspapers when it never was before. Name recognition for Linux and why it is different (and better) is becoming more and more mainstream. Far from being ignored, Linux is getting more and more support, and in turn the fight against it intensifies as well.

In the technical realm, the changes in Linux in the last five years have been extraordinary. I don't think I need to enumerate the differences between a Linux distro in 2000 or 2001 and today, certainly not for this readership.

Another gigantic change over the last five years is the fact that the PC is no longer the king of the electronic device. There was an article in 'The Economist' last week about this, discussing the fact that PDAs have such a huge market penetration now, that many tasks that used to require your desktop or your laptop are moving toward portable computing. Breaking into that part of the computing world is something that is a possibility today that wasn't really a consideration five years ago.

Fedora needs to change. It needs to be less bulky, and more customizable. The actual "core" packages that are required to get a system up and running should be broken out, and applications layered on top as users need them.

In Fedora Core 6, the installer will be able to reach out to any network-accessible repositories and pull in packages from them, which is a step in the right direction, and also is a big step in breaking down the distinction between Core and Extras.

=========================

4) Worst Aspect of Fedora?
(Score:5, Interesting)
by eldavojohn

On the Fedora Project website, there are plenty of reasons listed for Fedora to be your operating system of choice. In your eyes, what is the most lacking aspect of Fedora as it exists today?

Max:

In my opinion, the most lacking aspect of Fedora as it exists today is the separation between Fedora Core and Fedora Extras.

For those of you who aren't familiar with what that means, I shall explain:

Fedora Core is a set of packages (right now about 2200) that is completely self-satisfying from a dependency perspective, and is the pile of code that we ship, for example on the Fedora Core 5 DVD, or in our bittorrent tracker.

Fedora Extras is another set of packages (more than 3000) that is installable adjacent to Fedora Core, but isn't shipped on the media. Greg DeKoenigsberg worked to kickstart Fedora Extras in early 2005, and since then it has become arguably the most successful part of the Fedora Project. It has thrived under the leadership of Thorsten Leemhuis and the rest of the Fedora Extras Steering Committee. The packages in Fedora Extras are maintained by whoever is capable of stepping up and doing the work, regardless of whether or not they are employed by Red Hat.

The reasons for the separation between Core and Extras have to do with build systems, CVS locations, and artifacts of antiquated Red Hat attitudes toward Fedora, as well as antiquated processes.

I would like all of that to change. I would like for the Core/Extras distinction to go away, and instead be replaced by the idea of a Fedora Universe, which is a giant pile of packages that are blessed by Fedora, and any subset of those packages that produces a functioning OS can be called Fedora.

It's going to happen, but it's not an overnight sort of change. Right now is the time during which we should be planning how we can achieve a goal like that, and it's my hope that as RHEL5 stabilizes and Red Hat engineers have some cycles free up, we'll be able to get some of the work done on the Red Hat side of the fence that is required.

Separate from that, we would love to have more contributors. People who want to work on code (especially code that isn't package maintenance), documentation, infrastructure, and artwork. People who are organizers and who want to be leaders. That's not to suggest that we don't have contributors today who have those qualities and skillsets, but there's more than enough work to go around.

=========================

5) Vista a Problem?
(Score:5, Interesting)
by eldavojohn

Do you view Vista as a threat to your user base? Do you or people on your team ever change your mind about things or let looming Vista influence your decisions?

I'm hoping that Linux distros are not pressured into adding unneeded bells and whistles in a desperate attempt to compete with Vista. Are you invulnerable from this mentality?

Max:

Truthfully, everything I know about Vista I learned in two places -- right here on /. and on the mini-MSFT blog. I don't particularly pay any attention to Vista, and I can't really tell you what is or is not supposed to be in it at this point in time, or when it's going to ship (insert your jokes here). I used to have a XP partition that I'd boot to for gaming -- probably not unlike a good number of /. folks -- but it's been over a year since I blew that away and I haven't looked back.

In terms of getting people to use Linux instead of proprietary operating systems -- I think that battle is best fought in the world of people who are new to computers. People will tend to be loyal to the first thing that *just works* and doesn't cause them pain. Making that first experience for people a Linux one as opposed to a proprietary one -- that's the challenge.

By the way, I'm not suggesting that you can't show long-time proprietary software users the light of open source, but it's a much more gradual process: "Another Internet Explorer exploit, huh? Hey, have you heard of Firefox and Thunderbird? Let me help you set them up, you might like it."

=========================

6) NTFS support in Fedora/RedHat
(Score:5, Interesting)
by Anonymous Coward

If Fedora is actually not controlled by Red Hat anymore, and Fedora is user-oriented, why are both the only general-purpose GNU/Linux distributions that disable the NTFS driver from the Linux kernel?

Users do need this option (unlike Red Hat's customers, which are organizations as far as I know), and for evidence, Linux-NTFS is one of the projects with the most downloads on sourceforge.

I would like to add that NTFS is part of the mainline kernel. Compiling it as a module will cause it to not take any memory resources other than the few kilobytes on disk that any un-used hardware module is taking, unless of course the user has a mounted NTFS partition.

Red Hat's reason for disabling NTFS support was that RedHat is a US-based organization and that they fear patenting problems from MS. No law action was ever taken, and no actual patent was referenced. As far as I know, NTFS is not even patented or patentable. Fedora is not RedHat as you say, so this old reasoning is not exactly valid for Fedora. The IBM/SCO saga also cleared the issue about patents in the mainline kernel.
Unless Fedora will change this simple flag in the kernel config file, I assume it is still controlled (and not only sponsored as some would say) by RedHat.

Max:

Heh, the actual question asked is a reasonable one. I think it's sad that it has to be surrounded with such vitriol. First of all, I am not a lawyer. In fact, the *actual* lawyers require that I tell you all that I am *not* a lawyer, for legal reasons. The AC who posted didn't mention his background, but I'm guessing that he/she is also not a lawyer.

Red Hat retains legal liability for the Fedora Project. The Fedora Project is not a separate legal entity or organization. The Fedora Project receives a tremendous amount of resources (people, money, infrastructure, etc.) from Red Hat.

If you are a proprietary software company looking to exercise some patent litigation against an open source software company, Red Hat might not look like an awful choice.

In the past, Red Hat's counsel has been uncomfortable with enabling NTFS support in the kernel. Recently, the kernel has become protected by the Open Invention Network (http://www.openinventionnetwork.com), which has been mentioned previously regarding Fedora and our inclusion of Mono (http://gregdek.livejournal.com/4008.html).

The question of NTFS in our kernels has been raised on the Fedora Advisory Board recently (within the last month or two). When we have an answer regarding that, the analysis and result will also be published transparently for people to comment on and discuss.

In closing, I would remind all of you that my only legal training involves at one time being able to recite the climactic scene from 'A Few Good Men' in Spanish.

=========================

7) Dependency hell
(Score:5, Interesting)
by Tet

The introduction of yum has vastly improved the user experience when installing software, or updating existing packages. However, it's brought with it a new kind of dependency hell. For example, if I want to install a PostScript previewer:

    % yum install evince

    [...]

    Installing:

    evince x86_64 0.5.1-3 core 773 k

    Installing for dependencies:

    nautilus x86_64 2.14.1-1.fc5.1 updates-released 3.9 M

    nautilus-cd-burner x86_64 2.14.2-1 updates-released 414 k

That's clearly wrong. I only want to install a PostScript previewer. Doing so should not require a filemanager (which I don't need or want), and certainly not a CD burner. But these are added as dependencies due to the clumsy packaging that seems to be increasingly prevalent in Fedora. Perhaps (and I remain unconvinced) there's some aspect of evince that can make use of nautilus being present. But if so, I haven't seen it. I could well believe that nautilus could make use of evince, but not really the other way around. But assume for the sake of argument that it can use nautilus. That still isn't a reason to have it depend on it. Dependencies should be packages that are required in order for another to run, not packages that will merely enable additional functionality. In this case -- the prime function of evince is to view documents, which isn't significantly enhanced by having a file browser present.

Fedora is still my distribution of choice, but it's becoming increasingly hard to use for those of us that prefer to run with a minimal system due to the way that the dependencies have been getting out of hand. Are there any plans to fix this, or is any work already underway to do so? I understand that some consideration has been given to providing "soft dependencies" within RPM (like dpkg's suggested dependencies), which would help. Is there a timeframe for this? Is anything else being done?

I quite understand the focus on getting the system to be usable for the average unskilled user. But the impression I'm getting is that it's being done at the expense of letting those of us that know what we're doing do what we want. Does Fedora have a position on the type of users it's aiming for, or is it still trying to be a general purpose OS?

Max:

To your specific example, ask and ye shall see some improvement.

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201967

To your more general question, there's a couple of things that play a part:

Part of the dependency requirements come from the manner in which the packages are written, in which (for example) it's far more common for someone to install a large set of inter-related packages than just a single package. Regardless of that, it's entirely possible (such as in this specific evince example) that some extra work can simplify the dependency requirements. Bugzilla is always the best way to bring issues like that to the attention of the packagers. From there, it's just a matter of code and time.

=========================

8) Goals
(Score:5, Insightful)
by redkazuo

While Ubuntu has a clear, selfless mission, it seems to me the Fedora project misses this. I'm sure while Fedora was still within Red Hat, its mission was simply commercial. "It must be good so we can make money." That mission no longer applies, and http://fedora.redhat.com/About/ [redhat.com] almost sounds like Fedora is just a rejected part of Red Hat, left Free so that they could attempt to profit from community contributions.

Is there an objective in the Fedora Project? One that is clear and may motivate developers to join? Or is it here really just to reduce costs for the Red Hat team?

Max:

Just to clarify one thing in the question first -- "while Fedora was still within Red Hat" -- I'm not quite sure what that means, but I hope my explanation about the Fedora Project Board at the top of my answers clears up any questions there.

I'm really glad this question was asked, because it gives me a chance to try to bust the NUMBER ONE MYTH about Fedora -- that Fedora is "just a beta for RHEL" or that "Fedora only exists to make Red Hat money" or "Red Hat doesn't care about Fedora, it's just a dumping ground for half-tested code". I hear all of those things from time to time, and *none* of them are true.

Let's back up for a moment -- the Red Hat Linux/Fedora Core split took place in 2003. And while I wasn't at Red Hat during that time, I think it's fair to state that there were some unfortunate choices made internally about how Fedora was positioned, and because those statements were made with a Red Hat voice, it helped to create a very strong perception that Red Hat abandoned the community, and that Fedora wasn't "good" for anything, or was a rejected part of Red Hat. Many mistakes were made by Red Hat with regard to the "birth" of the Fedora Project -- there is absolutely no debating that.

I think there were some people within Red Hat who were afraid that the "admission" that Fedora was production-quality, or that Fedora was anything more than beta-quality, would cause difficulty for the people trying to sell RHEL. Three years later, and that perception is still very strong in certain places -- without fail there are a few comments about that in every Slashdot story that mentions Fedora.

And that's fine. Red Hat had a part in creating that perception, and so Red Hat will have to work particularly hard to undo it. We have been, and we continue to do so.

The real story of Fedora, of course, is entirely opposite from the "beta code only, not production worthy" stance.

Our mission statement is clear, and is one that I think any open-source developer would appreciate.

Fedora is about the rapid progress of Free and Open Source software.

That's it. We strive to produce a quality distribution of free software that is cutting-edge, pushes the envelope of new open source technology, and is also robust enough that it can be relied on for server or desktop use. One of the terms that I really like, and that I think we're doing better and better of making a reality is that of Fedora as an "open development lab". As a user, if your priorities are cutting-edge technology (without the nicks and cuts of a blade) and freedom, Fedora is a great disto to use.

The second half of the story, as it relates to Red Hat's desire to make a profit, is equally simple in my mind. Fedora is upstream of RHEL. Fedora is also upstream of various other derivative distributions.

http://fedoraproject.org/wiki/DerivedDistributions

So when someone says "Fedora is beta for RHEL" they are stating only a very small part of what Fedora is. Fedora is the best of what works today. RHEL is the best of what will work for the next seven years. And the users can decide what is best for their needs.

Saying that Fedora is the beta for RHEL, and that Fedora is *only* a beta for RHEL, is to take a purposefully narrow view on the truth. Fedora's upstream relationship to RHEL is simply one aspect of the Fedora Project, which stands on its own as a distribution.

I feel very strongly about this particular question, and I will state my opinion bluntly:

Anyone (Red Hat or non-Red Hat) who tells you that Fedora isn't suitable for a production server is wrong. If someone tells you that Fedora is "just a beta for RHEL", they too are wrong.

Either the person is insufficiently informed about what Fedora is (and it's our job within Fedora to do that), or the person is purposefully misrepresenting Fedora and neglecting to tell the whole story, in which case it's our job within Fedora to call them out.

http://fedoraproject.org/wiki/Objectives

=========================

9) Directory Server
(Score:5, Interesting)
by IMightB

Hi, I've been using Fedora Directory Server for quite a while, and it is a fantastic product. I read some rumours that it would be Integrated with FC5, but sadly it was not. When can we expect this to be a standard feature/integrated with authentication and other areas in Fedora?

Max:

Regrettably, answering this question honestly also requires admission that the integration of Fedora Directory Server and the rest of the Fedora Project (particularly Fedora Core/Extras) hasn't happened as quickly as many would have liked. Directory Server is a great piece of software, but the true merging of that into Fedora Core is something that doesn't have a lot of traction at the moment. The Directory Server community isn't necessarily very well integrated with the rest of the Fedora community, and therefore the two communities are in a similar state to that of the two projects -- in theory capable of being very good together, but in practice sort of just existing side by side, but not as closely knit as they could be.

When will that change? As soon as we can get enough people on both sides of that fence able to spend the cycles necessary. I can't give an exact date, because one doesn't exist right now, so I'd rather not just make something up.

=========================

10) Have you tried Ubuntu?
(Score:5, Interesting)
by Anonymous Coward

Have you tried Ubuntu yourself? Is there, in your opinion, something Ubuntu does better than Fedora?

Max:

Those of you hoping for some flamebait, I'm sorry to disappoint.

Yes, I have tried Ubuntu. I have played around with SUSE, though not in any significant way for a year or so. Prior to coming to Red Hat in August of 2004, I had always been a Slackware devotee, and my subscription with them is still active.

So what does Ubuntu do better than Fedora?

Let me start without even mentioning the actual distributions. I think it is clear to anyone who is looking that Ubuntu's website is in much better shape than Fedora's. Ubuntu.com is clean, clear, and easy to navigate for people who are browsing it, and if you dig down a little bit, you can also get to the Ubuntu wiki, which from what I can tell, serves a similar purpose to the fedoraproject.org wiki.

Here's the difference -- fedoraproject.org is *just* a wiki. It's got a tremendous amount of information, and as someone who uses the site frequently, I know how to find what I'm looking for. But it has a bit of a learning curve before it becomes useful.

Fedora's websites are in a state of flux -- fedora.redhat.com is deprecated, but the killing off of that site is taking longer than I would have hoped, as there are a variety of infrastructure issues at play. Our wiki gets the job done, but I'd like to see a more professional looking front-end put on it, with the wiki continuing to function as it does, but just ever-so-slightly in the background. The biggest hurdle to making that happen -- just having enough cycles and enough people to do the job properly.

That aside, I am impressed by Ubuntu's LiveCD, directly installable feature. We have similar work going on within Fedora, but so far it hasn't achieved the same level of "officialness" as the Ubuntu code. So that's an area in which Ubuntu is ahead of Fedora.

I played around recently with Dapper Drake. Like I said, the LiveCD was cool. The desktop -- Gnome is pretty much Gnome, Firefox is Firefox, etc. Personally I'm a huge fan of NetworkManager, which didn't appear to be the default in Dapper, but something like that is just a detail. I'm sure if I were to use Dapper full time and I wanted it, I could probably get it.

This goes back to what I wrote near the beginning about the importance of upstream. If everyone is pushing their latest work back upstream, and the maintainers at the top level have the time and resources that they need to keep everything in order, then most GNU/Linux distros are going to feel pretty similar once they are installed. Which is why I think a lot of the OSS "religious wars" don't make a lot of sense.

=========================

An anonymous reader writes "Earlier this week Jesse Keating announced the availability of Fedora Core 6 Test 1. New items in FC6T1 include Intel Macintosh support (well, mostly), update notification applet, GNOME 2.15, KDE 3.5.3, and the Fedora Core 6 Extras development repository is already available. With FC6T1's availability, Phoronix has published their own preview of this release. The article is focused on an editorial about changes to come for Fedora Core 6, as well as images from Fedora Core 6 Test 1. The next Fedora Core 6 testing release (Test 2) is due out in July, while the final release is due out this September."

Havoc Pennington writes "A small team of us have been working on a new project called Mugshot, we're calling it a "live social experience" and hoping it will bring open source to more people who aren't using it already. The project is public as of this morning. Check out the developer site for more."

Jono Bacon writes "With the success of Ubuntu and Fedora, and the advent of OpenSuSE and Freespire, are businesses and distributions paying more attention to the community? The Increasing Importance of Community discuss this change in focus. What do you all think? Is the community now more of a priority?"

tecker writes "Redhat.com has a banner and press release that states that it will be Red Hat that will buy JBoss and not Oracle as previously thought. The press release states "the world's leading provider of open source solutions to the enterprise, today announced that it has entered into a definitive agreement to acquire JBoss, the global leader in open source middleware. By acquiring JBoss, Red Hat expects to accelerate the shift to service-oriented architectures (SOA), by enabling the next generation of web-enabled applications running on a low-cost, open source platform." Could it be that a one company server package that will rival Microsoft's Windows Server 2003 and ASP will finally emerge?"

Jan Slupski writes "New release day today. Fedora Core 5 CD images are now available for download (i386, ppc, x86_64) on the ftp servers or via the torrent page." Linclips also has a short screencast on some of the default functionality.

Isam Bayazidi is about as far from the current U.S. media stereotype of an Arab as you can get. He's worked on the Arabeyes (Unix/Linux in Arabic) project, helped start the Arabic Wikipedia, co-founded the Jordan LUG, is a Red Hat Certified Engineer (RHCE), works as a senior software developer for Maktoob, an online community that boasts more than four million members, and created Jordan Planet, a blogging community whose members have many different religious and political viewpoints. Isam is also a long-time Slashdot reader, so he's the perfect person to ask what's going on in the Arab (cyber)world today. One question per post please. Isam will answer 12 of the highest-moderated questions. We'll run his answers verbatim as soon as he gets them back to us.