Twitter
Home Blog Page 52

OSS Security Highlights from the 2022 Open Source Summit North America

By
-

By Ashwin Ramaswami

Last month, we just concluded the Linux Foundation’s 2022 Open Source Summit North America (OSS NA), when developers, technologists, and community leaders from industry, academia, and government converged in Austin, Texas, from June 21-24 to talk about all things open source. Participants and speakers highlighted open source innovation and efforts to ensure a sustainable open source ecosystem.

What did the summit tell us about the state of OSS security? Several parts of the conference addressed different aspects of this issue – OpenSSF Day, Critical Software Summit, SupplyChainSecurityCon, and the Global Security Vulnerability Summit. Overall, the summit demonstrated an increased emphasis on open source security as a community effort with various stakeholders. More ambitious and innovative approaches to handling the open source security problem – including collaboration, tools, and training – were also introduced. Finally, the summit highlighted the importance for open source users to give back to the community and contribute upstream to the projects they depend on.

Let’s explore these ideas in more detail!

Click on the list on the upper right of this video to view the entire OpenSSF Day playlist (13 videos)

Open source security as a community effort

Open source security is not just an isolated effort by users or maintainers of open source software. As OSS NA showed, the stakes of open source security have turned it into a community effort, where a wide variety of diverse stakeholders have an interest and are beginning to get involved.

As Todd Moore (IBM) mentioned in his keynote, incidents such as log4shell have made open source security a bigger priority for governments – and it is important for existing open source stakeholders, both users and maintainers, to work as a community to take a cohesive message back to the government to articulate our community’s needs and how we are responding to this challenge.Speakers at a panel discussion with the Atlantic Council’s Cyber Statecraft Initiative and the Open Source Security Foundation (OpenSSF) discussed the summit held by OpenSSF in Washington, DC on May 12 and 13, where representatives from industry and government met to develop the Open Source Software Security Mobilization Plan, a $150 million plan for better securing the open source ecosystem.A panel discussion explored how major businesses are working together to improve the security of the open source supply chain, particularly through the governance structure of the OpenSSF.

New approaches to address open source security

OSS NA featured several initiatives to address fundamental open source security issues, many of which were particularly ambitious and innovative.

The OpenSSF’s Alpha-Omega Project was announced to address software vulnerabilities for OSS projects that are most critical (alpha) and at the long tail (omega).Eric Brewer (Google) gave a keynote discussing the fundamental problem of ensuring accountability in the open source software supply chain. One way of solving this is through curation: creating a repository of vetted and secure packages.Standards continue to be important, as always: Art Manion (CERT/CC) discussed the history and future of the CVE Program, while Jennings Aske (New York-Presbyterian Hospital) and Melba Lopez (IBM) discussed the importance of a Software Bill of Materials (SBOM).The importance of security tooling was emphasized, with discussions on tools such as sigstore, automation of security checks through Infrastructure as Code tools, and CI/CD pipelines.David Wheeler (Linux Foundation) discussed how education in secure software development is critical to ensuring open source software security. Courses like the OpenSSF’s Secure Software Development Fundamentals Courses are available to help developers learn this topic.

Giving back to the community

Participants at the summit recognized that open source security is ultimately a matter of community, governance, and sustainability. Projects that don’t have the right resources or governance structure may not be able to ensure their projects are secure or accept the right funding to do so.

Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) discussed the release of the 2022 State of Open Source Security report from Snyk and the Linux Foundation. The report noted that open source software is often a one-way street where users see significant benefits with minimal cost or investment. It is recommended that organizations need to close the loop and give back to OSS projects they use for larger open source projects to meet user expectations.Aeva Black (Microsoft) discussed approaches to community risk management through drafting and enforcing a code of conduct, and how ignoring community health can lead to sometimes catastrophic technical outcomes for OSS Projects.Sean Goggins (CHAOSS) discussed the relationship between community health and vulnerability mitigation in open source projects by using metrics models from the CHAOSS projects.Margaret Tucker and Justin Colannino (GitHub) discussed the role that package registries have in open source security, beginning to formulate some principles that would balance these registries’ responsibility for safety and reliability with the freedom and creativity of package maintainers.Naveen Srinivasan (Endor Labs) and Laurent Simon (Google) explored the OpenSSF Scorecard to more easily analyze the security of open source projects and proactively improve their security.Amir Montazery (OSTIF) discussed the Open Source Technology Improvement Fund’s efforts to help OSS maintainers to work with security experts to improve their projects’ security posture.

Conclusion

In sum, the talks and conversations at OSS Summit NA help paint a picture of how key stakeholders in the open source software ecosystem – OSS communities, industry, academia, and government – are thinking about conceptualizing big-picture issues and directing efforts around OSS security.

But these initiatives and talks still have a lot of room for input! Whether individually or through your institution, consider adding your voice to this discussion as we continue to support the open source software community. Join an OpenSSF working group, another initiative, or contribute upstream to open source projects that you depend on.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux Foundation.

How to hide PID listings from non-root users in Linux

By
-

Prevent average users from viewing your Linux system’s processes with the hidepid command.

Read More at Enable Sysadmin

How to generate a Red Hat Enterprise Linux 9 image with MicroShift

By
-

Learn how to use MicroShift, an exploratory, open source project to bring OpenShift to edge computing and field-deployed devices, to generate a custom RHEL 9 image.

Read More at Enable Sysadmin

Linux skills: 9 tutorials to get more from your text editor

By
-

Are you getting everything you need out of your text editor? Read Enable Sysadmin’s recent articles about Linux text editors to find out what you’re missing.

Read More at Enable Sysadmin

Join us to Speak at the ONE networking event connecting Access, Edge, and Cloud in 2022

By
-

The top reasons to share your expertise at ONE Summit, the Industry’s leading Open Networking & Edge Event

To submit a presentation proposal, please visit our Call For Proposals –-but hurry! Submissions are due July 29. 

ONE Summit 2022

ONE Summit is the ONE networking technology event connecting Access, Edge, Core and Cloud. It brings together technical and business decision makers for in-depth, interactive conversations around cutting-edge innovations and the operational support necessary to leverage them.

Newly revamped post-pandemic, ONE Summit’s focus is to enable interactive, real-world conversations on the evolution of technology in the distributed networking space. From Communications Service Providers to Government and civil infrastructure, from Retail to the leaders of Industry 4.0, you will be able to collaborate on innovations to truly support your digital transformation.

Inspired by the impact of integration efforts like 5G Super Blueprint, ONE Summit fosters collaborative discussion required to truly scale software for 5G, IoT, the enterprise, and beyond. 

Top 5 reasons to speak at ONE Summit:

1) Collaborate with thought leaders from across a growing global ecosystem. 

ONE Summit enables the technical and business collaboration necessary to shape the future of open networking and edge computing. The free exchange and presentation of ideas is crucial for the growth of all open source projects and their continued ability to innovate.

2) Immerse yourself in innovative technologies such as 5G, Open RAN, IoT, Enterprise, Cloud Native and more.

Learn about and build on on the successes of Linux Foundation networking & edge project communities, with collaboration across LF Networking, LF Edge, O-RAN- SC, Magma, CNCF, LF AI & Data, and more, to enable attendees to visualize and build their new networking stacks.

3) Learn from your peers across industry verticals solving common challenges. 

Networking decision makers gather to address architectural and technical issues, and business use case needs. ONE Summit provides a forum where solutions, best practices, use cases and more – based on open source projects under the Linux Foundation Networking and across the industry– can be shared with the global ecosystem.

4) Unleash the power of open. In a market now built on open source, this is critical.

Virtually all industries have embraced open source in their operations. Collaboration among industry peers is what makes the use of open source in business and the related business models possible.

5) Demonstrate your leadership.

ONE Summit attendees come from all across a growing ecosystem of enterprises, governments, global service providers (including telcos, enterprises, government, global service providers and cloud). With a targeted focus on architects and technical decision makers, ONE Summit is a great place to get your message out

Meet the Program Committee

ONE Summit would not be possible without the involvement and support of our community. The Program Committee is composed of business and open source leaders who are actively involved in the work of developing the next generation of networking and edge technologies for all market verticals. This year’s ONE Summit Program Committee is composed of:

Rabi Abdel, Principal Consultant, Global Telecom Practice, Amazon Web Services
Lisa Caywood, Senior Principal Community Architect, RedHat
Wenjing Chu, Senior Director of Technology Strategy – Trust for the Internet of the Future, Futurewei Technologies
Roy Chua, Founder and Principal, AvidThink
Beth Cohen, Cloud Product Technologist, Verizon
Marc Fiedler, Architect for Real-time Network Service Management, Deutsche Telekom
Daniel Havey, Program Manager, Microsoft
Kandan Kathirvel, Product Lead, Telco Cloud & Orchestration, Google Cloud
Trishan de Lanerolle, Principal Technical Program Manager, Office of the CTO, Equinix
Catherine Lefevre, AVP, Technology Services – Network Systems Common Platform & Services, AT&T
Tom Nadeau, Fellow, Vice President & Chief Cloud Architect, Spirent Communications
Joe Pearson, Edge Computing and Technology Strategist, IBM Networking & Edge Computing CTO Group, IBM
Jim St. Leger, Director, Open Strategy, Intel
Tracy Van Brakle, Principal Member of Technical Staff, AT&T
Olivier Smith, Office of the CTO, Director, Matrixx Software
Cedric Thienot, Co-Founder and CTO, Firecell
Qihui Zhao, NFV Researcher & Network Engineer, CMCC
Amy Zwarico, Director, CyberSecurity, Chief Security Office, AT&T

Who attends

Past ONE Summit attendee demographics. Source: ONE Summit 2022 prospectus

Join with attendees from all market verticals and all organizational levels from all over the world. Attendees don’t have to be part of a project to contribute to the discussion and to participate in open collaboration sessions with other attendees. In fact, joining planned sessions and open discussions and collaboration sessions is the best way to get involved with open source projects under the LFNetworking Umbrella.

To learn more about ONE Summit 2022 in Seattle, please visit the ONE Summit site

About LF Networking

Now in its fifth year as an umbrella organization, LF Networking (LFN) and its projects enable organizations across the globe to more quickly and effectively achieve digital transformation via the community’s shared development efforts. This includes companies of all sizes and types that rely on LFN’s breadth of commercially-ready ecosystem offerings, all based on open source innovation spearheaded within the LF Networking community. To learn more about LFN, please visit https://www.lfnetworking.org. To learn more about the Linux Foundation, please visit https://linuxfoundation.org

The author, Heather Kirksey, VP, Community & Ecosystem, LF Networking.

The post Join us to Speak at the ONE networking event connecting Access, Edge, and Cloud in 2022 appeared first on Linux Foundation.

Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things

By
Jason Perlow
-

This post originally appeared on the Hyperledger Foundation’s blog. You can read the full case study here

Some years ago, researchers realized that IoT devices would need to buy and sell from one another. In this “Economy of Things,” the items to be traded will include power, data, and connectivity. Most transactions will be fast, low value, and high frequency.

For a company like The Bosch Group that’s active in everything from autonomous vehicles to thermal plants, the Economy of Things will touch many lines of business. That’s why, in 2017, the company’s advanced research group, Bosch Research, was looking to find a way to scale up blockchain transactions to support the Economy of Things.

Bosch set out to do meet that requirement by leveraging a specific, step-by-step open source strategy for developing new markets:

Identify a requirement
Set goals
Consider the terrain
Build a partnership
Pick a suitable license
Use open source archetypes

The goals were to lead an effort to create standards for the Economy of Things and to build a framework where different partners could work together.

A survey for likely partners led the Bosch team to Perun, an early layer-2 protocol that passes state information off-chain through virtual channels. Bosch joined forces with several academics to implement this protocol and start creating an ecosystem.

As part of the process, Perun needed a stable home where everyone could access the latest code, and other people could find it. Hyperledger Labs provides a space where developments can be started without the overhead of creating an official Hyperledger project.

In Q3 2020, Perun was welcomed into Hyperledger Labs, and development has continued with work from the team at Boch and PolyCrypt GbmH, a startup spun out of the Technical University Darmstadt, where much of the academic research behind Perun began.

The Bosch team was eager to talk about its approaches and contributions to Hyperledger Foundation. To that end, they worked with Hyperledger marketing and others in the Perun community on a case study that details not only the business and technology challenges they’ve set out to tackle but also the strategic way they are leveraging open source development to advance the industry for all.

We never know what technology will turn into the Next Big Thing.

Perhaps Perun will be one of them, powering billions of micropayments between IoT devices or enabling people to shop with Central Bank Digital Currencies (CBDCs) that are still on the drawing board today.

Read the full case study here.

The post Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things appeared first on Linux Foundation.

Linux fundamentals: How to copy, move, and rename files and directories

By
-

Learn how to use the mv and cp commands to manage your Linux files and directories.

Read More at Enable Sysadmin

Find Your Way to a Strong SysAdmin Team

By
-

It’s tough sourcing enough talent today to meet growing IT team needs, but life finds a way. Our recent 10th Annual Open Source Jobs Report found 93% of employers are struggling to find enough employees with open source skills. It doesn’t help that 73% of professionals feel it would be easy to find another job, and they are demanding higher salaries than ever before to stay put. Between an overwhelming talent shortage and competition from other employers, many companies’ IT teams are at risk of “going extinct”.

93% of employers are struggling to find enough employees with open source skills.

There is a way to address this situation however. The Open Source Jobs Report  also found:

74% of professionals are asking for more training opportunities so they can keep up with current technologies
62% said training is the thing their employer can provide that would help them be more successful, a higher percentage than any other option
81% of professionals want to add new certifications to their resumes this year
90% of employers are willing to help them pay for them

Companies need to keep up by providing formal training and certification opportunities to their employees or risk giving them one more reason to leave.

62% said training is the thing their employer can provide that would help them be more successful, a higher percentage than any other option.

It should be kept in mind that providing training and certifications not only makes employees happier by demonstrating an employer’s willingness to invest in them and their career opportunities, but these opportunities also benefiSavet the employer. Having a better skilled team means you will be more successful in achieving your technology goals, and having more certified professionals on staff means your customers can have more confidence in your teams’ abilities.

Providing training and certifications not only makes employees happier by demonstrating an employer’s willingness to invest in them and their career opportunities, but these opportunities also benefit the employer.

Linux Foundation Training & Certification offers a wide catalog of training and certification in the most important open source technologies, from cloud to system administration to networking, blockchain, web development and more. This SysAdmin Day, give your team what they really want and provide them with training and/or certification that will help both you and them achieve your goals. We provide group classes, team discounts and more to help you be successful when it comes to upskilling. Learn more and contact us here.

The post Find Your Way to a Strong SysAdmin Team appeared first on Linux Foundation.

Patrick Debois: Untold Stories of Open Source

By
Jason Perlow
-

Raise your hand if you ever downloaded software by recording a series of tones onto a cassette tape as it was being broadcast over a radio station. 

Patrick Debois did – back in the 1980s as a budding computer enthusiast. He recalled that Europe didn’t have the network of electronic BBSes that existed in the U.S. These radio broadcasts were one way to distribute software, although they were often thwarted “when your mom walked in the room saying something and ruined the recording.” 

Patrick was only temporarily deterred and continued exploring his passion for computers but missed a community. He found a community when Linux came on the scene. He recounts the value of the Linux community, “The fact that there was a sharing community, and the Linux community of tools that I could just use, especially as a student. I know open source is not about being for free. But it was tremendously helpful to me as a student at that time to be able to try new stuff, to learn new stuff, to dissect new stuff on the open source.”

In 1994, as a student at the University of Ghent, he setup a web page where anyone could contribute URLs to help people explore the Internet. This was about the same time that Yahoo! started manually indexing the Internet. His site was running on an old Spark machine, and it was fascinating for him to be using a machine running on shared source. He then moved to his first job out of college, where he ran a web server, a firewall, and other new technologies. 

Later, Patrick worked for the government, where he and his team ran the first mail server, first DNS service, etc., all on three AutoCAD stations. He was required to buy proprietary software from vendors, but was frustrated because when something didn’t work, he had to wait for the vendor to provide updates. He often wished he could just try and fix it himself and then share with others what he did. Sound familiar? 

Patrick voiced, “If people are yelling at you, right, and your only excuse is, we’re asking the vendor, and it will take like a week or a month, that’s no excuse. And that makes you feel powerless at those times. So that’s been the reason why we started taking the other route mixing both? Sometimes you get good support from vendors. It’s not like one or the other. Open source itself is also not the guarantee that you have good support, or that it’s easily written. But if there’s a community that’s supportive, and it’s open source, then you feel like a good citizen and a member to contribute your fixes and solutions.” 

Open source itself is also not the guarantee that you have good support, or that it’s easily written. But if there’s a community that’s supportive, and it’s open source, then you feel like a good citizen and a member to contribute your fixes and solutions.

Fast forward to 2000 and open source is starting to gain more steam and broader acceptance. The Open Source Development Labs combined with the Free Standards Group to standardize Linux. The project morphed into the Linux Foundation in January 2007, at which point it gained nonprofit status and was funded and sponsored by a consortium of major technology vendors.

At first, Patrick had his doubts this could work, worried one company would be able to put their interests above those of the consortium when it comes to projects that are building standards. “I’ll be honest, I have my doubts in a way that I’ve probably seen too much of the discussion about open standards, or RFCs, or whatever, being kind of like written in certain directions that certain companies wanted to in these kind of situations. But I also liked the fact that there is a governance now, and that there is a discussion and not one part is owning this. So I see the Linux Foundation probably more as a mediator in the discussions between those companies. But I love them to remain neutral and not take a stance whether we should do a certain thing, yes or no. . .  I think we’re all conscious enough, when we were coming to the Foundation, that it’s a balance of multiple views on the problem.”

One of Patrick’s favorite Linux Foundation projects is sigstore, a new standard for signing, verifying, and protecting software. The project has 465 members from over 20 companies. He also has his eye on the LF AI & Data Foundation, notably the data side because, “You can share your source quite easily, but it’s the data that makes it interesting.” 

There is so much more to Patrick’s story, including being credited with helping coin the term DevOps.  The good news is that his story is on an episode of the Linux Foundation’s Untold Stories of Open Source podcast. Check out the full episode and subscribe on your favorite podcast platform. 

Do you have suggestions for future episodes or other comments, questions, etc.? Visit the podcast’s GitHub page.

The post Patrick Debois: Untold Stories of Open Source appeared first on Linux Foundation.

The Open 3D Foundation Welcomes Epic Games as a Premier Member to Unleash the Creativity of Artists Everywhere

By
Jason Perlow
-

Interoperability and portability of real-time 3D assets and tools deliver unparalleled flexibility, as the Open 3D community celebrates its first birthday

SAN FRANCISCO – July 20, 2022 – The Open 3D Foundation (O3DF) is proud to announce Epic Games as a Premier member alongside Adobe, Amazon Web Services (AWS), Huawei, Intel, LightSpeed Studios, Microsoft and Niantic, as it celebrates its first birthday.

With today’s world racing faster and faster towards 3D technologies, the O3DF provides a home for artists, content creators, developers and technology leaders to congregate and collaborate, share best practices and shape the future of open 3D development. This thriving community is focused on making it easier to use and share 3D assets with its partners and the Open 3D Engine (O3DE), the first high-fidelity, fully-featured, real-time, open-source 3D engine, available to every industry.

Epic Games, developer of Unreal Engine, joins the O3DF as a Premier member to further interoperability and portability of assets, visuals and media scripting, enabling artists and content creators around the globe to unleash their creativity and innovation by removing barriers in their choice of tools. Marc Petit, VP of Unreal Engine Ecosystem at Epic Games, will join the O3DF’s Governing Board. In this role, he will share what Epic has learned over 30 years in the industry to help shape the Foundation’s strategic direction and curation of 3D visualization and simulation projects.

“The metaverse will require companies to work together to advance open standards and open-source tools, and we believe the Open 3D Foundation will play an important role in this journey,” said Petit. “With shared standards for interoperability, we’re giving creators more freedom and flexibility to build interactive 3D content using the tools they’re most comfortable with, and to bring those amazing experiences to life in Unreal Engine and across other 3D engines.” 

This move builds on Epic Games’ steadfast commitment in delivering choice to content producers to unleash their creativity. In addition to enabling them to move media seamlessly between development environments, the Open 3D Engine allows artists and developers to consume only what they need, with the ability to customize components based on their unique requirements.

“We applaud Epic Game’s commitment to the open-source community and welcome them into the Open 3D Foundation as our newest Premier member, underscoring our mission in championing the deep integration of open source with commercial solutions to accelerate growth in a sustainable, balanced ecosystem that fuels the flywheel of success and innovation,” said Royal O’Brien, Executive Director of Open 3D Foundation and General Manager of Games and Digital Media at the Linux Foundation. “It’s truly exciting to see how the industry is responding to the real-time 3D needs of content creators around the globe, providing them with best-of-breed tools.”

Celebrating Its First Birthday

The Foundation and its anchor project, O3DE, celebrate their first birthday as they welcome Epic Games into this quickly growing community. Since the Foundation’s public announcement in July 2021, over 25 member companies have joined. Other Premier members include Adobe, Amazon Web Services (AWS), Huawei, Intel, Microsoft, LightSpeed Studios and Niantic.

In May, O3DE announced its latest release, focused on performance, stability and usability enhancements. With over 1,460 code merges, this new release offers several improvements aimed to make it easier to build 3D simulations for AAA games and a range of other applications. Significant enhancements include core stability, installer validation, motion matching, user-defined property (UDP) support for the asset pipeline, and automated testing advancements. The O3D Engine community is very active, averaging up to two million line changes and 350-450 commits monthly from 60-100 authors across 41 repos.

Join Us at O3DCon

On October 17-19, the Open 3D Foundation will host O3Dcon, its flagship conference, bringing together technology leaders, indie developers, and academia to share ideas and best practices, discuss hot topics and foster the future of 3D development across a variety of industries and disciplines. For those interested in sponsoring this event, please contact sponsorships@linuxfoundation.org. 

Anyone interested in the O3D Engine is invited to get involved and connect with the community on Discord.com/invite/o3de and GitHub.com/o3de

About the Open 3D Engine (O3DE) project

O3D Engine is the flagship project managed by the Open 3D (O3D) Foundation. The open-source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. To learn more, please visit o3de.org.

About the Open 3D Foundation

Established in July 2021, the mission of the Open 3D Foundation (O3DF) is to make an open-source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The Open 3D Foundation is home to the O3D Engine project. To learn more, please visit o3d.foundation.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Media Inquiries:

pr@o3d.foundation

The post The Open 3D Foundation Welcomes Epic Games as a Premier Member to Unleash the Creativity of Artists Everywhere appeared first on Linux Foundation.

1...515253...10,742Page 52 of 10,742