The Linux Foundation

Subscribe to The Linux Foundation feed
Updated: 1 hour 57 min ago

The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security

Wed, 02/19/2020 - 00:00

New analysis identifies most widely used software and uncovers critical questions for the future of securing one of the world’s greatest shared resources

SAN FRANCISCO, Calif., February 18, 2020 – The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), today announced the release of Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.

“The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

Working in collaboration with Software Composition Analysis (SCAs) and application security companies, including developer-first security company Snyk and Synopsys Cybersecurity Research Center (CyRC), the Linux Foundation and Harvard were able to combine private usage data with publicly available datasets and develop a methodology for identifying more than 200 of the most used open source software projects, 20 of which are detailed in the findings. For the detailed methodology and list, including elaboration on each project, please read the report.

“FOSS was long seen as the domain of hobbyists and tinkerers. However, it has now become an integral component of the modern economy and is a fundamental building block of everyday technologies like smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure,” said Frank Nagle, a professor at Harvard Business School and co-director of the Census II project. “Understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy.”

With FOSS constituting 80-90 percent of all software, it is more important than ever that we understand what FOSS is most used and where it could be vulnerable to attack. The increasing importance of this has been underscored with US government agencies pushing for deeper insights into the software building blocks that make up various packages and devices via a software bill of materials (SBOM). For example, in April 2018, the leaders of the US Congress House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation, acknowledging the critical importance of FOSS and exploring the opportunities and challenges related to FOSS.

The increasing importance of FOSS throughout the economy became critically apparent in 2014 when the Heartbleed security bug in the OpenSSL cryptography library was discovered. By some estimates, the bug impacted nearly 20 percent, or half a million, of secure web servers on the Internet. It was the impetus for the Core Infrastructure Initiative, which has raised millions of dollars for open source security in just the last six years.

“Open source is an undeniable and critical part of today’s economy, providing the underpinnings for most of our global commerce. Hundreds of thousands of open source software packages are in production applications throughout the supply chain, so understanding what we need to be assessing for vulnerabilities is the first step for ensuring long-term security and sustainability of open source software,” said Zemlin.

Partner Quotes

Snyk

“The Snyk security team understands how complex and challenging it is to sustain a database with highly actionable, accurate, and timely vulnerability information,” said Snyk’s Co-founder, Danny Grander, a veteran security researcher who leads Snyk’s security team.

“We’ve worked closely with the Linux Foundation for many years on important research and security initiatives to help mitigate the risk involved in application development. Our team is proud to contribute Snyk’s proprietary, enriched data to the new Census II report, recognizing that industry-wide efforts like this are beneficial to improving the security and viability of open source.”

Synopsys

“Considering the ubiquity of open source software and the essential role it plays in the technology powering our world, it is more important than ever that we take a collaborative approach to maintain the long term health of the most foundational open source components,” said Tim Mackey, principal security strategist for the Synopsys Cybersecurity Research Center. “Identifying the most pervasive FOSS components in commercial software ecosystems, combined with a clear understanding of both their security posture and the communities who maintain them, is a critical first step. Beyond that, commercial organizations can do their part by conducting internal reviews of their open source usage and actively engaging with the appropriate open source communities to ensure the security and longevity of the components they depend on.”

 

About the Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About the Laboratory for Innovation Science at Harvard

The Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

 

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Cloer
reTHINKit Media
for Linux Foundation
503-867-2304
jennifer@rethinkitmedia.com

The post The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security appeared first on The Linux Foundation.

Open Source Software Supply Chain Security

Wed, 02/19/2020 - 00:00
Open Source Software Supply Chain Security

While innumerable strategies, frameworks, and “best practices” guides have emerged, few of which agree and some of which outright contradict each other, general consensus has grown around the need for increased diligence regarding the “software supply chain.”

As cybersecurity incidents have continued to grow in magnitude, frequency, and consequences, both public and private sector attention has turned to questions of what, if anything, organizations may do to better manage the risks of today’s modern, connected world.

We explore the security and reliability issues currently affecting the software supply chain, and identify where and how changes may be made to improve it overall.

Download Now

Thank you for your interest in the Core Infrastructure Initiative’s Census efforts! We are always looking for new partners to join us in our mission to strengthen the security and health of key open source projects. To get more involved, please enter your name and preferred email address, then check any boxes below that apply:



input[type=text] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
box-sizing: border-box;
border: 1px solid #000;
outline: none;
background-color: #fff;
}

input, select, textarea{
color: #000;
}
textarea:focus, input:focus {
color: #000;
}

input[type=button], input[type=submit], input[type=reset] {
border: none;
color: #fff;
padding: 16px 32px;
text-decoration: none;
margin: 4px 2px;
cursor: pointer;
}
label{
color: #000;
}

textarea {
width: 100%;
height: 150px;
padding: 12px 20px;
box-sizing: border-box;
border: 2px solid #000
border-radius: 4px;
background-color: #000;

resize: none;
}
First Name

Last Name

Email*

GitHub


Please select one of the options below:

I am a part of a company that would like to partner with CII to share data on FOSS usage.
I am a developer that would be interested in participating in the FOSS Contributor survey.
I would like to receive the results and findings of the developer survey when they are available.
I would like to receive the CII Census final report when it is available.

document.getElementById('txtUrl').value = window.location.href;

(function($) { $("#myform").on("submit", function(e) { e.preventDefault(); $.ajax({ url: $(this).attr("action"), type: 'POST', data: $(this).serialize(), beforeSend: function() { $("#myform").toggle(); $("#message").html("Thank you for your submission."); }, success: function(data) { $("#message").hide(); msg = $(data).find("p"); $("#response").html(msg); } }); }); })(jQuery);
jQuery("#loginbtn").click(function() { //jQuery("#myform").toggle(); // toggle will show hidden element and vice versa });

The post Open Source Software Supply Chain Security appeared first on The Linux Foundation.

Improving Trust and Security in Open Source Projects

Wed, 02/19/2020 - 00:00
Improving Trust and Security in Open Source Projects

A proposal to build and operate a program called the Trust and Security Initiative (TSI) and a set of recommendations for other security issues that need investment and help.

If you open the news on any given day and read about the latest data breach, you are reminded that software security is hard.

When you take a step back and think about the volume of emerging technology and think about industry trends such as increasing the velocity of software releases and the reuse of code and services, you could be forgiven for holding your hands up and concluding that things are trending in the wrong direction for us to ever have secure software.

Read More

Thank you for your interest in the Core Infrastructure Initiative’s Census efforts! We are always looking for new partners to join us in our mission to strengthen the security and health of key open source projects. To get more involved, please enter your name and preferred email address, then check any boxes below that apply:



input[type=text] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
box-sizing: border-box;
border: 1px solid #000;
outline: none;
background-color: #fff;
}

input, select, textarea{
color: #000;
}
textarea:focus, input:focus {
color: #000;
}

input[type=button], input[type=submit], input[type=reset] {
border: none;
color: #fff;
padding: 16px 32px;
text-decoration: none;
margin: 4px 2px;
cursor: pointer;
}
label{
color: #000;
}

textarea {
width: 100%;
height: 150px;
padding: 12px 20px;
box-sizing: border-box;
border: 2px solid #000
border-radius: 4px;
background-color: #000;

resize: none;
}
First Name

Last Name

Email*

GitHub

Please select one of the options below:
I am a part of a company that would like to partner with CII to share data on FOSS usage.
I am a developer that would be interested in participating in the FOSS Contributor survey.
I would like to receive the results and findings of the developer survey when they are available.
I would like to receive the CII Census final report when it is available.

document.getElementById('txtUrl').value = window.location.href;

(function($) { $("#myform").on("submit", function(e) { e.preventDefault(); $.ajax({ url: $(this).attr("action"), type: 'POST', data: $(this).serialize(), beforeSend: function() { $("#myform").toggle(); $("#message").html("Thank you for your submission."); }, success: function(data) { $("#message").hide(); msg = $(data).find("p"); $("#response").html(msg); } }); }); })(jQuery);
jQuery("#loginbtn").click(function() { //jQuery("#myform").toggle(); // toggle will show hidden element and vice versa });

The post Improving Trust and Security in Open Source Projects appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course- Ethics in AI and Big Data

Tue, 02/11/2020 - 22:57

Artificial Intelligence (AI) today is a reality, and Big Data is its fuel. There is no AI without Big Data. And there is no Big Data without people, generating it every single minute of every single day. As the existence of humans and machines are starting to merge, it is imperative to consider how to create ethical business frameworks for responsible AI development. 

SAN FRANCISCO, February 11, 2020The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the availability of a new, free course – Ethics in AI and Big Data. This course is offered through edX, the trusted platform for learning.

The Fourth Industrial Revolution is upon us; the physical, digital, and biological worlds are being fused in a way that has a tremendous impact on our global culture and economy. It is no secret that people, machines, data, and processes are increasingly connected in today’s world. While technological advancements like AI bring along promises and opportunities, they also raise concerns about security, user privacy, data misuse, and more. Trust is critical when it comes to AI adoption. People have a tendency to distrust artificial intelligence. It is the responsibility of business and data professionals to change that: add transparency, develop standards and share best practices to build trust, and drive AI adoption. A recent IBM study highlights that globally, 78% of respondents believe “it is very or critically important that they can trust that their AI’s output is fair, safe, and reliable.” 

Business and data professionals need AI frameworks and methods to achieve optimal results while also being good technology and business stewards. This course teaches learners why AI and Big Data ethics are so critical and how to apply ethical and legal frameworks to initiatives in the data and analytics profession. Learners will explore practical approaches to data, and analytics problems posed by work in AI, Big Data, and Data Science.

“As we enter into this new era of technology with artificial intelligence infused in so many products and services around us, it is imperative for those working on these cutting edge technologies to innovate within certain ethical and legal frameworks,” said Dr. Ibrahim Haddad, Executive Director, LF AI Foundation, “Ethics in AI and Big Data teaches the learner the key principles and steps needed to be responsible stewards as they lay the blueprint affecting how people and technology interact in the future.”

 

Commissioned by the LF AI Foundation, LFS112x is aimed toward a wide-ranging audience, walking the line between business and technology. Students can expect to learn about:

  • Business drivers for AI, as well as business and societal dynamics at work in an AI world.
  • Key principles for building responsible AI, and the initial steps to take when planning an AI framework.
  • What ethics means and how to apply it to AI.
  • Where to start, what considerations should inform the ethical framework, and what this framework should include.
  • Pan-industry initiatives on ethical AI.
  • Drivers for open source to support AI.
  • Technical and non-technical implications of AI.

Ethics in AI and Big Data is available at no cost, with content access for up to 6 weeks. Learners may upgrade to the verified track for $199, which includes all graded assessments, unlimited access to the course content and the ability to earn a Verified Certificate upon passing the course.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad
The Linux Foundation
404-964-6973
cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course- Ethics in AI and Big Data appeared first on The Linux Foundation.

New Collaboration Brings Increased Open Source Security Support and Assurances to Software Developers

Wed, 01/29/2020 - 00:00

The Linux Foundation Core Infrastructure Initiative and the Open Source Technology Improvement Fund to partner on advancing state-of-the-art open source security

SAN FRANCISCO, Calif. January 28, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and the Open Source Technology Improvement Fund (OSTIF) today announced a strategic partnership to advance security for open source software (OSS) that has become critical to the world’s infrastructure.

The organizations will bring together and build on a depth of their experience supporting security audits for widely deployed open source communities. This formal and strategic agreement will allow the Linux Foundation to augment its work on security audits, of which it has already invested more than $1m across more than 20 security audits for open source projects to date, by including audit sourcing experts through OSTIF’s network. OSTIF will share the resources available through the Linux Foundation’s Community Bridge, a funding and support ecosystem for developers and projects, with its community to help fundraise for new audits.

“The Linux Foundation’s ability to fundraise across industries to support thousands of developers around the world is unprecedented,” said Amir Montazery, vice president of development at OSTIF. “The Linux Foundation is a pioneer in open source software and one of the few organizations taking the actions required to truly support it for generations to come. We are excited to join forces and increase our collective impact on improving critical software.”

As part of the strategic partnership, The Linux Foundation will appoint Mike Dolan, vice president of strategic programs, to the OSTIF Advisory Board.

“OSTIF represents a global community and network of security experts and developers and demonstrates an important commitment to the improvement and sustainability of open source software,” said Mike Dolan, vice president of strategic programs, Linux Foundation. “This is a natural collaboration that we hope will increase trust in the global open source software supply chain that underpins modern society.”

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About Open Source Technology Improvement Fund
The Open Source Technology Improvement Fund is a non-profit organization that connects open source security projects with much needed funding and logistical support. This core value is driven by public fundraising and by soliciting donations from corporate and government donors. For more information, please visit https://ostif.org

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.

###
Media Contact
pr@linuxfoundation.org

The post New Collaboration Brings Increased Open Source Security Support and Assurances to Software Developers appeared first on The Linux Foundation.

Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases

Fri, 01/17/2020 - 01:00

 

  • Akraino R2 delivers new levels of flexibility for scale, efficiency, and high availability while accelerating deployment of edge application
  • Augments edge stacks delivered in R1 – including Network Cloud, IoT Edge, Enterprise Edge, and Telecom Edge– with new and enhanced tested and validated deployment-ready blueprints

SAN FRANCISCO  January 16, 2020LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”).  Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases.

Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times.

“The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”

About Akraino R2
Akraino Release 2 delivers the next iteration of open source edge cloud innovation for new levels of flexibility that scale 5G, industrial IoT, telco, and enterprise edge cloud services quickly, by delivering community-vetted edge cloud blueprints to deploy edge services. The blueprints address interoperability, packaging, and testing under open standards, which reduces users’ overall deployment costs and integration time. 

Akraino R2 includes 6 blueprint families and 14 blueprints, all tested and validated on real hardware labs supported by users and community members. This release enhances the edge stacks delivered in R1 for cross-disciplinary edge use cases as well as new edge stacks to support connected vehicles, AR/VR, NFV, Telco Access, integration with SDN solutions and project promotions to maturity, with rigorous community standards. 

The 14 “ready and proven” blueprints, include both updates to existing R1 blueprints, and the introduction of five new blueprints:

  • Connected Vehicle: This blueprint establishes an open source MEC platform to enable use cases such as accuracy of location, smarter navigation with real-time traffic updates, driver safety improvements, and traffic rule alerts. 
  • IEC type 4: AR/VR-oriented Edge Stack: Focused on focused on AR/ VR applications running on the edge, the blueprint builds the AR/VR infrastructure and introduces  a virtual classroom application, which improves online education experiences for teachers and students through a virtual classroom simulation. 
  • Integrated Cloud Native NFV/Application Stack (ICN): ICN addresses the overall challenges of edge deployments in a single deployment model that enables Edge Providers for Zero Touch Provisioning support in multi-cloud, multi-edge and multi-party orchestration. It integrates Kubernetes and ONAP4K8s for container run times and service orchestration and supports bare metal and virtual deployments. 
  • Network Cloud and Tungsten Fabric: This blueprint implements the Network Cloud with LF Networking’s Tungsten Fabric as an SDN Controller supporting cloud native integration for Kubernetes as well as the Neutron plugin for OpenStack, allowing operators to leverage Tungsten Fabric as a deployment tool and control infrastructure. 
  • SDN-Enabled Broadband Access (SEBA): Part of the the Telco Appliance blueprint family, SEBA provides an appliance tuned to support the SDN-enabled Broadband Access (SEBA) platform. The blueprint utilizes a reusable set of modules introduced by the Radio Edge Cloud (REC), introduced in Akraino R1.

More information on Akraino R2, including links to documentation, can be found here. For details on how to get involved with LF Edge and its projects, visit https://www.lfedge.org/

Looking Ahead
The community is already planning R3, which will include more new blueprints such as Edge AI/ML, 5G MEC/Slice, Time Critical Edge, and Micro-MEC and more, as well as enhancements to existing blueprints and tools for automated blueprint validations

Don’t miss the Open Networking and Edge Summit (ONES) North America, April 20-21 in Los Angeles, where Akraino and other LF Edge communities will be onsite to share the latest open source edge developments. 

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases appeared first on The Linux Foundation.

Copyright Notices in Open Source Software Projects

Fri, 01/10/2020 - 23:00

“What copyright notice should appear at the top of a file in an OSS project with many contributors?” This is a question we get all the time. Many of our communities have discussed this issue and aligned on a common approach that we thought would be useful to share.

When source code, documentation and other content is contributed to an OSS project, the copyrights in those contributions typically remain owned by the original copyright holders1.

What follows is a discussion of the typical OSS project where each contributing organization and individual retains ownership of their copyrights that they make available under the project’s open source software license. In this case, the copyrights are licensed for distribution as part of the project. Whether a project uses the Developer Certificate of Origin (“DCO”) and/or a Contributor License Agreement (“CLA”), the original copyright holders retain their copyrights.

Copyright Notices – Community Best Practice

Most LF project communities do not require or recommend that every contributor include their copyright notice in contributed files. See below for more details on why not.

Instead, many LF project communities recommend using a more general statement in a form similar to the following (where XYZ is the project’s name):

  • Copyright The XYZ Authors.
  • Copyright The XYZ Contributors.
  • Copyright Contributors to the XYZ project.

These statements are intended to communicate the following:

  • the work is copyrighted;
  • the contributors of the code licensed it, but retain ownership of their copyrights; and
  • it was licensed for distribution as part of the named project.

By using a common format, the project avoids having to maintain lists of names of the authors or copyright holders, years or ranges of years, and variations on the (c) symbol. This aims to minimize the burden on developers and maintainers as well as redistributors of the code, particularly where compliance with the license requires that further distributions retain or reproduce copyright notices.

What if I want my copyright notice included?

Please note that it is not wrong, and it is acceptable, if a contributor wishes to keep their own copyright notices on their contributions. The above is a recommended format for ease of use, but is not mandated by LF project communities.

If you are contributing on behalf of your employer, you may wish to discuss with your legal department about whether they require you to include a copyright notice identifying the employer as the copyright holder in contributions. Many of our members’ legal departments have already approved the above recommended practice.

What about code copied into the project repository from a Third Party?

If a file only contains code that originates from a third party source who didn’t contribute it themselves, then you would not want to add the notices above. (In a similar vein, you wouldn’t add a notice identifying you as the copyright holder either, if you didn’t own it.) Just preserve the existing copyright and license notices as they are.

If, however, you add copyrightable content to a pre-existing file from another project, then at that point you could add a copyright notice similar to the one above.

Don’t change someone else’s copyright notice without their permission

You should not change or remove someone else’s copyright notice unless they have expressly (in writing) permitted you to do so. This includes third parties’ notices in pre-existing code.

Why not list every copyright holder?

There are several reasons why LF project communities do not require or recommend trying to list every copyright holder for contributions to every file:

  • Copyright notices are not mandatory in order for the contributor to retain ownership of their copyright.
  • Copyright notices are rarely kept up to date as a file evolves, resulting in inaccurate statements.
  • Trying to keep notices up to date, or to correct notices that have become inaccurate, increases the burden on developers without tangible benefit.
  • Developers and maintainers often do not want to have to worry about e.g. whether a minor contribution (such as a typo fix) means that a new copyright notice should be added.
  • Adding many different copyright notices may increase the burden on downstream distributors, when their license compliance processes involve reproducing notices.
  • The specific individual or legal entity that owns the copyright might not be known to the contributor; it could be you, your employer, or some other entity.

1 For all of the LF’s projects, copyright in each contribution remains owned by the original copyright owner who makes the contribution. Other organizations and projects outside the LF may use a contribution agreement to require assignment of contributions, meaning that your ownership of copyrights in the contributions is transferred to the entity maintaining the project. You should check a project’s contribution terms, mechanisms and policies to make sure you understand the effect of contributing.

The post Copyright Notices in Open Source Software Projects appeared first on The Linux Foundation.

Subaru Adopts AGL Software for Infotainment on New 2020 Subaru Outback and Subaru Legacy

Wed, 01/08/2020 - 01:00

LAS VEGAS – CES 2020, January 7, 2020Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, today announced that the Subaru Starlink infotainment platform on the all-new 2020 Subaru Outback and the 2020 Subaru Legacy uses open source software from the AGL Unified Code Base (UCB) platform.

Subaru Starlink on the 2020 Subaru Outback

“Using AGL’s open source software allows us to easily customize the user experience and integrate new features, creating an integrated cockpit entertainment system that is more enjoyable for drivers,” said Mr. Naoyoshi Morita, General Manager of Electronic Product Design Dept. of Subaru Corporation. “We believe that shared software development through Automotive Grade Linux benefits the entire industry, and we look forward to our continued involvement and collaboration with other automakers and suppliers.”

AGL is supported by more than 150 members, including 11 automakers, who are working together to develop the AGL Unified Code Base (UCB) platform, a shared software platform that can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open platform allows for code reuse and a more efficient development process as developers and suppliers can build once and have a product work for multiple automakers.

“Subaru has been an AGL member for many years, and we are very excited to see them use AGL in production,” said Dan Cauchy, Executive Director of Automotive Grade Linux. “The AGL platform continues to gain traction, and we expect to see more automakers using it in production in the years to come.”

AGL BOOTH AT CES 2020
The AGL booth at CES 2020 in the Westgate Hotel Pavilion, booth 1815, features 19+ demos by AGL members showing infotainment, instrument cluster, autonomous driving, security, connectivity, and other applications running on the AGL open source software platform.

The AGL booth will be open to the public during CES show hours and during the AGL Evening Reception & Demo Showcase on Wednesday, January 8, from 6:00 – 8:00 pm PT. Additional details and registration for the Evening Reception are available here.

Media and analysts are also invited to attend an AGL Media Happy Hour at CES on Tuesday, January 7, from 3:00 – 5:00 pm PT in the AGL booth. Please RSVP here.

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Learn more: https://www.automotivelinux.org/

Automotive Grade Linux is a Collaborative Project at The Linux Foundation. Linux Foundation Collaborative Projects are independently funded software projects that harness the power of collaborative development to fuel innovation across industries and ecosystems. www.linuxfoundation.org

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Inquiries
Emily Olin

The post Subaru Adopts AGL Software for Infotainment on New 2020 Subaru Outback and Subaru Legacy appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course- Introduction to Site Reliability Engineering and DevOps

Tue, 12/17/2019 - 23:08

SAN FRANCISCO, December 17, 2019The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced enrollment is now open for a new, free course – Introduction to Site Reliability Engineering and DevOps. This course is offered through edX, the trusted platform for learning.

As Agile practices started revolutionizing software development, there has been an increasing need to bridge the gap between faster development and traditional waterfall practices. With its modern principles, practices and an array of state-of-the-art automation tools, DevOps provides a path to bring your operations into the Agile era, ultimately resulting in faster software delivery, without compromising on quality. The 2018 Open Source Jobs Report from Dice and the Linux Foundation highlighted the strong popularity of DevOps practices, along with cloud and container technologies. DevOps skills are in high demand, and DevOps jobs are among the highest-paid tech jobs.

As DevOps processes mature, there is a growing need for professionals with expertise in key practices and tools. DevOps has not only opened up new opportunities for Operations personnel but also provides them with a logical career progression. There is also an emergence of Site Reliability Engineering as a specific job description. This course is designed as a first step in the journey of transforming operations personnel into an all-round DevOps expert. 

“Deep understanding of DevOps is a critical skill set that stands out in the workplace and translates into promotions and new job opportunities. Investing time in improving your skills is critical to modern technology jobs and the ease and accessibility of the Linux Foundation online courses brings self-training within reach,” said Dan Lopez, CDF program manager. ” The CD Foundation is seeing an explosion of interest in DevOps and continuous integration/continuous delivery (CI/CD) and this ‘Introduction to Site Reliability Engineering and DevOps’ is a great way to quickly take advantage of the explosive growth of opportunities in the field.”

Created by Gourav Shah from the School of DevOps, LFS162x is addressed to a wide audience: from managers looking for guidelines on how to start transforming organizations and understand where to start, to professionals looking to make a career in the world of Site Reliability/DevOps Engineering. Upon completion, students should have a good understanding of the foundation, principles, and practices of DevOps and Site Reliability Engineering. Students will gain an understanding of:

  • How DevOps is influencing software delivery and why it is important for IT operations personnel to skill up with DevOps practices.
  • How Cloud Computing has enabled organizations to rapidly build and deploy products and expand capacity.
  • How the open container ecosystem, with Kubernetes in the lead, is truly revolutionizing software delivery and what role an Operations Engineer plays in it.
  • The why, what and how of writing Infrastructure as a Code.
  • The role played by Continuous Integration in software delivery.
  • What is Continuous Deployment and Continuous Delivery and what does a deployment pipeline look like.
  • The role played by Observability systems, what to observe and why.

This course is a great starting point for aspiring DevOps and Site Reliability professionals looking to get the knowledge and skills to understand how to deploy software with confidence, agility and high reliability using modern DevOps and SRE practices.

Introduction to Site Reliability Engineering and DevOps is available at no cost, with content access for up to 10 weeks. Learners may upgrade to the verified track for $99, which includes all graded assessments, unlimited access to the course content and the ability to earn a Verified Certificate upon passing the course.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training, and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad

The Linux Foundation

404-964-6973

cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course- Introduction to Site Reliability Engineering and DevOps appeared first on The Linux Foundation.

Uber Announces OpenChain Conformance

Tue, 12/17/2019 - 09:00

TOKYO, DECEMBER 17 – Today Uber, a Platinum Member of the OpenChain Project, announces their conformance to the OpenChain Specification. This builds on their long-standing engagement and commitment to the project and a deep engagement with developing our industry standard, accompanying reference material, and our evolution into a formal ISO standard.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“Consistent and transparent compliance standards are critical for building trust among the open source community and our business partners,” said Matthew Kuipers, Senior Counsel, Uber. “ We’re increasing our commitment to the community and our partnerships by adopting the Linux Foundation’s OpenChain Specification.”

“Our collaboration with Uber began as the OpenChain Project scaled as an industry standard,” says Shane Coughlan, OpenChain General Manager. “Their engagement in our formative growth period provided valuable insight into how next-generation services companies operate today and where they are going tomorrow. Matt and his team have been a pivotal part of our evolution towards becoming an ISO standard and their commitment to excellence has raised the bar for great community engagement globally. We are looking forward to next steps together, particularly in fostering further adoption in areas where agile companies are establishing new markets.”

About Uber

Our mission is to ignite opportunity by setting the world in motion.

We revolutionized personal mobility with Ridesharing, and we are leveraging our platform to redefine the massive meal delivery and logistics industries.

We are a technology platform that uses a global network, leading technology, operational excellence and product expertise to power movement from point A to point B. We develop and operate proprietary technology applications supporting a variety of offerings on our platform. We connect consumers with providers of ride services, restaurants and food delivery services, public transportation networks, e-bikes, e-scooters and other personal mobility options. We use this same network, technology, operational excellence and product expertise to connect shippers with carriers in the freight industry. We are developing technologies to provide autonomous driving vehicle solutions to consumers, networks of vertical take-off and landing vehicles and new solutions to solve everyday problems.

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post Uber Announces OpenChain Conformance appeared first on The Linux Foundation.

DENT Launches To Simplify Enterprise Edge Networking Software

Fri, 12/13/2019 - 22:00

Linux Foundation open ecosystem enables low cost, standardized network solutions for campus and remote offices

San Francisco, Calif., Dec 13, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of DENT, a project to enable the creation of Network OS for Disaggregated Network Switches in campus and remote enterprise locations. Under the Linux Foundation, DENT hopes to unify and grow the community of Silicon Vendors, Original Design Manufacturers (ODM), System Integrators (SI), Original Equipment Manufacturers (OEM) and end users to create an ecosystem of contributors around a full-featured network operating system. The initial use case will focus on the retail industry with premier members including Amazon, Cumulus Networks, Delta Electronics Inc, Marvell, Mellanox, Wistron NeWeb (WNC).

Networking solutions today are customized for each market and each use case, whether telecom, cloud or enterprise data center markets. They use proprietary silicon (ASIC) for packet processing and closed operating systems to enable workloads and applications on a network switch. Disaggregation is the new way for Open Networking and has been well accepted in data centers and telecom infrastructures.  However, in enterprise networking– especially with distributed locations– nothing currently exists for Enterprise Edge properties that fall outside the traditional public cloud as they have very specific requirements to take advantage of disaggregation and the networking stack.

Remote campus locations and retail stores require a simple networking OS stack that is low cost and Linux-based. DENT is an Open Source project that will enable the community to build this solution without complicated abstractions. It uses the Linux Kernel, Switchdev and other Linux based projects to allow developers to treat networking ASICs and silicon like any other hardware. It simplifies abstractions, APIs, drivers and overheads that currently exist in these switches and on other open software.

With new technologies like 5G, Edge, IOT, AI, the next generation of remote buildings, retail stores and enterprises will have a lot of innovative workloads and services close to the applications and users. Having a simple disaggregated Linux/SwitchDev-based switch to power the remote offices will enable an ecosystem of apps that simplifies and standardizes integration across the ecosystem.

“The Linux Foundation will establish a neutral home from the start for DENT – vital for community infrastructure, meetings, events and collaborative discussions,” said Arpit Joshipura, GM of Networking at The Linux Foundation. ”Our goal is to create an open source, open participation technical community to benefit the ecosystem of solution providers and users focused on network operating system, control plane and management plane use cases across a variety of industry solutions.”

For more information, please visit www.dent.dev

Additional Quotes

“Delta is excited to participate in DENT and applauds the Linux Foundation for tackling the challenges in enterprise and campus networking,” said Honda Wu, Vice President of solutions and open source at Delta. “We stand ready to support with our deep knowledge and expertise in networking.”

“We are excited to have the Linux Foundation join with us to grow the community and accelerate this open source networking revolution,” said Amit Katz, vice president of Ethernet switches at Mellanox Technologies. “DENT OS is a native Linux Network Operating System which leverages switchdev, a Linux driver for Ethernet switch ASICs that Mellanox pioneered.   Switchdev exposes the unique hardware innovations in the Mellanox Spectrum family of Ethernet Switches.  DENT promotes network disaggregation, which benefits customers by eliminating vendor lock-in and allows hardware vendors to compete on a level playing field, where the very best switch ASICs and systems can win by delivering the highest ROI possible.”

“As a provider of intelligent wireless and wireline solutions, including those for distributed enterprise networking, Wistron NeWeb Corporation (WNC) fully embraces open software architecture,” said Larry Lee, EVP and GM of the Networking BG at WNC. “We are delighted to partner with the Linux Foundation and other industry leaders for this DENT project. WNC will first tackle distributed switching for the initial retail use case. We see great potential for this full-featured networking OS and look forward to working together in this partnership to improve network efficiency and provide conveniences for campuses and other remote distributed networking markets.”

“Open source is in Cumulus’ DNA and we’re excited to be the first software platform to contribute to DENT. We have a deep history with the Linux Foundation, from driving the FRRouting project, the most contributed open source routing project in the world, to our contributions to ONIE, EVPN, among others,” said Partho Mishra, President and Chief Product Officer at Cumulus Networks. “Cumulus is the natural choice to support DENT given our deep roots with networking contributions to the Linux kernel, our latest support for SwitchDev, and our expansive reach in the data center with more than 2,000 customers.  We are looking forward to partnering on the DENT project to extend open source in kernel networking capabilities from the data center to the campus edge.”

“As a leading silicon provider in access networking and a firm believer in customer choice through disaggregated hardware and software, Marvell is excited to bring our technology leadership to Linux Foundation’s DENT project as a founding member,” said Gavin Cato, vice president of product management and marketing at Marvell Semiconductor, Inc.  “Marvell’s innovative switch portfolio lays the foundation for the transformation of access networks and the edge into an intelligent future while creating significant total cost of ownership advantages for customers. We are well positioned to be a game changer in retail networking and the smart edge, bringing a holistic approach to the ecosystem.”

 

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post DENT Launches To Simplify Enterprise Edge Networking Software appeared first on The Linux Foundation.

The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development

Thu, 12/12/2019 - 22:20

Google, Siemens and VMware commit to the Automated Compliance Tooling project, community accelerating work on Tern, OSS Review Toolkit, FOSSology and Quartermaster

San Francisco, USA – December 12, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced founding member commitments from Google, Siemens and VMware for the Automated Compliance Tooling (ACT), as well as key advancements for tools that increase ease and adoption of open source software.

Using open source code comes with a responsibility to comply with the terms of that code’s license. The goal of ACT is to consolidate investments in these efforts and to increase interoperability and usability of open source compliance tooling. Google, Siemens and VMware are among the companies helping to underwrite and lead this collaborative work.

Also announced today is the availability of Tern 1.0. Tern was originally contributed by VMware and is an inspection tool that finds the metadata of the packages installed in a container image. It is now able to generate SPDX. There is also the new FOSSology 3.7 release available today for reading SPDX headers have also been added to more than 75 percent of the source code files in the Linux kernel. And the Google Summer of Code (GSoC) interns have updated the spdx-tools libraries to support translations in Java, Python and Go. This enables other tools to smooth the import and export of SPDX documents.

“One of the most exciting parts of the ACT Project is its integration with pre-existing activities around the Linux Foundation Open Compliance Project,” says Shane Coughlan, OpenChain General Manager. “This includes the OpenChain Reference Tooling Work Group, with its focus on addressing real world challenges as efficiently as possible, an area where targeted investment is critical. The end result of these activities will ensure that open source tooling for open source compliance is more mature, more effective and easier to adopt for entities of all sizes.”

“Open Source tools that support the Open Source compliance process have seen great progress in recent months.” says Mirko Boehm, co-founder of Endocode and the QMSTR project. “With ACT, the efforts of the community, businesses and the funding for QMSTR from the European Commission’s Horizon 2020 program come together under one roof in direct collaboration with related industry projects like OpenChain. We expect an acceleration of the development of Open Source compliance solutions and are excited to collaborate with the partners at ACT, the community and the Linux Foundation”.

“It’s a testament to the community and the importance of automating compliance in software development that ACT membership and tools development and integration are coming together to create open source integrated solutions,” said Kate Stewart, senior director of Strategic Programs at Linux Foundation. “We applaud the contributions coming in from all corners of the community and look forward to what 2020 will bring to the work.”

Community members will be meeting this week at Open Compliance Summit in Tokyo, Japan. ACT is seeking new members, community partners and additional tooling projects. To get involved, contact act@linuxfoundation.org

ACT is composed of five primary projects:

FOSSology: An open source license compliance software system and toolkit allowing users to run license, copyright and export control scans from a REST API. As a system, a database and web UI are provided to provide a compliance workflow. License, copyright and export scanners are tools available to help with compliance activities. FOSSology is an existing Linux Foundation project that will move under ACT.

OSS Review Toolkit (ORT) enables highly automated and customizable Open Source compliance checks the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation. ORT is designed for the CI/CD world and supports a wide variety of package managers including Gradle, Go modules, Maven, npm and SBT. The project is being contributed to ACT by HERE Technologies.

Quartermaster(QMSTR), originally contributed by Encode, integrates into the build systems to learn about the software products, their sources and dependencies. Developers can run QMSTR locally to verify outcomes, review problems and produce compliance reports. By integrating into DevOps CI/CD cycles, license compliance can become a quality metric for software development. The project is being contributed to ACT by Endocode.

SPDX Tools: Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information including components, licenses, copyrights and security references. The main SPDX specification will remain separate from, yet complementary to, ACT, while the SPDX tools that meet the spec and help users and producers of SPDX documents will become part of ACT. SPDX is an existing Linux Foundation project.

Tern: Tern is an inspection tool to find the metadata of the packages installed in a container image. It provides a deeper understanding of a container’s bill of materials so better decisions can be made about container based infrastructure, integration and deployment strategies. Tern was created by VMware, who are contributing the project to ACT, to help developers meet open source compliance requirements for containers.

Member Quotes

Google, founding member

“To do open source compliance well, at scale, we need to ensure the community has easy access to advanced automation and tooling,” said Will Norris, Open Source Engineering Manager at Google. “Google has invested heavily in our own compliance tooling, and we are proud to be a part of the Automated Compliance Tooling project to share our experience and expertise with the broader community. We look forward to helping make it easier for everyone using open source code to do so respectfully and in accordance with open source licenses.”

New York University’s Secure Systems Lab, affiliate member

“The software compliance ecosystem has long needed an initiative such as ACT, and projects such as SPDX-tools and Tern are key elements in the challenge of automating compliance” said Santiago Torres-Arias, lead of the in-toto project and member of the New York University’s Secure Systems Lab, “We are most excited about the integration of in-toto into SPDX, which will help in providing strong, cryptographically-enforced compliance checks.  Security is not just a matter of protecting against outsiders, but also a matter of ensuring all actors within your supply chain are following the rules.”

Siemens, founding member

“An Open Source license compliance toolchain has to be Open Source itself. ACT is a milestone in building an integrated and automated end to end OSS compliance toolchain consisting of open source. ACT will boost the effort of the OpenChain Reference Tooling Work Group in realizing such a toolchain, which easily can be used free of charge – OSS license compliance for everyone.”

VMware, founding member

“Compliance is at the core of how companies need to engage with open source projects,” said Dirk Hohndel, vice president and chief open source officer, VMware. “The more we automate compliance processing, the better we are able to advance agile development and rapid response to address required changes such as security issues. For years, VMware has worked towards automating compliance tooling and we are committed to helping enterprises better understand what’s inside containers and manage their compliance obligations.”

For more information, please contact: act@linuxfoundation.org

 

About The Linux Foundation
Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The Linux Foundation’s Automated Compliance Work Garners New Funding, Advances Tools Development appeared first on The Linux Foundation.

The OpenChain Project announces Microsoft OpenChain Conformance

Thu, 12/12/2019 - 22:00

SAN FRANCISCO, DECEMBER 12 – Today, the OpenChain Project announced Microsoft, a Platinum Member, is the latest company to achieve OpenChain conformance.  This milestone is an example of how OpenChain can be an important part of building quality open source compliance programs that meet the needs of companies and that build trust in the ecosystem.

The OpenChain Project establishes trust in the open source from which software solutions are built. It accomplishes this by making open source license compliance simpler and more consistent. The OpenChain Specification defines inflection points in business workflows where a compliance process, policy or training should exist to minimize the potential for errors and maximize the efficiency of bringing solutions to market. The companies involved in the OpenChain community number in the hundreds. The OpenChain Specification is being prepared for submission to ISO and evolution from a growing de facto standard into a formal standard.

“Open source compliance is a top priority for Microsoft and we respect the license choices developers make”, said David Rudin, Assistant General Counsel, Microsoft. “We value our partnership with OpenChain to help build trust in the larger open source community. Through investments in open source policy, tools to identify open source software, and collaboration with the open source community in projects like OpenChain, the TODO Group, and ClearlyDefined, we are committed to working with the community to develop and share best practices for open source compliance.”

“Microsoft has been an exceptional contributor to the OpenChain Project both in terms of board engagement and in broader engagement with our work teams around the world,” says Shane Coughlan, OpenChain General Manager. “One of the defining aspects of the OpenChain industry standard is our broad applicability to companies of all sizes and in all sectors. It has been fantastic to work with Microsoft to understand the needs of the cloud and large enterprises, especially with regards to how some approaches differ to consumer electronic, infrastructure and other markets. The conformance announcement today is a milestone that greatly supports our evolution as we head into 2020 and underlines once again the value of our continued collaboration.”

About the OpenChain Project

The OpenChain Project builds trust in open source by making open source license compliance simpler and more consistent. The OpenChain Specification defines a core set of requirements every quality compliance program must satisfy. The OpenChain Curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain Specification. OpenChain Conformance allows organizations to display their adherence to these requirements. The result is that open source license compliance becomes more predictable, understandable and efficient for participants of the software supply chain.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The OpenChain Project announces Microsoft OpenChain Conformance appeared first on The Linux Foundation.

Tern 1.0.0 is Generally Available!

Wed, 12/11/2019 - 22:00

New release includes an updated CLI and support for custom report formats and analysis tool extensions

Tern is a VMware-originated open source tool that inspects container images to find individual software packages and their metadata installed in the image.

Due to changes in the command line options, Tern version 1.0.0 is the first non-backwards compatible release. If you have been using previous versions of Tern, we recommend that you upgrade to the latest release. You can run Tern by installing it from PyPI or you can clone the project from GitHub and install the project after cloning it.

Tern has a number of built-in report styles available including SPDX tag-value, JSON and YAML. Tern release 1.0.0 provides the ability to customize your own report plugin, which allows data collected by Tern to be formatted in a custom way to accommodate any user’s internal automation and auditing process. Tern uses the OpenStack Stevedore python module to dynamically load any customized report plugins at runtime. If you’re curious about how you can customize your own report plugin, we supply directions for how to do this on Tern’s GitHub page.

In addition to customizing your report format, the Tern 1.0.0 release can be extended to analyze container images using external file or filesystem analysis tools. The two currently supported external tools are scancode-toolkit and cve-bin-tool. Support for formatting the output of these external tools is expected to be completed in subsequent releases.

Scancode-toolkit is a license scanning tool that finds licenses in source code and binaries. cve-bin-tool is a security vulnerability scanning tool that finds common vulnerabilities. Note that although you can use a security scanner with Tern, there isn’t any support for reporting the results beyond printing them to console. This may change as the industry demand for security information in Software Bill of Materials seems to be on the rise. If you would like incorporate your own tool extension to Tern, there are some general steps to follow documented on Tern’s GitHub page.

The 1.0.0 release for Tern also includes important bug fixes to support the SPDX tag-value reporting that Tern does. These bug fixes primarily improve Tern’s compatibility with the SPDX online validation tool.

Other notable additions to Tern in the 1.0.0 release include:

  • Enablement for Tern to consume raw image tarballs
  • Continue to analyze the base image if a Docker build fails from a Dockerfile
  • Gracefully exit if Docker is not installed or properly setup
  • Fix working directory cleanup after a keyboard interrupt
  • Bug fixes that improve the overall stability and robustness of the tool

The next Tern release will be a little smaller in scope. It will focus on enabling the pip package manager to collect information and adding a “dockerfile freeze” command line option which will produce an annotated Dockerfile with all the versions pinned to the versions Tern finds in order help developers achieve a somewhat repeatable build (similar to the “pip freeze” functionality in Python).

If you are interested in contributing to Tern, or just want to know more about the project, visit our GitHub page.

The post Tern 1.0.0 is Generally Available! appeared first on The Linux Foundation.

AGL Announces CES 2020 Demos by 18 Members

Tue, 12/10/2019 - 02:03
Automotive Grade Linux Booth at CES 2020 Showcases 2020 Mazda CX-30, 2020 Toyota RAV4, and 20+ Open Source AGL-Based Demos

18 AGL members including DENSO, DENSO TEN, Mazda, Panasonic, Renesas, NTT DATA MSE, and Suzuki, will show instrument cluster, infotainment, connected car, and cybersecurity applications running on AGL technology

SAN FRANCISCO, December 3, 2019 – Automotive Grade Linux (AGL), a cross-industry effort developing an open source platform for all connected car technologies, will be at  CES 2020 demonstrating open source infotainment and instrument cluster applications along with 20+ connected car demonstrations developed by AGL members.

The AGL Booth in the Westgate Hotel Pavilion #1815 will feature a 2020 Toyota RAV4 with an AGL-based multimedia system that is currently in production, a 2020 Mazda CX-30 showcasing a proof of concept (POC) demo using new AGL reference hardware, and automotive technology demonstrations by: AISIN AW, DENSO, DENSO TEN, Igalia, IoT.bzh, LG Electronics, Mazda, Microchip, NTT DATA MSE, OpenSynergy, Panasonic, Renesas, SafeRide Technologies, Suzuki, SYSGO, Tuxera and VNC Automotive. The booth will be open to the public during CES show hours from January 7-10, 2020.

“Instrument Cluster has been a big focus over the past year, and we look forward to demonstrating the amazing work being done by our members to optimize the AGL platform for use in lower performance processors and low-cost vehicles, including motorcycles,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We are proud to be showing vehicles from Toyota and Mazda and we will also have 20+ open source demos in our booth, a small sampling of some of the AGL-based products and services that automakers and suppliers continue to bring to market.”

AGL is an open source project hosted at the Linux Foundation that is changing the way automotive manufacturers build software.  More than 150 members, including 11 automakers, are working together to develop a common platform that can serve as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing an open platform allows for code reuse and a more efficient development process as developers and suppliers can build once and have a product work for multiple automakers.

The AGL Unified Code Base (UCB) platform includes an operating system, middleware and application framework, and provides 70-80% of the starting point for a production project. Automakers and suppliers customize the other 20-30% of the platform with features, services and branding to meet their product and customer needs.

Many AGL members have already started integrating the UCB into their production plans. Mercedes-Benz Vans is using AGL as a foundation for a new onboard operating system for its commercial vehicles. Toyota’s AGL-based infotainment system is now in Toyota and Lexus vehicles globally and will be on display in the AGL booth in a 2020 Toyota RAV4. A list of additional products and services that support AGL are available are in the AGL Vendor Marketplace.

AGL DEMOS AT CES 2020
The AGL booth will feature several core UCB demos developed collaboratively by the AGL community, as well as 20 product and proof of concept (PoC) demos.

The AGL booth will be open to the public during CES show hours and during the AGL Evening Reception & Demo Showcase on Wednesday, January 8, from 6:00 – 8:00 pm PT. Additional details and registration for the Evening Reception are available here.

Media and analysts are also invited to attend an AGL Media Happy Hour at CES on Tuesday, January 7, from 3:00 – 5:00 pm PT in the AGL booth. RSVP here or contact us to schedule an on-site briefing.

Core AGL UCB Demos:

  • Instrument Cluster: Infotainment and Instrument Cluster applications using container technology to run on a single microprocessor core. The speedometer and tachometer, along with a center display, show information from the infotainment system such as map data and media player information.
  • Infotainment: demonstrates media player, tuner, navigation, web browser, Bluetooth, WiFi, HVAC control, and audio mixer applications running the latest Happy Halibut code release (8.0.4). Adjust the HVAC or control multimedia via voice recognition with Amazon Alexa.
  • Steering wheel: A production steering wheel from Suzuki is incorporated into both demos. The second demo unit features the Infotainment and Instrument Cluster running on different boards with a CAN bus connection between them to share commands from the steering wheel as well as other vehicle data such as speed from a basic vehicle simulation. Commands available from the steering wheel include media functions and cruise control.

Demos by AGL members:

  • Aisin AW – AGL Low-Spec Cockpit: Demonstration shows another container integration based on a new draft version of AGL platform architecture.
  • DENSO and DENSO TEN – Next Gen Cockpit System: Next Gen Cockpit System demonstrated by DENSO and DENSO TEN.
  • Igalia – HTML5 apps on AGL platform: Pure HTML based UI and applications running on the different AGL reference hardware boards.
  • IoT.bzh – AGL@Sea: Ship cockpit simulation using the AGL platform with HTML5 and Android apps running inside secured containers with a cybersecurity attack scenario.
  • LG Electronics – HTML5 UI/UX for Automotive Infotainment with Autonomous Driving Simulation: Flexible and user-customizable HTML5 UI/UX for automotive infotainment using LG’s Web App Manager and Enact framework running on AGL, along with the open source LGSVL Simulator which supports development and testing of autonomous driving software (e.g. Autoware, Apollo, or the AGL Unified Autonomous Driving Platform).
  • Mazda – New Reference Hardware Demo on the 2020 Mazda CX-30: Showcasing interchangeable architecture hardware with 2 DIN form factor designed by the AGL Reference Hardware System Architecture Export Group. AGL demonstration running on the new reference hardware in 2020 Mazda CX-30.
  • Microchip Technology – INICnet Technology – Microphone Network & eCall: Showcasing AGL in conjunction with a safety critical application. Based on INICnet technology, it features an emergency response system (eCall) with a Simplex Daisy chain topology and the network diagnosis feature.
  • NTT DATA MSE – Voice Agent Service: Realization of a hybrid voice agent service based on AGL. User can receive various feedback from an agent service just by talking to it.
  • OpenChain Project – Open Source Compliance for Automotive: The OpenChain Project will demonstrate how open source tooling can help automate open source compliance in the automotive industry. The demonstration will be based on real world experiences from companies in key automotive manufacturing markets such as Japan.
  • OpenSynergy – Automotive Virtual Platform based on certified Hypervisor: Hypervisor-based cockpit solution enabling a virtual platform which integrates a large number of different functions, from entertainment and infotainment applications to Telematics Control Units (TCU) to Driver Information Systems. The solution integrates AGL and the hypervisor is the first Type 1 hypervisor compliant to ISO 26262:2018 ASIL-B.
  • Panasonic – AGL VR Cockpit: Improved Development Kit: Advanced HMI Development tools for AGL using Reference Hardware and HMD (Head Mounted Display). The Reference Hardware enables engineers to start IVI software development without production hardware, reducing software development lead time. The HMD, produced by Panasonic, features a wide view angle which is effective for evaluating cockpit HMI.
  • Renesas – Cloud-based Vehicle Service Delivery Platform and Cockpit ECU Reference Solution: Demonstrate container based secure microservice deployment that supports easy to develop solution to realize Time to Market. Cockpit ECU will kickstart your development with this all new reference solution from Renesas.
  • SafeRide Technologies – vSentry: Multi-layer cybersecurity software solution for connected and autonomous vehicles that combines deterministic and zero false-positive protection for software network and connectivity – including IDPS, Firewall and Access Control – with a Machine Learning and Deep Learning profiling and anomaly detection technology for future-proof security.
  • Suzuki – AGL Instrument Cluster Demo: Highlights how the AGL platform can be optimized for Instrument Cluster applications and for use in lower performance processors and low-cost vehicles that do not require an entire infotainment software stack.
  • SYSGO – Secure Automotive Gateway: Secure Automotive Gateway demo with significant automotive security features such as Fast and Secure Boot, an intrusion detection system (IDS), a simulated software over the air (OTA) process, firewall and a secure application loader. All of which is supported by a remote tablet, an infotainment screen and a cluster screen running on the latest AGL UCB release (Happy Halibut).
  • Toyota – Multimedia: 2020 RAV4 with the latest infotainment system based on AGL.
  • Tuxera – IVI/Cluster Storage Health Widget: A widget that Tier-1s, OEMs, or even end users can use to check the “health” of the flash memory storage. The demo will simultaneously demonstrate virtualization through a Xen hypervisor to run AGL and Android IVIs where the widget can be displayed.
  • VNC Automotive – Connectivity that Moves: Demonstration of seamless connectivity between IVI and the mobile devices used within the car, and how a modular architecture can future-proof IVI systems by enabling them to be enhanced with additional applications and content provided by smartphones and add-on boxes. VNC Automotive will also have the first public unveiling of their new rear-seat entertainment solution. This uses the capabilities of AGL to aggregate multimedia content from multiple sources and stream them to the screens in the back of the car, as well as passengers’ tablets and headphones.

###

Media Inquiries
Emily Olin

The post AGL Announces CES 2020 Demos by 18 Members appeared first on The Linux Foundation.

KiCad Joins Linux Foundation to Advance Electronic Design Automation

Sat, 11/23/2019 - 01:00

Project will build on growth to advance electronic design automation for engineers  

San Francisco, Calif., November 22, 2019 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced that it will host KiCad, a free, open source software suite for Electronic Design Automation (EDA). The program facilitates the design of schematics for electronic circuits and their conversion to Printed Circuit Board (PCB) designs. Under the Linux Foundation, KiCad will expand its community and ensure long-term sustainability.

“KiCad is a set of applications used by engineers focused on board design,” said Michael Dolan, VP of Strategic Programs at the Linux Foundation. “It’s a professional and free piece of software that gives engineers the freedom to use the software anywhere and across any platform, not tying them to specific hardware architectures. Its progress in creating an integrated environment for schematic capture and PCB layout design has been massive and the Linux Foundation’s infrastructure and governance model will give it the required support to sustain that growth for the long term.”

“We’ve seen the program skyrocket in use over recent years, with some board vendors reporting more than 15 percent of new board orders designed using KiCad,” said Wayne Stambaugh, KiCad Project Lead. “To accommodate this rate of growth there was a need to re-evaluate our revenue support model to help us attract more people to the project. Under the Linux Foundation we will have increased flexibility to spend donations to help move the project forward as well as an increased exposure to potential new donors.”

This project is also participating in the CommunityBridge platform, created earlier this year by the Linux Foundation to empower open source developers – and the individuals and organizations who support them – to advance sustainability, security, and diversity in open source technology.

KiCad was launched in 1992 and today has corporate, community, and individual donors including Digi- Key, System76, AISLER and NextPCB, with many donating through CERN. The main tools that exist within the package are used to create schematics, printed circuit board layouts, spice simulations, bill of materials, artwork, Gerber files, and 3D views of the PCB and its components. KiCad is a cross platform tool, running on Windows, Linux, and Apple MacOS and is released under the open source GNU GPL.

For more information please visit http://www.kicad-pcb.org/ or KiCad blog, Facebook or Twitter pages.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

###

Media Contact
Beth Handoll
ReTHINKitMedia
beth@rethinkitmedia.com
+1 415 535 8658

The post KiCad Joins Linux Foundation to Advance Electronic Design Automation appeared first on The Linux Foundation.

Linux Foundation Training Announces a Free Online Course-Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa

Fri, 11/22/2019 - 00:20

SAN FRANCISCO, November 21, 2019The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced enrollment is now open for a new, free, course – Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa. This course is offered through edX, the trusted platform for learning.

To the surprise of absolutely no one, trust is broken on the Internet. Any identity-related data available online can be subject to theft. Breach Level Index says that over 5,880,000 records are stolen every day. The 2019 MidYear QuickView Data Breach Report shows that reported breaches in the first half of 2019 were up 54% compared to midyear 2018 (over 4.1 billion records exposed), with web being the number one breach type for records exposed, and hacking being the number one breach type for incidents. Wherever you go online, the advice is the same–make sure you understand what is behind each button before you click it. 

The three Hyperledger projects, Aries, Indy and, Ursa, provide a foundation for distributed applications built on authentic data using a distributed ledger, purpose-built for decentralized identity. Together, they provide tools, libraries, and reusable components for creating and using independent digital identities rooted on blockchains or other distributed ledgers so that they are interoperable across administrative domains, applications, and any other “silo.” This course explores the Hyperledger Aries, Indy and, Ursa projects and the possibilities they bring for building applications with a solid digital foundation of trust.

“Managing and securing identity information is one of the most challenging problems of the digital age,” said Brian Behlendorf, Executive Director, Hyperledger. “With the capacity to distribute the control of information and authority, blockchain technologies can rewrite the rules for identity management. The three projects covered by this course, Hyperledger Indy, Aries, and Ursa, are the building blocks our global community has developed to bring self-sovereign identity to market. Getting up to speed on these technologies and involved in these projects is the way to help shape the future on this important front.”

Created by Stephen Curran and Carol Howard from Cloud Compass Computing, Inc., LFS172x is addressed to a wide-ranging audience, walking the line between business and technology. Students will gain an understanding of:

  • The problems with existing Internet identity/trust mechanisms today.
  • How a distributed ledger, such as Hyperledger Indy, can be used for identity.
  • How the underlying blockchain technology makes it possible.
  • The purpose, scope, and relationship between Aries, Indy, and Ursa.
  • How Hyperledger Aries, Indy, and Ursa add a necessary layer of trust to the Internet.
  • The possibilities enabled by this new technology.

The course will describe the underlying blockchain/cryptography technology of Hyperledger Indy and the ecosystem that is building up around Aries agents. Those with a business and slight technical bent will be able to run basic hands-on exercises and explore the possibilities this emerging technology has to offer through demos.

Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa is available at no cost, with content access for up to 7 weeks. Learners may upgrade to the verified track for $99, which includes all graded assessments, unlimited access to the course content and the ability to earn a Verified Certificate upon passing the course.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training, and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:

Clyde Seepersad

The Linux Foundation

404-964-6973

cseepersad@linuxfoundation.org

The post Linux Foundation Training Announces a Free Online Course-Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa appeared first on The Linux Foundation.

Open Source Community Connects Global 5G Cloud Native Network

Thu, 11/21/2019 - 02:00

 

  • Collaborative effort between LF Networking and global networking ecosystem shows open source approach to building cloud native 5G on top of Kubernetes
  • First Proof-of-Concept of live, end-to-end, open source 5G network displayed on keynote stage at KubeCon + CloudNativeCon North America 

 

SAN DIEGO, Calif. KubeCon + CloudNativeCon North America November 20, 2019 – LF Networking (LFN), which facilitates collaboration and operational excellence across open networking projects, today demonstrated an end-to-end, global, 5G, cloud native network live on-stage at KubeCon + CloudNativeCon North America. As a thought leader in generating technology from multiple sources based on telecom 5G requirements, LFN’s OPNFV community shepherded the cutting-edge Proof-of-Concept (PoC), which illustrates how to build, connect, and manage a global 5G network – including on-prem, cloud, and edge operations – on open architecture running network services using Kubernetes. 

As global communications providers gear up to deliver high-speed connectivity to support new services and use cases (e.g. autonomous vehicles, smart cities, specialized applications, IoT, AR/VR, and more), the need for low-latency, high-bandwidth, scalable networks is more important than ever. Conventional communications and connectivity hardware will not sustain next-generation mobile technology, so the need for cloud native architectures is essential for delivering the performance, capabilities, and automation that 5G requires. 

The LF Networking community, comprised of major projects such as ONAP, OPNFV, OpenDaylight, FD.io,  Tungsten Fabric and more — account for more than 70 percent of the world’s mobile subscribers through participating carriers. It serves as the de facto open source umbrella for helping telcos evolve.  

Cloudifying the Network

It’s no secret that Kubernetes has gained significant traction in the cloud and enterprise software ecosystem, but less widely known is how this momentum is now moving into global telco networks as the next major area of adoption. Benefits of cloud native adoption for telcos include operational consistency, application resilience, simplified and responsive scaling at the microservice level, simplified integration with enterprise-facing cloud native applications, and improved portability between public, private, and hybrid cloud environments. A team made up of volunteers from several project communities, companies, and network operators have taken a cloud native approach to developing an end-to-end 5G network Proof-of-Concept (POC) built on open source infrastructure. 

The POC uses a prototype network to connect a live call over Points-of-Presence (PoPs)  in San Diego, Montreal, Sophia Antipolis, and a hybrid public/private cloud to deliver a fully containerized 5G network live on stage. The demonstration illustrates both how the telecom industry is using cloud native software to build out their next gen networks, and also shows solution providers and developers what’s possible in this exciting new space.

I am incredibly impressed by the collaborative effort to build a 5G network from the ground up in the open source community with a cloud native approach. It’s fully end-to-end, adheres to 5G specifications, and bridges the gap between the telecom industry and cloud native computing,” said Heather Kirksey, vice president, Community and Ecosystem Development, the Linux Foundation. 

Power of Open source

The initiative was born in LF Networking’s Open Platform for Network Functions Virtualization (OPNFV) project, which brings the telco ecosystem together to test, iterate, and collaborate on a common NFV Infrastructure (NFVI). By working closely with standards organizations and integrating components from upstream projects, OPNFV conducts performance and use case-based testing on a variety of solutions. The community works upstream with other open source groups – including CNCF, ONAP, OAI, and more – to bring contributions and insights in the form of blueprints, patches, and new code. The project also supports the OPNFV Verification Program (OVP) that verifies labs, infrastructure, and virtual network functions (VNFs). 

It’s through this collaborative work that the end-to-end 5G Cloud Native Network POC came about. With over 100 individuals working on this initiative alone, it truly represents the power of open source: diverse groups coming together to begin integrating cloud native approaches to daunting industry challenges and optimizing 5G.

Also aligned with the efforts of the Common NFVI Telco Taskforce (CNTT) – a joint effort hosted by the GSMA and the Linux Foundation operating as an open committee responsible for creating and documenting an industry-aligned Common NFVI Framework – the initiative allows for early proofs-of-concept and learnings that will feed into and inform the cloud native work of the CNTT, which is expanding  its portfolio of Reference Architectures. Focus areas include Containerization, Kubernetes-based Cloud Native stacks, and Container-based network functions’ validation-based requirements.

LF Networking thanks all the organizations participating in this effort: A10 Networks, Alibaba, Altran, China Mobile, Commscope, Foxconn, Intel, Kaloom, Lenovo, Loodse, NetScout, OpenAirInterface, Red Hat, and Turnium

Learn More and Get Involved

For those onsite at KubeCon + CloudNativeCon, more information about the demo is available at these locations in the Sponsor Showcase: A10 Networks (booth S69), Lenovo (booth S100), Loodse (booth SE27), and Red Hat (booth D1).

Red Hat will host an open informational session November 19-21  at The Westin San Diego Gaslamp Quarter, 910 Broadway Circle, San Diego, CA 92101 in the Plaza Meeting Room, 2nd floor. Stop by between 10:00 – 12:00 or  2:00 – 4:00 to speak with representatives involved with the PoC and learn more. 

More information is accessible via the POC archive here where demo materials will be made available, as well as through the Virtual Central Office (VCO) mailing list: https://lists.opnfv.org/g/opnfv-vco.

During KubeCon + CloudNativeCon NA 2019, the CNCF Telecom User Group (TUG) and CNTT will participate in two joint workshops. Part 1: Monday, November 18, 4:30pm – 6:30pm, San Diego Convention Center, Meeting room 17B, Mezzanine level; and Part 2: Wednesday, November 20: 4pm – 6pm, San Diego Convention Center, Meeting room 2, Upper level. 

More information about participating in the CNTT is available here. A CNTT Face to Face meeting will take place in Prague as part of the LFN Developer & Testing Forum, January 2020. The Virtual Network Functions (VNF) testing hacking track team are open to CNF/PNF participants as well. Please contact: ovp-support@lfnetworking.org.  

Community Support

“The demonstration of 5G cloud native network represents an important advancement for mobile operators looking to virtualize their networks and lay the groundwork for the transition to 5G. A10 Networks is honored to have a role in the infrastructure, providing our carrier-grade firewall, with its high-performance container solution for security and the carrier-grade network address translation technology,” said Yasir Liaqatullah, vice president of product management at A10 Networks. “Our products are operating in this live ecosystem environment delivering proven interoperability across the user plane, control plane and networking plane of this 5G SA and NSA distributed cloud network.”

“CNCF has collaborated closely with LF Networking and OPNFV for the last several years to help bring cloud native architectures to the telecom world. We’re excited to see this 5G on Kubernetes demonstration on the keynote stage of the largest ever open source developer conference.” said Dan Kohn, CNCF executive director. “We look forward to collaborating to deploy cloud native architectures into production.”

“The transition to 5G represents a generational shift of communications infrastructure where open platforms, open source, and cloud native technologies will accelerate customers’ network transformations.  Today’s POC showcases the power of open source and cloud native 5G services built on Intel Xeon processor-based infrastructure,” said Rajesh Gadiyar, vice president and chief technology officer of Network & Custom Logic Group at Intel and member of the Linux Foundation Networking Board.

“We are very pleased to be part of this powerful cloud native multivendor demonstration at Kubecon together with Linux Foundation and Redhat. The VCO 3.0 showcase our Software Defined Fabric and Cloud Edge Fabric strengths with low latency, high performance and full automation. Our UPF has been designed for mission critical workloads and we done major improvements in CNI to improve reliability and availability for Kubernetes networking,” says Per Andersson, chief architect at Kaloom.

“The Linux Foundation initiative for VCO 3.0 enabled by Lenovo’s cloud software, provides a unified cloud experience across containers in different geographies, and demonstrates interoperability across ecosystem partners. The end-to-end cloud automation solution, underpinned by Lenovo infrastructure, streamlines the experience from core to central office to edge. This unlocks faster and smoother deployments of edge computing technologies,” said Charles Ferland, VP and general manager for Networking & CoSPs at Lenovo Data Center Group.

“5G opens many exciting new business opportunities and Kubernetes is poised to be the unified base upon which 5G is delivered. With the VCO 3.0 demo, Loodse is excited to showcase how the Kubermatic Kubernetes Platform can deliver a consistent Kubernetes experience from cloud to core to edge,” said Sebastian Scheele, CEO, Loodse. 

“EURECOM and the OAI Software Alliance are proud to partner with LF Networking, Red Hat, and the open source communities on 5G  deployments with cutting-edge container technology. The EURECOM 5G-EVE Facility Facility in Sophia Antipolis is a unique experimental community playground with indoor and outdoor 4G/5G connectivity enabled by RedHat’s OpenShift Container Platform running on commodity x86 servers,” said Raymond Knopp, EURECOM, president of the OAI. “Software Alliance.We welcome the  industry to come use our test facility for testing novel 5G vertical applications and innovative cloud-native processing for RAN, Core and Edge network functions.”

“Much as in traditional enterprise datacenters, service providers are ramping up their use of cloud native technologies like Kubernetes to build next-generation workloads. Red Hat is pleased to collaborate with partners and the Linux Foundation to showcase a cloud native mobile 5G network built on an open source infrastructure this year at KubeCon + CloudNativeCon North America,” said Tom Nadeau, technical director, NFV, Red Hat.

“Delivering containerized Turnium SD-WAN using Kubernetes allows us to deploy virtual networking solutions quickly and easily,” said Johan Arnet, Turnium CEO. “The VCO 3.0 project illustrates how our cloud-native managed SD-WAN platform can be deployed as containerized applications to deliver rapid deployment of central office functionality and build cost effective networks and infrastructure for telcos across private and public clouds. Kubernetes makes it simple to drop our SD-WAN into a network and provide quality of service, security and routing across mixed environments.”

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

 

The post Open Source Community Connects Global 5G Cloud Native Network appeared first on The Linux Foundation.

The Linux Kernel Mentorship program was a life changing experience

Tue, 11/12/2019 - 22:55

By Bharath Vedartham

Operating systems, computer architectures and compilers have always fascinated me. I like to go in depth to understand the important software components we depend on! My life changed when engineers from IBM LTC (Linux Technology Center) came to my college to teach us the Linux Kernel internals. When I heard about the Linux Kernel Mentorship program, I immediately knew that I wanted to be a part of it to further fuel my passion for Linux.

One of the project in the lists of projects available to work during the Linux Kernel Mentorship program was on “Predictive Memory Reclamation”. I really wanted the opportunity to work on the core kernel, and I began working with my mentor Khalid Aziz immediately during the application period where he gave me a task regarding the identification of anonymous memory regions for a process. I learned a lot in the application period by reading various blogs, textbooks and commit logs.

During my mentorship period, I worked to develop a predictive memory reclamation algorithm in the Linux Kernel. The aim of the project was to reduce the amount of time the Linux kernel spends in reclaiming memory to satisfy processes requests for memory when there is memory pressure, i.e not enough to satisfy the memory allocation of a process. We implemented a predictive algorithm that can forecast memory pressure and proactively reclaim memory to ensure there is enough available for processes.

We achieved a reduction of upto 8% in the amount of time the kernel spends in reclaiming memory! We submitted RFCs on the kernel mailing lists of our work. [1]

I also worked with John Hubbard on his project to track get_user_pages(). I converted a couple of drivers to use the new get_user_pages API as proposed by John. John was a real pleasure to work with!

Throughout my internship, I have learned that the kernel community is very helpful, kind and willing to help new developers. The key was to take the feedback and put in the required effort and work as well as accept constructive feedback and act on it. Working on open source projects was a very liberating experience for me. There are no barriers in open source space. Anyone can work on open source code irrespective of their nationality, creed or company affiliations, which I find very beautiful and liberating. I believe it is a very intellectually stimulating experience for anyone.

I would like to thank my mentor Khalid Aziz and the Linux Kernel community for helping me throughout the mentorship program. I also would like to thank the Linux Foundation for providing this opportunity and especially Shuah Khan for her guidance on how to work with the community.

https://lkml.org/lkml/2019/8/12/1302

The post The Linux Kernel Mentorship program was a life changing experience appeared first on The Linux Foundation.

Amazon Web Services, Genesys, Salesforce Form New Open Data Model

Tue, 11/12/2019 - 21:00

To accelerate digital transformation, organizations in every industry are modernizing their on-premises technologies by adopting cloud-native applications. According to the International Data Corporation (IDC), global spend on cloud computing will grow from $147 billion in 2019 to $418 billion by 2024. Almost half of that investment will be tied to technologies that help companies deliver personalized customer experiences.

One major challenge of this shift to cloud computing is that applications are typically created with their own data models, forcing developers to build, test, and manage custom code that’s necessary to map and translate data across different systems. The process is inefficient, delays innovation, and ultimately can result in a broken customer experience.

Announcing the Cloud Information Model

It is in the spirit of removing these barriers to innovation that Amazon Web Services, Genesys, and Salesforce have come together with the Linux Foundation’s Joint Development Foundation (JDF) to form the Cloud Information Model (CIM), an open-source data model that standardizes data interoperability across cloud applications. By easily integrating data in the cloud, developers can build new products that deliver connected and personalized customer experiences.

“Bringing the Cloud Information Model under JDF will offer a neutral home for the open-source community,” Jim Zemlin, Executive Director at The Linux Foundation. “This allows for anyone across the community to collaborate and provide contributions under a central governance model. It paves the way for full community-wide engagement in data interoperability efforts and standards development, while rapidly increasing adoption rate of the community.”

How the Cloud Information Model Works

The CIM reduces the complexities of integrating data across cloud applications by providing standardized data interoperability guidelines to connect point-of-sale systems, digital marketing platforms, contact centers, CRM systems and more. Developers no longer need to spend months creating custom code. Instead, they can adopt and extend the CIM within days so that they can create data lakes, generate analytics, train machine learning models, build a single view of the customer and more.

CIM Compatible Applications

The founding members already offer products and technologies for companies to use with the CIM.  AWS Lake Formation helps customers move, store, catalog and clean data from different sources to quickly set up a secure data lake. Amazon Redshift powers mission critical data warehouses for business intelligence, predictive analytics and real-time streaming analytics. Customers can leverage the JSON or SQL scripts to create CIM-compatible schemas for their AWS data lakes and data warehouses.

Salesforce’s Customer 360 is a set of platform services powered by CIM. Customer 360 provides customers with a single source of truth by providing instant access to consistent, reconciled customer data across Salesforce apps. MuleSoft, the provider of the leading integration and API platform, now natively supports CIM to enable the discovery of CIM data types, allowing users to easily create CIM-compatible APIs and integrations. CIM is available today in MuleSoft’s Anypoint Exchange.

Using Genesys Cloud and Genesys AI, businesses can seamlessly interact with their customers across all channels, including voice, chat, email, text and social. By combining engagement data from Genesys with data from CIM-compatible sources, businesses gain an even more complete perspective of their customers and employees in real-time, resulting in deeper levels of personalization.

How to Contribute to CIM

Anyone is invited to contribute to the CIM–including developers, technology vendors and brands. To learn more and get started, visit www.cloudinformationmodel.org. If you would like information on joining the project, please reach out to membership@cloudinformationmodel.org.

 

 

The post Amazon Web Services, Genesys, Salesforce Form New Open Data Model appeared first on The Linux Foundation.

Pages