Home Blog Page 811

Open Source Officers at SanDisk, Twitter, Google Share Best Practices at OSCON 2016

By
Libby Clark
-

Starting an open source program office is a growing trend among companies that leverage open source software in their business strategies.

Led by an open source program officer, open source offices can range in size from one or two advocates on an engineering team to an entirely separate R&D division. But the goal is the same: to strategically address common challenges companies face when adopting open source software.

“An open source office whether centralized or by division can bring multiple best practices on how a company can manage consumption, compliance and contribution to open source” says Nithya Ruff, the head of SanDisk’s Open Source Strategy office, in the Q&A below. “It can create a proactive plan for driving more strategic involvement in projects important to the company’s roadmap and drive clear and common messages.”

The TODO group, which became a Linux Foundation project in March, is a cross-industry effort that brings together open source program managers to help establish open source best practices, tools and programs and support corporate open source engagement.

Open source program managers from Twitter, Box, Google, Facebook, Microsoft, and SanDisk will be on hand at OSCON May 18-19, 2016, in Austin, Texas, to discuss why they started open source offices at their companies and the lessons they learned along the way.

We caught up with Nithya Ruff for a preview of their panel discussion, “Open source lessons from the TODO Group.”

Be sure to attend the TODO Group talk from 1:50 p.m.–2:30pm on Wednesday, May 18 in Meeting Room 9C.

And visit The Linux Foundation booth #109-2 to collect a wooden Linus Torvalds token for the OSCON open source history game for attendees.

Nithya Ruff is head of SanDisk’s Open Source Strategy office.
Linux.com: What are some of the common challenges companies face when they start adopting open source?

Nithya Ruff: Companies that have not grown up with open source in their DNA face a number of challenges when they first adopt open source or look at adopting an open source strategy.

a.       They don’t completely understand the licenses and legal obligations and often see it as a single license which would force them to open their intellectual property or trade secrets.  Once they start understanding it more deeply they realize that one can consume without creating obligations and that there are a number of different licenses each with their own obligations.   So legal education is the first challenge.

b.      The second is to create awareness of the need to engage with open source and the need to have a strategy around how the company needs to work with open source communities. This is a strategy and a business discussion with executives and business leaders so that they support the need to have a plan and investment in this effort.  These are the top 2 areas of challenge.

Linux.com: How does creating an in-house open source office help companies maximize their open source involvement?

Ruff: One can continue to engage with open source in an ad hoc and distributed manner but this often creates issues and challenges with messaging, unintended consequences, multiple processes and confusion in the market on company intent.  It could also inadvertently expose a company to compliance risks.  An open source office whether centralized or by division can bring multiple best practices on how a company can manage consumption, compliance and contribution to open source. It can create a proactive plan for driving more strategic involvement in projects important to the company’s roadmap and drive clear and common messages.

Linux.com: What is one of the key lessons SanDisk has learned about corporate open source participation since starting its open source office two years ago?

Ruff: The biggest lesson has been learning about how much open source activity there already was in the company and how we would not have any knowledge of this and support it without starting this initiative.  Knowing consumption and dependencies has allowed us to shape our compliance and community engagement plan.

Linux.com: How have you benefited from your involvement in the TODO Group?

Ruff: Just this week, I needed to know a simple and best practice way to manage contribution license agreements or CLAs.    I contacted my fellow open source officers in other companies via the TOoDOo group and within hours I had two very usable solutions.  This is huge, to be able to consult each other on the best way to do things.  I am a big believer in reuse and to not recreate.  And this was a great example of how we can share practices..   TOoDOo members have been generous in sharing their time and coming to SanDisk to share their practices like Guy Martin (Autodesk) and Cedric Williams (PayPal) did recently. It is impactful to hear from other companies and to learn from their initiatives in open source.  This is one area, where we don’t compete and are happy to share.

Linux.com: What will TODO Group members discuss in your panel at OSCON?

Ruff: Open Source officers in companies are still rare. There are less than 30 of us and we know there is a lot of pent-up need for information on how to set it up.  We will discuss what TOoDOo does, what each of us do at our companies and shed light on helping companies manage their open source efforts successfully.

Linux.com: What else are you looking forward to at OSCON this year? What do you hope to accomplish by attending?

Ruff: I always enjoy attending OSCON as it covers culture and community very well side by side with technical topics.  I look forward to connecting with friends in the community. I am also doing a talk on why it is important to market in open source.  We all need people on the project who can write clearly, tell stories and create awareness.   The business side of open source is a passion and I look forward to sharing this at OSCON this year.

What Does the Future of the Apache Software Foundation Hold?

By
CIO .com
-

The Apache Software Foundation (ASF) will hold its second annual Apache: Big Data North America conference in Vancouver, BC, starting Monday next week. Alongside keynotes from companies like Netflix and IBM, and panels on a huge range of topics — from security and storage to managing distributed systems and machine learning — the foundation will also host a forum that looks to cut to the heart of its community model and how private companies should be involved in its work.

On Wednesday afternoon, Jim Jagielski, senior director in the Tech Fellows program at Capital One and one of the developers and founders of the Apache Software Foundation (ASF),  and John Mertic director of Program Management for ODPi and Open Mainframe Project at The Linux Foundation, will host a panel dubbed ODPi and ASF Collaboration: Ask Us Anything!.

Read more at CIO.com

This Week in Linux News: Open Source Jobs Report Reveals In-Demand Skills, CII Announces New Badge Program, & More

By
The Linux Foundation
-

1) The Linux Foundation Jobs Report (published this week) shows Open source programming and DevOps skills to be in-demand amongst hiring managers.

Linux Foundation: Open Source Programming and DevOps Jobs Plentiful– The VAR Guy

2) The Core Infrastructure Initiative’s new badge program underscores CII’s mission to improve the security of open-source projects.

Linux Foundation Launches Badge Program to Boost Open Source Security– ZDNet

3) In a short new video, Linus Torvalds explains why it’s smart to choose an open source career.

Watch Why Linus Torvalds Says Linux is the Best Option for Career Building– TechWorm

4) Bryan Lunduke has noticed the decline in Mac users at tech conferences over the years.

Where Have all the MacBooks Gone at Linux Conferences?– NetworkWorld

5) “IoT developers seem to favor open source because ‘it’s free as in freedom,'” writes Matt Asay.

Open Source Near Ubiquitous in IoT, Report Finds– ReadWrite

 

Linus Torvalds Talks IoT, Smart Devices, Security Concerns, and More [Video]

By
Eric Brown
-

For the first time in the 11-year history of the Embedded Linux Conference (ELC), held in San Diego, April 4-6, the keynotes included a discussion with Linus Torvalds. The creator and lead overseer of the Linux kernel, and “the reason we are all here,” in the words of his interviewer, Intel Chief Linux and Open Source Technologist Dirk Hohndel, seemed upbeat about the state of Linux in embedded and Internet of Things applications. Torvalds very presence signaled that embedded Linux, which has often been overshadowed by Linux desktop, server, and cloud technologies, had come of age.

Linus Torvalds speaking at Embedded Linux Conference.
IoT was the main topic at ELC, which included an OpenIoT Summit track, and the chief topic in the Torvalds interview.

“Maybe you won’t see Linux at the IoT leaf nodes, but anytime you have a hub, you will need it,” Torvalds told Hohndel. “You need smart devices especially if you have 23 [IoT standards]. If you have all these stupid devices that don’t necessarily run Linux, and they all talk with slightly different standards, you will need a lot of smart devices. We will never have one completely open standard, one ring to rule them all, but you will have three of four major protocols, and then all these smart hubs that translate.”

Torvalds remained customarily philosophical when Hohndel asked about the gaping security holes in IoT. “I don’t worry about security because there’s not a lot we can do,” he said. “IoT is unpatchable — it’s a fact of life.”

The Linux creator seemed more concerned about the lack of timely upstream contributions from one-off embedded projects, although he noted there have been significant improvements in recent years, partially due to consolidation on hardware.

“The embedded world has traditionally been hard to interact with as an open source developer, but I think that’s improving,” Torvalds said. “The ARM community has become so much better. Kernel people can now actually keep up with some of the hardware improvements. It’s improving, but we’re not nearly there yet.”

Torvalds admitted to being more at home on the desktop than in embedded and to having “two left hands” when it comes to hardware.

“I’ve destroyed things with a soldering iron many times,” he said. “I’m not really set up to do hardware.” On the other hand, Torvalds guessed that if he were a teenager today, he would be fiddling around with a Raspberry Pi or BeagleBone. “The great part is if you’re not great at soldering, you can just buy a new one.”

Meanwhile, Torvalds vowed to continue fighting for desktop Linux for another 25 years. “I’ll wear them down,” he said with a smile.

Watch the full video, below.

Get the Latest on Embedded Linux and IoT. Access 150+ recorded sessions from Embedded Linux Conference 2016. Watch Now.

https://www.youtube.com/watch?v=tQKUWkR-wtM

 

DevOps Means Test Automation (too)

By
Beta News
-

You have started down the road to DevOps. You have re-structured your teams and you are experimenting with DevOps tools and processes. You now understand that DevOps is a continuum that starts with planning and development and ends with deployment into operations. So where do you start your DevOps initiative?

DevOps projects tend to start in only one part of the continuum. Often, DevOps teams start with application build automation (development) or they start with automating the deployment of apps into operations. When the driver for DevOps is in the test organization, it is calledContinuous Integration. However, it is also important to work to continuously expand automation across the continuum because for DevOps to pay off, there needs to be continuous automation from development all the way through to operations.

Read more at BetaNews

Two of the Best Password Manager GUI Apps for Linux

By
Jack Wallen
-

If you either manage a number of systems (regardless of platform), or simply have a lot of passwords for computers, services, sites, and so forth, keeping track of those authentication credentials can be a serious strain to your memory. On top of that, these days passwords should not be such that you can easily memorize them. The more challenging they are, the harder they are to crack. Because of this, anyone with more than one password necessary to navigate through the daily grind (which would be just about everyone) should immediately make use of a password manager.

“What is a password manager,” you ask? Simple: A password manager is a tool that allows you to save authentication credentials within an encrypted “vault.” That vault only requires a single password for you to gain entry. Once you’ve entered the main password, you then have access to all of your credentials. Most password managers allow you not only to save usernames and passwords but also associated URLs and notes. Some even offer random password generators, so when you need to create a new, complicated password, all you have to do is click a single button.

But, which password managers are available for Linux and are worthy of your time? I have collected two that I believe do the best job of safe-keeping your passwords with the most user-friendly interfaces. I want to avoid web-based password managers and stick with desktop GUI tools only. Those criteria leave me with the two that I think are the best in breed.

Caveat Emptor

One thing to understand about password managers is that they truly are only as strong as the master password you set. Set a master password of password, and all of your authentication credentials will be easy pickin’s. If you want to get the most out of these tools, it is imperative that you set a very challenging master password. Use a combination of caps, lowercase, symbols, and numbers.

With that said, let’s dive in and see what the best password manager GUI tools for Linux have to offer.

Password Gorilla

Password Gorilla has been my go-to for a long time. One of the reasons I’ve always liked this particular take on the password manager is its simplicity. You create databases of passwords (each database encrypted by a master password) and then add groups and subgroups to the database. To each group or subgroup you can then add a login.

Password Gorilla can be installed from the standard repositories and works on most modern Linux distributions. Once installed, you will have to first set a master password for the database. With the master password set, the main window will open, displaying an empty database. The first thing you will want to do is create groups (Figure 1), so you can better organize your passwords. How you define these groups is up to you.

Figure 1: The Password Gorilla main window, with groups created.
To create a group, right-click the New Database listing and then select Add Subgroup (which will be a subgroup to the main database). Give the subgroup a name, then click OK. You can now create a subgroup to the newly created group. Select the group you just created and then click Add Subgroup. Give the new subgroup a name and click OK.

After you’ve created all your groups/subgroups, you can right-click either a group or subgroup and then click Add Login. Enter the details for the new login (Figure 2) and click OK.

Figure 2: Adding a new login to a group.
Password Gorilla does include a password generator that you can use when adding a new login to a group.

One nice feature of Password Gorilla is that you can set the lock after idle time. By default Password Gorilla will lock a database after five minutes of idle time. You can set that in File > Preferences > Defaults > Lock when idle after (Figure 3).

Figure 3: Setting the lock after idle time in Password Gorilla.
Another outstanding feature included in Password Gorilla is the ability to create your own password policy. With this, you can ensure that random passwords, generated by the tool, always meet your particular criteria. To use this feature, click Security > Password Policy and then (in the new window) edit the default policy to suit your needs (Figure 4).

Figure 4: Editing the password policy in Password Gorilla.

KeePassX

KeePassX is one of the more popular password managers for the Linux platform. KeePassX can also be installed from the standard repositories of most Linux distributions. This take on the password manager offers many of the same features as Password Gorilla, but it also includes the ability to protect a database with a key file.

Let’s say, for example, you have a key file generated by the gpg command. You can use that key to lock your database. To do this, you will need to have exported your gpg key and named it with the .key extension.

To export you gpg key in this fashion, you could issue the command gpg –armor –export EMAIL ADDRESS FOR KEY > name.key (Where EMAIL ADDRESS FOR KEY is the email address associated with the gpg key you want to use, and name is the name you’ll use for the key). To be safe, save that file on a thumbdrive or in a hidden location (otherwise, anyone could happen upon the key and open your password manager).

Once you have that key in place, do the following:

  1. Open KeePassX

  2. Click Database > New Database (Figure 5)

  3. When prompted add a master password and verify the password

  4. Check the box for Key File

  5. Click the Browse button

  6. Navigate to where your .key file is housed and select the file

  7. Click Open

  8. Click OK

Figure 5: Create a new database in KeePassX.
You should now immediately save your new database. Click the Save button, navigate to where you want the database to be saved, give the database a name, and click Save. Your database is good to go.

When you want to open this newly created database, you’ll have to enter the database master password and locate the keyfile. If you do not have both the master password and the keyfile, you will not be able to gain access to the delights within. Now you can create groups, subgroups, and entries in similar fashion to Password Gorilla.

Step Up Your Password Game

It’s time you started working with a password manager. Period. Plenty of options are available (even web-based tools like LastPass), but you cannot go wrong with either Password Gorilla or KeePassX. Give one of these tools a try and see if one (or both) doesn’t perfectly fill the gaping hole you have in the realm of password security.

Kubernetes-Powered PaaS Focuses on DevOps

By
InfoWorld
-

The creator of Kel, a devops-focused PaaS for Web applications has released an open source edition of its platform.

Kel is based on the container-cluster management system Kubernetes and was originally made to run Gondor, a managed host for Python and Django apps. Eldarion, the company behind Gondor, hopes Kel will appeal to developers who want a PaaS that’s built with workflow in mind, not just app deployment.

According to James Tauber, co-founder and CEO of Eldarion, Kel’s big distinction from other PaaSes is its focus on how developers work across the lifecycle of an application: development, QA, testing, staging, and production.

Read more at InfoWorld

Microservices Require Robust API Management

By
The New Stack
-

As the microservices approach is becoming more prevalent in application development, API operations, or API Ops, is increasingly being recognized as a requisite skill amongst enterprise and startups.

Microservices architecture breaks down services and assets into discrete, composable units. And they use APIs to communicate and connect with each other. Which in turn means dev teams are needing to build up their API design and creation skills (which requires testing and other ops tasks), as well as outsource functionality like security.

It also requires an API gateway service to manage the flow of APIs between and from an internal-to-external environment, and all of this needs testing tools that can map how the APIs call and respond to make sure there are no glitches in the flow of the microservices composability.

Read more at The New Stack

RDO Mitaka & Several External Networks VLAN Provider Setup

By
Boris Derzhavets
-

Post below is addressing the question when Controller/Network RDO Mitaka Node has to have external networks of VLAN type with predefined vlan tags. Straight forward packstack deployment doesn’t  allow to achieve desired network configuration. External network provider of vlan type appears to be required. In particular case, office networks 10.10.10.0/24 vlan tagged (157) ,10.10.50.0/24 vlan tagged (172) already exists when RDO install is running.

Complete text may bee seen at  http://bderzhavets.blogspot.com/2016/05/rdo-mitaka-several-external-networks.html

Infrastructure ‘Coming to Life in a New Way,’ SDN Inventor Says

By
eWeek
-

There are those that believe the era of infrastructure is gone, but Martin Casado is not among them. Casado, now a venture capitalist at Andreessen Horowitz, discussed during a keynote address at the Interop conference here why we’re now on the cusp of an evolutionary shift in the infrastructure market.

Casado is well-known in the networking world as co-author of the groundbreaking research paper in 2005 that ignited the software-defined networking (SDN) era. He co-founded Nicira in 2007, a company he sold to VMware in 2012 for $1.2 billion. Nicira helped usher in the SDN era by removing networking from the constraints of being restricted to purpose-built hardware appliances.

“Traditional infrastructure is going through a shift, but we’re now on the cusp of something much better, a golden era of infrastructure,” Casado said. “I have heard many people talk about how infrastructure is dead, but I believe it’s coming to life in new way.”

Read more at eWeek

 

 
1...810811812...10,743Page 811 of 10,743