Language Selection

English French German Italian Portuguese Spanish

Red Hat

Latest on CentOS

Filed under
Red Hat

Red Hat/Fedora Leftovers

Filed under
Red Hat

     

  • A brief introduction to Ansible roles for Linux system administration

    In this part one of two articles, learn to use rhel-system-roles with your Ansible deployment to better manage functionality such as network, firewall, SELinux, and more on your Red Hat Enterprise Linux servers.

  •  

  • From Docker Compose to Kubernetes with Podman | Enable Sysadmin

    Use Podman 3.0 to convert Docker Compose YAML to a format Podman recognizes.

  •  

  • Fedora Community Blog: Software Management (RPM, DNF) 2020 retrospective

    On behalf of the RPM and DNF teams, I would like to highlight changes that have appeared in our packages in 2020. Thanks everyone for your bug reports and patches!

  •   

  • Application and data resiliency for Kubernetes

    Using tools like Red Hat OpenShift and Red Hat OpenShift Container Storage, organizations are developing and deploying more stateful applications and microservices at an accelerating pace. According to a recent Enterprise Strategy Group (ESG) research study, 41% of companies currently use containers for production applications. Another 33% use containers for dev/test and pre-production only but plan to use containers for production applications in the next 12 months.

  • Red Hat Introduces Data Resilience for Enterprise Kubernetes Applications

    Red Hat, Inc., the world's leading provider of open source solutions, today introduced new data resilience capabilities for cloud-native workloads with the release of Red Hat OpenShift Container Storage 4.6. This offering from Red Hat Data Services enables customers to extend their existing data protection solutions and infrastructure to enhance data resilience for cloud-native workloads across hybrid and multicloud environments.

  •  

  • Why Red Hat killed CentOS—a CentOS board member speaks

    This morning, The Register's Tim Anderson published excerpts of an interview with the CentOS project's Brian Exelbierd. Exelbierd is a member of the CentOS board and its official liaison with Red Hat.

    Exelbierd spoke to Anderson to give an insider's perspective on Red Hat's effective termination of CentOS Linux in December, in which the open source giant announced CentOS Linux was to be deprecated immediately—with security upgrades to CentOS Linux 8 ending later in 2021 rather than the 2029 end of support date CentOS users expected.

RHEL no-cost* vs openSUSE Leap

Filed under
Red Hat
SUSE

Ever since Red Hat announced that they are changing the development model of CentOS and making it an upstream project rather than downstream, it left many CentOS users frowning. No matter what argument brought forward, CentOS users, especially running production machines, relied on the stability of an enterprise-grade Linux distribution. Compiled from RHEL sources, CentOS offered such stability that it powered many web servers and enjoyed a massive 20% share of the top 500 supercomputers of the world.

Read more

Is Oracle Linux a valid replacement for CentOS?

Filed under
Linux
Red Hat

By now you're probably suffering from CentOS exposure--it's been all over the place. Every day, someone is writing about what Red Hat did to the beloved Linux distribution that powers so many data centers and services. The reaction has been so sharp, that many forks of CentOS have begun to pop up. Some of these forks look seriously promising, even drop-in 1:1 binary compatibility with RHEL 8. When those forks appear, the landscape will most likely shift. However, until then, where's a business to turn?

Do you go with CentOS 8 Stream? Some might. Others, on the other hand, see Stream as an impossible option, due to cPanel pulling support, which is a very big deal.

What do you do? You could turn to Oracle Linux. Before you protest, I didn't say you should turn to Oracle Linux; I said you could.

Why did I feel the need to make that clarification?

Let me explain, and then I'll get into why Oracle Linux is a viable choice.

Read more

Oracle, Red Hat, and CloudLinux

Filed under
Red Hat
  • Cloud Native Patterns: a free ebook for developers

    Building cloud native applications is a challenging undertaking, especially considering the rapid evolution of cloud native computing. But it’s also very liberating and rewarding. You can develop new patterns and practices where the limitations of hardware dependent models, geography, and size no longer exist. This approach to technology can make cloud application developers more agile and efficient, even as it reduces deployment costs and increases independence from cloud service providers.

    Oracle is one of the few cloud vendors to also have a long history of providing enterprise software. Wearing both software developer and cloud service provider hats, we understand the complexity of transforming on-premises applications into cloud native applications. Removing that complexity for customers is a guiding tenet at Oracle.

  • Red Hat extends certification expiration dates and expands remote offerings

    In 2020, remote exams became the standard experience for certificate-hopefuls across many fields. Red Hat worked quickly to release four of our most in-demand exams in this format. We have seen remote exams grow rapidly in popularity with our candidates. As we roll into 2021, our list has expanded with even more offerings. Now, you can take advantage of more remote exams to validate your skills in Red Hat’s most in-demand technologies, including OpenShift, Ansible, Containers and Kubernetes, and more.

  • CloudLinux Expands Its Extended Lifecycle Support Services to Cover More End-of-Life Linux Distributions
  • CloudLinux to Offer Lifecycle Support Services for Expired Linux Distributions

    CloudLinux on Monday announced the expansion of its affordable Extended Lifecycle Support (ELS) services for Linux distributions, by providing its own updates and security patches for several years after expiration of the products’ end-of-life date.

IBM/Red Hat/Fedora: Chromium, Cloudwashing, Chris Wright and CentOS 'Damage Control'

Filed under
Red Hat
  • Fedora preemptively turns off Chromium usage of private Google Sync APIs

    Fedora has jumped seven weeks before Google ends the Linux distribution's use of the Google Chrome Sync service within the Chromium browser.

    The Sync service allows users to keep data such as browser history, login details, and bookmarks synced between different devices.

    Earlier this month, Google said it completed an audit, and was restricting the open source version of Chrome from accessing those APIs "that are only intended for Google's use".

    Notifying Fedora users over the weekend, Chromium maintainer for the distribution Tom Callaway said the change will make the program "significantly less functional".

    [...]

    To that end though, by closing off the service, Fedora is able to fix 26 security vulnerabilities. Version 88.0.4324.96-1 of Fedora Chromium will be the first to have Sync disabled, and landed as an update in repositories over the weekend.

    Google said it would be locking down access to the Sync service on March 15. Some Chromium-based browsers do offer a non-Google sync solution.

  • IBM Cloud Now: GitLab Ultimate for IBM Cloud Paks, Security Insights, and WebSphere Hybrid Edition
  • Technically Speaking: Season 1 Trailer

    Join Red Hat CTO Chris Wright and a rotating cast of experts and industry leaders for the first season of the all-new Technically Speaking. In each episode, Chris will explore what's on the horizon for open source and topics like cloud, AI/ML, edge, 5G, blockchain, and more. The first episode drops on January 27, 2021. Subscribe to our YouTube channel to tune in.

  • To plug gap left by CentOS, Red Hat amends RHEL dev subscription to allow up to 16 systems in production

    Red Hat, which is killing CentOS Linux in favour of CentOS Stream, will extend its developer subscription to allow free production use of RHEL for up to 16 systems.

    CentOS Linux is a community build of Red Hat Enterprise Linux (RHEL) and therefore suitable for production use. CentOS Stream, which will remain available, is a preview build of what is likely to be in RHEL – great for testing but not ideal for production use.

    The popularity of CentOS, which drives 17.7 per cent of Linux-based web sites, according to W3Techs, has meant a strong response to Red Hat's decision, including alternative free builds such as Rocky Linux and Project Lenix, which is now known as Alma Linux.

    Red Hat said in December that it would work to plug the gap left by CentOS with new ways to license RHEL and today's statement is said to be "the first of many new programs."

Red Hat’s Disruption of CentOS Unleashes Storm of Dissent

Filed under
Red Hat

Five weeks after angering much of the CentOS Linux developer community by unveiling controversial changes to the no-cost CentOS operating system, Red Hat has unveiled alternatives for affected users that give them several options for using existing Red Hat products.

But for many users of CentOS Linux, the Red Hat options won’t solve the huge problems that were created for them when Red Hat announced Dec. 8 that CentOS would no longer include a stable version with a long, steady future. Instead, CentOS will now only be offered as a free CentOS Stream operating system which will be a rolling release with frequent updates, essentially turning it into a beta OS that is no longer suitable for reliable production workloads. For users who have deployed CentOS throughout the internet, data centers, corporate and business uses and more, this is a potentially major blow.

Read more

Also: Fedora program update: 2021-03

Fedora and Red Hat Leftovers

Filed under
Red Hat
  • Peter Hutterer: Auto-updating XKB for new kernel keycodes

    This two-part approach exists so either part can be swapped without affecting the other. Swap the second part to an exclamation mark and paragraph symbol and you have the French version of this key, swap it to dash/underscore and you have the German version of the key - all without having to change the keycode.

    Back in the golden days of everyone-does-what-they-feel-like, keyboard manufacturers (presumably happily so) changed the key codes and we needed model-specific keycodes in XKB. The XkbModel configuration is a leftover from these trying times.

    The Linux kernel's evdev API has largely done away with this. It provides a standardised set of keycodes, defined in linux/input-event-codes.h, and ensures, with the help of udev [0], that all keyboards actually conform to that. An evdev XKB keycode is a simple "kernel keycode + 8" [1] and that applies to all keyboards. On top of that, the kernel uses semantic definitions for the keys as they'd be in the US layout. KEY_Q is the key that would, behold!, produce a Q. Or an A in the French layout because they just have to be different, don't they? Either way, with evdev the Xkb Model configuration largely points to nothing and only wastes a few cycles with string parsing.

  • Máirín Duffy: Fedora Design Team Sessions Live: Session #1

    As announced in the Fedora Community Blog, today we had our inaugural Fedora Design Team Live Session

    Thanks for everyone who joined! I lost count at how many folks we had participate, we had at least 9 and we had a very productive F35 wallpaper brainstorming session!

  • Knowledge meets machine learning for smarter decisions, Part 2

    Red Hat Decision Manager helps organizations introduce the benefits of artificial intelligence to their daily operations. It is based on Drools, a popular open source project known for its powerful rules engine.

    In Part 1 of this article, we built a machine learning algorithm and stored it in a Predictive Model Markup Language (PMML) file. In Part 2, we’ll combine the machine learning logic with deterministic knowledge defined using a Decision Model and Notation (DMN) model. DMN is a recent standard introduced by the Object Management Group. It provides a common notation to capture an application’s decision logic so that business users can understand it.

  • Four tactics to build Twitter followings for open source communities

    If you work in a role related to marketing, you’ve probably heard of brand personality, the human characteristics companies use to market themselves and their products. On Twitter, it’s fast food giant Wendy’s claim to fame, and it even drives impact on many of Red Hat’s own social accounts.

  • Part 1 - Rancher Kubernetes Engine (RKE) Security Best Practices for Cluster Setup | StackRox
  • Part 2 - Rancher Kubernetes Engine (RKE) Security Best Practices for Authentication, Authorization, and Cluster Access
  • Part 3 - Rancher Kubernetes Engine (RKE) Security Best Practice for Container and Runtime Security

Fedora and Red Hat Leftovers

Filed under
Red Hat

  • A possible step toward integrity measurement for Fedora

    The Fedora 34 release is planned for April 20 — a plan that may well come to fruition, given that the Fedora project appears to have abandoned its tradition of delayed releases. As part of that schedule, any proposals for system-wide changes were supposed to be posted by December 29. That has not stopped the arrival of a late proposal to add file signatures to Fedora's RPM packages, though. This proposal, meant to support the use of the integrity measurement architecture (IMA) in Fedora, has not been met with universal acclaim.
    The purpose of IMA is to measure whether the integrity of the system is intact, where "integrity" means that the important files in the system have not been corrupted. At its core, this measurement is carried out by reading a file's contents, computing a hash, and comparing that hash to the expected value; if the values match, the file has not been altered. This measurement can be used to prevent the execution (or reading) of corrupted files; it can also be used as part of a remote attestation scheme to convince a remote party that the local system has not been subjected to unauthorized modifications.

    To perform this measurement, IMA clearly must know what the expected hash for each file is; those hashes are signed with a key trusted by the kernel and stored as extended attributes. Generally, the private key used to sign these hashes is kept in some secure location, while the public key is either stored in a device like a trusted platform module (TPM) or built into the kernel binary. If all works as intended, IMA can thus be used to ensure that systems only run executables that have been blessed by some central authority, that those executables only read configuration files that have been similarly blessed, and so on. It is a mechanism for ensuring that the owner of a system keeps control of it; whether this is a good thing or not depends entirely on who the "owner" is defined to be.

    The actual proposal does not go so far as to implement IMA on Fedora systems; it is limited to including signatures with every file that is shipped in Fedora packages. These signatures "will be made with a key that’s kept by the Fedora Infrastructure team, and installed on the sign vaults". Fedora users would then be able to use IMA to keep their systems from using files that have been modified since they were packaged. An actual IMA setup for Fedora can be expected to come at some future time.

  • Fedora Loves Python 2020 report – Fedora Community Blog

    Inspired by a similar report from the Copr team, I’ve decided to look back at 2020 from the perspective of Python in Fedora (and little bit in RHEL/CentOS+EPEL as well). Here are the things we have done in Fedora (and EL) in 2020. By we I usually mean the Python Maint team at Red Hat and/or the Fedora’s Python SIG.

  • Introducing the Red Hat build of Eclipse Vert.x 4.0 - Red Hat Developer

    If you are interested in reactive, non-blocking, and asynchronous Java development, you are likely familiar with Eclipse Vert.x. The project started in 2011 and successfully moved to the Eclipse Foundation in 2013. Since then, Vert.x has undergone nine years of rigorous development and grown into a thriving community. It is one of the most widely used reactive frameworks, with support for multiple extensions, including extensions for messaging or streaming with Kafka or Artemis, developing applications with gRPC and GraphQL, and so much more.

    The Red Hat build of Eclipse Vert.x 4.0 is now generally available. This release improves Vert.x’s core APIs and handling. Developers who migrate can expect enhancements to futures and promises, distributed tracing, and deployment on Red Hat OpenShift. In this article, I introduce these updates and offer tips for migrating and deploying your Eclipse Vert.x 4.0 applications on OpenShift.

  • Implementing the ACSC "Essential Eight" baseline for security automation in Red Hat Enterprise Linux

    Achieving compliance with a security policy and maintaining compliance can be tedious. At Red Hat, we believe that such things should be automated and not become an unnecessary burden. To this end, we offer a whole ecosystem of services that automate security compliance.

    We ship several widely used security policies with our products. Today, we will go over the "Essential Eight" baseline in a bit more detail.

    The "Essential Eight" is a set of mitigation strategies created by the Australian Cyber Security Centre (ACSC), part of the Australian Signals Directorate (ASD) that leads the Australian Government’s efforts to improve cybersecurity.

  • Painless services: implementing serverless with rootless Podman and systemd

    Serverless is an event-driven computing paradigm where applications are allocated dynamically to serve a request or consume events. When the application is not in use, there are no computing resources allocated.

    The serverless ecosystem offers a large number of runtimes, which start/stop/monitor software (e.g., Knative, Kubeless and many others). They come with different features, and they can trigger applications based on different kind of events (e.g., HTTP requests, messages, etc.).

    Even if systemd cannot be considered a real serverless runtime, the socket activation feature provides a foundation for a serverless architecture.

  • Convert your Windows install into a VM on Linux | Opensource.com

    I use VirtualBox frequently to create virtual machines for testing new versions of Fedora, new application programs, and lots of administrative tools like Ansible. I have even used VirtualBox to test the creation of a Windows guest host.

    Never have I ever used Windows as my primary operating system on any of my personal computers or even in a VM to perform some obscure task that cannot be done with Linux. I do, however, volunteer for an organization that uses one financial program that requires Windows. This program runs on the office manager's computer on Windows 10 Pro, which came preinstalled.

    This financial application is not special, and a better Linux program could easily replace it, but I've found that many accountants and treasurers are extremely reluctant to make changes, so I've not yet been able to convince those in our organization to migrate.

  • Red Hat's StackRox Acquisition Bolsters Its Hybrid Multi-Cloud Strategy

    The startup has container security capabilities that are missing in Red Hat's OpenShift Kubernetes platform.

    [...]

    "We are working on looking at a few things, and that will have to be run through them because they're the bank now," he said. "They're a partner, but they're also our shareholders."

    It's doubtful that Red Hat would have to go to the IBM bank to finance this purchase. Although no details of the deal were made public, most media reports are putting the price tag at just north of $100 million, far less than the $250 million it paid for CoreOS in 2018.

    As to be expected from Red Hat, which has traditionally insisted that all of its software be open source, Red Hat plans to open source StackRox’s proprietary software after the acquisition closes sometime in the first quarter of 2021. Red Hat said it will continue to support the existing KubeLinter open source community, as well as the new communities that form around StackRox’s other offerings as soon as they are open sourced.

Getting to know Kyeong Sang Kim, Red Hat general manager for Korea

Filed under
Red Hat
Interviews

We’re delighted to welcome Kyeong Sang Kim to Red Hat as a general manager for Korea. In the new role, he will be responsible for Red Hat’s business operations in the country.

Kyeong Sang is an expert in the field of IT consulting, supporting numerous business innovation projects for more than 25 years. Prior to joining Red Hat, Kyeong Sang served as the CEO of SICC (Ssangyong Information & Communications Corp), where he successfully led the company’s digital transformation to the cloud. He has also held several other leadership roles at global companies, including Accenture.

We caught up with Kyeong Sang to find out more about his interest in open source and Red Hat, and his insights on leadership.

Read more

Syndicate content

More in Tux Machines

Security and FUD

  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (sudo), CentOS (sudo), Debian (sudo), Fedora (kernel, php-pear, and sudo), Gentoo (cacti, mutt, and sudo), Mageia (sudo), openSUSE (sudo), Oracle (sudo), Red Hat (sudo), Scientific Linux (sudo), Slackware (sudo), SUSE (go1.14, go1.15, nodejs8, and sudo), and Ubuntu (libsndfile and sudo).

  • Mimecast admits certificate compromise tied to SolarWinds supply chain attack

    Email security firm Mimecast has admitted that the compromise of a certificate it had issued for some Microsoft services is connected to the SolarWinds supply chain incident.

  • SolarWinds Cyberattack: Layered OT Security Creates Best Defense

    The recent SolarWinds supply chain cyberattacks serve to underscore an age-old cybersecurity tenant, and the reason we need to continue beating the drum as cybersecurity professionals: Use a layered approach to OT security. This incident highlights a rare, specific use case of a nation state threat actor, an Advanced Persistent Threat (APT). In this particular case, layers provided somewhat limited value, but helped keep the less skilled attackers – about 99% of those on the playing field – at bay. Technology boundaries can be used to lessen the impact of (but unfortunately not prevent) nation state APTs. They not only offer additional protection, they may also help expose the presence of APTs in your network. Let’s examine how they would have helped in the case of APTs like the Sunburst malware that infected SolarWinds Orion software and was downloaded by 18,000 organizations.

  • Linux malware uses open-source tool to evade detection [Ed: How pro-Microsoft propaganda sites blame for a tool which comes from Microsoft (GitHub) "Open Source" and "Linux" (though it is the fault of neither). Alternative headline: Microsoft malware is being used to attack machines that run GNU/Linux]

    This tool is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader.

AMD Schedutil vs. Performance Governor Benchmarks On Linux 5.11 Shows More Upside Potential

With a pending patch, the Linux 5.11 AMD Zen 2 / Zen 3 performance is looking very good as far as the out-of-the-box performance is concerned when using Schedutil as is becoming the increasingly default CPU frequency scaling governor on more distributions / default kernels. With the previously noted Linux 5.11 regression addressed from when the AMD CPU frequency invariance support was first introduced, the Schedutil performance from small Ryzen systems up through big EPYC hardware is looking quite good. But how much upside is left in relation to the optimal CPU frequency scaling performance with the "performance" governor? Here is a look at those benchmarks on Ryzen and EPYC for Schedutil vs. Performance on a patched Linux 5.11 kernel. Read more

today's howtos

  • Visualizing system performance with RHEL 8 using Performance Co-Pilot (PCP) and Grafana (Part 2)

    In this post, I’d like to show you how to use Performance Co-Pilot (PCP) with Grafana and Redis to store and graph performance data for all the machines in your environment. We’ll do this in a simple two machine setup, but the concepts are the same as you add more machines.

  • Calibre 5.0 for Linux

    For those who like to read, Calibre is a wonderful program for managing e-books. Calibre will not only allowed to maintain and organize your library of e-books but also perform format conversions. Calibre can also let you read your e-books on your system without needing an e-reader. Of course, you can always read an e-book on a smartphone.

  • Firecracker: start a VM in less than a second

    Initially when I read about Firecracker being released, I thought it was just a tool for cloud providers to use – I knew that AWS Fargate and https://fly.io used it, but I didn’t think that it was something that I could directly use myself. But it turns out that Firecracker is relatively straightforward to use (or at least as straightforward as anything else that’s for running VMs), the documentation and examples are pretty clear, you definitely don’t need to be a cloud provider to use it, and as advertised, it starts VMs really fast! So I wanted to write about using Firecracker from a more DIY “I just want to run some VMs” perspective. I’ll start out by talking about what I’m using it for, and then I’ll explain a few things I learned about it along the way.

  • 3 email mistakes and how to avoid them

    In prior years, this annual series covered individual apps. This year, we are looking at all-in-one solutions in addition to strategies to help in 2021. Welcome to day 17 of 21 Days of Productivity in 2021. OK, so we've talked about some things we should do with our email - Stop treating it as an instant messenger, Prioritize things, trying to reach Inbox Zero, and filtering it effectively. But what things SHOULDN'T we do?

  • 6 Steps to Teach Yourself System Administration

    Looking for ways to get started in system administration? In this Skills article, we’ll provide an overview of resources that will help you on your way. If you’re unfamiliar with the basics of what a system administrator does, we recommend starting with this introduction. There is no traditional path for acquiring the technical skills needed as a system administrator, according to Enable Sysadmin. “Some sysadmins have an associate or college degree, and some don’t. Depending on when a sysadmin began their career, he or she might have a variety of technical certificates ... or none at all.” Here, we provide an array of options with which to plot your own course of study.

  • How to install KaOS 2021.01
  • How to Install Krita 4.4.2 via Another PPA in Ubuntu 20.04, 20.10

    For those prefer installing apps via apt method, the digital painting software Krita 4.4.2 now is available to install via another well trusted PPA for Ubuntu 20.04, Ubuntu 20.10, Linux Mint 20. Krita 4.4.2 was released a week ago as the latest version of the free open-source painting software, with new features: SVG mesh Gradients, mesh transform, new gradient fill layer type, new brushes, and improved HiDPI support.

  • How to set up static IP address on Debian Linux 10/11 - nixCraft

    I have Debian 10 Linux cloud server, and it is configured to get IP addresses via DHCP. How do I convert DHCP address to static IP address settings?

  • How To Enable Hardware Accelerated Video Decode In Google Chrome, Brave, Vivaldi And Opera Browsers On Debian, Ubuntu Or Linux Mint

    Google Chrome 88 (and newer) has made hardware accelerated video decoding available on Linux, but it's not enabled by default. Google Chrome is not the only Chromium-based web browser to support hardware acceleration on Linux though. This article explains how to enable hardware-accelerated video decoding in Google Chrome, Brave, Vivaldi and Opera web browsers running on Debian, Ubuntu, Pop!_OS or Linux Mint (Xorg only). Using hardware-accelerated video decode in your web browser should result in using less CPU usage (and thus, less battery draining) when playing online videos. It's worth noting that Chromium web browser had patches that allowed making hardware accelerated video decoding available on Linux for some time, and some Linux distributions packaged it using those patches. So Chromium users have had hardware acceleration on Linux for some time, depending on their Linux distribution or if they installed the patched Chromium in some other way. E.g. on Ubuntu / Linux Mint there's a PPA with VA-API patched Chromium builds. Thus, these instructions may also work for Chromium browser, depending on how it's built.

  • How to Manipulate Images in the Linux Terminal

    Ever tire of constantly opening up your favorite image editor for a simple crop, resize, or to change the file format? Maybe you have a need to easily perform these tasks in batch or within software? Here's how to use the Linux convert tool, which allows you to do all this with terminal via the command line, and much more.

10 Best Linux Distros for Developers

While Linux might not be the favored operating system for casual users, it’s the go-to choice for most developers and programmers. Linux is a more practical OS that was explicitly designed with programming and developers in mind. There are over 600 Linux distros to choose from, so even experienced users may seldom struggle to find their current project's ideal flavor. Linux distributions can vary hugely from one another, even though they are based on the same source. And if you’re looking to learn more about Linux distros, we’ve compiled a list of the 10 best Linux distros for developers. Read more