Planet Red Hat

Richard Li: Open Source and Healthcare

Thu, 04 Sep 2008 22:15:51 +0000

There's growing interest in open source and healthcare IT. Why are people interested? One, the problem space is hard. Clinical data is complex. There are technical issues -- but equally complex legal and business issues. No one company or person has all the answers. A collaborative model lets everyone contribute ...

Pete Muir: [Comment] Please stand clear of the closing doors, this train is ready to depart - Seam 2.1.0.BETA1 released!

Antonio Carlos da Silva dos Santos — Thu, 04 Sep 2008 20:56:50 +0000

This is a comment written in reply to 'Please stand clear of the closing doors, this train is ready to depart - Seam 2.1.0.BETA1 released!'.

The features are getting better!!! Identity management (JPA/LDAP) and RESTful support are great for web applications.

JBoss Seam rocks!

Pete Muir: [Comment] Please stand clear of the closing doors, this train is ready to depart - Seam 2.1.0.BETA1 released!

Antonio Carlos da Silva dos Santos — Thu, 04 Sep 2008 20:51:21 +0000

This is a comment written in reply to 'Please stand clear of the closing doors, this train is ready to depart - Seam 2.1.0.BETA1 released!'.

The features are getting better!!! Identity management (JPA/LDAP) and RESTful support are great for web applications.

JBoss Seam rocks!

Dan Walsh: SELinux and Chrome

dwalsh@redhat.com — Thu, 04 Sep 2008 18:50:05 +0000

After reading the Google Chrome announcement/comic book, I got to thinking

How could SELinux and Chrome work together?

The comic book says that Chrome can run each tab in a different processes, allowing you to isolate processes from each other. If a tab processes crashes because of a bug it will only bring down that tab, not the entire web browser. We have this in Fedora 9, in that we can run most of the plug-ins in a separate processes from Firefox, nsplugin. If a plug-in causes the process to crash, the nsplugin program crashes not Firefox.  You can use SELinux to lock down the nsplugin process to prevent it from attacking our system. The nice thing from an SELinux point of view is that we did not need to change Firefox to make this happen. Since Firefox executed nsplugin (npviewer.bin), we can write policy that says when a user (unconfined_t) execs an executable labeled nsplugin_exec_t, SELinux will transition to process labeled nsplugin_t.

With Chrome we might be able to take this further. Imagine Chrome could differentiate between external and internal web sites, then the main Chrome processes could create two tabs running under different SELinux contexts. Say chrome_trusted_t and chrome_untrusted_t, You could isolate these processes from each other and maybe allow chrome_trusted_t to read and write anywhere on the file system while chrome_untrusted_t could only read/write the ~/untrusted directory, labeled untrusted_content_home_t.   With labeled networking you could set up a proxy server that would only accept connections from processes labeled chrome_untrusted_t. If a user is reading a Company Confidential web site in one tab, and connected to www.espn.com on another tab, SELinux would prevent the untrusted tab from reading the trusted tabs content.

This would require changes to Chrome code, but the SELinux code to do this is fairly simple.

Pseudo Code

Depending on how Chrome works.

User enters an external web site:

If chrome just forks a new process it would:

child = fork();
if (Child) {
            if (selinux_is_enabled()) {
                      setcontext("user_u:user_r:chrome_untrusted_t");
                      ... /* Run the tab process */
                      exit()
            }
}

or

if chrome forks and execs a new process.

child = fork();
if (Child) {
            if (selinux_is_enabled()) {
                      setexeccon("user_u:user_r:chrome_untrusted_t");
                      exec() /* exec the tab process */

                      setexeccon(NULL); /* This sets that system back to default behaviour, if exec failed */
            }
}

Policy would have to be written to allow a transition from unconfined_t to chrome_untrusted_t, since the kernel will verify all transitions.

Any enterprising grad students looking for a project?

I could imagine similar changes could be done in Apache (mod_*), sshd, Samba.

Max Spevack: fudcon brno, day 0

Thu, 04 Sep 2008 16:54:49 +0000

Greg and I traveled from Amsterdam to Brno today, flying to Prague and then taking the bus down to Brno. Pretty uneventful, though we got ourselves a bit mixed up with the bus schedule. We purchased a ticket leaving from Prague's central bus station at noon, but we *thought* that the ticket's origin was the bus station at Prague's airport. As such, by the time we got to the central bus station, we had long-missed our bus and had to purchase new tickets for a bus leaving at 2:30. No big deal.

We bumped into Cliff Perry, one of our old Red Hat Network compatriots, in the Prague airport. He is spending the week in Brno for other Red Hat business, but he'll be hanging around at FUDCon a bit as well. Also at the Prague airport, we bumped into a flight attendant who works for Delta. She struck up a conversation with Greg when she saw his Carolina Hurricanes t-shirt, since she lives in Chapel Hill. We mentioned that Jim Whitehurst (formerly Delta's COO) is now Red Hat's CEO, and she spoke in glowing terms of him and his tenure at Delta.

Just looking around, Prague seems like an awesome city -- the next time I'm heading to Brno, I'm going to spend an extra few days in Prague and re-enact my favorite scenes from Mission: Impossible.

The bus ride from Brno to Prague was pretty long, but the laptop battery made it most of the way and I had a bunch of emails queued up to send upon arrival. Radek Vokal met Greg and I at the train station, brought us to the hotel, and then dropped us off at the Red Hat office, where we found a room of FUDConners (Dimitris Glezos, Diego Búrigo Zacarão, David Cantrell, Hans de Goede) already hacking. We're waiting for Jeroen van Meeuwen, Jonathan Roberts, and Pawel Sadowski to join us, and then we'll head out for dinner.

My next update will be sometime on Friday, during the first official day of FUDCon.

James Morris: SELinux memory protections are your friend

Thu, 04 Sep 2008 14:54:24 +0000

I don't know what a Zend Optimizer is, but it apparently does not play well with SELinux. I've encountered a blog entry by someone who has tried to do the right thing and keep SELinux enabled, after finding the code for a policy module which makes this stuff work.

I was surprised when I saw the source of the module, which includes:


allow httpd_t self:process execstack;
allow httpd_t self:process execmem;
allow httpd_t self:process execheap;
allow httpd_t usr_t:file execute;

When loaded, this will enable the web server to execute memory on its heap, stack or certain types of executable memory allocated via mmap(2). These are well-known attack vectors and disable some very important memory protection mechanisms. See Ulrich Drepper's SELinux Memory Protection Tests for details.

The file execute permission is also very concerning, as it allows the web server to execute generically labeled user files. Combined with disabled memory protections, and third-party software using unsafe memory execution techniques, I'd recommend being cautious about deploying this solution.

What I would suggest, if you don't understand the security policy, is to run it by your nearest SELinux community. Many mailing lists and IRC channels exist where people will be able to help: see User Resources from the SELinux Project Wiki.

It's important to note that whatever this code is supposed to be doing (apparently, dealing with some form of source code obfuscation), techniques such as making a stack executable are inherently insecure and should never be necessary.

SELinux really is trying to help you here, and free expert advice is merely an email away. At the very least, someone will be able to explain what the risks are, and help you make an informed decision on how to proceed: perhaps it will be better for your particular requirements to allow certain accesses rather than disabling SELinux for the entire system. And if the code is not trying to do something dangerous, an SELinux developer may write a simple module for you to load to work around the issue.

Sacha Labourey: slaboure

Sacha — Thu, 04 Sep 2008 13:10:04 +0000

Today RHT made an aggressive move into the virtualization market.

Let me explain what it means.

One of the key strengths of OS vendors is the size of the their ecosystem. The more IHV (Independent Hardware Vendors) and ISV (Independent Software Vendors) certify on your OS, the more chances you have to be successful. Or to put it differently, with no or little ecosystem (read: VMWare), a company has very little chance of success. And on the OS market, the landscape has become pretty simple: MSFT and RHT are kings next to a handful of dying Unix flavors. And this is not likely to change anytime soon: for an IHV or ISV to support a new OS requires considerable engineering investment. Lesson 1: The OS game is over. MSFT and RHT will fight the market share, while “would-be” new entrants will watch the game.

Recently, the market has been aggressively shifting towards virtualized environments and in order to provide a cost-efficient solution to those users, you cannot simply “reset the OS ecosystem” and restart from scratch: you must leverage the existing OS ecosystem. Lesson 2: The two leading OS vendors are the only able to sustain on the virtualized market in the long run. This is exactly what KVM provides (and XEN does not): KVM can fully leverage the existing IHV and ISV ecosystem earned over time by RHT.

For sure, in the short run (i.e. before the virtualization market gets under pricing pressure) companies like VMWare will be able to sell a virtualized environment as a (very costly) side dish to the OS, but in the long run, core OS and hypervisors will just be one. As an example, if you are paying for RHEL Enterprise today, let’s say for 32 CPUs, this gives you the right not only two run the core RHEL OS on 32 CPUs, but also gives you access to:
- unlimited virtualized environments running on top of these 32 physical CPUs (this is what VMWare will sell you)
- unlimited virtual RHEL guests running on top of those 32 physical CPUs

Lesson 3: price pressure will slowly get rid of the virtualization-only vendors (36 months).

Morale of the story: the virtualization market is entering into Phase II, when only OS vendors could sustain the pressure required to remain in the virtualization market.

Onward,

Sacha

Harish Pillay: What a way forward for virtualisation!

h.pillay@ieee.org — Thu, 04 Sep 2008 12:59:53 +0000

I am really thrilled that Qumranet is now part of Red Hat. The ONLY way to do virtualization is through fully GPLed and open source technologies - no hidden, proprietary, closed source stuff. Enough said. Really pleased.

side note: posting this from behind the Great Firewall of China is really annoying. Had to turn on my personal proxy server to by pass the local network is really a waste of time!

Max Spevack: new fedora tshirts for emea

Wed, 03 Sep 2008 16:43:13 +0000

Just in from the manufacturer. Thanks to Joerg Simon for handling the details and Nicu Buculei for the design.

Dan Walsh: Nasty SELinux redirection AVC's

dwalsh@redhat.com — Wed, 03 Sep 2008 16:22:01 +0000

One of the things that makes SELinux hard to understand is it's handling of shell redirection. A query on the Fedora SELinux list by Richard Johnson asks about how to handle SELinux avc's when redirection rpm output.

When installing a policy rpm, one cannot log the install activity w/o generating avc errors. For example:

rpm -i lsb-ft-asn-selinux > /var/log/rpm-update.log

produces the following violation:

type=SYSCALL msg=audit(1219774608.030:789): arch=c000003e syscall=59 success=yes exit=0 a0=be952e0 a1=be93390 a2=be958f0 a3=8 items=0 ppid=2848 pid=2875 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS1 ses=2 comm="restorecon" exe="/sbin/restorecon" subj=root:system_r:restorecon_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1219774608.030:789): avc: denied { write } for pid=2875 comm="restorecon" path="/var/log/rpm-update.log" dev=md2 ino=2694055 scontext=root:system_r:restorecon_t:s0-s0:c0.c1023 tcontext=root:object_r:var_log_t:s0 tclass=file

The problems seems to stem from recording the %post script's attempts to relabel files affected by the policy, specifically:

/sbin/restorecon -F -R -v /opt/ft/sbin/sra_alarm;
/sbin/restorecon -F -R -v /etc/opt/ft/asn;
/sbin/restorecon -F -R -v /var/opt/ft/asn;
/sbin/restorecon -F -R -v /var/opt/ft/log;

So what is going on here?

The shell is creating a /var/log/rpm-update.log. Most likely the process that is running the shell is running as unconfined_t, and unconfined_t does not have a transition rule for files in var_log_t directories. (var_log_t is the label of the /var/log directory) The rpm-update.log file gets created with the var_log_t label. The shell opens the file for write and redirects the stdout of rpm and all of its children process to this file.

When rpm is started it transitions to rpm_t and the SELinux kernel checks if rpm_t is able to write to files labeled var_log_t, since rpm_t is an unconfined domain it is allowed. rpm will hand the open file descriptor to all of its decendants. rpm executes it's scripts as rpm_script_t (Also unconfined). When rpm_script_t executes an application with a transition rule define, the SELinux kernel checks to see if the new domain is allowed to write to var_log_t.

In the case above rpm_script_t transitions to restorecon_t when it execs files labeled restorecon_exec_t. The SELinux kernel checks if restorecon_t is allowed to write to a file labeled var_log_t, restorecon_t is not allowed so the kernel reports the AVC. It also closes the open file descriptor and replaces it with a file descriptor to /dev/null. restorecon is then started and actually runs to a successfull completion, however no output with go to rpm-update.log.

So what should the admin do about this?

I can think of a few choices.

He can ignore it. Since the restorecon does not need to output anything, the installation completed and the AVC's are basically meaningless. He can even tell setroubleshoot to not show the AVC's/
He can add a local custom policy module, to allow domains to output to var_log_t, Using audit2allow -M mypol
- rpm -i lsb-ft-asn-selinux >> /var/log/rpm-update.log
- would be better since it will only add append.
He attempt to find a label for file and label it correctly such that all domains can append to it. rpm_log_t might work.
He can stick a cat in the middle of the command
- rpm -i lsb-ft-asn-selinux | cat > /var/log/rpm-update.log
- In this case bash opens the file as var_log_t and hands the open descriptor to cat which is also running as unconfined_t, but in this case bash sets the commands stdout to be a open fd descriptor to a unconfined_t. Most domains can "use" unconfined_t fd, so the AVC dissapears.

Fedora 10 - OPEN access check to the rescue:

This is a difficult thing to comprehend and we are trying to eliminate some of these AVC's. SELinux in Fedora 10 has added an OPEN check. This checks whether an application actually attempts to open a file rather then just tries to read/write the file. Before the OPEN check policy writers were not able to differentiate between an application actually actively going out and opening files versus being handed open file descriptors from processes like the shell.

So in Fedora 10 we will allow confined applications to read/write files in places users commonly redirect output. (user_home_t, user_tmp_t, logfiles). While denying the "open" access. If you see an OPEN access being denied, you should be very wary of this access and really investigate what is going on. If a cracker broke into a confined domain and got to a shell, he would probably be actively attempting to OPEN files.

Rich Sharples: Tab Sweep

sharps — Wed, 03 Sep 2008 12:35:32 +0000

Red Hat’s Spacewalk (the upstream OSS project for RHN Satellite) seems to be doing pretty well - they have a very active mailing list and are already getting external contributions. Mat Asay casts his perspective over on c-net.

Talking of growing communities - interest in JBoss in China is really picking up - there’s a new site dedicated to JBoss - Kava which contains translations of many JBoss related blogs and articles you’d find in North America and Europe.

GNU is twenty five years old this month - and Stephen Fry (English comedian, author, actor, columnist and tech. blogger) has a short video celebrating the event and introducing free software. btw. his podcasts are pretty good as well; if you’re a Stephen Fry fan and enjoy a light-hearted perspective on technology.

This week the Web is aflutter with the launch of Google’s browser - Chrome. Just for the record - I don’t think that Microsoft will win this browser war - give it 3-5 years and IE users will be in the minority - they’ve failed to innovate at the pace of the competition (Firefox) and haven’t established a Mobile Web foothold; and their desktop monopoly is finally being challenged (by OS/X, Linux and the mobile web). The thing is - IE won’t be the only victim in this war - other’s will get caught in the cross-fire - I think Safari will go down pretty quickly - probably within a year of Chrome being ported to the iPhone. Firefox (the only browser I’ve used for as long as I can remember) will be next. That bothers me - but only a little - that’s techology evolution - survival of the fittest (despite illegal monopolies). I’m happy for *any* free, multi-platform alternative to IE.

Finally, I think I pissed off a few ex-colleagues at Sun with my recent post. Thing is, I’m right. If you thought my post was overly critical (or wrong) - read this analysis on Forbes.com and try and argue against the fundamental arithmetic. It’s worth repeating my position - I’m not saying that Sun’s OSS efforts are wasted - I’m just saying they won’t save Sun. The projects and the people who’ve pushed them so hard will continue to flourish long after Sun has been dismantled and sold off.

Caolan McNamara: DEV300_m30

Caolan — Wed, 03 Sep 2008 08:29:09 +0000

The unused method listings are updated for every release, i.e. the latest DEV300_m30.

The current un-integrated patches are listed here, with the largest set of unused code in sc scheduled for removal in workspace koheicoderemoval

Sankarshan Mukhopadhyay: What a waste of talent and money…

sankarshan — Wed, 03 Sep 2008 06:20:12 +0000

These days I am generally averse to government sponsorship of (aka investment in) Open Source, especially if the government in question happens to be the Government of India.

I had earlier blogged about BOSSLinux and in recent times I tend to abhor politically motivated over-the-wall Open Source on taxpayer money. For example, take a look at this cache.This is the collection of over-the-wall translations of GNOME files. The fun part is that language teams exist for a significant number of the languages that are part of the collection. And yet, the files have the curious header: “Language-Team: Bangla (INDIA) (info.gist@cdac.in) \n” for bn_IN example. I don’t recall anyone contacting the group working on bn_IN for this and coordinating the work in that community. The discussion over the past few days on #indlinux also shows that the ml_IN community has not been contacted, neither the or_IN.

The reason why C-DAC desires to undertake this nonsense is fairly clear. Currying political favor with the incumbents at ministries, re-inventing already undertaken tasks is something that the stellar agency is becoming excellent at in recent times. Language computing in India is a big ticket item. Various e-Governance projects are looking towards reaching out to various language communities for greater outreach. There is work going on in standardization and so it is a good time to start acting silly. For a few languages that don’t have all the Unicode issues resolved, there seem to exist translations. Amazing is what it can be called. Why would working with the communities in the form of collaborating be something that is beyond the intelligent folks at C-DAC is what bothers me. These folks have been around for a while ie. they are not newbies starting up a project, they are smart. So, if they are upto such stupidity, there has to be a reason to this madness. Trying to fork translation communities instead of collaborating is a sad way to move forward.

Moving on, let’s take another piece of oddity. Baishakhi Linux which says:

Society for Natural Language Technology Research (SNLTR) developed Baishakhi Linux 1.0 (pdf link) in collaboration with MAT3 Impex and IIT Kharagpur. This is a free Bangla Linux that has been built over Ubuntu 8.04 distribution. All computer related decision making and office activities, such as document writing, preparing presentations, web browsing, sending and receiving emails as well as spreadsheet calculations can be carried out in Bangla using this distribution. All Bangla compound words can be viewed and written in Baishakhi Linux, and this special feature distinguishes it from the other localized Linux distributions. Even in spreadsheet application (an office suite for calculation) all types of mathematical calculations (addition, subtraction, multiplication, division etc.) can be done in Bangla including fraction number, which is also a unique feature of this distribution.

The bits that are termed as ’salient features’ have not been contributed upstream. What a waste.

ps: If this bug gets closure, a lot of issues would be resolved.

Dave Jones: lockdep lolz.

Wed, 03 Sep 2008 00:37:01 +0000

My entry for the "most extensive debug output from a single event" world record.

.. and with that, I'm off on vacation for a week.

Dan Walsh: I am backup on planet.fedoraproject.org

dwalsh@redhat.com — Tue, 02 Sep 2008 19:16:13 +0000

When fedoraproject.org site was rebuilt in the last couple of weeks, I guess I missed the message that you needed to put a .planet file in your people.fedoraproject.org home dir in order to have the planet see your blogs, sorry about that. Well I have fixed this. But you might have missed some of my blogs. The best one, IMHO, was:

Top three things to understand in fixing SELinux problems

So here is a link to it.

Back to Bugzilla.

Max Spevack: (virtual) fudcon brno

Tue, 02 Sep 2008 16:26:54 +0000

For those of you who want to follow-along this coming weekend as FUDCon Brno gets underway, I encourage you to join #fudcon on freenode. That will be our official meeting place for the duration of the event.

Brno is in the UTC +2 time zone. We start at 10:00 local time every day, which means 08:00 UTC. We'll often update on IRC, the FUDCon wiki page, and also on planet with the hackfests or sessions that are currently happening, and especially on the hackfest days, make every attempt to do a good job including both local people and remote people in various sessions.

Gary Benson: Shark, now with 100% bytecode coverage

gbenson — Tue, 02 Sep 2008 14:29:51 +0000

I did jsr, ret and multianewarray today; Shark now has 100% bytecode coverage.

Tom "Spot" Callaway: it is always a good time for a 5 minute guitar solo

spot@livejournal.com — Tue, 02 Sep 2008 14:00:06 +0000

I had a pretty darned good weekend. My brother and his wife (who is quite pregnant, due in October) came up for a visit, and since Pam wasn't quite up for it, I was tapped to play tour guide. We had things pretty much planned in advance, Saturday was car day.

You see, my car has been... non-functional for a while. However, I've known what's wrong with it for almost as long; the alternator is dead. The most complicated thing I've ever changed in my car has been a cassette tape, so I really did need my brother's help. We went to AutoZone (after attempting to go to the Arlington Napa, which was CLOSED when they were supposed to be OPEN) and bought a new alternator, then spent the next several hours trying to get the old one out. Despite our best efforts, we were unsuccessful at this, so we put the car back together (we had to pull one of the front wheels off just to get to the alternator). He also showed me how to change the oil on my car, so now I can perform that service in the comfort of my own driveway.

Saturday night, we went to Za for dinner (delicious pizza), and ran into Jeremy and Kara. On Sunday (after everyone but me went to Catholic Mass) we headed into Boston proper for some tourism. Pam wasn't up for it, so she stayed at home and relaxed. We started at the Common, then walked the freedom trail to Faneuil Hall. After lunch at Quincy Market, it was time for the Red Sox game!

Now, you may have read some things that I have written about the Red Sox here, and be thinking, doesn't he hate the Red Sox? No, of course not. I am rather perplexed by Red Sox Nation, but I've got nothing against them. Really, my stance on baseball can be boiled down to "I support the Cubs, the local team, and anyone who beats the White Sox". Since the Red Sox were playing the White Sox on Sunday, I was cheering for Boston twice as hard. We got three tickets for the game through stubhub, and sat almost at the top of the bleachers in Center field, but we could see everything (except for the big fancy tv screen). Aside from some general confusion with finding our correct seats (the sections are marked about as well as the streets are in this town), we had a great time. Three rows behind us, about 6 drunken female White Sox fans made for an amusing spectacle until they started trying to fight people and were ejected. (These ladies were classy. They were wearing matching hats that said "I HEART BEER" and White Sox t-shirts thoroughly soaked in beer. Oh yes, they were also repeatedly flashing the crowd.) Unfortunately, the Red Sox lost, but they put up a good fight, especially towards the end.

It is worth pointing out at this point that I forgot to put on sunscreen, so I was now properly Red and burned on my arms, legs, face and ears.

After the game, we briefly considered getting on the T at Kenmore, but it was absurdly overwhelmed with people, so we decided to walk part of the way home. We walked over the Harvard Bridge (and counted the Smoots!), then walked around MIT towards the Kenmore T stop. As we rounded the corner onto Main St, Richard Stallman passed us, but we didn't stop him or anything. I figured he probably wants to talk licensing on the weekend about as much as I do, and also, we were running late to meet Pam for dinner. We got on the T and met Pam in Harvard Square at Legal Seafood, where Bob & Gina got to experience a LOBSTA ROLL. After dinner, Pam showed them the Harvard boathouse, then we headed home. Bob played GTA4 until we went to bed (unsurprisingly, he is much better at it than I am).

On Monday, I suggested that we limit our time in the sun (as a result of looking like a LOBSTA), so Bob, Gina, and I drove down Mass Ave into Lexington and the Minuteman National Park. We toured around the area, through Concord and over by Walden Pond, before coming back into Arlington to meet Pam for lunch at Not Your Average Joe's. After lunch, I took Bob & Gina back to the airport.

When I got home, I played GTA4 for a bit, then Pam and I decided to see a movie. We drove to Burlington and watched Babylon AD (with the 7 other people in the theatre). It was very pretty, and I was actually following it until about halfway through, when it started to just randomly dissolve. It felt very much like a Neal Stevenson ending, where they realized they couldn't keep telling the story forever, so they haphazardly scripted the end, then drew dotted lines from where they were to the end. In short, don't waste your money, netflix it.

Then we went home and were lazy for the rest of the evening. We've been working our way through old Doctor Who, so we watched an episode of that and the "new" Top Gear on BBC America.

Pam went back to work today (I drove her), so she is making steady progress! On my way home, I stopped at the local garage and got a quote on how much it would be to fix the car (about 150.00), so I'm going to get AAA today and have it towed over there.

(Pictures from this weekend and more specifics can be found in Bob & Gina's Blog)

Red Hat News: Where’s Red Hat This September?

Events Team — Tue, 02 Sep 2008 12:52:10 +0000

North America

Red Hat hits the road this September for our 2008 North American Red Hat Road Tour. We’ll be visiting 16 cities this fall to share more about open source and its future direction and help attendees shift their open source strategies into full gear. Tracks will focus on Red Hat’s infrastructure and middleware offerings, taking a close look at open source tools to help build enterprise solutions. There will also be opportunities to hear about proven best practices from Red Hat customers. Attendees can network with experts in the industry and participate in round-table discussions to exchange experiences regarding today’s pressing IT challenges.

The Red Hat Road Tour is targeting specific cities seeking professionals responsible for enterprise architecture management, IT operations and standards, system security and management, application development tools and platforms and service oriented architecture (SOA). The 2008 Road Tour kicks off on September 9th in Atlanta. For more information and to see if we’re coming to a city near you, click here.

Red Hat will also be attending the 2008 Oracle Open World event in San Francisco from September 21-25. We’ll be in booth #622 hosting a series of mini theater sessions each day for attendees to learn from Red Hat representatives as well as partners as they share success stories on the integration of Red Hat enterprise solutions.

At High Performance on Wall Street on September 22 in New York, Bryan Che, Red Hat product manager, will participate on a panel entitled “Building The Perfect Financial Services Data Center.” Attendees can also stop by Red Hat’s booth during the event.

September marks a busy month for Red Hat as we’ll also be at the 451 Group Infrastructure Computing for the Enterprise (ICE) Summit hosted in Las Vegas. Come hear Katrinka McCallum, vice president, Management Solutions Business, and Benny Schnaider, CEO and Co-Founder of Qumranet, as they deliver the keynote address on September 18. The ICE Summit is a forum for executives in the virtualization, systems management and cloud computing sectors and brings together industry leaders to learn, network and develop strategies for today’s marketplace.

Here are all of the North American events where Red Hat will be present this month:

September 9, 2008 2008 Red Hat Road Tour, Atlanta, GA
September 9-10, 2008 Enterprise Architecture 2008 Conference & Exhibition, Washington, D.C.
September 10, 2008 2008 Red Hat Road Tour, Columbus, OH
September 15-16, 2008 Illinois Digital Government Summit, Springfield, IL
September 15-18, 2008 VMworld, Las Vegas, NV
September 18, 2008 Group ICE Summit, Las Vegas, NV
September 16, 2008 2008 Red Hat Road Tour, Parsippany, NJ
September 17, 2008 2008 Red Hat Road Tour, Fairfield, CT
September 21-24, 2008 NASCIO Annual Conference, Milwaukee, WI
September 21-25, 2008 Oracle OpenWorld, San Francisco, CA
September 22, 2008 High Performance on Wall Street, New York, NY
September 23, 2008 IDC Virtualization Forum, Chicago, IL
September 22-25 GTC East 2008, Albany, NY
September 22, 2008 CIO Forum, Pittsburgh, PA
September 24-27, 2008 InSight 2008 Annual Conference, Grapevine, TX
September 30, 2008 2008 Red Hat Road Tour, Minneapolis, MN

For more information on North American events, visit here.

Please save the date for the Red Hat Govenment Users & Developers Conference coming up next month.

When: October 7, 2008
Where: Ronald Reagan Building, Washington, D.C.

EMEA

September 5-7, 2008 The Fedora Users and Developers Conference (FUDCon), Brno, Czech Republic
September 10, 2008 Colazione da Red Hat, Rome, Italy
September 16, 2008 Aperitivo con Red Hat, Rome Italy
September 17, 2008 Colazione da Red Hat, Milan, Italy
September 23, 2008 Un viaggio… un assaggio, Milan, Italy
September 24, 2008 Virtualizaton Forum, Milan Italy
September 30, 2008 Business Partners Sales Training, Frankfurt, Germany

To see more upcoming Red Hat EMEA events, click here.

APAC

For information on Red Hat’s APAC events, visit here.

Latin America

For information on Red Hat’s events in Latin America, visit here.

Interested in speaking to Red Hat at or about one of these events? Email press@redhat.com.

Sacha Labourey: slaboure

Sacha — Tue, 02 Sep 2008 12:00:41 +0000

I was discussing with Bruno Georges this morning about the APAC market and he pointed me at the Kava Community web site and it is pretty impressive! The Kava community is writing blog entries in Chinese, reporting on JBoss activities and more importantly translating the JBoss.org documentation into Chinese! Our growth in China is very good and I am happy to see such communities emerge, that’s a great signal.

I’d like to take that opportunity to mention the growing number of JBoss-related articled published at DZone. If you haven’t done so yet, please visit the JBoss homepage at DZone. Recent entries include introductions to JBoss AOP, introductions to JBoss RichFaces, to REST, etc.

Onward,

Sacha