Category Archives: Open Source Software

Red Hat Unveils Unified Open Software-Defined Storage Portfolio

Posted on by

RALEIGH, N.C.--(BUSINESS WIRE)--

Red Hat, Inc. (NYSE: RHT), the worlds leading provider of open source solutions, today announced worldwide availability of a unified open software-defined storage portfolio that brings together Red Hat Ceph Storage, formerly known as Inktank Ceph Enterprise, and Red Hat Gluster Storage, formerly known as Red Hat Storage Server. The unified Red Hat Storage portfolio helps enterprises manage their current and emerging data storage workloads using open source software and standard hardware.

Todays announcement is an important milestone in the continued momentum of Red Hats charter to bring open software-defined storage to enterprises that began with the acquisition of Gluster, Inc., in October 2011, and continued with the acquisition of Inktank, Inc., provider of Ceph, in May 2014. The product developed by Inktank has gone through Red Hats quality engineering processes and is now a fully-supported Red Hat solution, re-branded as Red Hat Ceph Storage.

Both Red Hat Gluster Storage and Red Hat Ceph Storage are open source, scale-out software-defined storage solutions that run on commodity hardware and have durable, programmable architectures. However, each is well suited for different sets of enterprise workloads, bringing unique and compelling benefits to the enterprise customer. Validated to work with leading partner hardware and software solutions, the Red Hat Storage portfolio gives enterprise customers the confidence that their storage workloads are optimized for open, software-designed storage.

Red Hat Gluster Storage is well suited for enterprise virtualization, analytics and enterprise sync and share workloads. Red Hat Ceph Storage is well suited for cloud infrastructure workloads, such as OpenStack. Both Red Hat Ceph Storage and Red Hat Gluster Storage address workloads for archival and rich media, providing customers with choice and ensuring the best fit for their specific storage requirements.

Supporting Quotes

Ranga Rangachari, vice president and general manager, Storage and Big Data, Red Hat

The Red Hat Storage product portfolio and open software-defined storage vision can truly help enterprise customers manage storage for current and emerging workloads in fast-growing new cloud infrastructures, such as OpenStack.

Nithya Ruff, director, Open Source Strategy Office, SanDisk

SanDisk is committed to open source software and is helping to further its rapid movement towards flash-intelligent storage platforms. This is evidenced by our recent introduction of InfiniFlash, a new storage system that utilizes open source Ceph software to tightly integrate flash technology with the data storage capabilities in OpenStack infrastructures. The unified Red Hat Storage portfolio combined with SanDisks solutions, provide a workload-centric approach to solving customers current and future storage applications and IT challenges.

View original post here:
Red Hat Unveils Unified Open Software-Defined Storage Portfolio

The state of open source security

Posted on by

Recent high-profile vulnerabilities have put the lie to the 'many eyes' theory -- but also driven real progress in securing the open source ecosystem

If there's a poster child for the challenges facing open source security, it may be Werner Koch, the German developer who wrote and for the last 18 years has toiled to maintain Gnu Privacy Guard (GnuPG), a pillar of the open source software ecosystem.

Since its first production release in 1999, GnuPG has become one of the most widely used open source security tools in the world, protecting the email communication of everyone from government officials to Edward Snowden.

Yet Koch found himself struggling to make ends meet in recent years. The estimated $25,000 he collected on average in annual donations since 2001 weren't enough to support his efforts. As reported by Pro Publica, the 53-year-old was close to throwing in the towel on GnuPG when Edward Snowden's NSA revelations shocked the world, convincing Koch to soldier on. "I'm too idealistic," he said.

The story has a happy ending. After the ProPublica story broke, donors from around the world rushed to support Koch. He easily surpassed the $137,000 fundraising goal he had set to support his work, enabling him to hire a part-time developer. Koch was awarded a one-time grant of $60,000 from the Linux Foundation's Core Infrastructure Initiative. Facebook and the online payment processor Stripeeach pledged $50,000 a year to Koch's project.

Underfunded projects, as GnuPG was until recently, form part of a vast open source ecosystem unprecedented in scale. Widespread reuse of open source code fuels today's surging technology development, but the sheer volume of that code discourages security vetting. Only recently have we begun to confront the problem, often on the heels of security breaches that embarrass the industry into action.

Will code for food

The conditions that left Koch high and dry for years are not unusual.

After Google researcher Neel Mehta uncovered Heartbleed, a serious and remotely exploitable vulnerability in a component of OpenSSL, the software community was shocked to learn that the project was largely the responsibility of what Jim Zemlin, executive director of the Linux Foundation, referred to as "two guys named Steve." Dr. Stephen Henson and Steve Marquess labored part-time to keep the code up to date, compensated by a few thousand dollars a year in voluntary contributions.

Technology vendors who rely on open source were quick to swoop in and set the OpenSSL project to rights. The Core Infrastructure Initiative that gave GnuPG's creator a $60,000 grant was established months earlier to help fund the work of Henson and others on OpenSSL. Financial support is provided by such Silicon Valley giants as Amazon, Adobe, Cisco, Facebook, and Google.

Continued here:
The state of open source security

Docker’s No Flash in the Pan

Posted on by

Docker -- the open source application container technology that has drawn broad interest from the enterprise IT industry -- recently marked its second birthday since being written and launched in March 2013 by developer Solomon Hykes and his company, dotCloud, which was renamed for the technology to Docker, Inc. in October, 2013.

Judging by its growth and traction thus far, and the example set by such open source projects as Linux, Hadoop, Android, OpenStack and Cloud Foundry, expect big things from this young open source software project and community.

The Docker technology is being embraced by developers, prioritized by large enterprises, and questioned by central IT teams. But all hype aside, there are real signs of disruption as a result of Docker's growth and outlook. Docker recently broke into 'exciting vendor' category in IT buyer surveys by TheInfoPro, a service of 451 Research. Docker is playing a critical role in new, modernized and migrated cloud applications, which are among top priorities for IT pros, according to the most recent quarterly Voice of the Enterprise survey research, which taps a network of 12,500 senior IT professionals.

A survey of more than 700 of these industry pros on their organization's most common type of application deployment for cloud computing indicated 34 percent was for deploying new applications that they did not have before the cloud. Respondents also identified modernizing existing applications by moving to hosted software or SaaS (35 percent) and migrating existing applications to the cloud (31 percent) as most common. Docker and containers will play a prominent role in these applications and efforts.

There are a few key drivers of Docker's traction with developers, IT operations professionals, providers, investors and end users.

First and foremost is Docker's role as a standard amid a lack of standards for developing, packaging and deploying applications in today's polyglot programming market of more application-layer components, such as languages, frameworks and databases, as well as infrastructures that range from bare-metal servers and traditional data centers, to virtual and cloud computing environments. This is why Docker is sometimes, albeit dramatically perhaps, described as 'next-generation virtualization'.

A second key driver of Docker's success is its simplicity. The open source software provides an open source runtime environment, containerization technology and integrated user interface, which is a differentiator from traditional virtual containers. Though it is based on Linux containers, another advantage is Docker's standalone status from the operating system, which helps the technology live up to the shipping container analogy for which it was named. What's inside the container can be a variety of things, but the method and unit to package it is consistently the same. A Docker container typically consists of an application and its binaries, libraries, packages and dependencies, and the container technology makes it easier to copy differences among versions, meaning simplified and fewer configuration scripts for different servers or infrastructures.

A third key driver of Docker is its ability to help delegate responsibility for applications and workloads in faster, more agile DevOps implementations that are also a growing priority for enterprise IT managers and leaders. While the whole concept of DevOps is about bringing development and IT operations pros together for a more rapid, iterative, efficient and responsive process, our research indicates Docker and containers help organizations to effectively delineate who does what. If an issue is inside of the container, it is primarily a matter for developers. If it is outside of the container, it is primarily for IT operations. While organizations do not want to continue working with silos, this type of separation of responsibility can actually help drive effective DevOps deployments.

Though Docker has the above drivers and advantages working in its favor, there are still plenty of challenges. One of the main hurdles for Docker, both the technology and the company, is its immaturity. After all, Docker has just attained two years, and even though the market is moving faster than ever, this is fairly embryonic in terms of open source projects, considering Linux is 25 years old. Docker and containers also show their immaturity when compared to today's enterprise virtual machines. For example, multi-tenant security for VMs is well established. The same cannot be said for Docker and containers, though there is no shortage of developers, projects and vendors seeking to address such matters.

Docker and containers other challenges center on enterprise concerns around data management, analytics, storage and similar issues that go along with deployment by large enterprises. Much of the use of Docker and containers today is for development and test purposes. While the distance between test-and-dev to production has diminished, there are still concerns and apprehensions about Docker and containers at large enterprises, particularly among central IT teams.

Read more:
Docker's No Flash in the Pan

Q&A: IBM’s Adam Jollans talks Linux & Open Source strategy

Posted on by

CBR asks Adam Jollans, the firms director for Linux and open source strategy, for his views on several topics including security, and where IBM is heading with open source in 2015.

CBR: Why are emerging workload requirements - cloud, big data - suited to open source development culture?

Many of the new cloud, analytics, mobile and social (CAMS) workloads are being implemented on top of open source software. There appear to be three main reasons for this:

1) Open source communities are now hubs of innovation, where the cool kids hang out. This is fuelled by the collaborative nature of open source, enabling faster development iterations and the ability to 'stand on the shoulders of giants' when developing software. So as new workloads emerge, the technologies to support them are prototyped first on open source platforms.

2) Open source removes the barriers to entry for new start-ups and individual programmers. The software is easy to get hold of, and open source versions are available to download and test for free.

3) Born-on-the-web companies are built using open source software, for the reasons above, and the open source approach then becomes embedded in their culture. This then feeds back into the first reason, encouraging more innovation for the next wave of new workloads, and creating a virtuous circle of open source development.

CBR: Given the furore over Heartbleed, how will IBM address security concerns about open source?

Recent security concerns such as Heartbleed and ShellShock aren't about open source per se; rather, they are concerns about largely forgotten or under-resourced open source projects that are fundamental to the internet and other key components of enterprise IT.

To address these concerns, IBM and other key vendors have established the multi-million dollar Core Infrastructure Initiative (CII), hosted by the Linux Foundation. This aims to support and fund key open source elements of the global information infrastructure, such as OpenSSL, Network Time Protocol and OpenSSH. A key part of the CII's work is to identify all the key open source projects the Internet depends on to ensure they all have the resources they need to be secure.

Other, properly resourced open source projects are already regarded as highly secure; for example, Security Enhanced Linux (SELinux) providing mandatory access control (MAC) in the Linux kernel, and the EAL4+ security certifications obtained by Linux distributions such as Red Hat Enterprise Linux and SUSE Linux Enterprise Server.

Link:
Q&A: IBM's Adam Jollans talks Linux & Open Source strategy

Did VMware Flout Open Source License Terms?

Posted on by

By Jack M. Germain 03/20/15 12:21 PM PT

The Software Freedom Conservancy earlier this month announced that it was funding a lawsuit filed by Linux kernel developer Christoph Hellwig against VMware in the district court of Hamburg in Germany.

The conservancy entered a grant agreement with Hellwig for the legal action. Its funding of the legal action is part of the program activity of its GPL Compliance Project for Linux Developers.

The suit alleges that VMware failed to comply with terms of the GNU General Public License version 2, or GPLv2 -- the license of Linux and other free and open source software incorporated in VMware's ESXi products.

The case stretches back to 2007, but it became more contentious in 201, when the conservancy discovered that VMware had failed to provide or offer any source code for the version of BusyBox included in VMware's ESXi products, as required by BusyBox's GPLv2 license.

"We were involved in this fight long before Christoff got involved," noted Software Freedom Conservancy President Bradley M. Kuhn.

"There were times when we thought VMware was going to comply. They were working towards getting better. That is why we let it go for so long -- we felt we were making progress," he told LinuxInsider.

VMware has insisted that its hypervisor operating system, ESXi, does not violate GPLv2.

ESXi is an operating system that manages the hardware and software resources of the physical server. At the core of the ESXi operating system is a kernel called "vmkernel," which provides control over those resources.

As with many other operating systems, ESXi's vmkernel has a stable, general-purpose API, called "VMK API," that enables device drivers and other loadable modules to perform specialized functions.

See the article here:
Did VMware Flout Open Source License Terms?

Making an Impact through Humanitarian Free and Open Source Software – Video

Posted on by


Making an Impact through Humanitarian Free and Open Source Software
Gerardo Capiel, VP Engineering at Benetech: Humanitarian Free and Open Source Software, also known as HFOSS, has gained prominence among those working on large global social causes such ...

By: IEEE GHTC

Read the original post:
Making an Impact through Humanitarian Free and Open Source Software - Video