Language Selection

English French German Italian Portuguese Spanish

Linux.com

Syndicate content
News For Open Source Professionals
Updated: 5 hours 7 min ago

The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021

Thursday 16th of September 2021 09:03:33 PM

Experts and industry leaders from financial services, technology and open source will gather for thought-provoking insights and conversations about how to best leverage open source software to solve industry challenges.

SAN FRANCISCO, September 16, 2021The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-host Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to accelerate adoption of open source software, standards and best practices in financial services, today announced keynote speakers for Open Source Strategy Forum London (OSSF). The event takes place October 5, preceded by a FINOS Member event on October 4, in London, England. The schedule can be viewed here and the keynote speakers can be viewed here

OSSF’s goal is to deepen collaboration across finance, open source and technology and drive innovation across the industry in order to deliver better code, faster. The event will feature 35+ sessions, revealing recent developments and the direction of open source in financial services across a wide range of topics and domains.

“We are entering what can only be referred to as the golden age for Open Source in Financial Services”, said Gabriele Columbro, Executive Director, FINOS. “In the last year not only have we seen an exponential growth in contributions from Financial Institutions – something frankly unprecedented – but we are now witnessing the industry coming together to solve long standing business challenges through open collaboration. I am truly excited to have so many leaders at OSSF sharing their vision for an open financial stack, and to be able to bring our community together for a fantastic and unique event like OSSF.”

Keynote speakers this year include:

Gabriele Columbro, Executive Director, FINOSNick Cook, Head of Global Strategy and Partnerships, Alliance for Innovative Regulation (AIR), and former Head of Innovation, UK Financial Conduct Authority (FCA)Jane Gavronsky, Chief Technology Officer, FINOS, and former Managing Director, Credit SuisseRussell Green, Managing Director, Deutsche Bank AGLiz Rice, Chief Open Source Officer, Isovalent

Conference Session Highlights:

Creating an Open Source Data Standard for Financial Services Regulation – Taniem Choudhury, Deutsche BankAn Open-sourced Solution to Data Governance? How Legend May Be the Answer to Data Quality Concerns in the Financial Industry – Ffion Acland & Beeke-Marie Nelke, Goldman SachsMorphir: A Single Language for Business and Technology – Attila Mihaly, Morgan StanleyPolicy Compliance with Sigstore: From Signing Software to Validating the Whole Software Supply Chain – Axel Simon, Red HatContaining the Chaos While Embracing Kubernetes Based Technology in Finance, Rob Knight, SUSENavigating Open Source Risk: A Strategic Approach – Dawn Foster, VMware 

Attending companies include: Adaptive Financial Consulting Limited, Audace Labs, Avanade, Bitergia, Canonical, Citi Group, Cosaic, Demodyfi, Deutsche Bank, Digital Asset, EPAM Systems, Evolveum, Fidelity Investments, GitHub, GitLab, Goldman Sachs, IHS Markit, ING, International Swaps and Derivatives Association, Itaú Unibanco SA, Large Credit Union Coalition, London Stock Exchange, Morgan Stanley, Nomura Holdings, Point72 Asset Management, Red Hat, Scott Logic, Symphony, TD Securities, Wipro, U.S. Bank, and many more.

Registration is available for 460 GBP. Members of The Linux Foundation receive a 20 percent discount – members can contact events@linuxfoundation.org to request a member discount code. Members of FINOS can attend at no cost – members can contact ossf@finos.org to request the FINOS Member registration code. 

Health and Safety
Attendees will be required to be fully vaccinated against the COVID-19 virus and wear a mask while onsite at the event. Additionally, all attendees will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage and read our blog post.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, Linkedin, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

Media Contact
Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021 appeared first on Linux Foundation.

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021 appeared first on Linux.com.

Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes

Tuesday 14th of September 2021 10:00:00 PM
Background

The Academy Software Foundation (ASWF), a project hosted by The Linux Foundation, provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on image creation, visual effects, animation, and sound technologies. 

It was created in 2018 after the conclusion of an investigation by the Academy of Motion Pictures Arts and Sciences (AMPAS) Science and Technology Council holding an 18-month investigation on the state of open source in the industry. This aligned with the need for a vendor-neutral foundation to provide a sustainable home for open source projects that are key to the growth of the industry.

Identifying the need for exemplar assets for community use

As of August 2021, The Academy Software Foundation provides a home for Open Shading Language, OpenColorIO, OpenCue, OpenEXR, OpenTimelineIO, OpenVDB, and MaterialX.

As these projects have progressed in development, there was a need identified to have production-grade digital assets (e.g.,3D scene data, images, image sequences, volumetric data, animation rigs, edit decision lists) available for use in development and testing environments to ensure these projects can scale to the demands of the movie and content creation processes. 

Furthermore, the ASWF identified an additional need to have production-grade assets for general research and learning purposes. 

The ASWF identified two objectives to address these requirements:

Provide a vendor-neutral home for both homing the assets and being a curator for exemplar assets that would align with the industry needs.Create a licensing framework striking a balance between the needs in research, learning, and open source development, with the intellectual property concerns of production-grade assets (as they often come from real productions).

An open community comes together

There was some precedent in the industry, with the 2018 release of the Moana Island Scene by Disney Animation. This sparked several discussions in the industry on how to have a larger set of similar assets available for community use leading to the creation of an Asset Repository Working Group at the Academy Software Foundation in 2020.

The culmination of this working group came in July 2021, with the transition of the working group to a formal project that will establish the infrastructure and governance of the Assets Repository. The intention is for the project to function and work like any other open source project, with full transparency and community participation, to identify and curate exemplar assets. 

At the same time, the legal counsel across Academy Software Foundation members came together to align on the ASWF Digital Assets License, which was created in the spirit of licenses used previously in the industry and designed to specifically ensure these assets can be used for education, learning, research, and open source development. The ASWF Digital Assets License helped create a bridge between producers and consumers of these assets, establishing standardized terms to enable collaboration and the re-use of content in an industry where it had previously been limited.

As of August 2021, there is interest from multiple organizations in contributing assets to this repository as it takes form over the next few months.

Conclusion

The Linux Foundation has been the home for vendor-neutral collaboration in both horizontal technology spaces and vertical markets such as automotive, networking, energy, and here motion pictures. In supporting over 750 open source projects, we are starting to see more and more efforts such as these where the collaboration outside of traditional software development and into educational materials, community development, and standards. The Assets Repository project at the Academy Software Foundation is a great example of the unique collaboration opportunities that open source brings and are driven by our open communities.

The post Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes appeared first on Linux Foundation.

The post Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes appeared first on Linux.com.

Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes

Tuesday 14th of September 2021 03:23:30 PM
Background The Academy Software Foundation (ASWF), a project hosted by The Linux Foundation, provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on image creation, visual effects, animation, and sound technologies. It was created in 2018 after the conclusion of an investigation by the Academy of Motion Pictures Arts and Sciences (AMPAS) Science and Technology Council holding an 18-month investigation on the state of open source in the industry. This aligned with the need for a vendor-neutral foundation to provide a sustainable home for open source projects that are key to the growth of the industry. Identifying the need for exemplar assets for community use As of August 2021, The Academy Software Foundation provides a home for Open Shading Language, OpenColorIO, OpenCue, OpenEXR, OpenTimelineIO, OpenVDB, and MaterialX. As these projects have progressed in development, there was a need identified to have production-grade digital assets (e.g.,3D scene data, images, image sequences, volumetric data, animation rigs, edit decision lists) available for use in development and testing environments to ensure these projects can scale to the demands of the movie and content creation processes. Furthermore, the ASWF identified an additional need to have production-grade assets for general research and learning purposes. The ASWF identified two objectives to address these requirements:
  • Provide a vendor-neutral home for both homing the assets and being a curator for exemplar assets that would align with the industry needs.
  • Create a licensing framework striking a balance between the needs in research, learning, and open source development, with the intellectual property concerns of production-grade assets (as they often come from real productions).
An open community comes together There was some precedent in the industry, with the 2018 release of the Moana Island Scene by Disney Animation. This sparked several discussions in the industry on how to have a larger set of similar assets available for community use leading to the creation of an Asset Repository Working Group at the Academy Software Foundation in 2020. The culmination of this working group came in July 2021, with the transition of the working group to a formal project that will establish the infrastructure and governance of the Assets Repository. The intention is for the project to function and work like any other open source project, with full transparency and community participation, to identify and curate exemplar assets. At the same time, the legal counsel across Academy Software Foundation members came together to align on the ASWF Digital Assets License, which was created in the spirit of licenses used previously in the industry and designed to specifically ensure these assets can be used for education, learning, research, and open source development. The ASWF Digital Assets License helped create a bridge between producers and consumers of these assets, establishing standardized terms to enable collaboration and the re-use of content in an industry where it had previously been limited. As of August 2021, there is interest from multiple organizations in contributing assets to this repository as it takes form over the next few months. Conclusion The Linux Foundation has been the home for vendor-neutral collaboration in both horizontal technology spaces and vertical markets such as automotive, networking, energy, and here motion pictures. In supporting over 750 open source projects, we are starting to see more and more efforts such as these where the collaboration outside of traditional software development and into educational materials, community development, and standards. The Assets Repository project at the Academy Software Foundation is a great example of the unique collaboration opportunities that open source brings and are driven by our open communities.

The post Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes appeared first on Linux.com.

Antmicro Doubles Down on Commitment to the Zephyr Project as Community Grows to More Than 1,000 Contributors

Tuesday 14th of September 2021 01:49:31 AM

Wind River also advances its commitment to the open source ecosystem by joining the project as a Silver Member

SAN FRANCISCO, September 13, 2021 On the heels of its 5th anniversary and inaugural Developer Summit, the Zephyr Project today announces a major milestone with more than 1,000 contributors and 55,000 commits. Zephyr, an open source project at the Linux Foundation that builds a safe, secure and flexible real-time operating system (RTOS) for resource-constrained devices, also welcomes Antmicro as a Platinum member and Wind River as a Silver member.

Zephyr RTOS unites companies, developers and end users around the world to ensure balanced collaboration and feedback to evolve and meet the needs of its community. This innovative relationship among stakeholders advances the Zephyr Project’s support of new hardware, developer tools, sensors, and drivers, while maximizing the functionality of devices that run applications developed using the Zephyr OS.

“The number of contributors to an open source project is one of the best measures of its relevance to the open source community,” said Barna Ibrahim, Chair of the Zephyr Project Marketing Group and Strategic Partner Development Lead at Google. “Today’s announcement represents one more step in our open source journey and increased role in the advocacy, use and contribution across the Zephyr ecosystem. Ultimately, this strong ecosystem will help build secure and safe products across the globe.”

Evidence that momentum will continue growing for the project include:

The 1000th contributor – meet Embla Flatlandsmo and learn more about what and why she contributed to the project in this blog and video.Almost 700 people registered for the first-ever Zephyr Developer Summit in June. The event consisted of 5 mini-conferences, 28 sessions and 51 speakers who presented technical content, best practices, real-world use cases and more. Videos are available on the Zephyr Project Youtube Channel.Zephyr is able to automatically generate an Software Bill of Materials (SBOM) during builds with the 2.6 release, so support for ISO/IEC 5962:2021 SBOMs is already included in the second Long Term Support (LTS) release this fall.It is one of the few open source projects that has a CVE Numbering Authority(CNA) and has an active Project Security Incident Response Team(PSIRT) that manages responsible disclosure of vulnerabilities to product makers. Product creators using Zephyr can sign up for free to be notified of vulnerabilities.  Golioth, a recent new member and Zephyr tool provider, received $2.5 million in seed funding and beta testing, which was all based on the RTOS.Seamless integration with Renode (Antmicro’s simulation framework for complex IoT systems), Nanopb (Protocol buffers for embedded systems),  TensorFlow Lite Micro (software library for embedded machine learning) and others.Antmicro released the Open Source M.2 IoT Smart Module with edge ML capabilities based on EdgeTPU and Zephyr RTOS running on Nordic nrf52840 to enable fully open hardware IoT gateways.

Commitment to Zephyr

Today, the Zephyr Project announces that long-time member Antmicro has doubled down on its commitment by upgrading its membership to Platinum. Peter Gielda, CEO of Antmicro, will join the Zephyr Governing Board.

Additionally, Wind River joined the project as a Silver member. Other project member companies include Adafruit, AVSystem, BayLibre, Eclipse Foundation, Facebook, Fiware, Foundries.io, Golioth, Google, Intel, Laird Connectivity, Linaro, Memfault, Nordic Semiconductor, NXP, Oticon, Parasoft, Pat-Eta Electronics, RISC-V, SiFive, Synopsys and teenage engineering, among others.

“We are delighted to welcome Peter Gielda to the Governing Board,” said Joel Stapleton, Chair of the Zephyr Project Governing Board and Principal Engineering Manager at Nordic Semiconductor. “Antmicro has already contributed so much to Zephyr with board support, demos and documentation. We look forward to working more closely with them and strengthening our community.”

“An active member of the project since its early days, Antmicro has been pioneering the use of Zephyr in several fields, including FPGAs and the RISC-V architecture, in both hard and soft implementations,“ said Peter Gielda, CEO at Antmicro and now Member of the Zephyr Project Governing Board. “Building on top of our work combining TensorFlow Lite Micro, Zephyr and Renode for machine learning development we join our customers and partners Google, Intel, NXP and Nordic Semiconductor in a leadership position in Zephyr to strengthen the vendor-neutral RTOS option for the open source hardware, software and AI solutions that we develop.”

“As we move towards an intelligent systems future, it will become increasingly important to collect and process data at the intelligent edge in real time,” said Amar Parmar, Senior Director, Solution Partners at Wind River. “For resource-constrained devices, Zephyr can be at the heart of where this data originates. Zephyr Project has fostered a vibrant and growing community addressing the technical requirements to deploy a new generation of devices, aligned with modern development practices and tooling. As an original contributor to the code base and an active member of the community, we look forward to continued collaboration.”

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr Project

The Zephyr Project is an open source, scalable real-time operating system (RTOS) supporting multiple hardware architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The post Antmicro Doubles Down on Commitment to the Zephyr Project as Community Grows to More Than 1,000 Contributors appeared first on Linux Foundation.

The post Antmicro Doubles Down on Commitment to the Zephyr Project as Community Grows to More Than 1,000 Contributors appeared first on Linux.com.

How to run Podman on Windows

Friday 10th of September 2021 10:21:41 PM

With a little help from Windows Subsystem for Linux, you can use Podman to build container images, run a web server in a container, and more.

Read More at Enable Sysadmin

The post How to run Podman on Windows appeared first on Linux.com.

Michael Cheng Joins the Linux Foundation Board of Directors

Friday 10th of September 2021 02:19:06 AM

We’re pleased to announce that Michael Cheng joined the Linux Foundation Board of Directors earlier this year. Michael is a product manager at Facebook, currently supporting open source and standards work across the company. Michael is a former network engineer and M&A attorney. He previously led the product, commercial, and intellectual property functions on Facebook’s M&A legal team.

Michael has built some of the world’s most valuable and innovative open source ecosystems, representing billions of dollars of value, including GraphQL, Magma, Diem, ML Commons, and many others.

In 2018, Michael helped design the Joint Development Foundation — a lightweight, turnkey solution for the development of technology standards and specifications. Michael then brought in GraphQL as the JDF’s first project. GraphQL now powers trillions of API calls every day for some of the world’s largest companies.

Michael Cheng

Michael was one of the founding members of ML Commons, an industry-wide consortium that aims to unlock the next stage of AI/ML adoption by creating useful measures of quality and performance, large-scale open data sets, and common development practices and resources. Michael served as ML Commons’ first treasurer, and it has since grown to more than 50 members and affiliates representing a broad cross-section of the ML ecosystem.

This year, Michael created the Magma Foundation, the first open source platform that enables telecom operators to build modern and efficient mobile networks at scale. Michael now chairs the board of the Magma Foundation — growing its ranks to more than 20 members this year.

Michael is also a champion of diversity. Late last year, at the height of the pandemic, Michael designed and launched the Major League Hacking (MLH) Fellowship program to address challenges faced by both early-career developers who saw many of their job and internship opportunities disappear open source maintainers struggling to keep projects afloat. The Fellowship has been effective at helping students land desirable jobs while increasing the aggregate health of the open source projects that participate in the program. Michael also launched the Black Developer Scholarship for developers who self-identify as Black or African diaspora to participate in the Fellowship.

Michael has also played an integral role in the creation of the Presto Foundation, eBPF Foundation, Ent Foundation, Reactive Foundation, Urban Computing Foundation, and OpenChain.

“Michael is one of the rare breeds of lawyers who possess both a strong technical background and a sharp mind for process improvement.  His leadership at Facebook has made a meaningful impact within the OpenChain project and beyond.  I warmly welcome him to the Linux Foundation board.”

Dave Marr, Vice President, Legal Counsel at Qualcomm Technologies

“Facebook is built on top of open source and has shown a strong commitment to investing back into the communities from which we all benefit. Micheal’s legal background and technical knowledge make him an ideal member of the Linux Foundation board. His leadership is just another example of Facebook’s commitment to open source and collective innovation.” 

Jim Zemlin, Executive Director, Linux Foundation

“Successful open source work requires an intersection of legal, business, technical, and community thinking and Michael brings all those skills in one very integrated way.  And his perspectives from his experience shepherding multiple open source projects at scale and in production is of great value to the Linux Foundation board. I am excited to welcome him to the board and to work with him on advancing open source innovation.” 

Nithya Ruff – Chair, Linux Foundation Board of Directors, Head, Comcast Open Source Program Office

“Michael’s role in growing some of the Linux Foundation’s most valuable communities cannot be understated. He brings a level of technical depth, legal acumen, and industry credibility that has been instrumental in stitching together novel coalitions of companies, NGOs, and individuals into dynamic and sustainable communities. We’re thrilled to have him on the board.”

Chris Aniszczyk, CTO, CNCF

The post Michael Cheng Joins the Linux Foundation Board of Directors appeared first on Linux Foundation.

The post Michael Cheng Joins the Linux Foundation Board of Directors appeared first on Linux.com.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Thursday 9th of September 2021 10:00:00 PM

Backed by many of the world’s largest companies for more than a decade, SPDX formally becomes an internationally recognized ISO/IEC JTC 1 standard during a transformational time for software and supply chain security

SAN FRANCISCO, September 9, 2021 – The Linux Foundation, Joint Development Foundation, and the SPDX community, today announced the Software Package Data Exchange® (SPDX®) specification has been published as ISO/IEC 5962:2021 and recognized as the international open standard for security, license compliance, and other software supply chain artifacts. ISO/IEC JTC 1 is an independent, non-governmental standards body. 

Intel, Microsoft, Siemens, Sony, Synopsys, VMware, and WindRiver are just a small sample of the companies already using SPDX to communicate Software Bill of Materials (SBOM) information in policies or tools to ensure compliant, secure development across global software supply chains. 

“SPDX plays an important role in building more trust and transparency in how software is created, distributed, and consumed throughout supply chains. The transition from a de-facto industry standard to a formal ISO/IEC JTC 1 standard positions SPDX for dramatically increased adoption in the global arena,” said Jim Zemlin, executive director, the Linux Foundation. “SPDX is now perfectly positioned to support international requirements for software security and integrity across the supply chain.” 

Between eighty and ninety percent (80%-90%) of a modern application is assembled from open source software components. An SBOM accounts for the software components contained in an application — open source, proprietary, or third-party — and details their provenance, license, and security attributes. SBOMs are used as a part of a foundational practice to track and trace components across software supply chains. SBOMs also help to proactively identify software issues and risks and establish a starting point for their remediation.

SPDX results from ten years of collaboration from representatives across industries, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard. 

“As new use cases have emerged in the software supply chain over the last decade, the SPDX community has demonstrated its ability to evolve and extend the standard to meet the latest requirements. This really represents the power of collaboration on work that benefits all industries,” said Kate Stewart, SPDX tech team co-lead. “SPDX will continue to evolve with open community input, and we invite everyone, including those with new use cases, to participate in SPDX’s evolution and securing the software supply chain.”  

For more information on how to participate in and benefit from SPDX, please visit: https://spdx.dev.

To learn more about how companies and open source projects are using SPDX, recordings from the “Building Cybersecurity into the Software Supply Chain” Town Hall that was held on August 18th are available and can be viewed at: https://events.linuxfoundation.org/supply-chain-town-hall/ 

ISO/IEC JTC 1 is an independent, non-governmental international organization based in Geneva, Switzerland. Its membership represents more than 165 national standards bodies with experts who share knowledge and develop voluntary, consensus-based, market-relevant international standards that support innovation and provide solutions to global challenges.

Supporting Comments

Intel

“Software security and trust are critical to our Industry’s success. Intel has been an early participant in the development of the SPDX specification and utilizes SPDX both internally and externally for a number of software use-cases,” said Melissa Evers, Vice President – Software and Advanced Technology Group, General Manager of Strategy to Execution, Intel.

Microsoft

“Microsoft has adopted SPDX as our SBOM format of choice for software we produce,” says Adrian Diglio, Principal Program Manager of Software Supply Chain Security at Microsoft. “SPDX SBOMs make it easy to produce U.S. Presidential Executive Order compliant SBOMs, and the direction that SPDX is taking with the design of their next gen schema will help further improve the security of the software supply chain.”

Siemens

“With ISO/IEC 5962:2021 we have the first official standard for metadata of software packages. It’s natural that SPDX is that standard, as it’s been the de facto standard for a decade. This will make license compliance in the supply chain much easier, especially because several open source tools like FOSSology, ORT, scancode, and sw360 already support SPDX,” said Oliver Fendt, senior manager, open source at Siemens. 

Sony

”The Sony team uses various approaches to managing open source compliance and governance,” says Hisashi Tamai, Senior Vice President, Deputy President of R&D Center, Representative of the Software Strategy Committee, Sony Group Corporation. “An example is the use of an OSS management template sheet that is based on SPDX Lite, a compact subset of the SPDX standard. It is important for teams to be able to quickly review the type, version, and requirements of software, and using a clear standard is a key part of this process.”

Synopsys

“The Black Duck team from Synopsys has been involved with SPDX since its inception, and I personally had the pleasure of coordinating the activities of the project’s leadership for more than a decade. Representatives from scores of companies have contributed to the important work of developing a standard way of describing and communicating the content of a software package,” said Phil Odence, General Manager, Black Duck Audits.

VMware

“SPDX is the essential common thread among tools under the Automating Compliance Tooling (ACT) Umbrella. SPDX enables tools written in different languages and for different software targets to achieve coherence and interoperability around SBOM production and consumption. SPDX is not just for compliance, either; the well-defined and ever-evolving spec is also able to represent security and supply chain implications. This is incredibly important for the growing community of SBOM tools as they aim to thoroughly represent the intricacies of modern software,” said Rose Judge, ACT TAC Chair and open source engineer at VMware.

Wind River

“The SPDX format greatly facilitates the sharing of software component data across the supply chain. Wind River has been providing a Software Bill of Materials (SBOM) to its customers using the SPDX format for the past 8 years. Often customers will request SBOM data in a custom format. Standardizing on SPDX has enabled us to deliver a higher quality SBOM at a lower cost,” said Mark Gisi, Wind River Open Source Program Office Director and OpenChain Specification Chair.

About SPDX

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. SPDX reduces redundant work by providing common formats for organizations and communities to share important data, thereby streamlining and improving compliance, security, and dependability. For more information, please visit us at spdx.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post SPDX Becomes Internationally Recognized Standard for Software Bill of Materials appeared first on Linux Foundation.

The post SPDX Becomes Internationally Recognized Standard for Software Bill of Materials appeared first on Linux.com.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials (The Linux Foundation)

Thursday 9th of September 2021 03:00:57 PM

SAN FRANCISCO, September 9, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Software Package Data Exchange® (SPDX®) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance, and other software supply chain artifacts. ISO/IEC JTC 1 is an independent, non-governmental standards body.

Read more at The Linux Foundation

The post SPDX Becomes Internationally Recognized Standard for Software Bill of Materials (The Linux Foundation) appeared first on Linux.com.

Audit user accounts for never-expiring passwords with a Bash script

Wednesday 8th of September 2021 08:32:10 PM

Non-expiring passwords might violate your organization’s policies, so use this basic Bash script to quickly pick them out.

Read More at Enable Sysadmin

The post Audit user accounts for never-expiring passwords with a Bash script appeared first on Linux.com.

How I became a Linux sysadmin

Wednesday 8th of September 2021 04:39:06 PM

Every sysadmin has an origin story. Here’s mine.

Read More at Enable Sysadmin

The post How I became a Linux sysadmin appeared first on Linux.com.

How OpenStack’s Keystone handles authentication and authorization

Wednesday 8th of September 2021 02:59:22 AM

Take a deep dive into the Keystone Identity service and how it interacts with other services by creating a virtual machine.

Read More at Enable Sysadmin

The post How OpenStack’s Keystone handles authentication and authorization appeared first on Linux.com.

The Digital Economy Runs on Open Source. Here’s How to Protect It.

Saturday 4th of September 2021 02:41:33 PM

Hila Lifshitz-Assaf and Frank Nagle at Harvard Business Review write:

“In the last few years, we have observed an increase in the active role of corporations in open source software, by either assigning employees to contribute to existing open source projects or open sourcing their own code both to allow the community to utilize it and to help maintain it… The corporate world’s entry into free and open source online communities has caused some serious concerns and friction. Acquisitions of FOSS producers could lead to a crowding-out of volunteer contributors to an extent that threatens the future health of the FOSS ecosystem.”

Read more at Harvard Business Review

The post The Digital Economy Runs on Open Source. Here’s How to Protect It. appeared first on Linux.com.

Configure DNS with a Linux command, build a lab in five minutes, and more tips for sysadmins

Friday 3rd of September 2021 04:02:54 AM

Check out Enable Sysadmin’s top 10 articles from August 2021.
Read More at Enable Sysadmin

The post Configure DNS with a Linux command, build a lab in five minutes, and more tips for sysadmins appeared first on Linux.com.

3 must-know Linux commands for text manipulation

Thursday 2nd of September 2021 01:38:58 PM

You may be familiar with grep, sed, and awk, but you may not know everything they can do.

Read More at Enable Sysadmin

The post 3 must-know Linux commands for text manipulation appeared first on Linux.com.

8 Linux virsh subcommands for managing VMs on the command line

Wednesday 1st of September 2021 10:11:22 PM

The virsh command provides hundreds of options to manage every aspect of your virtual machines. These are the ones I use the most.

Read More at Enable Sysadmin

The post 8 Linux virsh subcommands for managing VMs on the command line appeared first on Linux.com.

Ent Joins the Linux Foundation

Tuesday 31st of August 2021 10:00:00 PM

Today, the Linux Foundation announced that Ent, an entity framework for Go that was developed and open sourced by Facebook in 2019, has moved under the governance of the Linux Foundation to help accelerate its development and foster the community of developers and companies using it.

Ent was designed to enable developers to work on complex backend applications. Developers working on these applications faced the challenge of maintaining a codebase used to manage hundreds of different entity types with numerous, complex relationships between them. Ent uses graph concepts to model an application’s schema and employs advanced code-generation techniques to create type-safe, efficient code that greatly simplifies working with databases compared to other approaches.

Ent is similar to traditional ORMs (Object-Relational Mappers) but takes an opinionated approach that is especially effective in improving developer productivity. 

First, schemas are modeled in graph concepts (nodes and edges) instead of the more common table-oriented method that makes traversing through datasets and expressing complex queries easier and less error-prone. 

Second, the code generated by Ent is completely type-safe, which means that many classes of common bugs are caught very early on in the development process. In addition, code editing software can understand Ent code very well to offer developers useful hints and feedback as they are typing code. 

Finally, schemas are defined in actual Go code, which facilitates a very rich feature set ranging from integrations with observability systems to the definition of privacy (authorization) rules right at the data-access layer. 

“From the start it was obvious that Ent would present a unique and compelling value proposition to a diverse range of use cases across any industry with complex technology stacks,” said Ariel Mashraki, Ent’s creator and lead maintainer. “The promise of collaborating with a broad coalition of users was the main reason we open-sourced Ent.” 

Since it was open-sourced in 2019, engineers from many leading companies have contributed code to Ent, including Facebook, GitHub, Mail.ru, Scaleway and VirtaHealth. Ent has also been used by the CNCF projects and by other open source ecosystems. Ariel Mashraki recently started a new company, Ariga, to create a data fabric solutions provider that is built on Ent. “With the move to the Linux Foundation’s neutral governance model, we (on behalf of myself and the rest of the Ent maintainers) hope to double-down on growing Ent into the industry standard for data-access in Go. You should expect to see a lot of exciting developments in the next six months from the community and we invite all to participate,” said Mashraki.

Ent is just the latest in a variety of technologies that Facebook has first open sourced to the public and then transferred control to the community. “This additional step of enabling open source contributors to take direct ownership of a project’s technical vision is part of our longstanding commitment to open and sustainable innovation,” said Michael Cheng, product manager at Facebook. “Enabling a project’s maintainers to chart their course often sparks additional investment, contributions and new companies building products and platforms based on that project, for example, GraphQL, Presto, ONNX, and Magma, to name a few. We see that Ent is already following a similar pattern and we’ll be cheering on the Ent community as it enters this next stage of exciting growth.”

You can learn more about Ent framework for Go, sample the technology, and contribute back to the project at https://github.com/ent/ent.

The post Ent Joins the Linux Foundation appeared first on Linux Foundation.

The post Ent Joins the Linux Foundation appeared first on Linux.com.

Software Supply Chain Town Hall: Videos

Tuesday 31st of August 2021 06:47:43 PM

If you missed the Software Supply Chain Town Hall, all the videos from the event have now been posted.

These include presentations on:

  • Supply Chain Cybersecurity with David Wheeler
  • Generating SBOMs for IoT
  • Generating SPDX SBOMS in CI using ORT
  • Software Supply Chain with the Yocto Project
  • Securing GCC and GLIBC
  • Software Supply Chain Integrity with Sigstore

Click here to watch the playlist on YouTube.

The post Software Supply Chain Town Hall: Videos appeared first on Linux.com.

16 AnsibleFest presentations for sysadmins

Tuesday 31st of August 2021 12:41:18 AM

AnsibleFest offers a lot of information to help sysadmins automate better.

Read More at Enable Sysadmin

The post 16 AnsibleFest presentations for sysadmins appeared first on Linux.com.

Happy 30th, Linux!

Wednesday 25th of August 2021 09:00:35 PM

“I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).

I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I’ll get something practical within a few months, and I’d like to know what features most people would want. Any suggestions are welcome, but I won’t promise I’ll implement them :-)”

With that note to an online newsgroup 30 years ago today, Linus Torvalds announced what would become arguably the most significant piece of software in history – Linux. Since August 25, 1991, Linux has grown to power all the world’s supercomputers, most mobile devices, financial exchanges, space stations and rovers, and serve as the backbone of the cloud and the internet itself. Companies, organizations, governments and individuals around the world rely on it to conduct business and live their lives every single day.

Our upcoming 2021 Open Source Jobs Report, which will be released in late September, will reveal that demand for Linux talent is as strong as ever, especially as companies rebound from the COVID-19 pandemic. That means now is the perfect time to improve your Linux skills, which is why through the end of 2021 we are offering 30% off select Linux-focused training courses and certification exams in recognition of the 30th anniversary (use code LINUX30 at checkout).

Programs in this offer include:

Certifications:

Linux Foundation Certified IT Associate (LFCA) – Demonstrates knowledge of fundamental IT concepts including operating systems, software application installation and management, hardware installation, use of the command line and basic programming, basic networking functions, security best practices, and other related topics to validate your capability and preparedness for an entry-level IT position.
Linux Foundation Certified System Administrator (LFCS) – Demonstrates you have the ability to design, install, configure, and manage a system installation, and understand key concepts such as networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users. The discount is valid for the standalone exam or bundled with the associated training course.
Linux Foundation Certified Engineer (LFCE) – Demonstrates your ability to deploy and configure the Linux operating system at enterprise scale, and shows you possess all the necessary skills to work as a Linux engineer. The discount is valid for the standalone exam or bundled with the associated training course.

eLearning Courses:

Essentials of Linux System Administration (LFS201) – In this eLearning course, you’ll learn how to administer, configure and upgrade Linux systems running one of the three major Linux distribution families (Red Hat, SUSE, Debian/Ubuntu). You’ll also learn all the tools and concepts you need to efficiently build and manage a production Linux infrastructure. This course also serves as preparation for the LFCS exam.
Linux Networking and Administration (LFS211) – In this eLearning course, you will learn how to design, deploy and maintain a network running under Linux; how to administer the network services; the skills to create and operate a network in any major Linux distribution; how to securely configure the network interfaces; and how to deploy and configure file, web, email and name servers. This course also serves as preparation for the LFCE exam.

To take advantage of this offer, use code LINUX30 at checkout. 

Here’s to 30 more years of Linux innovation!

The post Happy 30th, Linux! appeared first on Linux Foundation – Training.

The post Happy 30th, Linux! appeared first on Linux.com.

Set the order of task execution in Ansible with these two keywords

Wednesday 25th of August 2021 06:58:06 PM

Extend Ansible’s flexibility by adding pre_tasks and post_tasks to your playbooks.

Read More at Enable Sysadmin

The post Set the order of task execution in Ansible with these two keywords appeared first on Linux.com.

More in Tux Machines

Type Title Author Replies Last Postsort icon
Story Rufus for linux? Not available, Use these best alternatives Roy Schestowitz 19/09/2021 - 1:08am
Story 5 Reasons Purism's Librem Laptops Are More Secure Than Your Notebook Roy Schestowitz 19/09/2021 - 12:26am
Story today's leftovers Roy Schestowitz 18/09/2021 - 10:25pm
Story Kernel: Graphics and Linux M1 Support Roy Schestowitz 18/09/2021 - 10:25pm
Story Proprietary Security Issues Roy Schestowitz 18/09/2021 - 10:18pm
Story Audiocasts/Videos: GNU World Order, Sioyek, LUTs Roy Schestowitz 18/09/2021 - 10:05pm
Story today's howtos Roy Schestowitz 18/09/2021 - 10:03pm
Story The 8 Best Wireless Penetration Testing Tools for Linux Roy Schestowitz 18/09/2021 - 9:25pm
Story Mike Gabriel: X2Go, Remmina and X2GoKdrive Roy Schestowitz 18/09/2021 - 9:22pm
Story EasyEffects (Formerly PulseEffects) – Apply Audio Effects to PipeWire Apps Roy Schestowitz 18/09/2021 - 9:17pm