Twitter
Home Blog Page 486

OpenStack Pike Debuts Re-Defining the Open-Source Cloud Platform

By
eWeek
-

The 16th release of OpenStack now uses the open-source Python 3.5 programming language and provides new standalone project component options.

The OpenStack Foundation debuted its 16th milestone release today with the launch of the OpenStack Pike cloud infrastructure platform. Pike follows the OpenStack Ocata release which came out in February and had a focus on cloud federation.

Unlike Ocata, the new Pike release has a particular emphasis on enabling standalone OpenStack services, without the need for an entire set of OpenStack projects. For several years, the OpenStack community debated a definition for a common set of projects, known as Defcore that define what it is to be an OpenStack cloud.

Read more at eWeek

Time-Series-Based Monitoring with Prometheus

By
ADMIN Magazine
-

Wherever container-based microservices spread, classic monitoring tools such as Nagios [1] and Icinga [2] quickly reach their limits. They are simply not designed to monitor short-lived objects such as containers. In native cloud environments, Prometheus [3], with its time series database approach, has therefore blossomed into an indispensable tool. The software is related to the Kubernetes [4] container orchestrator: Whereas Kubernetes comes from Google’s Borg cluster system, Prometheus is rooted in Borgmon, the monitoring tool for Borg.

Matt Proud and Julius Volz, two former site reliability engineers (SREs) with Google, started the project at SoundCloud in 2012. Starting in 2014, other companies began taking advantage of it. In 2015, the creators published it as an open source project with an official announcement [5], although it previously also existed as open source on GitHub [6]. Today, programmers interested in doing so can develop Prometheus under the umbrella of the Cloud Native Computing Foundation (CNCF) [7], along with other prominent projects such as Containerd, rkt, Kubernetes, and gRPC.

What’s Going On

Thanks to its minimalist architecture and easy installation, Prometheus, written in Go, is easy to try out. To install the software, first download Prometheus [8] and then unpack and launch:

Read more at ADMIN 

Tips for Customizing Your New Linux Installation

By
OpenSource.com
-

I recently installed the latest release of Fedora 26 from scratch on a brand new laptop. If you’ve been using Linux for a while, you may opt to do upgrades instead of fresh installs to keep your preferences and configurations intact. After all, who wants to go searching for customizations every time a new version of your favorite distribution (in my case, Fedora) comes out?

Every once in a while, however, I do a fresh Linux install to keep up with any new options and capabilities that may have been added. In this article, I will share how I configured the latest Fedora 26 on my laptop to meet my needs—and how you can, too.

Read more at OpenSource.com

Artifex v. Hancom: Open Source is Now an Enforceable Contract

By
Jeff Luszcz
-

By Jeff Luszcz, Vice President of Product Management at Flexera Software

The U.S. District Court recently ruled in favor of Artifex – developer of Ghostscript which is an open-source PDF interpreter and against Hancom Office – a South Korean developer of  ”office” apps.  The Northern District of California said that General Public License (GPL) can be treated like a legal contract, and developers can sue if the obligations of these licenses are not followed.  This ruling provides strong legal support to the enforceability of open source licenses.

At the heart of the matter is how Hancom used the Ghostscript library.  Ghostscript is a dual-licensed open source library.  This means it can be used under the terms of either an open source GPL, or under the terms of a classic commercial license.  Hancom incorporated the Ghostscript library into its product.  By not paying for a commercial license, the terms that Hancom would have available to them would be the terms of the GPL.  The GPL would require them to open source their product if it was linked to the Ghostscript library, and they then distributed the application.  Hancom did not provide the source code to their product (and did not elect to purchase a commercial license), putting them in conflict with the license that Ghostscript is distributed under.

Due to this, Artifex sued them at the end of last year, and on April 25, the Federal Court ruled in Artifex’s favor stating that the “GPL provides that Ghostscript users agrees to its terms, if the users do not obtain a commercial license.”

Hidden Risk: The Law…

There’s an old adage in the legal profession: Ignorance of the law is no defense.  So software companies need to beware.  Most aren’t aware of their open source components and compliance status – the risk they face as a result is significant.

As much as 50 percent of the code used in all software, including Internet of Things devices, is comprised of open source software.  While open source provides a convenient short cut for software developers to be more agile and efficient – there’s also a hidden risk: The law.

While open source components are, by definition free and available for anyone to use – there are limitations.  Most open source components have licensing obligations that developers must comply with.  And depending on the component – penalties for failure to comply with the open source license can be severe.  For example, in some instances a software company could be prevented from selling the product in which the open source component has been incorporated.  In other extreme examples, the entire software product containing the open source component could be required to be released as open source in order to come into compliance.

Education is the Answer

While the law is established enabling enforcement of open source licenses – most software developers are unaware of them.  Adding to the risk, most CEOs and general counsel are unaware of the open source components their developers are using.  And they don’t have automated means to scan their code for open source and ensure compliance with licensing terms.  CEOs and General Counsel need to educate themselves about open source software license compliance risk, then ensure their development teams have the training, processes and automation in place to ensure continual IP and legal compliance.

The open source movement has significantly changed how we design and build software.  While Open Source Software (OSS) has been around for decades, commercial software companies have had their traditional software design process flipped upside down in the last ten years.  When classic commercial software packages were first created years ago, there was very little third-party compliance that was required.  Commercial packages would be purchased, small pieces of source code from books would be used and possibly some quasi “open source” toolkits or libraries that were in limited distribution would be brought in.

Starting in the late 1980s and coming into its own in the 1990s and 2000s, open source components have become the backbone of the software industry.  The typical commercial product contains hundreds of high quality open source components, though data shows that only a small percentage of these components are having their open source licensing obligations followed.  Development practices have outpaced internal processes to manage the legal obligations and as a side effect, most companies are out of compliance.

Clear Disconnect

In interviews and discussions with legal teams and development teams, it becomes clear what has led to this disconnect.  The legal teams are under the mistaken understanding that developers are aware of the requirements of using open source libraries, and are taking care of them as they select components and use them.  Development is looking for guidance and policy, but at the same time is often under immense time pressure to get products out of the door.  While there may be high-level corporate policies about open source usage, it is very rare for development teams to have a hard requirement that fulfilling open source obligations is a gate for shipping product.

This disconnect is very clear when a company building a software product is required to produce an independently verified disclosure of all the open source and commercial code it uses.  This is very common request during mergers and acquisitions, during Original Equipment Manufacturer relationships and at the request of large enterprise companies.  Organizations are very surprised to see a 20 times or more difference between what they think they are using, and what they are really using.  They are typically out of compliance with each of those previously unknown components.

Acquirers and customers typically require technology companies to come into quick compliance from a legal perspective, as well as a vulnerability perspective.  This means that the technology provider is required to update their software in order to fulfill the obligations of the open source they are using.  The required actions include putting proper license notices and copyright statements in documentation and About Boxes, changing how libraries are linked or used and providing source code for certain components or the entire software product.  These actions are not always easy or possible to perform.

General Public Licenses

A problem that can affect these companies when working under someone else’s time constraints is that it is not always possible to come into compliance with the open source obligations in an already shipping product.  The product may depend on certain libraries that require obligations that are contrary to the company’s business model.  For instance, it is very common to encounter components in use that are licensed under the GPL.  The GPL is a popular and well-regarded license, and is the license used by well-known projects such as the Linux Kernel.  This license requires any source code linked to it to be provided to the end user, if used in a distributed product.  This includes the company’s own source code they wish to keep closed source or proprietary.  Shipped and linking to source under the GPL, while wanting to keep some of that source code proprietary leads to a legal conflict.  In many cases, coming into compliance requires the removal or rewriting of these libraries and features that depend on them.

The recent Versata/Ameriprise court case in the United States, showed the implications of having an unexpected open source component that was not having its obligations fulfilled.  This caused confusion and legal issues for end users, as well as tying up the original software producer in court.  It is not unexpected that more companies will look to undisclosed open source dependences as a defense in unrelated business lawsuits.

Other recent court cases in the United States and Europe have made it clear that companies are responsible for compliance when their software product is distributed.  This can lead to legal surprises due to unmanaged dependencies their developers have selected, as well as open source components introduced by their suppliers as part of their software supply chain.  What this means is that a company is responsible for the compliance for the choices their developers make, as well as the developers that work for the companies providing them Software Development Kits, components, operating systems and other executables.

If it is not clear who will be providing the proper compliance tasks, it often falls to the last organization in the chain to provide the notices, source and other required obligations.  This is a difficult and expensive task and often requires information that only previous members of the supply chain are privy to.  More and more companies are writing open source compliance requirements into supplier agreements, in order to receive any pass-through obligations such as license text and source bundles as well to encourage the proper and timely management of third-party dependencies.  This contract language helps make the case to the supply chain that they should take open source compliance seriously.  Additionally, these agreements may explicitly discuss vulnerability reporting and procedures for handling alerts and upgrades.

Don’t be Vulnerable

Another side effect of not keeping track of third-party components, is that you are not able to respond to reported vulnerabilities or patches required to keep these components up-to-date and secure.  This has the side effect of making products vulnerable to outside attacks.  These attacks can lead to data loss or financial damages.  Legal teams are finding themselves more and more involved with security response, and the legal and financial repercussions of these attacks.  In response, legal teams are putting in place policies around component updating as part of their efforts to reduce risk to their company.

Companies that manage open source components will often put in place an Open Source Review Board (OSRB).  The members of this group come from various teams who can help manage the use of third party and open source software in the organization.  This group typically contains representatives from the Legal, Engineering, Security and Business teams at an organization.  They are responsible for setting policy, educating other employees and being a source of open source knowledge for the company.  The policy they set can be implemented by the various engineering teams, and any new situations can be escalated back to the OSRB when required.

By taking the lead, legal teams can reduce risk for their organizations, and at the same time allow their companies to be good open source citizens.  Even if there was not the power of copyright standing behind the open source licenses we use, the open source development ecosystem depends on the users of open source to respect the philosophy licenses they use and give back where possible as well.  As more companies start to understand their true dependency on open source, we should expect more financial and technical support back to these projects.  Better compliance allows us to deliver higher quality, more secure and better supported products as well as helping to support a stronger open source ecosystem.

Real-Time Linux Summit, KVM Forum, Fossology, and More Happening Along With ELC Europe in Prague

By
The Linux Foundation
-

The Embedded Linux Conference Europe is just around the corner. This year’s event — which is co-located with Open Source Summit Europe — will take place Oct. 23-26 in Prague, Czech Republic. In addition to the previously announced session highlights, there are several other co-located events to look forward to.

Real-Time Summit

The Real-Time Summit, organized by the Linux Foundation Real-Time Linux (RTL) collaborative project, gathers developers and users of the PREEMPT_RT patch. The aim is to facilitate discussion between developers, tooling experts, and users. More details of the agenda will be available soon.

Date: Thursday, Oct. 19 – Sunday, Oct. 22

Location: Czech Technical University

Preliminary Agenda:

Day 1 – RTLWS Dual Track – paper required

Day 2 – RTLWS

Day 3 – RT-Summit Single Track

Day 4 – Free Day with Prague tour from local students

Registration Cost:

  • Standard: $225 USD (from August 21 through September 17)

  • Late: $280 USD (from September 18 through event)

  • Students: $35 USD (student ID will be required at the event)

You can add the Real-Time Summit to your existing Open Source Summit Europe + ELCE Registration or register for the Real-Time Summit separately here.

KVM Forum

KVM is an industry leading open source hypervisor that provides an ideal platform for datacenter virtualization, virtual desktop infrastructure, and cloud computing. The KVM Forum is an annual technical conference that brings together the community of developers and users that define the KVM ecosystem.

Discussions will include the current state of affairs and plan for the future of KVM, its surrounding infrastructure, and management tools. Wednesday’s KVM content will be presented as a dedicated KVM track within the Open Source Summit lineup. Thursday and Friday will consist of keynotes and concurrent breakout sessions to dive deeper into content.

Dates: Wednesday, Oct. 25 – Friday, Oct. 27

Location: Hilton Prague

Registration Cost (KVM Forum Registration Only):

  • Standard: $475 USD (from August 28 through September 24)

  • Late: $525 USD (from September 25 through the event)

Register for KVM Forum.

If you’re already planning to attend Open Source Summit, reduced pricing is available.

  • Standard: $325 USD (from August 28 through September 24) + OSS Fee

  • Late: $375 USD (from September 25 through the event) + OSS Fee

Register here for KVM Forum + ELCE.

FOSSology – Hands On Training

FOSSology is an open source license compliance software system and toolkit. The toolkit lets you run license, copyright, and export control scans from the command line. The system offers a database and Web user interface that provides you with a compliance workflow.

This course will be valuable to anyone concerned with and involved in Open Source Management, including operational and legal executives, software development managers, open source program managers, and developers.

Date: Thursday, Oct. 26

Location: Hilton Prague

Registration Cost: $100 USD

Add FOSSology – Hands On Training to your existing Open Source Summit Europe + ELCE Registration.

Tracing Summit

The Tracing Summit, which is organized by the Diagnostic and Monitoring Workgroup, gathers people involved in development and end-users of tracing tools as well as trace analysis tools. The aim of this event is to provide room for discussion in the various areas that benefit from tracing, namely parallel, distributed and/or real-time systems, as well as kernel development. Half of the day is reserved for presentations and the other half for discussions between users and developers of the tracing infrastructures.

Date: Friday, Oct. 27

Location: Hilton Prague

Registration Cost: Complimentary

Add the Tracing Summit to your existing Open Source Summit Europe + ELCE Registration.

View the complete schedule for Embedded Linux Conference here. Linux.com readers receive an additional $40 off with code OSSEULDC20. Register Now!

Building Healthy Open Source Communities

By
The Linux Foundation
-

Community — what a profound difference it can make for projects, businesses and organizations of all types. I’ve spent my entire career helping organizations build communities, ranging from internal communities to developer communities, with a strong focus on open source communities. The goal in fostering a healthy community around open source is to engage consumers, customers, and others and encourage them to contribute. With these thoughts in mind, let us consider a few of the important first steps in setting a community strategy, and then I want to tell you about a very special community-focused event that is coming up.

First Steps to Building Open Source Communities

What should a company do when setting an open source community strategy? This is less well understood than it should be. First, it is critical to understand the business value that can be derived from building a community. Just as diversity within an organization can drive tangibly better business results, a healthy community can too.

Read more at The Linux Foundation

MesosCon Europe Features Expert Talks from Netflix, Verizon, Microsoft, and More

By
The Linux Foundation
-

MesosCon Europe, taking place Oct. 25-27 in Prague, Czech Republic, is an annual conference organized by the Apache Mesos community that brings together users and developers to share and learn about the project and its growing ecosystem.

This year’s conference schedule will feature a one-day hackathon followed by two days of sessions focused on the Apache Mesos Core and related technologies.

Featured keynote speakers include:

  • Katharina Probst, Engineering Manager, Edge Systems, Netflix, covering applications to reliability and operational insights

  • Eugen Feller, Principal Software Engineer, Verizon discussing implementing a serverless computing platform on Apache Mesos

  • Pierre Cheynier, Operations Engineer, Criteo presenting on operating 600+ Mesos servers on 7 datacenters

Session highlights include:

  • Building FAST Data Solutions with DC/OS on Azure – Rob Bagby, Microsoft

  • Deep Learning with GPU on Mesos with Serverless Computing – Mandeep Gandhi, Adobe Systems

  • More Bang for Your Buck: How Yelp Autoscales Mesos + Marathon on AWS Spot Fleet – Rob Johnson, Yelp

  • Running Distributed TensorFlow on DC/OS – Kevin Klues, 1980

  • A Year with Apache Aurora – Rick Mangi, Chartbeat

The full lineup of all MesosCon Europe speakers and sessions can be viewed here. This conference is co-located with Open Source Summit Europe (separate registration is required).

Registration is discounted by $200 through Sept. 2, and academic rates are available. Applications are also being accepted for diversity and needs-based scholarships.

Blameless Port Mortem Meeting Template

By
Dev.to
-

Production incidents may be the worst kind of lean IT waste.

Let’s stop having them!

Paste this as the content of meeting invites to keep everyone informed on what a Blameless Post Mortem is and why we should always conduct them.

Blameless Post Mortem Template

Agenda:

  • Dissect the events as we understand (timeline)

Read more at Dev.to

The Quickie Guide to Continuous Delivery in DevOps

By
HPE Blog
-

Developers are always under pressure to produce more and release software faster, which encourages the adoption of new concepts and tools. But confusing buzzwords obfuscate real technology and business benefits, particularly when a vendor has something to sell. That makes it hard to determine what works best—for real, not just as a marketing phrase—in the continuous flow of build and deliver processes. This article gives you the basics of continuous delivery to help you sort it all out.

To start with, the terms apply to different parts of the same production arc, each of which are automated to different degrees:

  • Continuous integration means frequently merging code into a central repository. “Frequently” means usually several times a day. Each merge triggers an automated “build and test” instance, a process sometimes called continuous build. But by either name, continuous integration and continuous build do nothing in terms of delivery or deployment. They’re about code management, not what happens to the code afterward.

Read more at HPE

Confluent Brings SQL Querying to Kafka Streaming Data

By
The New Stack
-

With ever-increasing volumes of data comes an ever-increasing need to process that data. Confluent has made a business out of helping enterprises handle never ending streams of data with its commercial packaging of Apache Kafka. And now, at Kafka Summit in San Francisco this week, Confluentintroduced a new open source project, called KSQL, that it says will allow users to apply SQL queries against streaming data.

In this move, Confluent is one of a growing number of companies, such as SQLSteam, attempting to apply the bringing the rigors of SQL to the world of real-time data analysis.

Neha Narkhede, CTO and co-founder of Confluent, said that KSQL offers a number of potential use cases to enterprises, from processing data as it comes into an organization to handling extract, transform and load (ETL)-like work on data warehouses and data transfers between systems.

Read more at The New Stack

1...485486487...10,743Page 486 of 10,743