Slashdot Mirror

An anonymous reader quotes the Weather Channel: The hole in the ozone layer over Antarctica is the smallest it's been since 1988, NASA said. According to a press release, the hole in the Earth's ozone layer is 1.3 million square miles smaller than last year and 3.3 million square miles smaller than 2015... This year, the hole grew to 7.6 million square miles. NASA and NOAA scientists said warmer temperatures and a stormier upper atmosphere helped keep damaging chemicals chlorine and bromine from eating ozone from the layer that protects the Earth's surface from harmful ultraviolet rays... The hole that hovers over Antarctica has been slowly recovering, scientists say, due to an international ban on harmful chemicals that were previously used in refrigerants and aerosols.

The hole was its largest in 2000 and measured 11.5 million square miles. Although recovery is underway, the size of the hole remains large compared to the 1980s, when the hole was first detected, NASA noted. And while there has been significant healing of the ozone layer in recent years, some scientists say full healing is a slow process and will not occur until sometime in the 22nd century, Yale Environment 360 reports. Others expect the Antarctic ozone hole to recover back to 1980 levels around 2070, NASA said.

An anonymous reader quotes the Bay Area Newsgroup: So many listeners have turned off Pandora that Friday could have been called the day the music died for the internet radio streaming pioneer. Late Thursday, Pandora said it ended its third quarter with 73.7 million active listeners, a decline of more than 7 million listeners from the 81 million it had in the same quarter a year ago. Declining listener numbers, along with weaker-than-expected advertising revenue and a disappointing fourth-quarter forecast, had investors tuning Pandora out on Friday, as the company's shares fell by almost 25 percent, to close at $5.59.

Pandora still has more listeners than Apple Music, which has 27 million paying subscribers. But the Oakland-based music streaming business trails its other major rival, Spotify, which has 140 million active listeners, including 60 million who pay a monthly fee for on-demand streaming and to avoid listening to commercials with their music.
For comparision, Pandora now has just 5.19 million paying subscribers for its two ad-free streaming music services.

An anonymous reader quotes the Bay Area Newsgroup: So many listeners have turned off Pandora that Friday could have been called the day the music died for the internet radio streaming pioneer. Late Thursday, Pandora said it ended its third quarter with 73.7 million active listeners, a decline of more than 7 million listeners from the 81 million it had in the same quarter a year ago. Declining listener numbers, along with weaker-than-expected advertising revenue and a disappointing fourth-quarter forecast, had investors tuning Pandora out on Friday, as the company's shares fell by almost 25 percent, to close at $5.59.

Pandora still has more listeners than Apple Music, which has 27 million paying subscribers. But the Oakland-based music streaming business trails its other major rival, Spotify, which has 140 million active listeners, including 60 million who pay a monthly fee for on-demand streaming and to avoid listening to commercials with their music.
For comparision, Pandora now has just 5.19 million paying subscribers for its two ad-free streaming music services.

An anonymous reader quotes CNN Money: Amazon CEO Jeff Bezos, the newly minted richest person in the world, just sold more than $1 billion worth of his stock. The sale was made public in a filing posted Friday. In total, Bezos let go of one million shares for $1,097,803,365. Exactly how Bezos plans to spend those Benjamins wasn't clear. But it isn't unprecedented for him to sell such a large chunk. In May, he sold more than a million shares. A similar sale was executed in August 2016.

Even after his most recent sell off, Bezos still personally owns about a 16% of Amazon, which he founded in 1994. Bezos's large ownership stake helped vault him past Microsoft co-founder Bill Gates as the richest person in the world, according to the Bloomberg Billionaire's Index... One possible destination for the cash Bezos just freed up is his commercial space company, Blue Origin. Earlier this year, Bezos told reporters at a space symposium that he sells about $1 billion per year worth of Amazon stock to fund the company, according to Reuters... Last month, Blue Origin Chief Executive Officer Bob Smith said he expects the first manned flight to take place by April 2019.
One Silicon Valley newspaper calls it the biggest stock sale ever.

Slashdot reader GovCheese has a question: I use Roku and also the client apps on my gaming consoles for Amazon and Netflix. But it seems less prudent to allow my television, a Samsung, to connect to the internet. My Phillips Blu-ray wants to connect also. But I'd rather not. Is it illogical to allow Roku and a console to connect to streaming services but prevent a "smart" television from doing so?
Slashdot reader gurps_npc argues there's a distinction between devices that need internet access and devices that want it, adding "Smart TVs overcharge in privacy invasion for the minimal advantages they offer."

Leave your own best answers in the comments. Should you let a smart TV connect to the internet?

Long-time Slashdot reader Freshly Exhumed quotes Ars Technica: A federal appeals court has now partially ruled in favor of the SCO Group, breathing new life into a lawsuit and a company (now bankrupt and nearly dead) that has been suing IBM for nearly 15 years.

Last year, U.S. District Judge David Nuffer had ruled against SCO (whose original name was Santa Cruz Operation) in two summary judgment orders, and the court refused to allow SCO to amend its initial complaint against IBM. SCO soon appealed. On Monday, the 10th US Circuit Court of Appeals found that SCO's claims of misappropriation could go forward while also upholding Judge Nuffer's other two orders.
Here's Slashdot's first story about the trial more than 14 years ago, and a nice timeline from 2012 of the next nine years of legal drama.

Long-time Slashdot reader Freshly Exhumed quotes Ars Technica: A federal appeals court has now partially ruled in favor of the SCO Group, breathing new life into a lawsuit and a company (now bankrupt and nearly dead) that has been suing IBM for nearly 15 years.

Last year, U.S. District Judge David Nuffer had ruled against SCO (whose original name was Santa Cruz Operation) in two summary judgment orders, and the court refused to allow SCO to amend its initial complaint against IBM. SCO soon appealed. On Monday, the 10th US Circuit Court of Appeals found that SCO's claims of misappropriation could go forward while also upholding Judge Nuffer's other two orders.
Here's Slashdot's first story about the trial more than 14 years ago, and a nice timeline from 2012 of the next nine years of legal drama.

Long-time Slashdot reader Freshly Exhumed quotes Ars Technica: A federal appeals court has now partially ruled in favor of the SCO Group, breathing new life into a lawsuit and a company (now bankrupt and nearly dead) that has been suing IBM for nearly 15 years.

Last year, U.S. District Judge David Nuffer had ruled against SCO (whose original name was Santa Cruz Operation) in two summary judgment orders, and the court refused to allow SCO to amend its initial complaint against IBM. SCO soon appealed. On Monday, the 10th US Circuit Court of Appeals found that SCO's claims of misappropriation could go forward while also upholding Judge Nuffer's other two orders.
Here's Slashdot's first story about the trial more than 14 years ago, and a nice timeline from 2012 of the next nine years of legal drama.

Remember when Google randomly flagged files in Google Docs for violating its terms of service? An anonymous reader quotes InfoWorld: Many people worried that Google was scanning users' documents in real time to determine if they're being mean or somehow bad. You actually agree to such oversight in Google G Suite's terms of service. Those terms include personal conduct stipulations and copyright protection, as well as adhering to "program policies"... Even though this is spelled out in the terms of service, it's uncomfortably Big Brother-ish, and raises anew questions about how confidential and secure corporate information really is in the cloud.

So, do SaaS, IaaS, and PaaS providers make it their business to go through your data? If you read their privacy policies (as I have), the good news is that most don't seem to. But have you actually read through them to know who, like Google, does have the right to scan and act on your data? Most enterprises do a good legal review for enterprise-level agreements, but much of the use of cloud services is by individuals or departments who don't get such IT or legal review. Enterprises need to be proactive about reading the terms of service for cloud services used in their company, including those set up directly by individuals and departments. It's still your data, after all, and you should know how it is being used and could be used...
The article argues that "Chances are you or your employees have signed similar terms in the many agreements that people accept without reading."

An anonymous reader writes: Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. The technique is widely used in the advertising industry to track users across sites. Firefox 58 is scheduled for release on January 16, 2018.

Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox.

An anonymous reader quotes a report from Gizmodo: Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans -- and then just a few days later, several of its executives sold stock worth a total of nearly $1.8 million. When the hack was publicly announced in September, Equifax's stock promptly tanked, which made the trades look very, very sketchy. At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.

The report, prepared by a board-appointed special committee, concludes that "none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading." The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews. "The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed," the report states.

An anonymous reader quotes a report from Gizmodo: Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans -- and then just a few days later, several of its executives sold stock worth a total of nearly $1.8 million. When the hack was publicly announced in September, Equifax's stock promptly tanked, which made the trades look very, very sketchy. At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.

The report, prepared by a board-appointed special committee, concludes that "none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading." The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews. "The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed," the report states.

New submitter Danngggg writes: As you may recall from Slashdot last year, alleged Anonymous hacktivist Martin Gottesfeld has been imprisoned without bail since federal agents arrested him on board a Disney Cruise ship in February of 2016 to face hacking charges brought by controversial former U.S. attorney Carmen Ortiz. Though he's the only activist after Aaron Swartz to face a felony CFAA indictment from Ortiz, apparently Aaron Swartz Day organizer and Chelsea Manning archivist Lisa Rein don't want to include Gottesfeld in the festivities this year. So, he has taken to Huffington Post to argue that his story should be told this November 4th and, perhaps with a sense of irony, to publish some potentially scandalous Signal messages allegedly sent by Rein to his wife revealing what seems to be disdain for hacking in general and Anonymous in particular. Indeed, Rein seems to borrow from the movie Mean Girls in her contemptuous rejection of Mrs. Gottesfeld's appeals on behalf of her embattled husband. What does the Slashdot crowd have to say about whether Gottesfeld's story belongs at Aaron Swartz Day as well as Rein's alleged attitude towards his significant other?

"One might think that my voice would be welcomed at Aaron Swartz Day given all that the late internet/freedom of information activist and I share in common," writes Gottesfeld. "For starters, we were both indicted under the same controversial federal law, the CFAA, by the same Boston U.S. Attorney's Office and indeed under the tenure of the same notorious U.S. Attorney, Carmen Ortiz. Both of us have been persecuted for doing the moral thing; Aaron for trying to make taxpayer-funded research available to the general public and me for stopping the torture of an innocent child."

A reader shares a report (condensed for space): In the summer of 2010, Google fired a 27-year-old site reliability engineer named David Barksdale after it discovered that Barksdale had been accessing the Google accounts of four teens he met through a local Seattle tech group. The spying went on for months before it was reported, Gawker's Adrian Chen wrote at the time. In one incident Chen described, a 15-year-old refused to tell Barksdale the name of his new girlfriend; Barksdale broke into the teen's Google Voice account, listened to messages to get the name, then taunted him with it and threatened to call her. Google was contrite, saying publicly that it "carefully control[s] the number of employees who have access to our systems" and monitors for abuses by rogue employees. [...] The rogue Twitter customer service employee who momentarily deactivated President Trump's account on Thursday night brought this issue to mind. Twitter has 3,898 employees, according to Wikipedia, for 330 million monthly users, a ratio of one employee for every 84,658 users. This means that a single employee may have a ton of power over loads of users, but the value of a single user is low. Their privacy may seem insignificant in light of the greater mob. [...] At Uber, employees regularly abused its "God View" mode to spy on the movements of celebrities, politicians, and even ex-spouses.

A U.S. judge has partially blocked a recent decision by Canada's Supreme Court that requires Google to delete search results not just in Canada, but in every other country too. From a report: Citing the violation of American laws as well as a threat to speech, U.S. District Judge Edward Davila agreed to grant Google a temporary injunction, which means the company can show the search results in the United States. The search results in question are part of an intellectual property dispute between a Canadian industrial firm called Equustek and a rival company that is reportedly misusing Equustek's trademarks to poach its business. In response, Equustek obtained an injunction in Canada that treated Google as a defendant even though it had no direct relationship with either company. In a controversial decision in June, Canada's highest court agreed by a 7-2 margin to leave the injunction in place.

An anonymous reader writes: The operator of a 77,000-strong spam botnet was sentenced to two years probation and no prison time after admitting his crime and completely reforming his life. The former botnet operator is now working for a cybersecurity company, and admitted his actions as soon as the FBI knocked on his door back in 2013. The botnet operator, a 29-year-old from Santa Clara, California, says he was tricked by fellow co-schemers who told him they were not doing anything wrong by infecting computers with malware because they were not accessing private information such as banking or financial records. Furthermore, the botnet operator escaped prison time because he used all the money he earned in getting a college degree at Cal Poly instead of using it on a lavish lifestyle or drugs. This case is similar to the one that MalwareTech (aka Marcus Hutchins) now faces in the U.S. for his role in developing the Kronos trojan, but also after turning his life around and working as a cybersecurity researcher for years.

Yesterday, the U.S. Navy issued its report on the collisions of the USS Fitzgerald and USS John S. McCain this summer, which was the fourth U.S. Navy collision this year. "The Navy's investigation found that both collisions were avoidable accidents," reports Ars Technica. "And in the case of the USS McCain, the accident was in part caused by an error made in switching which control console on the ship's bridge had steering control. While the report lays the blame on training, the user interface for the bridge's central navigation control systems certainly played a role." From the report: According to the report, at 5:19am local time, the commanding officer of the McCain, Commander Alfredo J. Sanchez, "noticed the Helmsman (the watchstander steering the ship) having difficulty maintaining course while also adjusting the throttles for speed control." Sanchez ordered the watch team to split the responsibilities for steering and speed control, shifting control of the throttle to another watchstander's station -- the lee helm, immediately to the right (starboard) of the Helmsman's position at the Ship's Control Console. While the Ship's Control Console has a wheel for manual steering, both steering and throttle can be controlled with trackballs, with the adjustments showing up on the screens for each station. However, instead of switching just throttle control to the Lee Helm station, the Helmsman accidentally switched all control to the Lee Helm station. When that happened, the ship's rudder automatically moved to its default position (amidships, or on center line of the ship). The helmsman had been steering slightly to the right to keep the ship on course in the currents of the Singapore Strait, but the adjustment meant the ship started drifting off course.

At this point, everyone on the bridge thought there had been a loss of steering. In the commotion that ensued, the commanding officer and bridge crew lost track of what was going on around them. Sanchez ordered the engines slowed, but the lee helmsman only slowed the port (left) throttle, because the throttle controls on-screen were not "ganged" (linked) at the time as the result of the switch-over of control. The ship continued to turn uncontrolled to port -- putting the ship on a collision course with the Liberian-flagged chemical carrier Alnic MC.

On Tuesday, Google's cloud-based word processing software was randomly flagging files for supposedly "violating" Google's Terms of Service, resulting in some users not being able to access or share their files. Google today explained the issue and addressed concerns that arose. 9to5Google reports: Several users on Tuesday morning reported no longer being able to open certain files they were working on in Docs, while others were locked out mid-edit. "On Tuesday, October 31, we mistakenly blocked access to some of our users' files, including Google Docs," Google said in a blog post. "This was due to a short-lived bug that incorrectly flagged some files as violating our terms of service (TOS)." Afterwards, Google provided a comment to Gizmodo noting that a code push made earlier that morning was at fault and that full access had been restored to users hours after the bug first arose. Today's clarification goes on to explain how that error on Tuesday caused Drive to "misinterpret" responses from the antivirus system designed to protect against malware, phishing, and spam. As a result, Docs "erroneously mark[ed] some files as TOS violations, thus causing access denials for users of those files."

According to Ars Technica, AT&T is reportedly abandoning its attempt to stop a Louisville ordinance that helped draw Google Fiber into the city. The telecommunications giant sued Louisville and Jefferson County, Kentucky to stop an ordinance that gives Google Fiber and other ISPs faster access to utility poles. AT&T's lawsuit was dismissed in August by a district court, who determined that AT&T's claims that the ordinance is invalid are false. WDRB News and Louisville Business First are both reporting that AT&T has decided not to appeal the ruling.

According to Ars Technica, AT&T is reportedly abandoning its attempt to stop a Louisville ordinance that helped draw Google Fiber into the city. The telecommunications giant sued Louisville and Jefferson County, Kentucky to stop an ordinance that gives Google Fiber and other ISPs faster access to utility poles. AT&T's lawsuit was dismissed in August by a district court, who determined that AT&T's claims that the ordinance is invalid are false. WDRB News and Louisville Business First are both reporting that AT&T has decided not to appeal the ruling.

An anonymous reader quotes a report from The Register: A Russian law that bans the use or provision of virtual private networks (VPNs) will come into effect Wednesday. The legislation will require ISPs to block websites that offer VPNs and similar proxy services that are used by millions of Russians to circumvent state-imposed internet censorship. It was signed by President Vladimir Putin on July 29 and was justified as a necessary measure to prevent the spread of extremism online. Its real impact, however, will be to make it much harder for ordinary Russians to access websites ISPs are instructed to block connections to by Russian regulator Roskomnadzor, aka the Federal Service for Supervision of Communications, Information Technology and Mass Media. The law is just one part of a concerted effort by the Russian government to restrict access to information online. While Russia does not appear to be going the same route as China -- which has a country wide, constantly maintained censorship apparatus, known as the Great Firewall of China -- it is clearly following its lead. At the same time as Putin signed the VPN legislation, he signed another that will come into effect in January. That law, like a similar one passed by the Chinese government earlier this year, will require operators of messaging services to verify their users' identities through phone numbers. And it will require operators to introduce systems to cut off any users that are deemed by the Russian government to be spreading illegal content.

You asked, he answered!

For Slashdot's 20th anniversary -- and the 23rd anniversary of the first release of Red Hat Linux -- here's a special treat.

Red Hat CEO Jim Whitehurst has responded to questions submitted by Slashdot readers. Read on for his answers...


What...
by Master5000

...is your day like?

JW: I can tell you this, no two days are the same. Broadly speaking, I strive to prioritize time with customers, partners, and Red Hat associates above other meetings.

When I'm in town, my day starts at 5:30 am with a run. I'll scan email and the news during breakfast and take my kids to school. My first calls usually start at 8 am as I'm driving to the office. Today for instance, I'll meet with a few members of our Corporate Leadership team. I'll then sit down with our chief technologist to hear what's happening in the Office of the CTO.

I usually grab lunch around 11:30 am. I tend to bring my lunch, but will occasionally head to our cafeteria for a sandwich or salad. In the afternoon, I'll get briefed on my schedule for some upcoming events, which will include meetings with partners, customer panels, press, and analysts. I usually spend a few hours a day responding to emails and coordinating activity through email. I try to get home by 6 pm to eat dinner with my family and spend time with my kids. I'll usually jump back on email once everyone is asleep before knocking out around 10 pm.


The plans for CentOS?
By Anonymous Coward

Now that CentOS has received a more official status in the Red Hat world, what are the plans for the project?

JW: The ecosystem around Red Hat Enterprise Linux is sprawling and complex, and that's one of our strengths. You have midnight hobbyists working together with multinational corporations. You have people working on GPU hardware, and you have people working on Ruby apps. Some want the latest-and-greatest, and some want to keep everything exactly the same for years and years. So lots of different kinds of people are doing lots of different kinds of work, and all of them are contributing to this massive project called "Red Hat Enterprise Linux". It's not surprising that we can't accommodate all of that innovation in a single project.

That's one of the reasons we split Fedora and Red Hat Enterprise Linux: we freed up Fedora to be innovative and move quickly, which freed Red Hat Enterprise Linux to be more careful, more conservative, and handle the very important and difficult work of stability and security for code that upstream communities have long since moved past. Fifteen years later, we're still very happy with how that's worked out, and Fedora remains a thriving engine for new ideas that make their way down into Red Hat Enterprise Linux and many other projects.

CentOS solves a very different problem for us. First, there are some people that we can't serve with Red Hat Enterprise Linux today, but we still want to participate in the Red Hat ecosystem. Folks using Xen, for example, may not be able to run today's Red Hat Enterprise Linux, but they can absolutely work with the CentOS project and still participate in the broader ecosystem. Second, there are people and partners who are building software that needs a more stable, Red Hat Enterprise Linux-like lifecycle but want to experiment at the kernel level, stuff which would be impossible for us to support in Red Hat Enterprise Linux. OpenVSwitch and DPDK are a perfect example of this, and the CentOS SIG process has served them really well. They can do all the things they need to do in development and with their partner communities, and their innovations still pass from the upstream communities into Fedora, and ultimately into Red Hat Enterprise Linux, Red Hat Virtualization, and OpenStack.

Meanwhile, changes in hardware and software are changing how we think about a traditional operating system distribution. Things are more automated, hardware is moving faster and less predictably, and containers force us to differentiate between bringing up hardware and creating a stable platform for applications. To address all of these changes, Red Hat is going to need every element of our ecosystem -- Fedora, CentOS, and Red Hat Enterprise Linux -- to respond.


Systemd, WTF???
by rknop

As I understand it, one of the stated goals was to speed up boot times. It's had exactly the opposite effect on my Ubuntu system -- that is, when the boot doesn't die altogether when I try to mount NFS shares. (Also, thanks to systemd, I can't even *reboot* or shut down the machine when there's a hung NFS process. I am forced to hard-reset it.)

For years, warning flags have been raised about systemd. It more or less seems that we're bringing all the disadvantages of the Windows architecture to Linux, without any of the advantages of running Windows.

So, again: systemd, wtf???

JW: We had a lot of systemd questions, so I am replying to them all collectively.

==========================================================================================================
My question is related: is Red Hat, as an organization, at all concerned about the damage that systemd has done to Linux's usability, its reputation, and its community? Is Red Hat concerned with how systemd has driven so many Linux users to FreeBSD?

................................................................................................

And a follow up, why not spend some of RedHat's money on a sane init system?

I'm sure you can put a few dollars and bright minds on a system that works reliably. The last thing I want my embedded system to do is get hung up on an init failure.

................................................................................................

This begs the question, so I'll just ask it: Have any customers ever moved away from Red Hat because of systemd?
==========================================================================================================

JW: First, allow me to address why Red Hat adopted and invested in systemd as it helps to address many of the other questions. Traditional init systems, like System V init, served the UNIX and Linux communities well for decades, but that is a long time and it is not surprising that they have their limitations. The problems an init system needs to solve today are different from the ones that traditional init systems were solving in the 70's, 80's and even the 90's.

Red Hat considered many available options and even used Canonical's Upstart for Red Hat Enterprise Linux 6. Ultimately we chose systemd because it is the best architecture that provides the extensibility, simplicity, scalability, and well-defined interfaces to address the problems we see today and foresee in the future. Of all the passionate debates and disagreements, the fact remains that systemd is the cornerstone of nearly all Linux distributions on its own merits.

Any change like systemd is going to disruptive. We understand that many were not happy with this change and we appreciate the passion of the community. The continued growth and adoption of Red Hat Enterprise Linux, as well as other systemd based distributions, tell us that most users have embraced systemd and there was not a large exodus to FreeBSD or alternatives. We partner with the largest embedded vendors in the world, particularly in the telecom and automotive industries where stability and reliability is the number one concern. They easily adapted to systemd.

We see new users (both new to Linux and prior SysV init users) who truly take the time to learn systemd embrace the simplicity of the interface and its capabilities. We also hear that it is no more difficult to learn than the complexities of init and rc scripts to a new user. It's simply different.

The Debian community provides a thorough, independent evaluation of the systemd initsystem debate. Additionally, the systemd developers provide a list of the biggest myths around systemd.

There are some real advantages, too. Because systemd tracks processes at the service level, daemons can be properly killed, rather than trusting them to do the right thing. This also makes it easy to use cgroups to configure SLAs for CPU, memory, etc. Likewise, security with SELinux and sandboxing become much simpler. The dependency resolution between services is a significant improvement over the sequential ordering of the init rc script mechanism.

Looking forward to all of the exciting innovation taking place around large cloud scalability, OpenStack, Kubernetes, and Containers, we see continued integration and innovation with systemd that would either not be possible or very difficult with init based systems.

So we'll continue to invest in systemd, as it meets our customer's expectations around capabilities, stability, maturity, and community momentum. There's not a realistic alternative today that comes close in terms of adoption and functionality. That said, we're always watching how projects and communities evolve and in that way, systemd is no different from any other component that we ship.

Lastly, I wouldn't dare to debug anyone's setup here, but mounting NFS at boot time is notoriously problematic if you do not have highly available NFS servers. This is a problem that existed before systemd and I think it's much safer to use autofs to mount those volumes on demand or other mount options such as nofail or nobootwait. It is best to not blame systemd for issues that also affect init or are misconfigurations. Ironically, systemd provides more troubleshooting and debug options than init, so that might be helpful to you.


==========================================================================================================
Why isn't Linux on the desktop more widespread?
by snooo53

I'm curious your thoughts on why Linux hasn't grabbed more laptop/desktop marketshare from Windows and MacOS over the years? It seems that with the privacy concerns around Windows 10 and Apple's lack of focus on MacOS there may be a huge opportunity in the near future. What things need to happen in the consumer marketplace and within the OSS community for it to really take off? Can 2017 be the year of the Linux desktop?

................................................................................................

Why not have a consumer desktop?
by Danathar

Given Ubuntu's success at providing a stable, developed and popular desktop environment for non-technical consumer users, why doesn't Red Hat provide the same thing? Why is that right for Ubuntu but not Red Hat?

................................................................................................

Strategy
by olau

Red Hat is big and getting bigger. Where are you heading at the moment? Would Red Hat ever try to move into the the more consumer-focused places where Ubuntu has ventured, or is that just not profitable enough?

................................................................................................

Why does GNOME have such an unusable UI?
by Anonymous Coward

GNOME is a Red Hat project due to the amount of people and funding they get from Red Hat. Then, why does GNOME have such an unusable UI, particularly to the mayor audience of your products? The UI makes basic tasks such as switching between windows a chore unless you install shell extensions, which break frequently and cause unstability.

................................................................................................

Proprietary driver support
by ARos

Many proprietary hardware vendors continue not to take the Linux desktop and workstation markets seriously. Recall, e.g., Linus's rant against NVIDIA. As a leader in the Linux and FOSS communities, what will you do to persuade major vendors to write and maintain functional drivers for Red Hat Enterprise Linux and Fedora? ==========================================================================================================

JW: We also had a lot of great questions on the Linux desktop - let me try to answer collectively:

A functioning, useful desktop is obviously critical to the success of the Linux community. A nice GUI makes Linux more accessible and approachable, and that's why we continue to make investments in projects like GNOME, Wayland, and nouveau. Everyone benefits from improvements in this area, so let's call that the baseline. The primary driver for that work is in Fedora, and I was really glad to see such great reviews of F25. If you haven't tried Fedora in a while, now's a good time to jump in. Personally, I love it.

Of course, one of the perils of the desktop is that "desktop success" is so specific to each individual, since everyone has their own opinion about what a desktop should or must do. That means that even when we think about our "baseline" investment in the Linux desktop, someone's going to be disappointed. What's worse, it's very difficult to make money on a "baseline," since it's something that people just expect to have in the first place. Nevertheless, we spend a lot of time and money on getting these projects right because it is so important to the broader community and the success of our own products.

There's another category of desktop, let's call it the "enterprise desktop". This category requires features that just don't come naturally through a community, and they need some additional investment. The "enterprise desktop" customers who pay for a Linux desktop want that same functioning, useful "baseline" desktop, of course. They also want things like enterprise management features, security tools, compliance tools, identity management, and even simple things, like the windowing system should scale correctly when it's run in a VM on Windows.

You've probably already read my comments on the future of the desktop, and you know that I think the "enterprise desktop" market is changing dramatically. You can see this in how Microsoft has changed their own strategy. Among other things, tablets and phones are far more important than they were just five years ago. We don't think about the software on tablets and phones as part of our core business, so we've left that space alone. But their influence is still there, so the "enterprise desktop" features people are willing to pay for has changed, and that's has an influence on how we invest our resources.

There's a third category, which is the "technical workstation". These are power-hungry people with domain-specific applications, like 3D visualizations, animation, fluid dynamics simulations, stuff like that. They naturally gravitate to Linux because that's where the tools and research that makes them successful starts. We've had great success in that space, and we continue to make investments here.


How do you monetize Open Source?
by mykepredko

What would you recommend to somebody who feels they have a great application idea and are probably ready to go for angel/first round funding but feels that the application should be Open Source?

Do you put in customization/support as the way to fund the endeavor long term or is there another approach for the OSS conscious entrepreneur?

JW: Open sourcing an idea is great because you will be able to innovate faster with the community than you would by going it alone. There are many, many open source startups doing exciting things, and many with VC backing. So, there is clearly a path for the OSS conscious entrepreneur. Red Hat chose a subscription model for our business; others have gone the customization/open core route. We believe in an upstream first development model, so open core/customization does not work for us. But, there are certainly many successful open source companies that use this model, and the true answer here is that there are likely a lot of variables depending on what your app is focused on.

Most importantly, recognize the value of the open source development model is around user participation. So building a business model around open source starts with a clear, deliberate strategy on how to get others with different perspectives and expertise involved in writing the code. If you don't have others actively involved in writing the code, then it's hard to get the leverage you need for an open source model to work.

Building a new community is hard. We've started a few at Red Hat, but most of the time we look for existing ones that already have a robust community. Where a robust community exists, open source always wins. From a business model perspective, recognize that you can't sell the value of the functionality, because the functionality is free. So think hard about how you add value around that functionality. For Red Hat products it's typically a combination of commitment to a defined life-cycle with the bits, downstream certifications/eco-system, ability to drive upstream roadmaps to meet our customers need, and support.


Open source?
by martiniturbide

What is the current commitment of Red Hat with open source for 2017? Redhat may be the most profitable software company that endorses open source for their products. What is the recommendation for other companies to be profitable and at the same time remain being good open source citizens?

JW: Red Hat's commitment to open source has never wavered. We are committed to having a 100% open source product portfolio, with an upstream first development model. This means that we do our work to get features integrated into open source projects before we integrate them into Red Hat products. Dave Neary from Red Hat's Open Source and Standards team wrote a good blog post about this approach. And we have followed through on this commitment even with the technologies we acquire â" something I think is pretty unique to Red Hat. In the last few months, we've open-sourced Ansible Tower and Codenvy.

My recommendation to other companies: contribute. In the last few years, we've seen a lot of new voices championing open source. That's great to see, even when it's your competitors. Faster innovation and more choice is always a good thing. But, open source is a commitment, not a buzz phrase. Companies that want to be good open source citizens need to walk the walk. Another must-read on Red Hat's commitment here is this blog post from Paul Cormier.


Building a strong company
by resplin

Red Hat has distinguished itself through its commitment to open source and its ability to remain profitable.

Mike Olson famously said "you can't build a successful stand-alone company purely on open source." He argues that you cannot scale an open source model that does not rely on selling proprietary components because it is too easy for competitors to undercut a vendor's services offerings when they don't have to pay for R&D.

How do you feel about that assessment? Is Red Hat's success impossible to replicate by other open source companies?

JW: First off, let me say that Mike is a great guy. I've known him for many years, since I first joined Red Hat. And I want to applaud him for his work in driving Cloudera to where it is today. I'm thrilled to see their success. But in regards to open source business models, we've agreed to disagree.

I'd argue that Red Hat is a successful company by many metrics, built purely on open source. My contention is that too few open source companies follow the Red Hat model. I don't want to overly bash open core models. Some will be successful, but competitively, I'd argue that there's no faster way to innovate at scale than through open source communities. We've said before that half open is still half closed. I think it's too easy for early adopters to find workarounds to open core offerings, which can hurt a business when it moves past the early adopter phase.

I refer to this a bit earlier in the Q&A, but the important thing to remember in an open source business model is that YOU CAN'T SELL FUNCTIONALITY because it is available for free. If you just think about functionality, then Mike is probably right - you need to add proprietary code that you can sell. But implementing a piece of software in an enterprise context is about so much more than the functionality.

Red Hat is successful because we obsess about finding ways to add value around the code for each of our products. We think of ourselves as helping make open source innovation easily consumable for enterprise customers. Just one example: For all of our products, we focus on life-cycle. Open source is a great development model, but it's "release early, release often" style makes implementing it in production difficult. One important value we play in Linux is that we backport bug fixes and security updates in supported kernels for over a decade, all while never breaking ABI compatibility. That has huge value for enterprises running long-lived applications. We go through this type of process against all of the projects we chose to productize to determine how we add value beyond the source code.

I would agree that this type of business model won't work across every technology category. At Red Hat, we look very deeply at the categories we've expanded into to ask ourselves whether our model can be effective and make an impact in a given space.

What advice do you have for building a sustainable business, especially one that is driven by open source values?

JW: Start off by reading a couple of answers above. To summarize:

1. Start (or find) an open source project that truly benefits from broad participation and work to build (or become involved) in that project. Projects where participation benefits the quality and innovation of the code are inherently advantaged over proprietary code. So you can check the first box - a technology that is superior to competitors.

2. Identify how you can uniquely add value to that technology that transcends the code. This is what I talk about above. The code is free. It's better because of yours and others' contributions. But those are freely given and free to use and therefore are very hard to monetize. Focus on how customers might implement the technology. For Red Hat, we like layers in the stack that are run-times, where enterprises will likely want long-lived support. We also like layers where hardware touches software, because there is huge value in standardization and certifications, which are not attached to the code, but to the products that we rigorously test and build joint support mechanisms for with the hardware vendors. If you identify this, you are well on your way - you have a project that is superior to competitors' and you have a vehicle to uniquely add value to that project in your product.

3. Surround yourself with like-minded, passionate people. Culture always trumps strategy. That's a short paraphrase of a famous quote. Companies too often fail because of internal strife, ethical failings, or simply losing their way. I know that startups have to begin with a product and business model, but durable success happens via people working together to make it a reality. And that's all about culture and leadership.


Recruiting open source talent
by resplin

As Red Hat has scaled, it has to remain staffed with all types of non-technical business professionals. How do you help these professionals learn to "sell free software"? Has it been difficult to train these professionals on the open source business model?

JW: I think that anyone can pretty easily put themselves in our customers' shoes and understand the benefits of open source. For one, no one wants to feel locked into a proprietary solution or data format. We all want choice and flexibility, and open source is a great way to enable that.

For another, everybody wants access to rapidly innovating technology that helps solve their business problems, and our model gives them the ability to consume the latest and greatest technology, but in a way that's stable and secure for the enterprise.

And finally, everybody's experienced the frustration of having something in their car break and not having access to fix it. It seems like many companies deliberately make it difficult for their customers to tinker with or improve their products. Open source is the exact opposite -- we welcome people to take a look under the hood, see how things work or why they're broken, and roll up their sleeves to contribute if they want to make it better. All in all, it's a pretty simple and compelling value proposition that even someone brand new to our company can understand.


Coding Chops
by CrashNBrn

So who wins in a "code off" ?

Jim Whitehurst, Mark Shuttleworth, Tim Cook, Larry Page, or Satya Nadella.

JW: That's a tough one, but I think I could at least compete! I wasn't new to Linux when I joined Red Hat. I'm actually working towards my Red Hat Certified System Administrator (RHCSA) now. It's not an easy certification to get - if I'm successful, I think I'll have hopefully proven my chops. I can compile a Linux kernel and kernel modules and can build pretty decent apps. Though OpenShift makes building apps so easy, I'm not sure that's a huge distinction. (Note: Shameless plug!)

But the actual answer to your question is Linus Torvalds. He really should be on that list!


A long term view on IoT security?
by mlts

Are there any plans or products to help with IoT security?

RedHat is one of the few companies that can step in and do something in regards to device security, even when device makers have little to no interest in this topic, as to them, security has no ROI, or as one IoT company exec told me, "the only person that has ever made money from a padlock is the lock maker."

Being able to lure IoT vendors to use secure tools wouldn't just benefit them, but it would benefit the Internet in a whole. Even something like manifest lists that interact with FirewallD to ensure a device is only able to communicate with authorized devices and cannot take input/output from rogue sources would improve the IoT ecosystem tremendously.

JW: We are already helping with IoT security indirectly. Open source and Linux powers nearly every IoT device that exists. This is an example of open source winning, you can't escape its reach any longer. That said Red Hat has always been a substantial contributor to open source projects and security is always a part of this collaboration. We were doing security before security was cool.

Rather than putting a focus on individual IoT devices, our focus is on the open source ecosystem as a whole. This is an instance where a rising tide lifts all boats. The goal is not help a single device or vendor, but to work on features that will affect the entire industry. By focusing on improving security in the Kernel, the compiler, glibc, the libraries used, even in the graphical user interfaces, we are helping build the future of IoT device security. IoT is changing the rules and perception around security. There is a lot of opportunity to get IoT security right, which means we have to focus on getting open source security right. We all win or we all lose when it comes to IoT security.


OpenStack vs AWS
by resplin

How can we improve the future of OpenStack? The dominance of Amazon has challenged the relevance of well funded players like Microsoft, Google, and IBM. How can OpenStack compete? The network effects around a dominant cloud platform threaten to relegate OpenStack to be a long term niche player, like Linux on the desktop. How can we avoid this fate?

JW: Most important is that the hybrid cloud is real, and it's increasingly part of the dialog we have with users and customers. Cloud isn't either-or. You can have a mutli-cloud deployment where you are using OpenStack for some workloads and AWS for others. We consistently hear from our customers and users that they are in public clouds like AWS *and* their on-premise cloud deployments. The public cloud providers are all great partners of ours, and I view OpenStack as a complementary technology to them.


As corporate IT loads shift to public clouds...
by Anonymous Coward

...does this marginalize the role of operating system vendors? I would imagine that most AWS customers would lean on Amazon for technical support rather than Red Hat.

JW: On the contrary, the emergence of public cloud has made the operating system even more relevant. There are several reasons why:

The first is around application mobility. The vast majority of customers I speak with plan to use more than one public cloud. So portability becomes a major requirement. And since OS is where the application ultimately touches computing resources, having an OS that can consistently run across all major platforms becomes even more important. As with any single platform provider, optimizations for provider unique hardware, architectures, or services may address specific situations in the OS and we have all seen how that played out in the single-source, vertically integrated Unix stacks - hence Linux. So we remain dogged in our drive in working with all our cloud, hardware, and software partners to ensure that RHEL (and all our products) enable as many platforms as possible to reinforce customer choice and application mobility.

Second, much of the value we provide in Linux is around life-cycle. We commit to a decade+ long life-cycle of patching and support of RHEL. That allows enterprises to confidently run long-lived applications on RHEL. That requires a massive engineering investment in skills, tools and processes. I guess others (like public clouds) could ultimately chose to do that, but it's a very different business than they are in today, and I'm not sure why they would chose to do that versus the many other areas of opportunity that more closely match their current capabilities.

Finally, new application models like containers and microservices are bringing the operating system to the forefront. Each and every container has its user-space dependencies in Linux in it, and therefore requires management of those components in the container regardless of where that container runs. As the leading Linux vendor and as a leader in many of the projects around containers, Red Hat is uniquely positioned to help customers as they build and deploy containers on public clouds or on premise.


Product vs Engineering
by Nite_Hawk

Hi Jim,

Thank you for answering our questions! How do you view top-down product driven development vs bottom-up engineering driven development? Are there situations where one excels vs the other?

JW: To be honest, I'm not sure I'm the right person to answer that question. I've had the great fortune of having a very strong engineering leadership team at Red Hat, so I have allowed them to drive how we engage with communities and build our products.

In a broad sense, Red Hat does a bit of both. Our business model is built from the project out to the product, because we so strongly believe in the power of user driven innovation. So I guess you could say that we are more bottom-up engineering developed. But a big part of our value is taking customer needs and driving those into upstream projects so that they end up in our products. So we really are a hybrid.


Puppet versus Ansible?
by waveclaw

Where do you see the configuration management market going in the next year or two?

JW: First things first, it's interesting to note that Ansible started as an orchestration platform that also happens to be able to do configuration management as well.

Orchestration is the hot topic right now for automation versus last year's configuration management tools. Ansible is more orchestration than configuration management. Puppet and Chef require tools like mCollective to pick up the orchestration piece. Red Hat now runs Tower. And Tower now ships as part of the Red Hat Ceph storage product. Red Hat's Satellite product is based on the Foreman which includes Salt, Puppet, Chef and Ansible support.

But where is this market heading? Are we likely to see consolidation? Integrations? Or even a flood of config management system tied products from vendors?

JW: Orchestration isn't a natural capability of many of the other tools on the market, but if you think about it, the ability to orchestrate configurations is really pretty critical. As it turns out, the order in which you provision IT applications and environments is really, really important. And Ansible handles this by design.

That being said, we have a number of customers that use other configuration management platforms like Puppet and Chef, and they use Ansible to deploy and manage agents, and then to orchestrate application deployments by deploying configurations as defined by these other tools. So really, it's easily a "yes, and" story, not an "either or".

Then we have Ansible Tower -- which actually, Red Hat was a paying Ansible Tower customer before we acquired them. Tower helps orgs operationalize automation across all their teams and IT environments in ways other tools cannot easily do otherwise. It's also key to plumbing automation into devops workflows.

There is some possible consolidation, but there's still a lot of market adoption to be had. We come across customers every day that have previously not used any configuration management solution at scale. This is a problem for those companies that want to scale, and running workloads in the cloud or with containers is nearly impossible without a mature automation and configuration management posture. So while there's some consolidation possible, there's still a lot of growth out there. As for config management being tied to vendors, I suspect that you'll continue to see other organizations mirror our approach to hybrid here. For an IT org that is trying to juggle deployments both on-premesis as well as in the cloud, they need tools that will work just as well in either location. This is a particular strength of things like Ansible.


Are there plans to tighten Ansible Integration
by waveclaw

We use and love Ansible, but it still seems to be a separate product. Are there plans to integrate it more? Having it as an integrated deployment option for JBOSS Operations network (JON) would be good.

JW: When we acquired Ansible, we knew we had to be careful not to immediately crush them with all of our scaling requirements. At this point, roughly 18 months post-acquisition, we can say that the Ansible team is heavily engaged with nearly every Red Hat product team. So whether you're talking about Red Hat Enterprise Linux, OpenStack, OpenShift Container Platform, Ceph Storage, CloudForms, Insights, or many of our other offerings, Ansible is either already integral to those offerings, or is being planned for a near release. It's an important piece across our portfolio.

Specifically to JBoss and our middleware offerings, several of our consulting teams came together to create a Ansible Roles to ease the deployment and management of various JBoss offerings. And I think that illustrates perfectly what Ansible means to us -- even our services teams are engaging in the Ansible community and getting involved. Which is both a testament to what Ansible can enable customers to do, but also to the love that so many different teams across Red Hat have for Ansible.


If meritocracy over democracy...
by turkeydance

if meritocracy over democracy is his choice, who decides what is "merit"?

JW: Great question. One thing that's important to me is that we continually question how well we apply the principle of meritocracy in practice. In general, we try to define our business goals and the problems we're trying to solve in clear and objective terms, so that it's obvious to everyone what the best and most feasible ideas are. You can get a feel for what kinds of information and detail we share internally by checking out the Open Decision Framework, which is a collection of our best practices for making open and inclusive decisions. We think of meritocracy as a leadership behavior, and you can see how we define it here. (PS: You can also find it on GitHub under a Creative Commons license.)

In practice at Red Hat, people with a long history of contribution and good ideas build their reputations as people to be listened to. It's not a perfect process, but because it is a "multi-round game" with reputations built over many interactions, it's a pretty good way for informal leaders to emerge.


Enterprise Desktop Market / Emerging / Demand
by GioMac

I am running more than 250 Linux desktops at the company and can get even more, but there is no centralized management solutions for that, and that's an issue with customization and security too. KDE desktop is very good at some point with it's ability to have strict configuration files and immutable options, that does about 25% of what we can get with Microsoft and Group Policy Object, and we see that a little effort is required to make things work.

Can we expect that Red Hat will enter that market in the nearest (3-4 Y) future?

JW: I appreciate the feedback and idea for a new market for us. Let me take that feedback back to our desktop team. I really can't talk about future product plans in this venue, but I'll make sure they know that you see an opportunity here.


RHCA Exams
by kamilyunis

My question is about Red Hat Certified Architect exams. It is very good and we are very happy about Red Hat's new subscription-based trainings. It is great. But when it comes to RHCA, it is limited for locations.

RHCA level exams are very expensive, and travel and accomodations make it more expensive. I am 2xRHCE, because of these exams is available in my location. Azerbaijan Baku, MIddle EAST, Caucasus does not have center to take exam. Please take this into consideration. Vmware, Cisco, Microsoft, AWS, OpenStack make their exams available in everywhere online, so it is easy for everyone to take it. Why open source company limits people passions to location.

I believe that me and people like me can become multi level RHCA if they get chance to take exam in their own location. And this will help recognition and value of RedHat in regions also. Please make this available as Cisco for us. At least make it possible on Kiosk In Georgia or Azerbaijan so we can take exams also. I am from Azerbaijan, Baku. With Loves to best open source company in the world.

JW: We recognize the need to reach people who are interested in certification throughout the world. We are constantly expanding our global testing options, and increasing the number of ways we offer testing for our certifications, including adding secure, preconfigured kiosks and laptops with our Red Hat Training Partners.


==========================================================================================================
Red Hat Enterprise Linux is too static to keep pace with kernel devel.
by nbritton

I have found that Red Hat Enterprise Linux is too stagnate / static to keep pace with the rate at which the kernel is now developed. The 3.10 kernel is four years old at this point and the fact that Red Hat Enterprise Linux 7 will be in production support until 2024 is disheartening because the enterprise industry will be a decade behind the latest kernel developments and updates from associated projects. Compared to other vendors' Linux offerings, when I use Red Hat Enterprise Linux I get the same feelings I got when I was force to use AIX, HP-UX, and Solaris. I hated administrating those products because they were stuck with defaults like ksh from a decade ago.

My question is, would Red Hat ever consider releasing a Linux distribution with a shorter development cycle and with more aggressive tracking of upstream projects? I see a place for a distribution that is somewhere in between Red Hat Enterprise Linux and Fedora. Perhaps you could morph or fork CentOS into the upstream development for Red Hat Enterprise Linux? For example: Upstream --> Fedora (Bleeding Edge) --> CentOS (Next Release of Red Hat Enterprise Linux) --> Red Hat Enterprise Linux. This would give system engineers and architects a greater range of products to choose from and it could help stabilize Red Hat Enterprise Linux even more then it already is.

In short, the Linux kernel is the largest and the fastest moving software project in the world, so what changes are you going to make to keep up with it?

.....................................................................................................................................................................................................................................

The Price of Reliability
by hcs_$reboot

Worked on SunOS, Solaris, MacOS, Red Hat, CentOS, and, more recently, Ubuntu. CIOs choose Red Hat mainly for support and reliability. Reliability is the word that comes to most engineers mind when the RH and CentOS OSes are mentioned (certainly for good reasons). Reliability mainly relies on using older kernels and features, that have been patched over and over ; sure, that works, reliability wise. But on a number of rather recent projects, comparing Ubuntu server and RH/CentOS, it appears setting services up (eg Samba) was way easier on the newer Ubuntues than on the latest RH/Centos (not mentioning the many issues migrating from 6 to 7) . Also, using newer kernels, Ubuntu performs well, taking advantage of the newest internals, memory management and sharing, IPC etc ... and no specific reliability issue (IMHO, reliability wise, Ubuntu and the like are as solid as RH nowadays).

Question: in 2017, does reliability still mean using long-tested, but older kernels and features?
==========================================================================================================

JW: There's a common misperception that Red Hat Enterprise Linux pulls a Fedora kernel and stays on it for 10+ years while the world moves onto newer kernel versions with better features and newer hardware. It's true that we standardize on a specific kernel version for the life of a major release, but that's not the whole story.

Our stability is actually in our kernel ABI (kABI), which is a promise of stability that a kernel developer can rely on for the life of a Red Hat Enterprise Linux release. When we release a major version of Red Hat Enterprise Linux we actually backport many key features from newer kernels, bugfixes, etc. and we do it in a surgical way that not only delivers new features and hardware on an older kernel, but also preserves the kABI. For example, Red Hat Enterprise Linux 6 was based on the 2.6.32, but when we released Red Hat Enterprise Linux 6 it also had an additional 2600 patches (features, hardware, bugfixes, CVEs) and this continues for the development life of the release. The stats on Red Hat Enterprise Linux 7 are similar. This provides a customer expected balance between stability and innovation. We also have a driver update program (DUP) that makes it easy to add kernel drivers prior to the public availability of the next minor release.

So don't take the kernel version at face value -- we spend a lot of time backporting newer kernel features into every major release! If you want the latest and greatest and don't care about kABI, ABI and long-term stability, Fedora is ready for you.

Enterprise customers continue to expect stability, security, scalability and reliability, but also want higher levels of automation and ease of use, multiple deployment methods (bare metal, virtualization, containers and cloud) and the new features as they appear upstream and with hardware and userspace tools that can help to exploit them. If we sense critical new features going upstream that will break kABI and can't be backported, we will plan accordingly.

You asked, he answered!

For Slashdot's 20th anniversary -- and the 23rd anniversary of the first release of Red Hat Linux -- here's a special treat.

Red Hat CEO Jim Whitehurst has responded to questions submitted by Slashdot readers. Read on for his answers...


What...
by Master5000

...is your day like?

JW: I can tell you this, no two days are the same. Broadly speaking, I strive to prioritize time with customers, partners, and Red Hat associates above other meetings.

When I'm in town, my day starts at 5:30 am with a run. I'll scan email and the news during breakfast and take my kids to school. My first calls usually start at 8 am as I'm driving to the office. Today for instance, I'll meet with a few members of our Corporate Leadership team. I'll then sit down with our chief technologist to hear what's happening in the Office of the CTO.

I usually grab lunch around 11:30 am. I tend to bring my lunch, but will occasionally head to our cafeteria for a sandwich or salad. In the afternoon, I'll get briefed on my schedule for some upcoming events, which will include meetings with partners, customer panels, press, and analysts. I usually spend a few hours a day responding to emails and coordinating activity through email. I try to get home by 6 pm to eat dinner with my family and spend time with my kids. I'll usually jump back on email once everyone is asleep before knocking out around 10 pm.


The plans for CentOS?
By Anonymous Coward

Now that CentOS has received a more official status in the Red Hat world, what are the plans for the project?

JW: The ecosystem around Red Hat Enterprise Linux is sprawling and complex, and that's one of our strengths. You have midnight hobbyists working together with multinational corporations. You have people working on GPU hardware, and you have people working on Ruby apps. Some want the latest-and-greatest, and some want to keep everything exactly the same for years and years. So lots of different kinds of people are doing lots of different kinds of work, and all of them are contributing to this massive project called "Red Hat Enterprise Linux". It's not surprising that we can't accommodate all of that innovation in a single project.

That's one of the reasons we split Fedora and Red Hat Enterprise Linux: we freed up Fedora to be innovative and move quickly, which freed Red Hat Enterprise Linux to be more careful, more conservative, and handle the very important and difficult work of stability and security for code that upstream communities have long since moved past. Fifteen years later, we're still very happy with how that's worked out, and Fedora remains a thriving engine for new ideas that make their way down into Red Hat Enterprise Linux and many other projects.

CentOS solves a very different problem for us. First, there are some people that we can't serve with Red Hat Enterprise Linux today, but we still want to participate in the Red Hat ecosystem. Folks using Xen, for example, may not be able to run today's Red Hat Enterprise Linux, but they can absolutely work with the CentOS project and still participate in the broader ecosystem. Second, there are people and partners who are building software that needs a more stable, Red Hat Enterprise Linux-like lifecycle but want to experiment at the kernel level, stuff which would be impossible for us to support in Red Hat Enterprise Linux. OpenVSwitch and DPDK are a perfect example of this, and the CentOS SIG process has served them really well. They can do all the things they need to do in development and with their partner communities, and their innovations still pass from the upstream communities into Fedora, and ultimately into Red Hat Enterprise Linux, Red Hat Virtualization, and OpenStack.

Meanwhile, changes in hardware and software are changing how we think about a traditional operating system distribution. Things are more automated, hardware is moving faster and less predictably, and containers force us to differentiate between bringing up hardware and creating a stable platform for applications. To address all of these changes, Red Hat is going to need every element of our ecosystem -- Fedora, CentOS, and Red Hat Enterprise Linux -- to respond.


Systemd, WTF???
by rknop

As I understand it, one of the stated goals was to speed up boot times. It's had exactly the opposite effect on my Ubuntu system -- that is, when the boot doesn't die altogether when I try to mount NFS shares. (Also, thanks to systemd, I can't even *reboot* or shut down the machine when there's a hung NFS process. I am forced to hard-reset it.)

For years, warning flags have been raised about systemd. It more or less seems that we're bringing all the disadvantages of the Windows architecture to Linux, without any of the advantages of running Windows.

So, again: systemd, wtf???

JW: We had a lot of systemd questions, so I am replying to them all collectively.

==========================================================================================================
My question is related: is Red Hat, as an organization, at all concerned about the damage that systemd has done to Linux's usability, its reputation, and its community? Is Red Hat concerned with how systemd has driven so many Linux users to FreeBSD?

................................................................................................

And a follow up, why not spend some of RedHat's money on a sane init system?

I'm sure you can put a few dollars and bright minds on a system that works reliably. The last thing I want my embedded system to do is get hung up on an init failure.

................................................................................................

This begs the question, so I'll just ask it: Have any customers ever moved away from Red Hat because of systemd?
==========================================================================================================

JW: First, allow me to address why Red Hat adopted and invested in systemd as it helps to address many of the other questions. Traditional init systems, like System V init, served the UNIX and Linux communities well for decades, but that is a long time and it is not surprising that they have their limitations. The problems an init system needs to solve today are different from the ones that traditional init systems were solving in the 70's, 80's and even the 90's.

Red Hat considered many available options and even used Canonical's Upstart for Red Hat Enterprise Linux 6. Ultimately we chose systemd because it is the best architecture that provides the extensibility, simplicity, scalability, and well-defined interfaces to address the problems we see today and foresee in the future. Of all the passionate debates and disagreements, the fact remains that systemd is the cornerstone of nearly all Linux distributions on its own merits.

Any change like systemd is going to disruptive. We understand that many were not happy with this change and we appreciate the passion of the community. The continued growth and adoption of Red Hat Enterprise Linux, as well as other systemd based distributions, tell us that most users have embraced systemd and there was not a large exodus to FreeBSD or alternatives. We partner with the largest embedded vendors in the world, particularly in the telecom and automotive industries where stability and reliability is the number one concern. They easily adapted to systemd.

We see new users (both new to Linux and prior SysV init users) who truly take the time to learn systemd embrace the simplicity of the interface and its capabilities. We also hear that it is no more difficult to learn than the complexities of init and rc scripts to a new user. It's simply different.

The Debian community provides a thorough, independent evaluation of the systemd initsystem debate. Additionally, the systemd developers provide a list of the biggest myths around systemd.

There are some real advantages, too. Because systemd tracks processes at the service level, daemons can be properly killed, rather than trusting them to do the right thing. This also makes it easy to use cgroups to configure SLAs for CPU, memory, etc. Likewise, security with SELinux and sandboxing become much simpler. The dependency resolution between services is a significant improvement over the sequential ordering of the init rc script mechanism.

Looking forward to all of the exciting innovation taking place around large cloud scalability, OpenStack, Kubernetes, and Containers, we see continued integration and innovation with systemd that would either not be possible or very difficult with init based systems.

So we'll continue to invest in systemd, as it meets our customer's expectations around capabilities, stability, maturity, and community momentum. There's not a realistic alternative today that comes close in terms of adoption and functionality. That said, we're always watching how projects and communities evolve and in that way, systemd is no different from any other component that we ship.

Lastly, I wouldn't dare to debug anyone's setup here, but mounting NFS at boot time is notoriously problematic if you do not have highly available NFS servers. This is a problem that existed before systemd and I think it's much safer to use autofs to mount those volumes on demand or other mount options such as nofail or nobootwait. It is best to not blame systemd for issues that also affect init or are misconfigurations. Ironically, systemd provides more troubleshooting and debug options than init, so that might be helpful to you.


==========================================================================================================
Why isn't Linux on the desktop more widespread?
by snooo53

I'm curious your thoughts on why Linux hasn't grabbed more laptop/desktop marketshare from Windows and MacOS over the years? It seems that with the privacy concerns around Windows 10 and Apple's lack of focus on MacOS there may be a huge opportunity in the near future. What things need to happen in the consumer marketplace and within the OSS community for it to really take off? Can 2017 be the year of the Linux desktop?

................................................................................................

Why not have a consumer desktop?
by Danathar

Given Ubuntu's success at providing a stable, developed and popular desktop environment for non-technical consumer users, why doesn't Red Hat provide the same thing? Why is that right for Ubuntu but not Red Hat?

................................................................................................

Strategy
by olau

Red Hat is big and getting bigger. Where are you heading at the moment? Would Red Hat ever try to move into the the more consumer-focused places where Ubuntu has ventured, or is that just not profitable enough?

................................................................................................

Why does GNOME have such an unusable UI?
by Anonymous Coward

GNOME is a Red Hat project due to the amount of people and funding they get from Red Hat. Then, why does GNOME have such an unusable UI, particularly to the mayor audience of your products? The UI makes basic tasks such as switching between windows a chore unless you install shell extensions, which break frequently and cause unstability.

................................................................................................

Proprietary driver support
by ARos

Many proprietary hardware vendors continue not to take the Linux desktop and workstation markets seriously. Recall, e.g., Linus's rant against NVIDIA. As a leader in the Linux and FOSS communities, what will you do to persuade major vendors to write and maintain functional drivers for Red Hat Enterprise Linux and Fedora? ==========================================================================================================

JW: We also had a lot of great questions on the Linux desktop - let me try to answer collectively:

A functioning, useful desktop is obviously critical to the success of the Linux community. A nice GUI makes Linux more accessible and approachable, and that's why we continue to make investments in projects like GNOME, Wayland, and nouveau. Everyone benefits from improvements in this area, so let's call that the baseline. The primary driver for that work is in Fedora, and I was really glad to see such great reviews of F25. If you haven't tried Fedora in a while, now's a good time to jump in. Personally, I love it.

Of course, one of the perils of the desktop is that "desktop success" is so specific to each individual, since everyone has their own opinion about what a desktop should or must do. That means that even when we think about our "baseline" investment in the Linux desktop, someone's going to be disappointed. What's worse, it's very difficult to make money on a "baseline," since it's something that people just expect to have in the first place. Nevertheless, we spend a lot of time and money on getting these projects right because it is so important to the broader community and the success of our own products.

There's another category of desktop, let's call it the "enterprise desktop". This category requires features that just don't come naturally through a community, and they need some additional investment. The "enterprise desktop" customers who pay for a Linux desktop want that same functioning, useful "baseline" desktop, of course. They also want things like enterprise management features, security tools, compliance tools, identity management, and even simple things, like the windowing system should scale correctly when it's run in a VM on Windows.

You've probably already read my comments on the future of the desktop, and you know that I think the "enterprise desktop" market is changing dramatically. You can see this in how Microsoft has changed their own strategy. Among other things, tablets and phones are far more important than they were just five years ago. We don't think about the software on tablets and phones as part of our core business, so we've left that space alone. But their influence is still there, so the "enterprise desktop" features people are willing to pay for has changed, and that's has an influence on how we invest our resources.

There's a third category, which is the "technical workstation". These are power-hungry people with domain-specific applications, like 3D visualizations, animation, fluid dynamics simulations, stuff like that. They naturally gravitate to Linux because that's where the tools and research that makes them successful starts. We've had great success in that space, and we continue to make investments here.


How do you monetize Open Source?
by mykepredko

What would you recommend to somebody who feels they have a great application idea and are probably ready to go for angel/first round funding but feels that the application should be Open Source?

Do you put in customization/support as the way to fund the endeavor long term or is there another approach for the OSS conscious entrepreneur?

JW: Open sourcing an idea is great because you will be able to innovate faster with the community than you would by going it alone. There are many, many open source startups doing exciting things, and many with VC backing. So, there is clearly a path for the OSS conscious entrepreneur. Red Hat chose a subscription model for our business; others have gone the customization/open core route. We believe in an upstream first development model, so open core/customization does not work for us. But, there are certainly many successful open source companies that use this model, and the true answer here is that there are likely a lot of variables depending on what your app is focused on.

Most importantly, recognize the value of the open source development model is around user participation. So building a business model around open source starts with a clear, deliberate strategy on how to get others with different perspectives and expertise involved in writing the code. If you don't have others actively involved in writing the code, then it's hard to get the leverage you need for an open source model to work.

Building a new community is hard. We've started a few at Red Hat, but most of the time we look for existing ones that already have a robust community. Where a robust community exists, open source always wins. From a business model perspective, recognize that you can't sell the value of the functionality, because the functionality is free. So think hard about how you add value around that functionality. For Red Hat products it's typically a combination of commitment to a defined life-cycle with the bits, downstream certifications/eco-system, ability to drive upstream roadmaps to meet our customers need, and support.


Open source?
by martiniturbide

What is the current commitment of Red Hat with open source for 2017? Redhat may be the most profitable software company that endorses open source for their products. What is the recommendation for other companies to be profitable and at the same time remain being good open source citizens?

JW: Red Hat's commitment to open source has never wavered. We are committed to having a 100% open source product portfolio, with an upstream first development model. This means that we do our work to get features integrated into open source projects before we integrate them into Red Hat products. Dave Neary from Red Hat's Open Source and Standards team wrote a good blog post about this approach. And we have followed through on this commitment even with the technologies we acquire â" something I think is pretty unique to Red Hat. In the last few months, we've open-sourced Ansible Tower and Codenvy.

My recommendation to other companies: contribute. In the last few years, we've seen a lot of new voices championing open source. That's great to see, even when it's your competitors. Faster innovation and more choice is always a good thing. But, open source is a commitment, not a buzz phrase. Companies that want to be good open source citizens need to walk the walk. Another must-read on Red Hat's commitment here is this blog post from Paul Cormier.


Building a strong company
by resplin

Red Hat has distinguished itself through its commitment to open source and its ability to remain profitable.

Mike Olson famously said "you can't build a successful stand-alone company purely on open source." He argues that you cannot scale an open source model that does not rely on selling proprietary components because it is too easy for competitors to undercut a vendor's services offerings when they don't have to pay for R&D.

How do you feel about that assessment? Is Red Hat's success impossible to replicate by other open source companies?

JW: First off, let me say that Mike is a great guy. I've known him for many years, since I first joined Red Hat. And I want to applaud him for his work in driving Cloudera to where it is today. I'm thrilled to see their success. But in regards to open source business models, we've agreed to disagree.

I'd argue that Red Hat is a successful company by many metrics, built purely on open source. My contention is that too few open source companies follow the Red Hat model. I don't want to overly bash open core models. Some will be successful, but competitively, I'd argue that there's no faster way to innovate at scale than through open source communities. We've said before that half open is still half closed. I think it's too easy for early adopters to find workarounds to open core offerings, which can hurt a business when it moves past the early adopter phase.

I refer to this a bit earlier in the Q&A, but the important thing to remember in an open source business model is that YOU CAN'T SELL FUNCTIONALITY because it is available for free. If you just think about functionality, then Mike is probably right - you need to add proprietary code that you can sell. But implementing a piece of software in an enterprise context is about so much more than the functionality.

Red Hat is successful because we obsess about finding ways to add value around the code for each of our products. We think of ourselves as helping make open source innovation easily consumable for enterprise customers. Just one example: For all of our products, we focus on life-cycle. Open source is a great development model, but it's "release early, release often" style makes implementing it in production difficult. One important value we play in Linux is that we backport bug fixes and security updates in supported kernels for over a decade, all while never breaking ABI compatibility. That has huge value for enterprises running long-lived applications. We go through this type of process against all of the projects we chose to productize to determine how we add value beyond the source code.

I would agree that this type of business model won't work across every technology category. At Red Hat, we look very deeply at the categories we've expanded into to ask ourselves whether our model can be effective and make an impact in a given space.

What advice do you have for building a sustainable business, especially one that is driven by open source values?

JW: Start off by reading a couple of answers above. To summarize:

1. Start (or find) an open source project that truly benefits from broad participation and work to build (or become involved) in that project. Projects where participation benefits the quality and innovation of the code are inherently advantaged over proprietary code. So you can check the first box - a technology that is superior to competitors.

2. Identify how you can uniquely add value to that technology that transcends the code. This is what I talk about above. The code is free. It's better because of yours and others' contributions. But those are freely given and free to use and therefore are very hard to monetize. Focus on how customers might implement the technology. For Red Hat, we like layers in the stack that are run-times, where enterprises will likely want long-lived support. We also like layers where hardware touches software, because there is huge value in standardization and certifications, which are not attached to the code, but to the products that we rigorously test and build joint support mechanisms for with the hardware vendors. If you identify this, you are well on your way - you have a project that is superior to competitors' and you have a vehicle to uniquely add value to that project in your product.

3. Surround yourself with like-minded, passionate people. Culture always trumps strategy. That's a short paraphrase of a famous quote. Companies too often fail because of internal strife, ethical failings, or simply losing their way. I know that startups have to begin with a product and business model, but durable success happens via people working together to make it a reality. And that's all about culture and leadership.


Recruiting open source talent
by resplin

As Red Hat has scaled, it has to remain staffed with all types of non-technical business professionals. How do you help these professionals learn to "sell free software"? Has it been difficult to train these professionals on the open source business model?

JW: I think that anyone can pretty easily put themselves in our customers' shoes and understand the benefits of open source. For one, no one wants to feel locked into a proprietary solution or data format. We all want choice and flexibility, and open source is a great way to enable that.

For another, everybody wants access to rapidly innovating technology that helps solve their business problems, and our model gives them the ability to consume the latest and greatest technology, but in a way that's stable and secure for the enterprise.

And finally, everybody's experienced the frustration of having something in their car break and not having access to fix it. It seems like many companies deliberately make it difficult for their customers to tinker with or improve their products. Open source is the exact opposite -- we welcome people to take a look under the hood, see how things work or why they're broken, and roll up their sleeves to contribute if they want to make it better. All in all, it's a pretty simple and compelling value proposition that even someone brand new to our company can understand.


Coding Chops
by CrashNBrn

So who wins in a "code off" ?

Jim Whitehurst, Mark Shuttleworth, Tim Cook, Larry Page, or Satya Nadella.

JW: That's a tough one, but I think I could at least compete! I wasn't new to Linux when I joined Red Hat. I'm actually working towards my Red Hat Certified System Administrator (RHCSA) now. It's not an easy certification to get - if I'm successful, I think I'll have hopefully proven my chops. I can compile a Linux kernel and kernel modules and can build pretty decent apps. Though OpenShift makes building apps so easy, I'm not sure that's a huge distinction. (Note: Shameless plug!)

But the actual answer to your question is Linus Torvalds. He really should be on that list!


A long term view on IoT security?
by mlts

Are there any plans or products to help with IoT security?

RedHat is one of the few companies that can step in and do something in regards to device security, even when device makers have little to no interest in this topic, as to them, security has no ROI, or as one IoT company exec told me, "the only person that has ever made money from a padlock is the lock maker."

Being able to lure IoT vendors to use secure tools wouldn't just benefit them, but it would benefit the Internet in a whole. Even something like manifest lists that interact with FirewallD to ensure a device is only able to communicate with authorized devices and cannot take input/output from rogue sources would improve the IoT ecosystem tremendously.

JW: We are already helping with IoT security indirectly. Open source and Linux powers nearly every IoT device that exists. This is an example of open source winning, you can't escape its reach any longer. That said Red Hat has always been a substantial contributor to open source projects and security is always a part of this collaboration. We were doing security before security was cool.

Rather than putting a focus on individual IoT devices, our focus is on the open source ecosystem as a whole. This is an instance where a rising tide lifts all boats. The goal is not help a single device or vendor, but to work on features that will affect the entire industry. By focusing on improving security in the Kernel, the compiler, glibc, the libraries used, even in the graphical user interfaces, we are helping build the future of IoT device security. IoT is changing the rules and perception around security. There is a lot of opportunity to get IoT security right, which means we have to focus on getting open source security right. We all win or we all lose when it comes to IoT security.


OpenStack vs AWS
by resplin

How can we improve the future of OpenStack? The dominance of Amazon has challenged the relevance of well funded players like Microsoft, Google, and IBM. How can OpenStack compete? The network effects around a dominant cloud platform threaten to relegate OpenStack to be a long term niche player, like Linux on the desktop. How can we avoid this fate?

JW: Most important is that the hybrid cloud is real, and it's increasingly part of the dialog we have with users and customers. Cloud isn't either-or. You can have a mutli-cloud deployment where you are using OpenStack for some workloads and AWS for others. We consistently hear from our customers and users that they are in public clouds like AWS *and* their on-premise cloud deployments. The public cloud providers are all great partners of ours, and I view OpenStack as a complementary technology to them.


As corporate IT loads shift to public clouds...
by Anonymous Coward

...does this marginalize the role of operating system vendors? I would imagine that most AWS customers would lean on Amazon for technical support rather than Red Hat.

JW: On the contrary, the emergence of public cloud has made the operating system even more relevant. There are several reasons why:

The first is around application mobility. The vast majority of customers I speak with plan to use more than one public cloud. So portability becomes a major requirement. And since OS is where the application ultimately touches computing resources, having an OS that can consistently run across all major platforms becomes even more important. As with any single platform provider, optimizations for provider unique hardware, architectures, or services may address specific situations in the OS and we have all seen how that played out in the single-source, vertically integrated Unix stacks - hence Linux. So we remain dogged in our drive in working with all our cloud, hardware, and software partners to ensure that RHEL (and all our products) enable as many platforms as possible to reinforce customer choice and application mobility.

Second, much of the value we provide in Linux is around life-cycle. We commit to a decade+ long life-cycle of patching and support of RHEL. That allows enterprises to confidently run long-lived applications on RHEL. That requires a massive engineering investment in skills, tools and processes. I guess others (like public clouds) could ultimately chose to do that, but it's a very different business than they are in today, and I'm not sure why they would chose to do that versus the many other areas of opportunity that more closely match their current capabilities.

Finally, new application models like containers and microservices are bringing the operating system to the forefront. Each and every container has its user-space dependencies in Linux in it, and therefore requires management of those components in the container regardless of where that container runs. As the leading Linux vendor and as a leader in many of the projects around containers, Red Hat is uniquely positioned to help customers as they build and deploy containers on public clouds or on premise.


Product vs Engineering
by Nite_Hawk

Hi Jim,

Thank you for answering our questions! How do you view top-down product driven development vs bottom-up engineering driven development? Are there situations where one excels vs the other?

JW: To be honest, I'm not sure I'm the right person to answer that question. I've had the great fortune of having a very strong engineering leadership team at Red Hat, so I have allowed them to drive how we engage with communities and build our products.

In a broad sense, Red Hat does a bit of both. Our business model is built from the project out to the product, because we so strongly believe in the power of user driven innovation. So I guess you could say that we are more bottom-up engineering developed. But a big part of our value is taking customer needs and driving those into upstream projects so that they end up in our products. So we really are a hybrid.


Puppet versus Ansible?
by waveclaw

Where do you see the configuration management market going in the next year or two?

JW: First things first, it's interesting to note that Ansible started as an orchestration platform that also happens to be able to do configuration management as well.

Orchestration is the hot topic right now for automation versus last year's configuration management tools. Ansible is more orchestration than configuration management. Puppet and Chef require tools like mCollective to pick up the orchestration piece. Red Hat now runs Tower. And Tower now ships as part of the Red Hat Ceph storage product. Red Hat's Satellite product is based on the Foreman which includes Salt, Puppet, Chef and Ansible support.

But where is this market heading? Are we likely to see consolidation? Integrations? Or even a flood of config management system tied products from vendors?

JW: Orchestration isn't a natural capability of many of the other tools on the market, but if you think about it, the ability to orchestrate configurations is really pretty critical. As it turns out, the order in which you provision IT applications and environments is really, really important. And Ansible handles this by design.

That being said, we have a number of customers that use other configuration management platforms like Puppet and Chef, and they use Ansible to deploy and manage agents, and then to orchestrate application deployments by deploying configurations as defined by these other tools. So really, it's easily a "yes, and" story, not an "either or".

Then we have Ansible Tower -- which actually, Red Hat was a paying Ansible Tower customer before we acquired them. Tower helps orgs operationalize automation across all their teams and IT environments in ways other tools cannot easily do otherwise. It's also key to plumbing automation into devops workflows.

There is some possible consolidation, but there's still a lot of market adoption to be had. We come across customers every day that have previously not used any configuration management solution at scale. This is a problem for those companies that want to scale, and running workloads in the cloud or with containers is nearly impossible without a mature automation and configuration management posture. So while there's some consolidation possible, there's still a lot of growth out there. As for config management being tied to vendors, I suspect that you'll continue to see other organizations mirror our approach to hybrid here. For an IT org that is trying to juggle deployments both on-premesis as well as in the cloud, they need tools that will work just as well in either location. This is a particular strength of things like Ansible.


Are there plans to tighten Ansible Integration
by waveclaw

We use and love Ansible, but it still seems to be a separate product. Are there plans to integrate it more? Having it as an integrated deployment option for JBOSS Operations network (JON) would be good.

JW: When we acquired Ansible, we knew we had to be careful not to immediately crush them with all of our scaling requirements. At this point, roughly 18 months post-acquisition, we can say that the Ansible team is heavily engaged with nearly every Red Hat product team. So whether you're talking about Red Hat Enterprise Linux, OpenStack, OpenShift Container Platform, Ceph Storage, CloudForms, Insights, or many of our other offerings, Ansible is either already integral to those offerings, or is being planned for a near release. It's an important piece across our portfolio.

Specifically to JBoss and our middleware offerings, several of our consulting teams came together to create a Ansible Roles to ease the deployment and management of various JBoss offerings. And I think that illustrates perfectly what Ansible means to us -- even our services teams are engaging in the Ansible community and getting involved. Which is both a testament to what Ansible can enable customers to do, but also to the love that so many different teams across Red Hat have for Ansible.


If meritocracy over democracy...
by turkeydance

if meritocracy over democracy is his choice, who decides what is "merit"?

JW: Great question. One thing that's important to me is that we continually question how well we apply the principle of meritocracy in practice. In general, we try to define our business goals and the problems we're trying to solve in clear and objective terms, so that it's obvious to everyone what the best and most feasible ideas are. You can get a feel for what kinds of information and detail we share internally by checking out the Open Decision Framework, which is a collection of our best practices for making open and inclusive decisions. We think of meritocracy as a leadership behavior, and you can see how we define it here. (PS: You can also find it on GitHub under a Creative Commons license.)

In practice at Red Hat, people with a long history of contribution and good ideas build their reputations as people to be listened to. It's not a perfect process, but because it is a "multi-round game" with reputations built over many interactions, it's a pretty good way for informal leaders to emerge.


Enterprise Desktop Market / Emerging / Demand
by GioMac

I am running more than 250 Linux desktops at the company and can get even more, but there is no centralized management solutions for that, and that's an issue with customization and security too. KDE desktop is very good at some point with it's ability to have strict configuration files and immutable options, that does about 25% of what we can get with Microsoft and Group Policy Object, and we see that a little effort is required to make things work.

Can we expect that Red Hat will enter that market in the nearest (3-4 Y) future?

JW: I appreciate the feedback and idea for a new market for us. Let me take that feedback back to our desktop team. I really can't talk about future product plans in this venue, but I'll make sure they know that you see an opportunity here.


RHCA Exams
by kamilyunis

My question is about Red Hat Certified Architect exams. It is very good and we are very happy about Red Hat's new subscription-based trainings. It is great. But when it comes to RHCA, it is limited for locations.

RHCA level exams are very expensive, and travel and accomodations make it more expensive. I am 2xRHCE, because of these exams is available in my location. Azerbaijan Baku, MIddle EAST, Caucasus does not have center to take exam. Please take this into consideration. Vmware, Cisco, Microsoft, AWS, OpenStack make their exams available in everywhere online, so it is easy for everyone to take it. Why open source company limits people passions to location.

I believe that me and people like me can become multi level RHCA if they get chance to take exam in their own location. And this will help recognition and value of RedHat in regions also. Please make this available as Cisco for us. At least make it possible on Kiosk In Georgia or Azerbaijan so we can take exams also. I am from Azerbaijan, Baku. With Loves to best open source company in the world.

JW: We recognize the need to reach people who are interested in certification throughout the world. We are constantly expanding our global testing options, and increasing the number of ways we offer testing for our certifications, including adding secure, preconfigured kiosks and laptops with our Red Hat Training Partners.


==========================================================================================================
Red Hat Enterprise Linux is too static to keep pace with kernel devel.
by nbritton

I have found that Red Hat Enterprise Linux is too stagnate / static to keep pace with the rate at which the kernel is now developed. The 3.10 kernel is four years old at this point and the fact that Red Hat Enterprise Linux 7 will be in production support until 2024 is disheartening because the enterprise industry will be a decade behind the latest kernel developments and updates from associated projects. Compared to other vendors' Linux offerings, when I use Red Hat Enterprise Linux I get the same feelings I got when I was force to use AIX, HP-UX, and Solaris. I hated administrating those products because they were stuck with defaults like ksh from a decade ago.

My question is, would Red Hat ever consider releasing a Linux distribution with a shorter development cycle and with more aggressive tracking of upstream projects? I see a place for a distribution that is somewhere in between Red Hat Enterprise Linux and Fedora. Perhaps you could morph or fork CentOS into the upstream development for Red Hat Enterprise Linux? For example: Upstream --> Fedora (Bleeding Edge) --> CentOS (Next Release of Red Hat Enterprise Linux) --> Red Hat Enterprise Linux. This would give system engineers and architects a greater range of products to choose from and it could help stabilize Red Hat Enterprise Linux even more then it already is.

In short, the Linux kernel is the largest and the fastest moving software project in the world, so what changes are you going to make to keep up with it?

.....................................................................................................................................................................................................................................

The Price of Reliability
by hcs_$reboot

Worked on SunOS, Solaris, MacOS, Red Hat, CentOS, and, more recently, Ubuntu. CIOs choose Red Hat mainly for support and reliability. Reliability is the word that comes to most engineers mind when the RH and CentOS OSes are mentioned (certainly for good reasons). Reliability mainly relies on using older kernels and features, that have been patched over and over ; sure, that works, reliability wise. But on a number of rather recent projects, comparing Ubuntu server and RH/CentOS, it appears setting services up (eg Samba) was way easier on the newer Ubuntues than on the latest RH/Centos (not mentioning the many issues migrating from 6 to 7) . Also, using newer kernels, Ubuntu performs well, taking advantage of the newest internals, memory management and sharing, IPC etc ... and no specific reliability issue (IMHO, reliability wise, Ubuntu and the like are as solid as RH nowadays).

Question: in 2017, does reliability still mean using long-tested, but older kernels and features?
==========================================================================================================

JW: There's a common misperception that Red Hat Enterprise Linux pulls a Fedora kernel and stays on it for 10+ years while the world moves onto newer kernel versions with better features and newer hardware. It's true that we standardize on a specific kernel version for the life of a major release, but that's not the whole story.

Our stability is actually in our kernel ABI (kABI), which is a promise of stability that a kernel developer can rely on for the life of a Red Hat Enterprise Linux release. When we release a major version of Red Hat Enterprise Linux we actually backport many key features from newer kernels, bugfixes, etc. and we do it in a surgical way that not only delivers new features and hardware on an older kernel, but also preserves the kABI. For example, Red Hat Enterprise Linux 6 was based on the 2.6.32, but when we released Red Hat Enterprise Linux 6 it also had an additional 2600 patches (features, hardware, bugfixes, CVEs) and this continues for the development life of the release. The stats on Red Hat Enterprise Linux 7 are similar. This provides a customer expected balance between stability and innovation. We also have a driver update program (DUP) that makes it easy to add kernel drivers prior to the public availability of the next minor release.

So don't take the kernel version at face value -- we spend a lot of time backporting newer kernel features into every major release! If you want the latest and greatest and don't care about kABI, ABI and long-term stability, Fedora is ready for you.

Enterprise customers continue to expect stability, security, scalability and reliability, but also want higher levels of automation and ease of use, multiple deployment methods (bare metal, virtualization, containers and cloud) and the new features as they appear upstream and with hardware and userspace tools that can help to exploit them. If we sense critical new features going upstream that will break kABI and can't be backported, we will plan accordingly.

"San Francisco company Purism announced that they are now offering their Librem laptops with the Intel Management Engine disabled," writes Slashdot reader boudie2. Purism describes Management Engine as "a separate CPU that can run and control a computer even when powered off."

HardOCP reports that Management Engine "is widely despised by security professionals and privacy advocates because it relies on signed and secret Intel code, isn't easily alterable, isn't fully documented, and has been found to be vulnerable to exploitation... In short, it's a tiny potentially hackable computer in your computer that you cannot totally control, nor opt-out of, but it can totally control your system."

Purism writes: Disabling the Management Engine is no easy task, and it has taken security researchers years to find a way to properly and verifiably disable it. Purism, because it runs coreboot and maintains its own BIOS firmware update process, has been able to release and ship coreboot that disables the Management Engine from running, directly halting the ME CPU without the ability of recovery... "Disabling the Management Engine, long believed to be impossible, is now possible and available in all current Librem laptops. It is also available as a software update for previously shipped recent Librem laptops," says Todd Weaver, Founder & CEO of Purism.

"In a brutal reminder of the secrecy tech companies enforce on employees, Apple recently fired an employee after his daughter posted a video of the iPhone X," writes long-time Slashdot reader HockeyPuck. Engadget reports: His daughter took down the video as soon as Apple requested it, but the takedown came too late to prevent the clip from going viral, leading to seemingly endless reposts and commentary... [I]t's important to stress that this wasn't a garden variety iPhone X. As an employee device, it had sensitive information like codenames for unreleased products and staff-specific QR codes. Combine that with Apple's general prohibition of recording video on campus (even at relatively open spaces like Caffe Macs) and this wasn't so much about maintaining the surprise as making sure that corporate secrets didn't get out. Apple certainly didn't want to send the message that recording pre-release devices was acceptable. All the same, it's hard not to sympathize -- the [radiofrequecy] engineer had poured his heart into the iPhone X, only to be let go the week before the handset reaches customers.
In a new follow-up video, the former Apple engineer's daughter says "I had no idea this was a violation," adding that her father "takes full reponsibility for letting me film his iPhone X." Here's some more quotes from her video.

• "I made this little innocent video that was just supposed to be a fun memory of me and my family... It suddenly went viral, and I have no idea how my video got so much attention considering how many other iPhone X videos there are out there from other YouTubers..."

• "At the end of the day when you work for Apple, it doesn't matter how good of a person you are, if you break a rule, they just have no tolerance. They had to do what they had to do. I'm not mad at Apple. I'm not going to stop buying Apple products. Rules are in place for the happiness and for the safety of workers, and my dad takes absolutely full responsibility for the one rule that he broke."

• "It was an innocent thing, and to be honest I think Apple is going to do a much better job from here on out in addressing the rules and making sure that everybody is aware of the rules. And it was an innocent mistake, and he fully apologizes."

• "We're not angry. We're not bitter. My dad had a really great run at Apple, and he appreciates that company for everything they did for his career. My dad's gonna be okay... And yeah, I don't think he deserves this, but we're okay. We're good."

• [She breaks into tears when defending her father from critical commenters on YouTube.] "Apple really did like my dad. And they let him go. Because -- because he broke a rule. So my advice to people out there is to just not overlook rules when you're in the workplace or when you're in school or when you're at home."

While Whole Foods "strategically marked down select items like avocados and almond milk, overall prices have dropped very slightly -- about 1 percent -- since Amazon ownership, according to an analysis by research firm Gordon Haskett." An anonymous reader quotes Bustle: This hardly seems like big savings, and Gordon Haskett noted that since the initial price cuts in August, the cost of some items have been slowly ticking back up. "The price of frozen foods, for example, was 7 percent higher on Sept. 26 than on Aug. 28, when Amazon officially took over," Abha Bhattarai reported for the Post, which is owned by Amazon. "Snack items had risen 5.3 percent in that period, while dairy and yogurt were up 2 percent. (Among categories where prices are lower: Beverages, down about 2.8 percent; bread and bakery, down 6.8 percent; and produce, down 0.5 percent...)"

For shoppers like me who buy mostly fresh fruits and vegetables, it did feel like I was saving money. However, one industry insider said there is a strategy behind how prices are cut. "The whole game is that you want the 100 most recognizable things -- milk, apples, bananas -- to be cheaper," Jan Rogers Kniffen, an industry consultant and former department store executive, told the Post. "If you can do that, you can build a perception that the whole store is competitively priced."
From July through September, Whole Foods brought in $1.3 billion in sales for Amazon.

An anonymous reader writes: Happy aniversary, Slashdot! To commemorate your 20th year, here's a special web project I created. Every time you reload the page, it pulls up another one of the 162,000 stories Slashdot has posted over the last 20 years -- each time choosing a different story at random.
The original submission has one caveat. If you keep reloading the page long enough, you'll eventually get a story by Jon Katz.

On Wednesday, Google launched the Android 8.1 Developer Preview. The new version of Android is available for Pixel and Nexus devices, and features a number of under-the-hood changes. The new version tests another change to notifications in which apps can only make a notification sound alert once per second. It also contains an Easter egg: the Android Oreo logo now looks like an actual cookie. The Verge reports that 8.1 is eventually supposed to activate the hidden Pixel Visual Core system-on-a-chip, which aims to make image processing smoother and HDR+ available to third-party developers.

Eugene Kaspersky told news agency Reuters on Friday that his cyber security firm that bears his name would see a 'single digit' drop in U.S. sales this year as a result of suspicions about his company's ties to the Russian government, but global revenue should still increase. From a report: By turns frustrated and defiant in an 80-minute interview in his Moscow office, the founder and head of the embattled antivirus software maker denounced what he called an "information war" against his company, repeatedly asserting that "we've done nothing wrong." Anton Shingarev, Kaspersky Lab's vice president of public affairs, also told Reuters during the interview the company had abandoned efforts to sell its services to the U.S. government and that it would wind down its Washington-area subsidiary, KGSS. Kaspersky Lab has become a lightning rod in recent months as it has faced allegations by the U.S. government that its antivirus products can be used by Russian spies to conduct cyber espionage. Office Depot, Staples and Best Buy have stopped selling Kaspersky's security suite in their stores.

An anonymous reader quotes a report from PhoneDog: Google explains that it's been investigating reports about the Pixel 2 XL's display and that this has given it "confidence that [its] displays are as great as [it] hoped they would be". Still, Google will be taking steps to respond to consumer complaints about the screen. Google plans to issue a software update that'll add a "saturated" color mode that will make the colors more saturated and vibrant, but less accurate. This way, consumers that feel the Pixel 2 XL's screen is too muted can punch up the color saturation themselves.

When it comes to burn-in, Google says that its investigations of the Pixel 2 XL's display found that its "decay characteristics are comparable to OLED panels used in other premium smartphones." Google does plan to take further steps to fight burn-in, though, and it's testing an update that'll add a new fade-out of the navigation bar buttons after a short period of inactivity. Google is also working with more apps to use a light navigation bar to match the app's color scheme. Additionally, the update will reduce the maximum brightness of the Pixel 2 XL's screen by 50 nits, which Google says will be "virtually imperceptible". This will reduce load on the display with very little change on its observed brightness. This update will roll out to the Pixel 2 XL "in the next few weeks." Google also touched on the reports that some Pixel 2 phones are emitting some clicking sounds. The company plans to release an update in the coming weeks to address the issue, but until then, it says that Pixel 2 owners can turn off NFC by going into Settings > Connected Devices > NFC.

On behalf of the hundreds of Tesla workers that were fired last week from the company's assembly plant, the United Auto Workers filed a complaint today to the National Relations Board. The UAW posted a copy of the complaint on its website, which alleges that pro-union workers were unfairly targeted. The Verge reports: The UAW says the complaint was made on Wednesday to the Oakland offices of the National Relations Board. The union claims the recent culling of several hundred Tesla employees included many who were involved in a pro-union movement at the Fremont assembly plant, and included those who wore pro-union shirts and stickers. The Fremont factory site has roots in the UAW. It was once a former joint manufacturing facility owned by GM and Toyota, until it closed in 2010. Despite ongoing efforts, under Tesla's ownership, the factory is not unionized. A pro-union rally was held Tuesday in front of the plant, which was documented in a Facebook post by the pro-union group A Fair Future at Tesla.

An anonymous reader quotes a report from The Verge: Two months ago, Verizon implemented a change to all of its unlimited data plans that placed limits on the quality at which users could stream video. The company split its unlimited plan into two tiers, with the cheaper option restricting video streaming to 480p resolution; a higher-priced $85 "Beyond Unlimited" plan tops out at 720p video on smartphones (and 1080p on tablets). The new restrictions immediately applied to all plans and Verizon customers had no way of opting out if they wanted to watch 1080p video on their phone or even higher resolutions on capable devices using mobile data. But now Verizon will give subscribers a way to completely remove the video quality handcuffs -- for an extra $10 every month. If you're willing to pay that $10 charge, you can stream video at the maximum quality supported by any device you've got connected to Verizon, whether it's 1080p, 1440p, or even 4K. But keep in mind that the extra fee is applied per line for anyone on a family plan who wants to lift the limits. Even on a single-line plan, it adds up. Tacking $10 onto Verizon's Beyond Unlimited ratchets up the monthly price to $95. The $10 add-on will be available beginning November 3rd.

Kaspersky has acknowledged that code belonging to the US National Security Agency (NSA) was lifted from a PC for analysis but insists the theft was not intentional. From a report: In October, a report from the Wall Street Journal claimed that in 2015, the Russian firm targeted an employee of the NSA known for working on the intelligence agency's hacking tools and software. The story suggested that the unnamed employee took classified materials home and operated on their PC, which was running Kaspersky's antivirus software. Once these secretive files were identified -- through an avenue carved by the antivirus -- the Russian government was then able to obtain this information. Kaspersky has denied any wrongdoing, but the allegation that the firm was working covertly with the Russian government was enough to ensure Kaspersky products were banned on federal networks. There was a number of theories relating to what actually took place -- was Kaspersky deliberately targeting NSA employees on behalf of the Kremlin, did an external threat actor exploit a zero-day vulnerability in Kaspersky's antivirus, or were the files detected and pulled by accident? According to Kaspersky, the latter is true. On Wednesday, the Moscow-based firm said in a statement that the results of a preliminary investigation have produced a rough timeline of how the incident took place. It was actually a year earlier than the WSJ believed, in 2014, that code belonging to the NSA's Equation Group was taken.

An anonymous reader writes from a report via Bleeping Computer: After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys). The issue at the heart of the DUHK attack is a combination of two main factors. The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm that takes random data and generates encryption keys used to secure VPN connections, browsing sessions, and other encrypted traffic/data. The second factor needed for a DUHK attack is when hardware vendors use a hardcoded "seed key" for the ANSI X9.31 RNG algorithm. When these two conditions take place, an attacker can brute-force encrypted data to discover the rest of the encryption parameters and deduce the master encryption key used to encrypt web sessions or VPN connections. In a research paper published today, researchers said they found 12 vendors that sold hardware/software products with hardcoded X9.31 seed keys. This issue is widespread because ANSI X9.31 is very widespread. Up until January 2016, the algorithm was on the list of U.S. government (FIPS) approved RNG algorithms. ANSI X9.31 remained on the list until 2016, even if US NIST deprecated the algorithm in 2011, and scientists warned that the algorithm could be broken if the seed key ever leaked way back in 1998.

An anonymous reader writes from a report via Bleeping Computer: After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys). The issue at the heart of the DUHK attack is a combination of two main factors. The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm that takes random data and generates encryption keys used to secure VPN connections, browsing sessions, and other encrypted traffic/data. The second factor needed for a DUHK attack is when hardware vendors use a hardcoded "seed key" for the ANSI X9.31 RNG algorithm. When these two conditions take place, an attacker can brute-force encrypted data to discover the rest of the encryption parameters and deduce the master encryption key used to encrypt web sessions or VPN connections. In a research paper published today, researchers said they found 12 vendors that sold hardware/software products with hardcoded X9.31 seed keys. This issue is widespread because ANSI X9.31 is very widespread. Up until January 2016, the algorithm was on the list of U.S. government (FIPS) approved RNG algorithms. ANSI X9.31 remained on the list until 2016, even if US NIST deprecated the algorithm in 2011, and scientists warned that the algorithm could be broken if the seed key ever leaked way back in 1998.

After dealing with all sorts of screen issues, another problem with Google's flagship smartphone is popping up. This time it's an audio issue: users on Google's official forums and elsewhere are reporting odd sounds coming from the Pixel 2 speakers. Ars Technica reports: Customers are complaining of "clicking" and a "high-pitched whine" coming from the Pixel 2 and Pixel 2 XL. Most reports on the forums say the noises are coming from the top or bottom speaker on the Pixel 2 and Pixel 2 XL. Some reports say the sounds come through during calls, while other users say the speaker noises happen any time the screen is on. A user made a recording of the sound, which can be heard here. Most users are being told to return their devices after contacting support, but at least one person claims they were told this issue would be patched in an upcoming update. One possible workaround is to turn off NFC, which some users say stops or lowers the noises.

For Slashdot's 20th anniversary, "What could be geekier than celebrating with the help of an open-source neural network?" Neural network hobbyist Janelle Shane has already used machine learning to generate names for paint colors, guinea pigs, heavy metal bands, and even craft beers, she explains on her blog. "Slashdot sent me a list of all the headlines they've ever run, over 162,000 in all, and asked me to train a neural network to try to generate more." Could she distill 20 years of news -- all of humanity's greatest technological advancements -- down to a few quintessential words?

She trained it separately on the first decade of Slashdot headlines -- 1997 through 2007 -- as well as the second decade from 2008 to the present, and then re-ran the entire experiment using the whole collection of every headline from the last 20 years. Among the remarkable machine-generated headlines?

• Microsoft To Develop Programming Law
• More Pong Users for Kernel Project
• New Company Revises Super-Things For Problems
• Steve Jobs To Be Good

But that was just the beginning...

Those five headlines were all derived from the first decade, but it's really nice to see that Steve Jobs made it into both decades. When training on the second set of 82,871 headlines from Slashdot's second decade, the neural network began envisioning the co-founder of Apple tackling even greater challenges.

• Steve Jobs Allowed To Deal With Solar Power
• Steve Jobs Sues Death of the Future

The neural network "did its best to reflect the new topics of the last decade," Janelle writes, adding "Compared to the late 1990s and early 2000s, some companies and topics disappeared, while the coverage of Apple in particular exploded."

But Sun Microsystems also founds its way into several headlines -- especially when Janelle tried to create the "essential" Slashdot headline using the whole 20-year set.

• Sun Sues Open Source Project Content
• Sun Sues New Star Trek To Stop The Math

And as technology continues changing our world, Sun isn't the only company that the neural network saw pushing for new rights in court.

• Sony Sues Apple Server For Seconds Off From SpaceX Project
• Apple Sues Apple To Start The Solar Power Project

Janelle will send you four more pages of machine-generated Slashdot headlines if you subscribe to her blog's announcement list. But after savoring the whole surreal AI-enabled look at the last 20 years, these four headlines were still my favorites:

• Red Hat Releases Linux Games And Moon
• Why Open Source Power Man Sues Java
• Microsoft Releases New Months
• Ask Slashdot: Do We Want To Be the Computers?

dryriver writes: Whether you launch a satellite into space or an entire space station like the Russian Mir, the Chinese Tiangong-1 or the International Space Station, what goes up must eventually come down -- re-enter earth's atmosphere. The greater the mass of what is in space -- Mir weighed 120 tons, the ISS weighs 450 tons and will be decommissioned in a decade -- the greater the likelihood that larger parts will not burn up completely during re-entry and crash to earth at high velocity. So there is a need for a place on earth where things falling back from space are least likely to cause damage or human casualties. The Oceanic Pole Of Inaccessibility is one of two such places.

The place furthest away from land -- it lies in the South Pacific some 2,700km (1,680 miles) south of the Pitcairn Islands -- somewhere in the no-man's land, or rather no-man's-sea, between Australia, New Zealand and South America, has become a favorite crash site for returning space equipment. "Scattered over an area of approximately 1,500 sq km (580 sq miles) on the ocean floor of this region is a graveyard of satellites. At last count there were more than 260 of them, mostly Russian," reports the BBC. "The wreckage of the Space Station Mir also lies there... Many times a year the supply module that goes to the International Space Station burns up in this region incinerating the station's waste." The International Space Station will also be carefully brought down in this region when its mission ends. No one is in any danger because of this controlled re-entry into our atmosphere. The region is not fished because oceanic currents avoid the area and do not bring nutrients to it, making marine life scarce.

dryriver writes: Whether you launch a satellite into space or an entire space station like the Russian Mir, the Chinese Tiangong-1 or the International Space Station, what goes up must eventually come down -- re-enter earth's atmosphere. The greater the mass of what is in space -- Mir weighed 120 tons, the ISS weighs 450 tons and will be decommissioned in a decade -- the greater the likelihood that larger parts will not burn up completely during re-entry and crash to earth at high velocity. So there is a need for a place on earth where things falling back from space are least likely to cause damage or human casualties. The Oceanic Pole Of Inaccessibility is one of two such places.

The place furthest away from land -- it lies in the South Pacific some 2,700km (1,680 miles) south of the Pitcairn Islands -- somewhere in the no-man's land, or rather no-man's-sea, between Australia, New Zealand and South America, has become a favorite crash site for returning space equipment. "Scattered over an area of approximately 1,500 sq km (580 sq miles) on the ocean floor of this region is a graveyard of satellites. At last count there were more than 260 of them, mostly Russian," reports the BBC. "The wreckage of the Space Station Mir also lies there... Many times a year the supply module that goes to the International Space Station burns up in this region incinerating the station's waste." The International Space Station will also be carefully brought down in this region when its mission ends. No one is in any danger because of this controlled re-entry into our atmosphere. The region is not fished because oceanic currents avoid the area and do not bring nutrients to it, making marine life scarce.

dryriver writes: Whether you launch a satellite into space or an entire space station like the Russian Mir, the Chinese Tiangong-1 or the International Space Station, what goes up must eventually come down -- re-enter earth's atmosphere. The greater the mass of what is in space -- Mir weighed 120 tons, the ISS weighs 450 tons and will be decommissioned in a decade -- the greater the likelihood that larger parts will not burn up completely during re-entry and crash to earth at high velocity. So there is a need for a place on earth where things falling back from space are least likely to cause damage or human casualties. The Oceanic Pole Of Inaccessibility is one of two such places.

The place furthest away from land -- it lies in the South Pacific some 2,700km (1,680 miles) south of the Pitcairn Islands -- somewhere in the no-man's land, or rather no-man's-sea, between Australia, New Zealand and South America, has become a favorite crash site for returning space equipment. "Scattered over an area of approximately 1,500 sq km (580 sq miles) on the ocean floor of this region is a graveyard of satellites. At last count there were more than 260 of them, mostly Russian," reports the BBC. "The wreckage of the Space Station Mir also lies there... Many times a year the supply module that goes to the International Space Station burns up in this region incinerating the station's waste." The International Space Station will also be carefully brought down in this region when its mission ends. No one is in any danger because of this controlled re-entry into our atmosphere. The region is not fished because oceanic currents avoid the area and do not bring nutrients to it, making marine life scarce.

theodp shared this article from the Washington Post: Bill Gates has a(nother) plan for K-12 public education. The others didn't go so well, but the man, if anything, is persistent. Gates announced Thursday that the Bill & Melinda Gates Foundation would spend more than $1.7 billion over the next five years to pay for new initiatives in public education, with all but 15 percent of it going to traditional public school districts and the rest to charter schools... He said most of the new money -- about 60 percent -- will be used to develop new curriculums and "networks of schools" that work together to identify local problems and solutions, using data to drive "continuous improvement." He said that over the next several years, about 30 such networks would be supported, though he didn't describe exactly what they are...

Though there wasn't a lot of detail on exactly how the money would be spent, Gates, a believer in using big data to solve problems, repeatedly said foundation grants given to schools as part of this new effort would be driven by data. "Each [school] network will be backed by a team of education experts skilled in continuous improvement, coaching and data collection and analysis," he said, an emphasis that is bound to worry critics already concerned about the amount of student data already collected and the way it is used for high-stakes decisions. In 2014, a $100 million student data collection project funded by the Gates foundation collapsed amid criticism that it couldn't adequately protect information collected on children.
"In his speech, Gates said that education philanthropy was difficult, in part because it is easy to 'fool yourself' about what works and whether it can be easily scaled," according to the article. It also argues that big spending on education by Gates and others "has raised questions about whether American democracy is well-served by wealthy people pouring so much money into pet education projects -- regardless of whether they are grounded in research -- that public policy and funding follow."

By 2011 the Gates' foundation had already spent $5 billion on education projects -- and admitted that "it hasn't led to significant improvements."

theodp shared this article from the Washington Post: Bill Gates has a(nother) plan for K-12 public education. The others didn't go so well, but the man, if anything, is persistent. Gates announced Thursday that the Bill & Melinda Gates Foundation would spend more than $1.7 billion over the next five years to pay for new initiatives in public education, with all but 15 percent of it going to traditional public school districts and the rest to charter schools... He said most of the new money -- about 60 percent -- will be used to develop new curriculums and "networks of schools" that work together to identify local problems and solutions, using data to drive "continuous improvement." He said that over the next several years, about 30 such networks would be supported, though he didn't describe exactly what they are...

Though there wasn't a lot of detail on exactly how the money would be spent, Gates, a believer in using big data to solve problems, repeatedly said foundation grants given to schools as part of this new effort would be driven by data. "Each [school] network will be backed by a team of education experts skilled in continuous improvement, coaching and data collection and analysis," he said, an emphasis that is bound to worry critics already concerned about the amount of student data already collected and the way it is used for high-stakes decisions. In 2014, a $100 million student data collection project funded by the Gates foundation collapsed amid criticism that it couldn't adequately protect information collected on children.
"In his speech, Gates said that education philanthropy was difficult, in part because it is easy to 'fool yourself' about what works and whether it can be easily scaled," according to the article. It also argues that big spending on education by Gates and others "has raised questions about whether American democracy is well-served by wealthy people pouring so much money into pet education projects -- regardless of whether they are grounded in research -- that public policy and funding follow."

By 2011 the Gates' foundation had already spent $5 billion on education projects -- and admitted that "it hasn't led to significant improvements."

theodp shared this article from the Washington Post: Bill Gates has a(nother) plan for K-12 public education. The others didn't go so well, but the man, if anything, is persistent. Gates announced Thursday that the Bill & Melinda Gates Foundation would spend more than $1.7 billion over the next five years to pay for new initiatives in public education, with all but 15 percent of it going to traditional public school districts and the rest to charter schools... He said most of the new money -- about 60 percent -- will be used to develop new curriculums and "networks of schools" that work together to identify local problems and solutions, using data to drive "continuous improvement." He said that over the next several years, about 30 such networks would be supported, though he didn't describe exactly what they are...

Though there wasn't a lot of detail on exactly how the money would be spent, Gates, a believer in using big data to solve problems, repeatedly said foundation grants given to schools as part of this new effort would be driven by data. "Each [school] network will be backed by a team of education experts skilled in continuous improvement, coaching and data collection and analysis," he said, an emphasis that is bound to worry critics already concerned about the amount of student data already collected and the way it is used for high-stakes decisions. In 2014, a $100 million student data collection project funded by the Gates foundation collapsed amid criticism that it couldn't adequately protect information collected on children.
"In his speech, Gates said that education philanthropy was difficult, in part because it is easy to 'fool yourself' about what works and whether it can be easily scaled," according to the article. It also argues that big spending on education by Gates and others "has raised questions about whether American democracy is well-served by wealthy people pouring so much money into pet education projects -- regardless of whether they are grounded in research -- that public policy and funding follow."

By 2011 the Gates' foundation had already spent $5 billion on education projects -- and admitted that "it hasn't led to significant improvements."

"Could it turn out users actually prefer to trade a little CPU time to website owners in favor of them not showing ads?" writes phonewebcam, a long-time Slashdot reader. Slashdot covered the downside [of in-browser cryptocurrency mining] recently, with even [Portuguese professional sportsballer] Cristiano Ronaldo's official site falling victim, but that may not be the full story. This could be an ideal win-win situation, except for one huge downside -- the current gang of online advertisers.
By "current gang of online advertisers," he means Google, according to a longer essay at LinkedIn: Naturally, the world's largest ad broker, which runs the world most popular browser (desktop and mobile) is keen to see how this plays out, and is also uniquely placed to be able to heavily influence it, too... As it happens, Chrome users can already do something about it via extensions, for example AntiMiner... If cryptocurrencies have a future - and that's a big if (look at China's Bitcoin ban) - it could well turn out that their role just took an unexpected turn.

"Could it turn out users actually prefer to trade a little CPU time to website owners in favor of them not showing ads?" writes phonewebcam, a long-time Slashdot reader. Slashdot covered the downside [of in-browser cryptocurrency mining] recently, with even [Portuguese professional sportsballer] Cristiano Ronaldo's official site falling victim, but that may not be the full story. This could be an ideal win-win situation, except for one huge downside -- the current gang of online advertisers.
By "current gang of online advertisers," he means Google, according to a longer essay at LinkedIn: Naturally, the world's largest ad broker, which runs the world most popular browser (desktop and mobile) is keen to see how this plays out, and is also uniquely placed to be able to heavily influence it, too... As it happens, Chrome users can already do something about it via extensions, for example AntiMiner... If cryptocurrencies have a future - and that's a big if (look at China's Bitcoin ban) - it could well turn out that their role just took an unexpected turn.

Two-factor authentication "protects from an attacker listening in right now," writes Slashdot reader szczys, "but in many case a database breach will negate the protections of two-factor." Hackaday reports: To fake an app-based 2FA query, someone has to know your TOTP password. That's all, and that's relatively easy. And in the event that the TOTP-key database gets compromised, the bad hackers will know everyone's TOTP keys.

How did this come to pass? In the old days, there was a physical dongle made by RSA that generated pseudorandom numbers in hardware. The secret key was stored in the dongle's flash memory, and the device was shipped with it installed. This was pretty plausibly "something you had" even though it was based on a secret number embedded in silicon. (More like "something you don't know?") The app authenticators are doing something very similar, even though it's all on your computer and the secret is stored somewhere on your hard drive or in your cell phone. The ease of finding this secret pushes it across the plausibility border into "something I know", at least for me. The original submission calls two-factor authentication "an enhancement to password security, but good password practices are far and away still the most important of security protocols." (Meaning complex and frequently-changed passwords.)

An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it."
In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.

An anonymous reader quotes PCMag: In a Wednesday blog post, Redmond examined Google's browser security and took the opportunity to throw some shade at Chrome's security philosophy, while also touting the benefits of its own Edge browser. The post, written by Microsoft security team member Jordan Rabet, noted that Google's Chrome browser uses "sandboxing" and isolation techniques designed to contain any malicious code. Nevertheless, Microsoft still managed to find a security hole in Chrome that could be used to execute malicious code on the browser.

The bug involved a Javascript engine in Chrome. Microsoft notified Google about the problem, which was patched last month. The company even received a $7,500 reward for finding the flaw. However, Microsoft made sure to point out that its own Edge browser was protected from the same kind of security threat. It also criticized Google for the way it handled the patching process. Prior to the patch's official rollout, the source code for the fix was made public on GitHub, a software collaboration site that hosts computer code. That meant attentive hackers could have learned about the vulnerability before the patch was pushed out to customers, Microsoft claimed. "In this specific case, the stable channel of Chrome remained vulnerable for nearly a month," the blog post said. "That is more than enough time for an attacker to exploit it."
In the past Google has also disclosed vulnerabilities found in Microsoft products -- including Edge.

New York Times columnist Timothy Egan was part of the paper's Pulitzer Prize-winning team in 2001. Now he's written an op-ed arguing Amazon "took Seattle's soul." An anonymous reader writes: Since Amazon arrived "we've been overwhelmed by a future we never had any say over," Egan writes, with a message for cities competing to be the site of Amazon's next headquarters. Amazon now owns as much office space as Seattle's next 40 biggest employers combined, according to an analysis by the Seattle Times, "a mind-boggling 19 percent of all prime office space in the city, the most for any employer in a major U.S. city...more than twice as large as any other company in any other big U.S. city."

Egan notes Amazon is offering 50,000 high-paying jobs and $5 billion worth of investments, "a once-in-a-century, destiny-shaping event," but "You think you can shape Amazon? Not a chance. It will shape you... What comes with the title of being the fastest growing big city in the country, with having the nation's hottest real estate market, is that the city no longer works for some people. For many others, the pace of change, not to mention the traffic, has been disorienting... [M]edian home prices have doubled in five years, to $700,000. This is not a good thing in a place where teachers and cops used to be able to afford a house with a water view... As a Seattle native, I miss the old city, the lack of pretense, and dinner parties that didn't turn into discussions of real estate porn.
Wages have risen faster in Amazon's Seattle than anywhere else in America, and while Amazon changed the city's character, it also poured $38 billion into the city's economy. (Besides Amazon's own 40,000 employees, it also attracted another 50,000 new jobs.) "To the next Amazon lottery winner I would say, enjoy the boom," Egan concludes, "but be careful what you wish for."

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.
Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."