The Linux Foundation

Fact gathering: The first and most important task in software negotiations

When negotiating a software development agreement, and if the developers for both parties assume that the software will include many pre-existing components, the process will be inefficient and becomes a significant waste of time.

A whitepaper that provides guidance in negotiating software contracts that have open source components

Through the understanding of open source software development, this whitepaper can help procurement professionals and their legal counsel avoid making factual assumptions that will undermine their credibility and delay negotiations.

Author: Karen Copenhaver & Steve Winslow Download Now

The post Fact gathering: The first and most important task in software negotiations appeared first on The Linux Foundation.

• Open Horizon, an application and metadata delivery platform, is now part of LF Edge as a Stage 1 (At-Large) Project.
• New members bring R&D expertise in Telco, Enterprise and Cloud Edge Infrastructure.
• EdgeX Foundry hits 4.3 million downloads and Akraino R2 delivers 14 validated deployment-ready blueprints.
• Fledge shares a race car use case optimizing car and driver operations using Google Cloud, Machine Learning and state-of-the-art digital twins and simulators.

SAN FRANCISCO – April 30, 2020 –  LF Edge, an umbrella organization under The Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced continued project momentum with the addition a new project and several technical milestones for EdgeX Foundry, Akraino Edge Stack and Fledge. Additionally, the project welcomes seven new members including CloudBrink, Federated Wireless, Industrial Technology Research Institute (ITRI), Kaloom, Ori Industries, Tensor Networks and VoerEir to its ecosystem.

Open Horizon, an existing project contributed by IBM, is a platform for managing the service software lifecycle of containerized workloads and related machine learning assets. It enables autonomous management of applications deployed to distributed webscale fleets of edge computing nodes and devices without requiring on-premise administrators.

Edge computing brings computation and data storage closer to where data is created by people, places, and things. Open Horizon simplifies the job of getting the right applications and machine learning onto the right compute devices, and keeps those applications running and updated. It also enables the autonomous management of more than 10,000 edge devices simultaneously – that’s 20 times as many endpoints as in traditional solutions.

“We are thrilled to welcome Open Horizon and new members to the LF Edge ecosystem,” said Arpit Joshipura, general manager, Networking, Edge & IoT, the Linux Foundation. “These additions complement our deployment ready LF Edge open source projects and our growing global ecosystem.”

“LF Edge is bringing together some of the most significant open source efforts in the industry, said Todd Moore, IBM VP Open Technology, “We are excited to contribute the Open Horizon project as this will expand the work with the other projects and companies to create shared approaches, open standards, and common interfaces and APIs.”

Open Horizon joins LF Edge’s other projects including: Akraino Edge Stack, Baetyl,  EdgeX Foundry, Fledge, Home Edge, Project EVE and State of the Edge. These projects support emerging edge applications across areas such as non-traditional video and connected things that require lower latency, and  faster processing and mobility. By forming a software stack that brings the best of cloud, enterprise and telecom, LF Edge helps to unify a fragmented edge market around a common, open vision for the future of the industry.

Since its launch last year, LF Edge projects have met significant milestones including:

• EdgeX Foundry has hit 4.3 million docker downloads.
• Akraino Edge Stack (Release 2) has 6 Blueprint families and 14 specific Blueprints that have all tested and validated on hardware labs and can be deployed immediately in various industries including Connected Vehicle, AR/VR, Integrated Cloud Native NFV, Network Cloud and Tungsten Fabric and SDN-Enabled Broadband Access.
• Fledge shares a race car use case optimizing car and driver operations using Google Cloud, Machine Learning and state-of-the-art digital twins and simulators.
• State of the Edge merged under LF Edge earlier this month and will continue to pave the path as the industry’s first open research program on edge computing. Under the umbrella, State of the Edge will continue its assets including State of the Edge Reports, Open Glossary of Edge Computing and the Edge Computing Landscape.

Support from the Expanding LF Edge Ecosystem

Federated Wireless:

“LF Edge has become a critical point of collaboration for network and enterprise edge innovators in this new cloud-driven IT landscape,” said Kurt Schaubach, CTO, Federated Wireless. “We joined the LF Edge to apply our connectivity and spectrum expertise to helping define the State of the Edge, and are energized by the opportunity to contribute to the establishment of next generation edge compute for the myriad of low latency applications that will soon be part of private 5G networks.”

Industrial Technology Research Institute (ITRI):

“ITRI is one of the world’s leading technology R&D institutions aiming to innovate a better future for society. Founded in 1973, ITRI has played a vital role in transforming Taiwan’s industries from labor-intensive into innovation-driven. We focus on the fields of Smart Living, Quality Health, and Sustainable Environment. Over the years, we also added a focus on 5G, AI, and Edge Computing related research and development. We joined LF Edge to leverage its leadership in these areas and to collaborate with the more than 75 member companies on projects like Akraino Edge Stack.”

Kaloom:

“Kaloom is pleased to join LF Edge to collaborate with the community on developing open, cloud-native networking, management and orchestration for edge deployments” said Suresh Krishnan, chief technology officer, Kaloom.  “We are working on an unified edge solution in order to optimize the use of resources while meeting the exacting performance, space and energy efficiency needs that are posed by edge deployments. We look forward to contributing our expertise in this space and to collaborating with the other members in LF Edge in accelerating the adoption of open source software, hardware and standards that speed up innovation and reduce TCO.”

Ori Industries:

“At Ori, we are fundamentally changing how software interacts with the distributed hardware on mobile operator networks.” said Mahdi Yahya, Founder and CEO, Ori Industries. “We also know that developers can’t provision, deploy and run applications seamlessly on telco infrastructure. We’re looking forward to working closely with the LF Edge community and the wider open-source ecosystem this year, as we turn our attention to developers and opening up access to the distributed, telco edge.”

Tensor Networks:

“Tensor Networks believes in and supports open source. Having an arena free from the risks of IP Infringement to collaborate and develop value which can be accessible to more people and organizations is essential to our efforts. Tensor runs its organization, and develops products on top of Linux.  The visions of LF Edge, where networks and latency are part of open software based service composition and delivery, align with our vision of open, fast, smart, secure, connected, and customer driven opportunities across all industry boundaries.” – Bill Walker, Chief Technology Officer.

VoerEir:

“In our extensive work with industry leaders for NFVI/VIM test and benchmarking,  a need to standardize infrastructure KPIs in Edge computing has gradually become more important,” said Arif  Khan, Co-Founder of VoerEir AB. “This need has made it essential for us to join LF Edge and to initiate the new Feature Project “Kontour” under the Akraino umbrella. We are excited to collaborate with various industry leaders to define, standardize  and measure Edge KPIs.”

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

The post LF Edge Expands Ecosystem with Open Horizon, adds Seven New Members and Reaches Critical Deployment Milestones appeared first on The Linux Foundation.

The Linux Foundation today announced that Sony’s Tim Bird has been elected to its board and that Panasonic’s Hiromi Wada has been re-elected for a two-year term.

Tim has a long and esteemed history working in the Linux and open source community. For more than 28 years, he has supported the developer community as a core Linux developer and maintainer of Sony’s Linux kernel and previously as Chief Technology Officer at Lineo. He was also the founder of the Embedded Linux Conference and the Consumer Electronics Linux Forum. He’s also served on the Linux Foundation’s Technical Advisory Board, an esteemed council that provides guidance to the Linux Foundation on developer community needs and concerns.

“Sony has contributed to the open source community for many years and recognizes that collaboration accelerates the development of technology and innovation to benefit the whole industry,” said Tim Bird, Linux Foundation board member and principal software engineer at Sony. “The Linux Foundation plays a vital role in coordinating the various parts of the open source ecosystem so that everyone can be more productive. I am very happy to be able to participate at the board level to continue to support and promote open source initiatives for the good of all.”

Hiromi Wada has also been re-elected to the Linux Foundation board. She is co-director of the R&D Division at the Automotive Company of Panasonic and sits on the Automotive Grade Linux (AGL) Advisory Board. She has been involved in the development and management of various products based on Linux for more than 20 years, including workstations, mobile devices, and automotive systems. As a senior counselor of open source software systems, she advances Panasonic’s collaboration with the open source community.

“I share the Linux Foundation’s dedication to advancing the technologies that impact all of us,” said Hiromi Wada, co-director of AV and ICT development at AVC Networks Company of Panasonic. “I’m pleased to be able to contribute to this work and to the open source community at the board level. Now more than ever, we have an opportunity to help advance technology for good.”

Both Tim and Hiromi have been elected to these positions by board vote.

The Linux Foundation’s mission is dedicated to building sustainable ecosystems around open collaboration to accelerate technology development and industry adoption. It expands the open collaboration communities it supports with community efforts focused on building open standards, open hardware, and open data. The Linux Foundation is also dedicated to improving diversity in open source communities and working on processes, tools and best practices for security in open development communities.

The post Linux Foundation Board Elects Open Source Technology Trailblazer appeared first on The Linux Foundation.

A new Linux Foundation whitepaper seeks to uncover the complexities of open source licensing implications when distributing and deploying Docker containers. Introduction

Deployment, distribution, and execution of software and especially services have significantly changed in the last few years. A few years ago, a person had to install a Linux based OS distribution with the necessary software and dependencies — these days, it is now much more common to “spin up a Docker container” and run a service. 

A container is basically nothing more than one or more applications with all dependencies, data, and configuration in a single isolated environment that can be deployed without the need to buy a new system or create a virtual machine. Containers allow services to be isolated from each other and require far fewer resources from a virtual machine, so they are becoming extremely popular in extremely dense multi-tenant hosting environments run by hyper-scale cloud providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.

Docker has had a significant impact on the popularity of containers and has made it much simpler on the technological side of things, but on the legal side, there are potentially increased complexities. For example, using containers makes it easier for developers to deploy software, but it also makes it easier to deploy (sometimes inadvertently) the wrong thing. Docker containers hide many of the implementation details, and developers might end up unknowingly shipping all kinds of software without knowing the license compliance issues that occur as a result. 

The Linux Foundation has recently published a whitepaper by Armijn Hemel that seeks to uncover the complexities of open source licensing implications when distributing and deploying Docker containers — it can be downloaded here. This blog post is a summary of the general findings.

Containers and images: what’s the difference?

In articles and documentation about Docker, there are frequent references to “containers” and “images.” These are not the same, although sometimes used interchangeably in articles or conversations. There is a very fundamental difference: an image is the on-disk collection of software, while a container is a running instance of an image, together with run time data and run-time state.

An example image could contain the Apache webserver and all its dependencies, from which a container can be instantiated and run. An image can be instantiated multiple times: these would then all become separate containers. 

Figure 1. A Docker image instantiated into multiple containers.

Images can be made available for reuse in public or private repositories, where they can be searched for and downloaded to be reused.

Each Docker image consists of one or multiple layers that are stacked on top of each other. Some of the layers contain files (programs, files, etcetera); others are meta-layers modifying existing layers. Different images can, and often do, share layers. For example, if two images are both based on a specific Debian layer, then this layer will only be stored on disk once.

If an existing image is reused (for example: downloaded from a repository) and modifications are made, then these modifications are stored as one or more separate layers on top of the existing layers in the image. All the layers of the base image and the new layer with the modifications together form a new image that can be instantiated (to create a container) or exported to be distributed or made available in a repository. A Docker image could be as pictured below, for example, a base image with four base layers (building on top of each other), and a custom layer on top. 

Figure 2. A base image with four base layers with a custom layer on top.

Understanding licensing complexities of layers within containers

When attempting to understand the license implications of software stored within a Docker image, it is essential to realize that the image that users interact with is simply a view of all layers, and during run-time, only the final view is seen. This view will possibly not show all of the software that is inside all of the layers: each layer can modify the view, but it will not change the content stored in any of the underlying layers.

 

Figure 3. A Composite view of a Docker image.

It could be that one layer installs software, and a new layer overwrites the software with another version (possibly with another version under a different license). In the final view, users see that the older software seems to have been removed, but in the underlying layer, the original software will still be present. For example, with the representation of a container image shown above, a user of the image would only “see” the following:

Figure 4. End-user representation of a container image.

However, when the image is distributed, all files from all layers will be distributed: each of A through H, and also modified files B’ and C’.

If a complete image is shipped, then the license conditions for software in all layers apply, even if, in the final view, software in some of the layers can no longer be seen. This means that for compliance with a full image, every layer that is inside the image should be checked.

An extra complexity could be linking. If a component is linked with other components in a layer and components get overwritten with other versions under a different license, then the license implications might be different depending on which layer is examined.

Docker repositories, registries and the potential for licensing misinterpretation

Docker images can be retrieved from repositories. Apart from the docker.io repository (run by Docker), there are also other repositories, such as quay.io, which is run by Red Hat. Community projects such as Fedora and CentOS also have public repositories, and there are many running their private repositories of Docker images.

In addition to full images being retrieved from repositories, Docker can also build images in a “just in time” fashion where instead of a full disk image or container image only a “recipe” to assemble a container image is provided using a Dockerfile.

The software is assembled on the fly from a base image that is downloaded from a repository, or that is available on the local system, with possibly extra software being installed from (other) upstream sources, like installing updates from a Linux distribution.

An example is a recipe that defines that the base image is based on a specific version of Ubuntu Linux, with updates being pulled from the Ubuntu update servers and then having a proprietary program installed from a local server.

The recipes, such as a Dockerfile, can be stacked and depend on other recipe files. These recipe files are typically stored in local files or registries that can be searched.

The recipes used for assembling the images are sometimes released under licenses that are different than the actual software being aggregated (which is perfectly fine), and there is a real chance that people will misinterpret this information and think that the licenses of the Dockerfile files apply to the assembled image, which is incorrect.

Misinterpretation of license provenance within a container image is not an imaginary problem as something similar happened in a non-containerized context in the past with Android, of which large parts have been released under Apache 2. This license confusion led some people to believe that all of Android had been released under Apache 2, even though there were significant portions of Android released under GPL-2.0 (Linux kernel, iptables, etc.) and various versions of the LGPL license.

Who distributes the software?

From a compliance point of view, there is a big difference between distributing an image that has already been fully created (and when all the software is included in the image) and distributing a Dockerfile that only describes how the image should be built. In the former case, the software is distributed in binary form, while in the latter form, possibly only a recipe for constructing an image is distributed.

When a complete image is distributed, only one party is doing distribution of the image — the party sending the built image out the door.  However, when a Dockerfile (the recipe) is distributed, then when the end-user builds the image, it is assembled on the fly with software possibly being pulled from various places.  In this scenario, it means distribution is possibly done by several parties, because (e.g.) each layer could come from a different third party. One layer could be distributed by the party operating an image repository, with content in another layer coming from a distribution (example: distribution updates), and content in another layer coming from yet another party (custom download location).

The license of dockerfiles vs. software inside containers

The Dockerfile files can be licensed under an open source license themselves. It is vital to realize that the scope of this license statement is only the Dockerfile and not the container image.

For example, the Dockerfile itself can be licensed under the MIT license but describing the installation of GPL licensed software. In a typical use case, the license of the Dockerfile and the license of the described software are entirely independent.

Compliance for all layers, not just the final layer

When distributing an image, typically, multiple layers are included and distributed. As these layers are stacked on top of each other, it could be that the contents of one layer obscure the contents of the other layers. From a pure license point of view, the final view does not matter: what matters is what is distributed. It could be that one version of an open source licensed program is distributed in one layer, with another version of the same program distributed in another layer. In this case, the license conditions for both versions need to be met.

Also, to be safe, one should not rely on the fact that specific layers of their image may already exist at the destination or in the repository receiving the push, and that therefore they will not distribute the software for those layers.  At some point, that container will land in a place where none of the layers are pre-existing, so all layers of the image must be provided to the recipient, and one will have to comply with distribution obligations for each layer provided.

How do we collect and publish the required source code?

An open question is how to collect complete and corresponding source code for containers with software under licenses that require complete and corresponding source code. With the current Docker infrastructure, it is not possible to automatically gather and publish the required source code. This means that extra work needs to be done (either manual or scripted) to gather the right source code, store it, and make it available. There are a few complications:

1. Creating a Docker image is not reproducible but depends on configurations. If different configuration options are chosen every time a Docker image is created, the resulting image could be different. This means that gathering source code at a later time than image creation might not yield the corresponding source code for the image created earlier.
2. Layers can be composed at different times and source code for some layers might have disappeared.
3. Source code might need to be gathered from various places. Focusing on just system packages could lead to missing packages.
4. Gathering source code needs to be done for all layers.

This is currently an unsolved problem.

A checklist for Docker license compliance

The following section is a compliance checklist that should help companies distributing containers to understand the license obligations better.

Is any software distributed?

The first question to ask is: is any software distributed at all? If the only thing that is distributed is a Dockerfile recipe that needs to be instantiated by the user, and software gets pulled from repositories and the company publishing the Dockerfile does not run the repository and also did not push (base) images that are used in that Dockerfile into that repository, then the company is likely not distributing any software other than the Dockerfile itself. This would require a thorough investigation of the used Dockerfile files and the build process.

What software is distributed?

Knowing which software is shipped and what license this software is under requires analyzing the software in all layers of the container image, not just the final (assembled) layer that is presented to the user. The software might have been hidden from view in the final layer, so a full analysis of all layers is necessary.

How is the software distributed?

Depending on how the software is distributed (as a full image, Dockerfile, etc.), different parties might be responsible for fulfilling license obligations. 

Who is distributing the software?

If you are distributing the container as a whole, then you are responsible for license compliance for all of the software it contains. By contrast, if you are distributing just a Dockerfile which tells people how to build a container, and the recipients are then using your Dockerfile to obtain container layers from third-party locations, then you are perhaps not responsible for license compliance for that software. 

Conclusion

Docker has made the quick deployment of software much simpler, but also introduces a few legal challenges. What the solutions to some of these legal challenges are is currently not clear. 

Evaluating compliance challenges requires a basic understanding of the technical specifics of how containers work and how they are built. With this understanding, it becomes evident how the distribution of containers bears some similarities to more historical means of distributing software while making clearer the aspects that can be obscured.

In our original whitepaper, which will hopefully serve as a starting point for discussions to what the solutions should be, the following challenges were identified:

1. There are different types of distribution and depending on which form of distribution is chosen you might or might not have an obligation to distribute corresponding source code. It is not yet obvious to casual users when or if obligations are present.
2. The Docker tools and ecosystem currently do not make it easy to collect complete and corresponding source code and are focused purely on assembling container images and deploying containers.
3. Because of the layered approach of Docker and only making the final layer visible it is easy to overlook possible distribution of software. A thorough analysis of what is distributed using tools (such as Tern) is necessary in those cases.

Future opportunities to improve the compliance environment for containers should likely focus on further developing tooling and processes that can collect and publish the corresponding source code in a more automated fashion.

To download the “Docker Containers for Legal Professionals” whitepaper, click on the button below. Download whitepaper

The post Docker containers: What are the open source licensing considerations? appeared first on The Linux Foundation.

Docker Containers for Legal Professionals

Docker has had a significant impact on the popularity of containers and has made it much simpler on the technological side of things, but on the legal side, there are potentially increased complexities.

A whitepaper that seeks to uncover the complexities of open source licensing implications when distributing and deploying Docker containers.

Containers make it easier for developers to deploy software, but it also makes it easier to deploy (sometimes inadvertently) the wrong thing. Docker containers hide many of the implementation details, and developers might end up unknowingly shipping all kinds of software without knowing the license compliance issues that occur as a result.

Author: Armijn Hemel, MSc. Download Now

The post Docker Containers for Legal Professionals appeared first on The Linux Foundation.

Virtual event suggestions for open source communities Introduction

With the COVID-19 pandemic affecting every aspect of life across every population and industry around the globe, numerous conferences, events, and meetings have been canceled or postponed. The Linux Foundation events team has been working in overdrive negotiating to cancel or postpone events that were or are impossible to operate this year safely. The health and safety of our communities and staff is our top concern.

The good news is that for those events that can no longer safely take place in person, virtual events still offer the opportunity to connect within our communities to share valuable information and collaborate. While not as powerful as a face-to-face gathering, a variety of virtual event platforms available today offer a plethora of features that can get us as close as possible to those invaluable in-person experiences. Thanks to our community members, we’ve received suggestions for platforms and services that the events team has spent the past several weeks evaluating. 

After researching a large number of possibilities over the last few weeks, the Linux Foundation has identified four virtual event platforms (and a small-scale developer meeting tool) that could serve the variety of needs within our diverse project communities. Our goal was to determine the best options that capture as much of the real-world experience as we can in a virtual environment for virtual gatherings ranging from large to small. After evaluating 86 virtual event platforms, and in the spirit of contributing back, we thought we would share what we learned.

Below is the shortlist of platforms we’ve identified for our potential use, based on which offered features that best replicate our in-person events of different sizes. We’re sharing our findings because these learnings might be a good fit for others in our community, or perhaps save you time looking at options. If you’re evaluating any platform, be prepared to spend a few weeks getting conversations started with salespeople, viewing demos, obtaining pricing, and negotiating features.

Why we chose the platforms listed

There are many virtual conferencing solutions offered in the market today. Each solution varies on price, features, scalability, and technology integration points. The list of every single platform and software solution we looked at, including open source-based solutions, can be viewed here. One of these other solutions might be a better fit for your organization’s needs. 

Finding a virtual event platform, however, is also just one piece of the virtual event puzzle. How you plan, structure, and execute the virtual event will be critical to achieving a successful community engagement. We stumbled across this great Guide to Best Practices for Virtual Conferences put together by the ACM Presidential Task Force, which we thought provided some great practitioner tips for communities running virtual events. 

Our goal was to find solutions for our events team that met the following three requirements: 

• • The ability to deliver the required content
  • The ability for attendees to network and collaborate with each other
  • The ability to deliver sponsor benefits in the platform for those companies supporting these events financially

Due to these requirements, we did not focus as much on web conference solutions, such as the now popular Zoom. However, if you are looking for a simple web solution, many of the typical web conferencing platforms are easy, quick options to set up a small virtual gathering. In many cases, you might not need all the features of the virtual events platforms.

There are even some wonderful open source options out there including:

• • Jitsi Meet, which has some very useful features like streaming, screen sharing tabs, sharing videos, and more that are not found in other solutions.
  • Open Broadcaster Software if you’re looking to record and stream session content, which can also be usefully paired with conferencing tools.
  • EtherPad, which many of our communities use and it’s exciting to see that there’s also video support to connect and talk while editing.
  • Big Blue Button that’s designed for teachers and students, but open source for anyone to use (and we know many of you have kids at home and might find this useful).

Linux Foundation virtual event platform shortlist

These tools are designed for medium to large events with multiple concurrent tracks, in-depth attendee networking and collaboration needs, and robust sponsor requirements. The pricing for each of these will depend on the specific event details, such as number of conference tracks, the number of chat rooms/attendee collaboration spaces, length of the event, number of attendees, and number of sponsor booths.

All of these event platforms (with the exception of QiQo Chat) have all the following standard functionality:

• • Web-based (HTML5) supporting Linux desktops/browsers (and also Windows and Mac)
  • Registration integrations that will comply with GDPR and privacy regulation requirements
  • Webhooks or REST APIs to integrate with security systems like SSO (Auth0) and SFDC.
  • Can be white labeled for your community’s event branding
  • Speaker Q&A chat available within sessions
  • Attendee networking capabilities
  • Integrated scheduling tools and agenda builder
  • Attendee analytics: booths visited, session attendance, etc.
  • Gamification options to drive attendee engagement
  • Pop-up notifications throughout the platform (‘Keynotes starting in 5 minutes!’, ‘Visit [Sponsor’s] booth’)
  • Guaranteed uptime, redundancies and autoscaling

inXpo Intrado Best for large events with high budgets requiring a virtual conference experience with few compromises.

InXpo Intrado has robust hosting capabilities and uses hyper-scale cloud providers for its infrastructure to provide highly reliable and resilient performance. The company uses its own platform for session broadcast and integrates with third-party CRM and registration platforms. It offers 3D virtual environments throughout the platform as well as robust attendee networking options and sponsor benefits, including virtual booths. 

Benefits:

• • Extremely customizable, very immersive event experience. 3D environments & virtual booths (VR representation of physical world exhibit hall that looks like a video game)
  • A good user interface for attendees to access all content
  • No limit on concurrent sessions or live sessions so you will not have to worry about maxing out session/attendee capacities on this platform
  • The solution provider uses its own network infrastructure backbone that is fault-tolerant enough to support 98% of 911 call centers in the US
  • Real-time translation and closed captioning capabilities without requiring third-party platforms or plugins
  • Works from within China — used by Chinese companies to run in-country virtual events
  • Extra layer of attendee privacy protection with optional ‘pop up’ message for attendees to confirm before sponsors can gather any information about the attendee

Additional Considerations:

• • One of the most expensive platforms we evaluated
  • Potential longer turnaround time needed for event onboarding and setup
  • Sponsor booth templates are customizable for a fee
  • Does not allow you to plug in your own open source video streaming/video conferencing solution

vFAIRS Best for medium to large events with smaller budgets that want to offer a 3D environment/booth experience.

vFAIRS is more appropriate for medium or large events. It has many of the same robust features for sponsors, virtual trade shows, concurrent sessions, and attendee networking features that InXpo Intrado does, but at a lower cost of entry. While it does not have its own built-in session broadcasting platform, they do have Zoom integration built-in, and you can choose to use other video streaming solutions as well. They also offer integration with numerous CRM and registration platforms.

Benefits:

• • Highly customizable
  • Great sponsor exposure and look and feel with customizable booths (dozens of templates available)
  • Attendee networking lounges and chat rooms 
  • Works from within China
  • Built-in web content accessibility — participants can change colors and font size to ease accessibility
  • Ability to incorporate closed captioning via a 3rd party solution
  • Flexibility on video broadcasting systems

Additional Considerations:

• • The lower price tag comes with more limited support than InXpo (the company is based in Toronto with many staff overseas)
  • External infrastructure dependencies (vs all-in with InXpo)
  • Capacity constraints for larger live sessions (4,000 max)
  • While the pricing is more competitive, the price increases with additional booths and/or additional sessions

MeetingPlay Best for any size event where attendee networking tools are a priority and sponsor ‘booths’ aren’t required.

This platform can accommodate events of all sizes but does not have a 3D virtual exhibit hall/booth capability. That said, the sponsor benefits built into this platform are robust, and they have excellent attendee networking capabilities. As with vFAIRS, you can use Meeting Play’s own integrated video conferencing solution for content delivery, or use your own. 

Benefits:

• • Heavy focus on “attendee” experience
  • AI-driven content, chat room and attendee suggestions — based on initial questions you can customize and ask of all participants
  • Allow for gated content with in-app registration upgrade options (freemium model) similar to offering a free “hall pass” and then requiring a higher registration to attend sessions
  • Sponsor pages are very robust offering sponsors the ability to chat 1:1 with attendees, show videos/demos, sharing resources, and more
  • Option to use MeetingPlay integrated video streaming solution, or the one of your choice via your own account
  • Works from within China — they support a number of customers in China and have virtual machines in-country that they use to test before going live for an event

Additional Considerations:

• • No 3D virtual exhibit hall or booth — sponsors receive a dynamic page that allows for real-time chat with attendees, downloadable resources, and a video player for demos or welcome videos
  • Looks more like a website rather than a virtual event
  • Only 2 concurrent live sessions at a time w/out additional fee. They recommend pre-recording most sessions and playing “simulive” (meaning it is played at a specific time, and speakers join real-time to do a text-based Q&A.) The platform has a limit of 8 concurrent live sessions at any one time
  • Collaboration spaces (used for sponsor booths, attendee ‘meeting rooms’ and any live sessions that have multiple speakers or require a two-way communication) are charged by the hour and by the number of attendees, which makes using these freely a bit difficult

QiQo Chat QiQo is best for smaller technical gatherings that don’t need all the bells and whistles of an industry event focus. This is a great option for a focus on small group collaboration, such as developer meetings and hackathons.

QiQo acts as a Zoom wrapper for attendees collaboration and session broadcasting and is ideally suited for smaller events that have a more narrow focus, where communication and collaboration needs are more back and forth, versus one-way delivery. One unique feature of QiQo is it offers the ability to collaborate on Google Docs and Etherpad as both are both integrated into QiQo’s interface. 

Benefits:

• • Inexpensive
  • An affordable option for small meetings that only need an elevated video conferencing option for collaboration. Each live event on Qiqo comes with 10 Zoom breakout rooms by default
  • Great for small group collaboration in multiple workspaces – as a Zoom wrapper, it creates more of a virtual environment around an event with multiple breakout rooms for discussions
  • Includes a large number of built-in integrated tools for collaboration and productivity: Slack, Google Calendar, Google Docs, and Etherpad
  • While Zoom is their default, their support team will work with you to set this up with Jitsi or another video conferencing solution of your choice
  • Works from within China depending on webcasting platform availability

Additional Considerations:

• • Simple Zoom wrapper to add collaboration features on top of Zoom – can be used with other video conferencing tools as well
  • Very limited sponsor elements
  • A little more challenging interface and workflow than other options — a lot of options, but definitely let ‘out of the box’
  • Minimalistic approach for collaboration

Conferencing platform feature comparison Screenshots gallery

Conclusion

With over 40 events remaining this year under the Linux Foundation umbrella of events, we have several conferences that might go virtual. Each of these will have different requirements, so to support our diverse communities, we needed a range of options and features. We do think that this portfolio of options together meets most of our various community needs, and we hope you find value in us sharing them, along with the list of all the other platforms we examined. 

The post Virtual event suggestions for open source communities appeared first on The Linux Foundation.

Program will support hundreds of displaced developer interns across diverse set of open source projects and communities

SAN FRANCISCO, Calif. – April 23, 2020– The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it’s expanding its Mentorship Program in response to COVID-19 with seed funding from Intel. The Program will grow to support interns who have been displaced as a result of the global pandemic and to give individuals an opportunity to reskill for some of the most sought-after, highly paid careers in the world.

Intel is leading funding for this expansion with a $250,000 commitment. The Linux Foundation is investing an additional $100,000 and is calling on leaders throughout the industry to match this support in order to provide opportunities to aspiring technical talent during these unprecedented times.

“During these challenging times, our ability to come together to help cultivate the next generation of software developers is more important than ever,” said Melissa Evers-Hood, vice president at Intel. “The Linux Foundation’s Community Bridge program will engage the community building mission-critical applications and Intel is proud to support developers as they participate in this initiative.”

The Linux Foundation Mentorship Program is designed to enable developers to experiment, learn and contribute to open source communities while strengthening open source projects and building an increasingly skilled and diverse talent pool of developers. Job placements as a result of the program are common and have included interns taking positions at leading technologies companies that include Intel, Google, Red Hat, IBM and more.

“Our commitment today and always is to protect the health and safety of our communities and staff and support the ongoing needs required to continue building the world’s most critical software infrastructure,” said Jim Zemlin, executive director at the Linux Foundation. “One of the ways we can do that is to ensure the rising stars from throughout the developer community can learn, grow and contribute no matter the circumstances.”

The Mentorship Program offers interns and mentees the opportunity to work on some of the world’s most popular open source projects, including Linux, Kubernetes, LF Networking and Hyperledger, among others. Mentors of the Program have included key developers from the world’s largest open-source software initiatives. Mentees enhance their technical skills while learning the open-source culture and collaboration norms, including tools and infrastructure.

Due to this unprecedented moment for those who have been displaced from internships or full-time employment, the Linux Foundation’s expanded Mentorship Program will accept applications and conduct enrollments on a rolling basis. To apply, please visit: https://communitybridge.org

About the Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Cloer
reTHINKit Media
for Linux Foundation
503-867-2304
jennifer@rethinkitmedia.com

The post Linux Foundation Expands Mentorship Program in Response to COVID-19 appeared first on The Linux Foundation.

Latest release includes new features for audio, connectivity, security, OTA and speech recognition

SAN FRANCISCO, CA, April 22, 2020 — Automotive Grade Linux (AGL), an open source project developing a shared software platform for in-vehicle technology, today announced the latest code release of the AGL platform, UCB 9.0, also known under the codename “Itchy Icefish.”

Developed through a joint effort by dozens of member companies, the AGL Unified Code Base (UCB) is an open source software platform that can serve as the de facto industry standard for infotainment, telematics and instrument cluster applications. 

“The AGL platform continues to evolve and mature based on input and requirements from automakers, several of which are currently using AGL in production vehicles” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “This latest code release includes audio, connectivity and security enhancements, improvements to speech recognition, and many HTML5 demo apps.” 

Many AGL members have already started integrating the UCB into their production plans. The 2020 Subaru Outback and Subaru Legacy uses open source software from the AGL UCB, Mercedes-Benz Vans is using AGL as a foundation for a new onboard operating system for its commercial vehicles, and Toyota’s AGL-based infotainment system is now in Toyota and Lexus vehicles globally.

UCB 9.0/Itchy Icefish includes an operating system, middleware and application framework. New updates to the AGL platform include:

• Over-the-Air (OTA): Update for ostree (SOTA)
• Application Framework: improvements including implementing Token Logic based security
• Speech Recognition: Alexa Auto SDK 2.0; improved Speech-API and voiceagent integration; new open source version of display cards for Speech Recognition
• Audio: enhancements to PipeWire and WirePlumber
• Connectivity: improved networking support and network settings; reworked bluetooth APIs and extended to pbap and map protocols
• HTML5 Apps: security converted to using Token Logic; HTML5-only image available using Web App Manager (WAM) and Chromium; HTML Demo apps available for Home Screen, Launcher, Dashboard, Settings, Media Player, Mixer, HVAC, and Chromium Browser
• Instrument Cluster: QML Reference Apps: Steering Wheel Controls via LIN to IVI Apps, refreshed Instrument Cluster app that includes CAN messages from Steering Wheel/IVI
• Board Support Package updates: Renesas RCar3 BSPs updated to v3.21 (M3/H3, E3, Salvator); enhanced support for SanCloud BeagleBone Enhanced + Automotive Cape support; i.MX6 using etnaviv (cubox-i target); enhanced Raspberry Pi 4 support

The full list of additions and enhancements to UCB 9.0 can be found here.

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at LinuxFoundation.org. 

Media Inquiries
Emily Olin
Automotive Grade Linux, the Linux Foundation 

The post Automotive Grade Linux Releases UCB 9.0 Software Platform appeared first on The Linux Foundation.

The Laminas Project, formerly known as the Zend Framework, is among the latest projects to be hosted at the Linux Foundation. With the community’s desire to evolve its PHP tooling for the next generation of web services and APIs, now is a natural time to tailor an open governance structure for the Project that can sustain the community for decades to come.

The Laminas Project already has incredible support with 1.2 million commits, hundreds of releases every year and thousands of lifetime contributors. The Project has 400 million lifetime installs across e-commerce, entertainment, embedded and healthcare environments, among others, with more than 140 million added every year. It warrants a neutral forum with an open governance structure that supports this level of adoption and innovation and its intentional focus on tooling for new web services and APIs.

The Linux Foundation will foster collaboration by bringing together stakeholders throughout the PHO ecosystem to sponsor development through hires and grants; maintain the legacy of the Zend Framework’s components; develop new features, particularly around middleware and APIs; and promote critical PHP development practices via documentation, tutorials and presentations.

For more information about the evolution of the Zend Framework and the Laminas Project, please read longtime contributor Matthew Weier O’Phinney’s blog post.

The post Linux Foundation Fosters Laminas Community appeared first on The Linux Foundation.

Developed by Sony Pictures Imageworks, Open Shading Language is the de facto standard shading language for VFX and animation

LOS ANGELES, CA, April 16, 2020 – The Academy Software Foundation (ASWF), a collaborative effort to advance open source software development in the motion picture and media industries, announced that Open Shading Language (OSL) has been approved as the Foundation’s sixth hosted project. Initially developed by Sony Pictures Imageworks, Open Shading Language is the de facto standard shading language for VFX and animation and was recognized with an Academy Scientific and Technical Award in 2017.

OSL was released as open source in 2010 so it could be used by other visual effects and animation studios and rendering software vendors. It has since become the main embedded language in several industry-standard renderers, and it has been used in 100+ films including Spider-Man: Far From Home, The Angry Birds Movie 2, and Men in Black: International.

“Over the past ten years, Open Shading Language has grown to become a critical component of the vfx and animation ecosystem, widely used in production and embedded into several industry-standard renderers,” said Rob Bredow, SVP, Executive Creative Director and Head of Industrial Light & Magic, and Governing Board Chair of Academy Software Foundation. “Many of our members and projects rely on and support OSL, so it’s a natural fit for the Foundation. We look forward to working with the OSL community and supporting the project’s continued development and growth.”

OSL is a small, but rich, language for programmable shading in advanced renderers and other applications, ideal for describing materials, lights, displacement, and pattern generation. It is embedded in many commercial products and used as a dependency in other open source projects. A full list of renderers and other systems utilizing OSL is available here.

“We have seen firsthand how other projects have grown as part of the Academy Software Foundation, and we believe that joining the Foundation is the next step to help us expand the Open Shading Language community,” said Larry Gritz, Software Engineering Architect at Sony Pictures Imageworks and Open Shading Language founder and chief architect. “We have some major development efforts underway, including bringing OSL to a full GPU ray traced implementation, and the additional resources, support, and increased community involvement that the Foundation facilitates will be highly beneficial.”

The Academy Software Foundation will maintain and further develop the project with oversight provided by a technical steering committee. All newly accepted projects, including Open Shading Language, start in incubation while they work to meet the high standards of the Academy Software Foundation and later graduate to full adoption. This allows the Academy Software Foundation to consider and support projects at different levels of maturity and industry adoption, as long as they align with the Foundation’s mission to increase the quality and quantity of contributions to the content creation industry’s open source software base.

Developers interested in learning more or contributing to Open Shading Language can sign up to join the mailing list.

# # # 

About the Academy Software Foundation

Developed in partnership by the Academy of Motion Picture Arts and Sciences and the Linux Foundation, the Academy Software Foundation was created to ensure a healthy open source community by providing a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on technologies for image creation, visual effects, animation and sound. The Academy Software Foundation is home to OpenVDB, OpenColorIO, OpenEXR, OpenCue, OpenTimelineIO, and Open Shading Language. For more information about the Academy Software Foundation, visit https://www.aswf.io/.

Media Inquiries
Emily Olin
Academy Software Foundation

 

The post Open Shading Language Becomes Sixth Academy Software Foundation Project appeared first on The Linux Foundation.

AMD Joins Academy Software Foundation as a Premier Member

DockYard joins as a General member

LOS ANGELES, CA, August 16, 2020 – The Academy Software Foundation (ASWF), a collaborative effort to advance open source software development in the motion picture and media industries, a neutral forum for open source software development in the motion picture and media industries, today announced that AMD has joined the Foundation as a Premier member and DockYard as a General member.

The Academy Software Foundation also announced today that Open Shading Language (OSL) has joined as the Foundation’s sixth hosted project. Initially developed by Sony Pictures Imageworks, Open Shading Language is the de facto standard shading language for VFX and animation and was recognized with an Academy Scientific and Technical Award in 2017.  You can read the announcement here: Open Shading Language Joins Academy Software Foundation.

“We passed our goals of $1M in funding and five new projects in our first year; now we are pleased to welcome AMD and DockYard as new members, and Open Shading Language as our sixth Foundation project. We look forward to working with AMD and DockYard, and leveraging their expertise in graphics, rendering, and software development,” said David Morin, Executive Director of the Academy Software Foundation. “Today, our Foundation is strong and our community of engineers is committed. We are ready to face the COVID-19 pandemic and do our part, which is to continue growing the open source model in the motion picture industry so that anyone can use or contribute to our projects from wherever they are, safely at home now or later back at work. We are ready to welcome more projects, host discussions about new projects, and help our open source community of engineers wherever they are in the motion picture industry. We will get through this storm and emerge on the other side, stronger together.

Member Quotes:

AMD:

“Feature film visual effects and post production are areas of significant focus and interest to us. At AMD, we have a long history of supporting and contributing to open source communities, and we are elated to support the Academy Software Foundation,” said James Knight, VFX & Virtual Production Director, AMD. “With the ever-increasing use of AMD’s CPUs in the motion picture industry, and as we collaborate with more and more studios, we feel it is imperative to help drive best practices as a major technology provider. It’s encouraging to see the Academy Software Foundation membership grow, and we are humbled and grateful to be a part of it.” 

DockYard:

“The motion picture and media industries are ripe for the development of digital experiences that not only captivate viewers, but also empower their teams to continue to make ‘movie magic’,” said Jon Lacks, CEO of DockYard, a digital product consultancy. “As evangelists of the open-source community, we’re thrilled to support the Academy Software Foundation in its mission to establish best practices for technology collaboration within the entertainment industry.”

# # #

 About the Academy Software Foundation

Developed in partnership by the Academy of Motion Picture Arts and Sciences and the Linux Foundation, the Academy Software Foundation was created to ensure a healthy open source community by providing a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on technologies for image creation, visual effects, animation and sound. The Academy Software Foundation is home to OpenVDB, OpenColorIO, OpenEXR, OpenCue, OpenTimelineIO, and Open Shading Language. For more information about the Academy Software Foundation, visit https://www.aswf.io

 

Media Inquiries
Emily Olin
Academy Software Foundation

The post AMD and DockYard join Academy Software Foundation appeared first on The Linux Foundation.

SAN FRANCISCO, April 15, 2020 — The  Linux Foundation, the nonprofit organization enabling mass innovation through open source, will host a keynote webinar — “The State of Open Source Networking & Edge” — featuring Arpit Joshipura, general manager, Networking, Edge, & IOT. The webinar takes place April 30 at 9:00 AM PT and is open to anyone interested in attending.

Hosted by LF Networking (LFN) and LF Edge, the webinar serves as a virtual update on the current state of the open networking and edge landscapes. Due to the COVID-19 outbreak, the Open Networking & Edge Summit (ONES) North America, which was initially scheduled to take place in Los Angeles, Calif. later this month, has been rescheduled to September 28-29. However, the important work of the ecosystem continues and it’s time for an update on that progress.

“We are all learning to adapt and be more nimble than ever before,” said Arpit Joshipura, general manager, Networking, Edge & IoT, the Linux Foundation. “While we aren’t able to meet face to face with our communities physically, we continue to accelerate community collaboration and momentum while evolving critical industry initiatives that impact how the world accesses information. Please join us April 30 to hear how open networking and edge communities are moving the needle.”

The webinar will not only cover critical industry initiatives such as the Common NFVI Telco Taskforce (CNTT), OPNFV Verification Program (OVP), new project inductions and releases, but Joshipura will present compelling evidence on how community collaboration is accelerating the path forward. This will include an update on deployments, business value-add, R&D, developer engagement, and challenges the community is addressing in 2020. The webinar also presents an opportunity to hear these major LF Networking and LF Edge announcements first-hand. Attendees are encouraged to engage and participate in an open Q&A session following the presentation.

The webinar serves as the first in a series of LF Networking Webinars to bring the community up to speed on open source networking news, initiatives, and innovations and provide a new opportunity for community engagement. LF Edge’s webinar series, “On the Edge with LF Edge,” kicked off last month with an update on the Akraino project. The next LF Edge webinar, “EdgeX101: Intro, Roadmap, and Use Cases,” takes place April 23.

Registration is required to attend the webinar, which takes place April 30 at 9:00 am PT. Details and registration information available here: https://zoom.us/webinar/register/WN_pt6VgEy2S46T6qW5oNRLPA

Additionally, the important work of the LFN technical communities continues unabated as the LFN Technical Meetings Spring 2020 (initially co-located with ONES North America) are being held virtually from April 21-23. Details and registration: https://www.linuxfoundation.org/calendar/lfn-technical-meetings/

Details on ONES, including registration and final agenda, are available here: https://events.linuxfoundation.org/open-networking-edge-summit-north-america/

 

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

The post Linux Foundation Executive to Give Keynote Webinar on Momentum, Direction of Open Source Networking & Edge appeared first on The Linux Foundation.

Open source powers more than 80% of the technology we all use every day, yet many open source developers and projects face barriers, from generating funding to attracting contributors,  to finding and fixing vulnerabilities in the code base to drive mainstream adoption.

Touted as an industry first, CommunityBridge is a platform created by Linux Foundation engineers to empower open source projects — and the individuals and organizations who support them — to advance sustainability, security, transparency and diversity in open source technology. Since the launch of the platform in the middle of 2019, we have come a long way, and have started making an impact.

CommunityBridge Funding is a trusted crowdfunding service that lets maintainers raise funds to support project activities like development, documentation, mentorships, marketing, travel, etc.

This service is governed and supported by the Linux Foundation with 100% of the funds going right into the hands of the developers. The Linux foundation is currently matching donations for diversity candidates and also underwriting any platform and payment processor fees. Book-keeping, processing of expense reports, reimbursements  and tax reporting is also provided free of charge.

Since inception, the funding platform has helped projects raise a total of $475K+ from 23 corporate and 355 individual sponsors and disbursed a total of ~$74K to contributors in various categories like projects and mentorships.

Acceptance of projects on this platform is selective and prioritized for high impact (based on downstream dependencies, github stars, forks, contributors) but underfunded projects.

Some of the Projects Actively Raising Funds

To apply your project for consideration or to support projects you use actively as an individual or corporate sponsor, please visit CommunityBridge Funding.

CommunityBridge EasyCLA streamlines the process of getting developers authorized under a project’s CLA for everyone:

• Coders can code more quickly by reducing manual steps to get themselves authorized.
• Corporations and projects can save time by reducing manual steps managing CLAs and their signatures
• Both Individual and Corporate CLA signing can be enforced for developers contributing to a project using GitHub or Gerrit

EasyCLA is the only solution in the community which effectively manages both individual and corporate CLA agreements. Since inception, EasyCLA has made CLA management a breeze for 19 open source projects.

Projects
Using EasyCLA Repositories
Authorized Individual
CLAs  Corporate
CLAs CLA
Managers Companies
Signing CLAs 19 872 9461 4486 1009 746 Projects With the Highest Number of Signed CLAs

Number of ICLAs: 9017
Number of CCLAs: 2488

Number of ICLAs: 89
Number of CCLAs: 54

Number of ICLAs: 60
Number of CCLAs: 707

Number of ICLAs: 51
Number of CCLAs: 448

Number of ICLAs: 68
Number of CCLAs: 28

ORAN Software Community

Number of ICLAs: 44
Number of CCLAs: 88

To learn more about how EasyCLA works or try onboarding your project, please visit CommunityBridge EasyCLA.

CommunityBridge Security enables open source developers to move quickly and securely by automatically finding vulnerabilities in the code and suggesting remediation techniques.

The CommunityBridge team has collaborated with Snyk.io to provide visibility into the security loopholes that get injected over time into the code base. This is how it works:

• Vulnerability scans run daily on project repositories in GitHub or Git
• Manifest files are deconstructed to determine the entire dependency chain of the project including transitive dependencies.
• Issues detected are evaluated against the National Vulnerability Database (NVD) and security experts in the community.
• Known CVEs and CWEs are linked to the issues if present.
• Evidence of how to replicate the issue based on community artifacts like hacker reports, GitHub reports, Whitepapers etc are attached.
• Remediation techniques and potential fixes are also suggested to the users.

We recently started onboarding all Linux Foundation projects on this service and have started publishing vulnerability reports for contributors to analyze and act on.

Some of the Projects With Vulnerabilities

Total Issues: 263
Fixable: 82

Total Issues: 195
Fixable: 140

Total Issues: 153
Fixable: 3

Total Issues: 124
Fixable: 113

Total Issues: 121
Fixable: 114

Total Issues: 117
Fixable: 84

To learn more about how CommunityBridge Security works or try onboarding your project, please visit CommunityBridge Security. Access to detailed vulnerability reports is gated for contributors to the project and you will need to contact admin@communitybridge.org to request access.

CommunityBridge Mentorship helps you increase the number and diversity of developers contributing to your project by providing mentorships and internships.

It is in essence a  matchmaking service which lets you:

• Attract mentees by providing referrals to top companies committed to interviewing your candidates
• Incentivize participation by offering free training, industry event passes and certifications
• Expand your community of talented, diverse, and committed developers by offering paid internships with matching diversity grants
• Attract funding, mentors, and mentees when you are listed on the mentorship leaderboard

Since our launch last summer, the mentorship platform supported 12 projects with mentorships. 27 Mentees were selected from 750 Applicants and used the platform to get stipends. Projects Supported By Mentorship Program Since Summer 2019 Launch 128 potential Mentors applied and 52 Mentors were selected and onboarded onto the platform. Some of the Active Mentors on the Platform

To learn more about mentorships, or to enroll your project, please visit CommunityBridge Mentorship.

The post Update from the CommunityBridge Development Team appeared first on The Linux Foundation.

Industry’s Premier Open Networking & Edge Conference will feature business, technical and architectural sessions on Edge Computing, Cloud Native Networking, Enterprise IT, and Carrier and Cloud Developer Operations

SAN FRANCISCO, April 9, 2020 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-hosts LF Networking, the umbrella organization fostering collaboration and innovation across the entire open networking stack, and LF Edge, the umbrella organization building an open source framework for the edge, announced today the rescheduled event dates for Open Networking & Edge Summit North America (ONES, formerly Open Networking Summit) and the complete session line-up. 

ONES North America 2020 will take place September 28-30 at the JW Marriott LA Live in Los Angeles, California. The summit line-up features prominent speakers from AT&T, eBay, Ericsson, Huawei Technologies, Rancher Labs, Red Hat, Toyota Motor Corporation, Verizon, VMware, Wells Fargo, Yelp, and more. The full event agenda is available here. 

ONES is the industry’s premier open networking event now expanded to comprehensively cover Edge Computing, Edge Cloud, and IoT. It gathers technologists and executives from enterprises, telecoms and cloud providers for technical, architecture and business discussions that will shape the future of networking and edge computing. ONES enables collaborative development and innovation with a deep focus on both Open Networking and AI/ML-enabled use cases for 5G, IoT, Edge and Enterprise deployment, as well as targeted discussions on Edge and IoT frameworks and blueprints across numerous industries including Manufacturing, Retail, Oil and Gas, Transportation, and Telco Edge cloud. 

“We have an impressive roster of experts lined up to present at Open Networking & Edge Summit North America,” said Arpit Joshipura, General Manager, Networking, Edge & IoT, The Linux Foundation. “With expanded content focused on open source Edge, this year’s event is the place to be for the latest in open innovation and knowledge-sharing across adjacent technologies such as 5G, cloud native, AI/ML, IoT, and more.”

ONES North America 2020 conference session tracks include: Carriers – Core, Edge & Access, Enterprise Networking & Edge, Cloud Networking & Edge, and Business Critical & Innovation.

Content is delivered in a variety of presentation formats including deep-dive technical tracks, panel discussions, tutorials, and case studies. 

Featured Keynote Speakers Include:

• Andre Fuetsch, Executive Vice President & Chief Technology Officer, AT&T Services, Inc.
• Dan Kohn, Executive Director, Cloud Native Computing Foundation
• Alex Choi, Senior Vice President of Strategy and Technology Innovation, Deutsche Telekom AG
• Farah Papaioannou, Co-Founder and President, Edgeworx, Inc.
• Anders Rosengren, Head of Architecture & Technology, Ericsson
• Justin Dustzadeh, Chief Technology Officer, Equinix
• Aparna Sinha, Director of Product Management, Google Cloud
• Bill Ren, Chief Open Source Liaison Officer, ICT Infrastructure Open Source GM, Huawei
• Marisa S. Viveros, Vice President of Strategy and Offerings, IBM
• Arpit Joshipura, General Manager, Networking, Edge & IoT, The Linux Foundation
• Heather Kirksey, Vice President, Community and Ecosystem Development, The Linux Foundation

Featured Conference Sessions Include:

• 5G Slicing is a Piece of Cake! – Alla Goldner, Director, Technology, Strategy & Standardization, Amdocs
• Injecting Security to the Cloud – Susan Hinrichs, Software Engineer, Verizon Media
• Architectural Patterns & Best-practices to Avoid Lock-ins with Serverless – Murali Kaundinya, Group CTO and Managing Director, Wells Fargo
• Securing a Network Virtualized with Containers and Kubernetes: Example Solutions and Current Gaps – Samuli Kuusela, Security Architect, Ericsson & Amy Zwarico, Lead Member of Technical Staff, AT&T
• Multi-Cluster Federation: Should Networking Impact The Solution? – Anil Kumar Vishnoi, Principal Software Engineer & Thomas D. Nadeau, Technical Director of NFV, Red Hat

Conference Registration is $950 through July 19, 2020 with additional registration options available including $300 Hall Passes, $575 Academic Passes, and $300 Student Passes.  Non-profit and group discounts are available as well; see details on the event registration page Members of The Linux Foundation, LFN and LF Edge receive a 20 percent discount on all registration fees; contact events@linuxfoundation.org to request a member discount code. Applications for diversity and needs-based scholarships are currently being accepted; for information on eligibility and how to apply, please click here. We are continuously monitoring the COVID-19/Novel Coronavirus situation and are committed to converting ONES North America 2020 into a virtual experience should it not be safe to bring attendees together in person. Please continue to visit our website and follow us on Twitter and Facebook for updates. 

Open Networking & Edge Summit North America 2020 is made possible thanks to our sponsors, including Platinum Sponsors Cloud Native Computing Foundation, Ericsson, and Huawei, Gold Sponsor IBM, and Silver Sponsor Red Hat. For information on becoming an event sponsor, click here.

Members of the press who would like to request a press pass to attend should contact Jill Lovato at jlovato@linuxfoundation.org.

Additional Resources: 

• Why Attend Linux Foundation Events: https://youtu.be/X_rLxfmLlYY 
• Open Networking Summit North America 2019 Event Recap: https://events.linuxfoundation.org/events/open-networking-summit-north-america-2019/
• See a short recap video from the last Open Networking Summit
• See what past event attendees have to say about the event

About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and industry adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.

Linux is a registered trademark of Linus Torvalds.

The post Linux Foundation, LF Networking, and LF Edge Announce Rescheduled Dates and Full Agenda for Open Networking & Edge Summit North America 2020 appeared first on The Linux Foundation.

Under the Linux Foundation, FINOS will provide a forum for industry-wide collaboration among the world’s biggest financial services firms and tech companies on fintech projects addressing desktop interoperability, data modeling, compliance and more

San Francisco, April 9th, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open collaboration, and the Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to accelerate adoption of open source software, standards and best practices in financial services, today announced that FINOS will become a Linux Foundation organization. To enable this effort, the Linux Foundation has agreed to acquire the FINOS operating assets.

The Linux Foundation will position FINOS as its umbrella project through which to advance further development of open source and standards within the financial services industry. The FINOS team, led by Executive Director Gabriele Columbro, will join the Linux Foundation. Columbro will continue in his role.

The financial services industry has a long history of open source adoption, having been among the earliest industries to embrace Linux. Since then, both large and small fintech firms have been leveraging open source to innovate on new technologies, ranging from cloud computing to decentralized networks and blockchain to machine learning and artificial intelligence. FINOS has been instrumental in bringing key industry stakeholders together around open source contribution and will be empowered now to expand and accelerate that work through the global open source community and Linux Foundation’s services and resources.

“In less than two years FINOS has become the go-to foundation for open source collaboration in financial services. With this sector’s focus on technology-driven solutions, we feel the time is right to bring our two communities together to enable the next stage of innovation for our projects,” said Jim Zemlin, executive director at the Linux Foundation. “We look forward to working with Gab, the FINOS team and its members as we together chart the future of global financial services collaboration.”

“FINOS has achieved tremendous growth across our project portfolio thanks to our 35 members and wider community,” explained Gabriele Columbro. “The FINOS community’s passion and dedication to applying open source practices to address concrete, pressing topics — in areas such as cloud computing, financial modeling, desktop interoperability, messaging, tooling, and data technology — has established the transformative potential of open source within financial services. We are thrilled to join forces with the Linux Foundation to accelerate this growth and welcome an even more diverse set of members and projects under the FINOS umbrella.”

“Open source technology is essential to the future of the financial services industry,” said Alejandra Villagra, FINOS chairperson, Citigroup. “With FINOS becoming part of the Linux Foundation, we can leverage a wider network of resources and further accelerate collaboration that delivers technology solutions to common business issues and industry challenges, shaping the future technology landscape.”

“Over the last few years, FINOS successfully created a community of buy-side, sell-side, fintech and tech companies who work together on a wide range of open source projects and standards,” said Dov Katz, FINOS vice chairperson and distinguished engineer at Morgan Stanley. “Joining the Linux Foundation will extend our pool of partners, talented developers and engineers dedicated to solving similar problems, and will help the community innovate even faster.”

“The global financial community benefits when data and technology can be combined through shared standards,” said Robert Coletti, head of desktop platform, Refinitiv. “We look forward to continued engagement with FINOS and the new opportunities that being part of the Linux Foundation will provide.”

“As a strategic open source partner for financial services firms, we work closely with FINOS and its members to drive open source adoption and best practices within the financial services industry,” said Andrew Aitken, general manager and global open source practice leader, Wipro Limited. “We know that open source plays a critical role in accelerating a bank’s enterprise transformation journey and believe that closer ties with Linux Foundation will help FINOS make inroads even faster.”

Financial services organizations have been rapid adopters of new technology, including large amounts of open source, which they have used to extend market reach and create client value. It is increasingly important for firms to look at enterprise open source and its ability to foster innovation while maintaining stability,” said Chris Wright, senior vice president and chief technology officer, Red Hat. “As active members of the Linux Foundation we see the immense potential this collaboration has to benefit the financial services industry as they adapt to an evolving technology landscape.”

FINOS is a diverse community of developers, financial and technology industry leaders committed to making contributions that will enable open source to flourish in financial services. Having grown rapidly over the last two years, the community today boasts more than 30 member organizations, 300+ contributors and many open source projects delivering value to participants across the industry.

About The Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About FINOS

The Fintech Open Source Foundation (FINOS) is an independent membership organization whose purpose is to accelerate collaboration and innovation in financial services through the adoption of open source software, standards and best practices. FINOS believes that global financial organizations that embrace open source software, together with common standards, will be best positioned to capture the growth opportunities presented by a quickly evolving technological landscape. FINOS has 11 programs driven by more than 30 financial services and technology members, 300+ community contributors and over 75 open source repositories. We enable collaboration in key areas of innovation for the industry including data, cloud, interoperability, and decentralized technologies. FINOS is a 501(c)(6) and is based in Burlingame, CA with offices in New York, NY and London, England. For more information, visit www.finos.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennier Cloer
ReTHINKitMedia
jennier@rethinkitmedia.com
503-867-2304

The post Fintech Open Source Foundation Joins Linux Foundation to Expand and Accelerate Development Across Financial Services appeared first on The Linux Foundation.

FINOS Joins the Linux Foundation Introduction

During the 1960s and 1970’s, software developers typically used monolithic architectures on mainframes and minicomputers for software development, and no single application was able to satisfy the needs of most end-users. Vertical industries used software with a smaller code footprint with simpler interfaces to other applications, and scalability was not a priority at the time.

With the rise and development of the Internet, developers gradually separated the service layer from these monolithic architectures, followed by RPC and then Client/Server.

But existing architectures were unable to keep up with the needs of larger enterprises and exploding data traffic. Beginning in the middle of the 1990s, distributed architectures began to rise in popularity, with service-oriented architectures (known as SOA) becoming increasingly dominant.

In the mid-2000s, microservices began to appear, and a set of popular frameworks based on microservice architectures were developed, with TARS appearing in 2008. After being used at scale and enhanced for 10 years, TARS became a Linux Foundation project in 2018.

Figure 1.  Interest in microservices has grown exponentially, as demonstrated by search trends on Google.

Introducing the TARS Foundation

Today, on March 10th, 2020, The Linux Foundation is excited to announce that the TARS project has transitioned into the TARS Foundation. The TARS Foundation is an open source microservice foundation to support the rapid growth of contributions and membership for a community focused on building an open microservices platform.

A Neutral Home for Open Source Microservices Projects

The TARS Foundation is a nonprofit foundation that focuses on open source technology that helps businesses embrace microservices architecture as they innovate into new areas and scale their applications.

It will continue to support the TARS project by growing the community that has been operating under the Linux Foundation since 2018. The Linux Foundation offers a neutral home for infrastructure, open governance, and community engagement support, aiding open source microservices projects to empower any industry to turn ideas into applications at scale quickly.

The TARS Foundation is working on addressing the problems that may occur in using microservices, including reducing the difficulties of development and service governance. It seeks to solve multi-programming language interoperability, data transfer issues, consistency of data storage, and ensuring high performance while supporting massive requests.

The TARS Foundation wishes to accommodate a variety of bottom-up content to build a better microservice ecosystem. It will include but will not be limited to, infrastructure, storage, development framework, service governance, DevOps, and applications based on any programming languages.

It Begins With a Mature Microservice Framework

The modern enterprise is in need of a better microservices platform for their modern applications to support development through DevOps best practices, comprehensive service governance, high-performance data transfer, storage scalability with massive data requests, and built-in cross-language interoperability (e.g., Golang, Java, C++, PHP, Node.js).

In support of these growing requirements, the TARS project provides a mature, high-performance RPC framework that supports multiple programming languages developed by Tencent (0700.HK). Since the initial open source contribution by Tencent, many other organizations have made significant contributions to extending the platform’s features and value.

Figure 2. The TARS Project Microservice Ecosystem.

TARS can quickly build systems and automatically generate code, taking into account ease of use and high performance. At the same time, TARS supports multiple programming languages, including C++, Golang, Java, Node.js, PHP, and Python. TARS can help developers and enterprises to quickly build their own stable and reliable distributed applications in a microservices manner, in order to focus on business logic to effectively improve operational efficiency.

The advantages of multi-language support, agile research and development, high availability, and efficient operation make TARS an enterprise-grade product out of the box. TARS has been used and refined in Tencent for the past ten years and has been widely used in Tencent’s QQ and WeChat social network, financial services, edge computing, automotive, video, online games, maps, application market and security, and other hundreds of core businesses. The scale of microservices has reached over one million nodes, perfecting the practice of the industry-standard DevOps philosophy and Tencent’s mass service approach.

Why Should Projects Choose The TARS Foundation?

Joining the TARS Foundation will provide member organizations and projects with the following benefits:

Community Engagement

• The TARS Foundation will host a constellation of open source projects. Members of the TARS Foundation will leverage many programs to engage with project ecosystems and share their ideas and use cases.

Thought Leadership

• Members of the TARS Foundation will be able to network and help shape the evolving microservices ecosystem.

Marketing Amplification and Brand Awareness

• Members can broaden their project’s reach and awareness in the community with TARS Foundation marketing programs.

As the TARS Foundation has been created to develop and foster the open microservices ecosystem, it will establish different functional mailing lists to support its user communities.

The TARS Foundation will also establish a series of mechanisms for the incubation and development of new projects. After a project has agreed to join the Foundation, the appropriate incubation and maturation route will be tailored according to the project circumstances.

After meeting all incubation requirements, the TARS Foundation will announce the project’s graduation. In addition to providing a technical oversight committee and a user community, the governing board will look after these projects by reviewing each project’s unique situation, providing strategic decisions, and assisting with their overall development.

Partner Commitments to the TARS Foundation

The TARS Foundation aims to empower any industry vertical to realize their ideas with their implementation of microservices. To date, TARS has worked with many industries, including fintech, e-sports, edge computing, online video, e-commerce, and education, among others.

As a result of over a decade of industry leadership in developing open microservices projects, many companies from different industries, such as Arm, Tencent, AfterShip, Ampere, API7, Kong, and Zenlayer, have committed to and have joined The TARS Foundation as members and partners.

Tencent

TARS has been developed, hardened, and enhanced within Tencent for more than ten years. It is widely used in Tencent’s QQ and WeChat social, video, e-Sports, maps, application market and security, and other hundreds of core businesses. The scale of microservices has reached over one million nodes, perfecting the practice of the industry-standard DevOps philosophy and Tencent’s mass service approach.

Arm

Arm is the world’s leading semiconductor intellectual property (IP) provider. Arm has been working with Tencent over the last year to undertake a complete port of TARS microservices to the Arm architecture. That porting effort is now complete and is available through the Akraino Blueprint ecosystem. The first two Arm deployments within Tencent are AR/VR and autonomous vehicle use cases for internal Tencent use.

AfterShip

AfterShip was established in 2012 with its headquarters located in Hong Kong. The company provides SaaS solutions to over 10,000 eCommerce businesses in the world. AfterShip’s solutions include shipment tracking, returns management, sales, and marketing.  AfterShip is a market leader in shipment tracking solutions.

“Our company has been adopting microservices for years, and we believe the TARS Foundation will help us excel in using microservices in the future.”

Ampere

Ampere focuses on cloud-native hardware. As such, it needs to ensure that any software used on that hardware runs exceedingly well to meet the demands of their customers’ expectations.

“Microservices have become very popular for several years, so we think cooperation with the TARS Foundation and focusing on microservices will allow us to achieve our vision.”

API7

API7 is an open source software startup company delivering a cloud-native microservices API gateway that aims to deliver the ultimate performance, security, open source, and scalable platform for all APIs and microservices. Compared with traditional API gateways, it has dynamic routing and plug-in hot loading, which is especially suitable for API management under a microservices-based system.

Kong

Kong is the world’s most popular open source microservice API gateway. Kong is used to secure, manage, and orchestrate microservice APIs.

“We look forward to collaborating with the TARS Foundation members to drive microservices adoption and innovation across businesses of all industries.”

Zenlayer

Zenlayer is an edge cloud services provider that enables businesses to improve digital user experiences quickly and globally, particularly in emerging markets.

“Integration of microservices with edge computing is now widespread. We look forward to doing more research on that and with the TARS Foundation.”

Conclusion

The TARS Foundation can help make the microservices ecosystem more effective, building a more aligned community of contributors and supporters. As more technology-first companies deploy microservices in production, we expect the trend to extend to traditional industries that are transforming. We hope that more people and companies will participate in the TARS Foundation and welcome everyone to contribute to a better and more open microservice ecosystem.

“The TARS Foundation will accelerate innovation for the microservices ecosystem through an open governance model that allows for rapid and high-quality contributions and collaboration. The Linux Foundation is very happy to support this work and enable its growth.” — Jim Zemlin, Executive Director of the Linux Foundation

The post FINOS Joins Linux Foundation appeared first on The Linux Foundation.

seL4 foundation aims to accelerate the security, safety and reliability of any software system

San Francisco, April 7, 2020 –  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it will host the seL4 Foundation, the nonprofit organization established by Data61, the digital specialist arm for Australia’s national science agency CSIRO. The seL4 microkernel is the world’s first operating system (OS) kernel that is proved secure; it is designed to ensure the security, safety and reliability of real-world critical computer systems.

The new Foundation aims to accelerate the development of seL4 and related technologies, and under the Linux Foundation will provide a global, independent and neutral organization for funding and steering the future evolution of seL4. Founding members include Cog Systems, DornerWorks, Ghost Locomotion, HENSOLD Cyber and UNSW Sydney.

The trustworthiness of embedded computing systems is vital to improving the security of critical systems around the world to safeguard them from cyber threats. This is particularly paramount in industries including avionics, autonomous vehicles, medical devices, critical infrastructure and defense.  The seL4 microkernel is the world’s first operating system with a proof of implementation correctness and presents an unparalleled combination of assurance, generality and performance, making it an ideal base for building security- and safety-critical systems. The seL4 Foundation provides a forum for developers to collaborate on growing and integrating the seL4 ecosystem.

“The Linux Foundation will support the seL4 Foundation and community by providing expertise and services to increase community engagement, contributors and adopters, helping to take the OS ecosystem to the next level,” said Michael Dolan, VP of strategic programs, the Linux Foundation. “The open governance and standards-based model will provide a neutral, mature and trustworthy framework to help advance an operating system that is readily deployable and optimized for security.”

Dr June Andronick, Leader of Trustworthy Systems at CSIRO’s Data61 said, “We are very excited about this step to provide a sustainable, long-term trajectory for seL4, and very keen to see the seL4 Foundation grow and thrive under the Linux Foundation umbrella.”

“With the help of the Linux Foundation we can broaden the community of contributors as well as adopters of seL4,” said UNSW Scientia Professor Gernot Heiser, Chair of the new Foundation. “This will provide the support that allows us to continue the research that ensures seL4 will remain the most advanced and secure OS technology.”

For more information on the seL4 Foundation visit https://sel4.systems/Foundation/

Supporting Quotes

Cog Systems

“seL4 has set the new standard for high assurance for embedded solutions on connected devices,” said Carl L. Nerup, CEO of Cog Systems, Inc. “This enables us to deliver commercial solutions that meet the rigorous demands associated with formal verification to deliver a certified approach that meet the highest standard for safety & security in the market today.”

 DornerWorks

“The seL4 proof provides a secure foundation to answer the growing need for cyber-security.  By joining the seL4 Foundation, DornerWorks can do more to help accelerate customer adoption of seL4 as the trusted software base for their embedded products.  We’re looking forward to the future of seL4 kernel and tool development,” said Gregg Wildes, Innovation Leader and Partnership Manager, DornerWorks Ltd.

Ghost Locomotion

“Ghost is a self-driving system that integrates seamlessly into your current car. Designed to be safer than a human driver, Ghost will give you the power to fully disengage on the highway and focus on what matters to you. Nowhere is the pursuit of perfection more important than our highways and we are proud to join the seL4 community to make provably correct, safety-critical systems a reality for millions of daily commuters,” said Dr Daniel Potts, Ghost Locomotion Inc.

 HENSOLDT Cyber

“We strongly believe in the benefits of open source software for critical IT systems in order to foster the development of one of the most important security assets,” said Sascha Kegreiß, CTO of HENSOLDT Cyber. “We provide our expertise to a community, which uses combined forces of different professionals from all over the world to strengthen the development of seL4. we were excited to become part of the seL4 Foundation.”

John Launchbury

“In system security, seL4 is one-of-a-kind. COVID-19 has taught us all the value of “distancing” in keeping any kind of system healthy and secure. That’s what microkernels like seL4 do for software. What makes seL4 unique is that we know with mathematical certainty that the seL4 code implements its “distancing” specification with ZERO functionality bugs. That it does so without a performance hit is doubly astonishing. I am eagerly anticipating seeing more and more system builders incorporate it to increase their digital security, and I’m confident that the seL4 foundation has been well structured to be effective in curating the ongoing open source development of seL4,” said John Launchbury, Galois, Formerly DARPA I2O Director.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contacts

Beth Handoll
ReTHINKitMedia
beth@rethinkitmedia.com
+1 415 535 8658

The post seL4 Microkernel Optimized for Security Gets Support of Linux Foundation appeared first on The Linux Foundation.

SAN FRANCISCO, March 31, 2020 — Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open source platform for connected car technologies, announces three new members: MERA, Mocana, and Osaka NDS.

“With the support of 11 major automakers, we are increasingly seeing more vehicles in production with AGL,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We look forward to working with all of our new members as we continue to expand the AGL platform and the global ecosystem of products and services that support it.”

AGL is an open source project at the Linux Foundation that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open, shared software platform for all technology in the vehicle, from infotainment to autonomous driving. Sharing a single software platform across the industry reduces fragmentation and accelerates time-to-market by encouraging the growth of a global ecosystem of developers and application providers that can build a product once and have it work for multiple automakers.

New Member Quotes:

MERA
“MERA, as a software development company, has been using open source software for many years, bringing best in class solutions to its customers in various industries like ICT, Industrial IoT, Automotive, FinTech and others,” said Dmitry Oshmarin, CTO of MERA. “As experts in embedded software development, especially in the Linux environments, we plan to contribute to Automotive Grade Linux. At the same time, we will leverage this new experience to help our customers to benefit from using AGL in their products.”

Mocana
“Automotive manufacturers and suppliers are connecting a broadening range of systems and devices onboard vehicles to deliver mission-critical safety capabilities as well as significantly enhance the user experience. Many of these on-board systems also incorporate virtualized systems or containers to streamline and scale the delivery of key functionalities,” said Dave Smith, President of Mocana. “This increase in connectivity provides additional insight into the performance and reliability of systems to improve system performance and safety, as well as minimize downtime and reduce maintenance costs. Unfortunately, it also introduces new cybersecurity risks and ways for hackers to attack these on-board systems to compromise their safety and uptime – and generate inaccurate alerts, messaging and data. We plan to design plug-n-play solutions that integrate with the AGL platform to enable scalable, end-to-end security, to protect any AGL-based systems on-board connected or autonomous vehicles.”

Osaka NDS
“Osaka NDS CO.,Ltd is leader in developing, deploying and supporting commercial and industrial embedded Linux solutions and services, and we are excited about joining the AGL community,” states Yutaka Toida, Osaka NDS’s Director. “We look forward to working with other AGL members as we continue to expand the AGL platform to support new mobility solutions and connected car applications.”

###

About Automotive Grade Linux (AGL)
Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

Media Inquiries
Emily Olin

The post MERA, Mocana, and Osaka NDS Join Automotive Grade Linux appeared first on The Linux Foundation.

Introduction

It has been estimated that Free and Open Source Software (FOSS) constitutes 70-90% of any given piece of modern software solutions. FOSS is an increasingly vital resource in nearly all industries, in the public and private sectors, among tech and non-tech companies alike. Therefore, ensuring the health and security of FOSS is critical to the future of nearly all industries in the modern economy.

In February of 2020, The Linux Foundation’s Core Infrastructure Initiative (CII), in partnership with the Laboratory for Innovation Science at Harvard (LISH), released the preliminary results of an ongoing study ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.` This report represents the first steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive, but not always understood.

The initial report from the Census II study identifies the most commonly used free and open source software (FOSS) components in production applications. It begins to examine the components’ open source communities, which can inform actions to sustain the long-term security and health of FOSS. The stated objectives were:

1. Identify the most commonly used free and open source software components in production applications.
2. Examine for potential vulnerabilities in these projects due to:

• • Widespread use of outdated versions;
  • Understaffed projects; and,
  • Known security vulnerabilities, among others.

3. Use this information to prioritize investments/resources to support the security and health of FOSS

What did the Linux Foundation and Harvard learn from the Census II study?

The study was the first of its kind to analyze the security risks of open source software used in production applications. It is in contrast to the earlier Census I study that primarily relied on Debian’s public repository package data and factors that would identify the profile of each package as a potential security risk.

In order to gain a better understanding of the commonality, distribution, and usage of open source software used within large organizations, the study used software composition analysis (SCA) metadata supplied by Snyk and Synopsys. SCA is the process of automating visibility into any software, and these tools are often used for risk management, security, and license compliance.

With this metadata, the study was able to create a baseline and unique identifiers for common packages and software components used by large organizations, which was then tied to a specific project. This baselining effort allowed the study to identify which packages and components were the most widely deployed.

The top-scoring, most widely deployed projects were the ones that came under additional scrutiny and became the prime focus of the preliminary study, which were examined for the total lines of code, total number of contributors, and frequency of commits during the 2018 calendar year.

Observations and analysis of these specific metrics led the study to come to certain preliminary conclusions. These were:

Software components need to be named in a standardized fashion for security strategies to be effective. The study determined that a lack of naming conventions used by packages and components across repositories was highly inconsistent. Thus any ongoing effort to create strategies for software security and transparency without industry participation would have limited effect and slow such efforts.

Developer accounts must be secured. The analysis of the software packages with the highest dependents found that the majority were hosted with individual (personal) developer accounts. Lax developer security practices have considerable implications for large organizations that use these software packages because they have fewer protections and less granularity of permissions that are associated with them. For example, organizational accounts frequently employ the use of multi-factor authentication (MFA), which individual developers might not, potentially exposing larger organizations to attack.

Project atrophy and contributor abandonment is a known issue with legacy open source software. The number of developer contributors who work on projects to ensure updates for feature improvements, security, and stability decreases over time as they prioritize other software development work in their professional lives or decide to leave the project for any number of reasons. Therefore, as time goes by, it is much more likely that these communities may face challenges without sufficient developers to act as maintainers.

Legacy open source is pervasive in commercial solutions. Many production applications are being deployed that incorporate legacy open source packages. This prevalence of legacy packages is an issue as they are often no longer supported or maintained by the developers, or they have known security vulnerabilities. They often lack updates for known security issues both in their codebase or in the codebase of dependencies they require to operate. Legacy packages present a vulnerability to the companies deploying them in their environments. In essence, it means they will need to know what open source packages they have used and where so that they can maintain and update these codebases over time.

What tools exist to understand better and mitigate potential problem areas in open source software development?

The Linux Foundation’s community and other open source projects initiatives offer important standards, tooling, and guidance that will help organizations and the overall open source community gain better insight into and directly address potential issues in their software supply chain.

Understand the vulnerability vectors of your software supply chain

Concurrent with the publication of the findings of the Census II study is the Open Source Supply Chain Security Whitepaper. This publication explores vulnerabilities in the open source software ecosystem through historical examples of weaknesses in known infrastructure components (such as lax developer security practices and end-user behavior, poorly secured dependency package repositories, package managers, and incomplete vulnerability databases) and provides a set of recommendations for organizations to navigate potential problem areas.

Focus on building security best practices into your open source projects

For open source software developers, the Linux Foundation develops and hosts the Core Infrastructure Initiative’s Best Practices. This initiative was one of the first outputs produced as a result of the Census I, completed in 2015. Since that time, over 3,000 open source software projects have engaged, started, or completed the process of obtaining a CII Best Practices Badge.

Projects that conform to CII best practices can display a badge on their GitHub page, or their web pages and other material. In contrast, consumers of the badge can quickly assess which FLOSS projects are following best practices and, as a result, are more likely to produce higher-quality and secure software. Additionally, a Badge API exists that allows developers and organizations to query the state of CII best practice score of a specific project, such as Silver, Gold, and Passing. This means any organization can do an API check in their workflow to check against the open source packages they’re using and see if that project’s community has obtained a badge.

More information on the CII Best Practices Badging program, including background and criteria, is available on GitHub. Project statistics and criteria statistics are available. The projects page shows participating projects and supports queries (such as a list of projects that have a passing badge).

Gain better insights into the community developing your open source software

We encourage organizations and projects to join the CHAOSS community, whose work on tooling and risk metrics was leveraged in the Census II study. CHAOSS is a Linux Foundation project which is focused on creating analytics and metrics to help define the health of the software community. The community is working on open source tools, including:

Augur, which is a python library and REST server that is used to mine metrics from git transactions, such as the number of committers and commits over a historical period.

Grimore Lab is an open development analytics platform that allows for automatic and incremental data gathering from almost any tool related to contributing to open source development, such as for source code management, issue tracking systems, forums, mailing lists, and others. It also provides a data visualization dashboard that allows for filtering by time range, project, repository, and contributor.

Equally as important, the CHAOSS community has brought academics and corporate practitioners of open source best practices to develop common CHAOSS Metrics that any organization can adopt and begin using. The Metrics project includes metrics focused on Risk (including Security), the Evolution of a project, and many more useful metrics leading open source organizations to monitor their open source software supply chain.

Gain better insight into the open source software being used in your organization

The second major initiative by the Linux Foundation is Automating Compliance Tooling (ACT), which was launched in 2019 and comprises five major projects, which as of today include:

FOSSology an open source license compliance software system and toolkit, allowing users to run license, copyright, and export control scans from the command line. A database and web UI are also provided to provide a compliance workflow. License, copyright, and export scanners are tools available to help with compliance activities.

OSS Review Toolkit (ORT) enables highly automated and customizable Open Source compliance checks the source code and dependencies of a project by scanning it, downloading its sources, reporting any errors and violations against user-defined rules, and by creating third-party attribution documentation. ORT is designed for the CI/CD world and supports a wide variety of package managers, including Gradle, Go modules, Maven, npm, and SBT.

QMSTR, Also known as “Quartermaster”, this tool creates an integrated open source toolchain that implements industry best practices of license compliance management. QMSTR integrates into the build systems to learn about the software products, their sources, and dependencies. Developers can run QMSTR locally to verify outcomes, review problems, and produce compliance reports. By integrating into DevOps CI/CD cycles, license compliance can become a quality metric for software development.

Software Package Data Exchange (SPDX) is an open standard for communicating software bill of material information (SBOM) that supports accurate identification of software components, explicit mapping of relationships between components, and the association of security and licensing information with each component.

Tern is an inspection tool to find the metadata of the packages installed in a container image. It provides a deeper understanding of a container’s bill of materials, so better decisions can be made about container-based infrastructure, integration, and deployment strategies.

The ACT projects are also working with initiatives within other open source communities to support accurate identification and sharing of software metadata in the ecosystem. Of particular note are:

Clearly Defined, which is part of the Open Source Initiative (of which the Linux Foundation is an Associate member), is a shared repository of licensing provenance information through a common database that helps organizations understand the risks associated with using open source software.

Software Heritage, which is being developed in collaboration with UNESCO, is committed to collect, index, preserve and make readily available the source code of the software that lies at the heart of our culture. As with the Internet Archive (“Wayback Machine), which seeks to preserve the history of the Internet and its content, Software Heritage is a historical preservation of open source software and packages that anyone can search and browse through.

Conclusion

The preliminary findings of the Census II study strongly indicate that open source projects require supporting toolsets, infrastructure, staffing, and proper governance to act as a stable and healthy upstream project for your organization.

The Census II study shows that even the most widely deployed open source software packages can have issues with security practices, developer engagement, contributor exodus, and code abandonment.

Addressing these challenges is where an organization like the Linux Foundation and other nonprofit organizations can offer significant assistance and support for the project community using a low overhead model. The Linux Foundation is uniquely suited to not just providing tools, but also the governance, fundraising, and support programs that critical open source projects require in order to maintain a stable, secure and reliable release model. These support programs include:

• • Providing funding support through membership models or securing one-off contributions through crowdfunding, leaving the complexities of managing the legal entity, financial oversight, and regulatory filings to professionals that are highly experienced and dedicated to their administration.
  • Providing base policies that offer a known framework for commercial organizations to collaborate, including an antitrust policy, trademark policy, templates for a code of conduct, and more.
  • Providing entity management for maintaining the core administrative support infrastructure that enables communities to interact, including hiring leadership and community support personnel, in order to facilitate and guide projects on an ongoing basis.
  • Supporting community events for face to face opportunities, as well as marketing and communications support to grow a project’s community audience and help people learn about the great things they contribute to.
  • Eliminating the burden of managing software releases through hiring neutral release engineers that support the maintainers.
  • Providing a free platform in the form of CommunityBridge to address common challenges with fundraising, mentoring, security vulnerability scanning, and managing automated Contributor License Agreements (“CLAs”).
  • Providing training and professional certification support that enables building an ecosystem of skilled professionals in order to use, implement, and manage solutions based on a project’s technology.
  • Providing support for license compliance, export control, and security by the routine scanning of project repositories in order to help the community identify license and security problems before an official release proliferates issues to downstream users.

In summary, the Linux Foundation supplies communities with a repeatable, proven governance model as well as value-added support programs to help communities maintain and scale. The ultimate goal is that our communities become healthy upstream projects that your organization can rely on as secure, and well-maintained upstream open source projects in your software supply chain.

The post The Security of the Open Source Software Digital Supply Chain: Lessons Learned and Tools for Remediation appeared first on The Linux Foundation.

The TARS Foundation: The Formation of a Microservices Ecosystem Introduction

During the 1960s and 1970’s, software developers typically used monolithic architectures on mainframes and minicomputers for software development, and no single application was able to satisfy the needs of most end-users. Vertical industries used software with a smaller code footprint with simpler interfaces to other applications, and scalability was not a priority at the time.

With the rise and development of the Internet, developers gradually separated the service layer from these monolithic architectures, followed by RPC and then Client/Server.

But existing architectures were unable to keep up with the needs of larger enterprises and exploding data traffic. Beginning in the middle of the 1990s, distributed architectures began to rise in popularity, with service-oriented architectures (known as SOA) becoming increasingly dominant.

In the mid-2000s, microservices began to appear, and a set of popular frameworks based on microservice architectures were developed, with TARS appearing in 2008. After being used at scale and enhanced for 10 years, TARS became a Linux Foundation project in 2018.

Figure 1.  Interest in microservices has grown exponentially, as demonstrated by search trends on Google.

Introducing the TARS Foundation

Today, on March 10th, 2020, The Linux Foundation is excited to announce that the TARS project has transitioned into the TARS Foundation. The TARS Foundation is an open source microservice foundation to support the rapid growth of contributions and membership for a community focused on building an open microservices platform.

A Neutral Home for Open Source Microservices Projects

The TARS Foundation is a nonprofit foundation that focuses on open source technology that helps businesses embrace microservices architecture as they innovate into new areas and scale their applications.

It will continue to support the TARS project by growing the community that has been operating under the Linux Foundation since 2018. The Linux Foundation offers a neutral home for infrastructure, open governance, and community engagement support, aiding open source microservices projects to empower any industry to turn ideas into applications at scale quickly.

The TARS Foundation is working on addressing the problems that may occur in using microservices, including reducing the difficulties of development and service governance. It seeks to solve multi-programming language interoperability, data transfer issues, consistency of data storage, and ensuring high performance while supporting massive requests.

The TARS Foundation wishes to accommodate a variety of bottom-up content to build a better microservice ecosystem. It will include but will not be limited to, infrastructure, storage, development framework, service governance, DevOps, and applications based on any programming languages.

It Begins With a Mature Microservice Framework

The modern enterprise is in need of a better microservices platform for their modern applications to support development through DevOps best practices, comprehensive service governance, high-performance data transfer, storage scalability with massive data requests, and built-in cross-language interoperability (e.g., Golang, Java, C++, PHP, Node.js).

In support of these growing requirements, the TARS project provides a mature, high-performance RPC framework that supports multiple programming languages developed by Tencent (0700.HK). Since the initial open source contribution by Tencent, many other organizations have made significant contributions to extending the platform’s features and value.

Figure 2. The TARS Project Microservice Ecosystem.

TARS can quickly build systems and automatically generate code, taking into account ease of use and high performance. At the same time, TARS supports multiple programming languages, including C++, Golang, Java, Node.js, PHP, and Python. TARS can help developers and enterprises to quickly build their own stable and reliable distributed applications in a microservices manner, in order to focus on business logic to effectively improve operational efficiency.

The advantages of multi-language support, agile research and development, high availability, and efficient operation make TARS an enterprise-grade product out of the box. TARS has been used and refined in Tencent for the past ten years and has been widely used in Tencent’s QQ and WeChat social network, financial services, edge computing, automotive, video, online games, maps, application market and security, and other hundreds of core businesses. The scale of microservices has reached over one million nodes, perfecting the practice of the industry-standard DevOps philosophy and Tencent’s mass service approach.

Why Should Projects Choose The TARS Foundation?

Joining the TARS Foundation will provide member organizations and projects with the following benefits:

Community Engagement

• The TARS Foundation will host a constellation of open source projects. Members of the TARS Foundation will leverage many programs to engage with project ecosystems and share their ideas and use cases.

Thought Leadership

• Members of the TARS Foundation will be able to network and help shape the evolving microservices ecosystem.

Marketing Amplification and Brand Awareness

• Members can broaden their project’s reach and awareness in the community with TARS Foundation marketing programs.

As the TARS Foundation has been created to develop and foster the open microservices ecosystem, it will establish different functional mailing lists to support its user communities.

The TARS Foundation will also establish a series of mechanisms for the incubation and development of new projects. After a project has agreed to join the Foundation, the appropriate incubation and maturation route will be tailored according to the project circumstances.

After meeting all incubation requirements, the TARS Foundation will announce the project’s graduation. In addition to providing a technical oversight committee and a user community, the governing board will look after these projects by reviewing each project’s unique situation, providing strategic decisions, and assisting with their overall development.

Partner Commitments to the TARS Foundation

The TARS Foundation aims to empower any industry vertical to realize their ideas with their implementation of microservices. To date, TARS has worked with many industries, including fintech, e-sports, edge computing, online video, e-commerce, and education, among others.

As a result of over a decade of industry leadership in developing open microservices projects, many companies from different industries, such as ARM, Tencent, AfterShip, Ampere, API7, Kong, and Zenlayer, have committed to and have joined The TARS Foundation as members and partners.

Tencent

TARS has been developed, hardened, and enhanced within Tencent for more than ten years. It is widely used in Tencent’s QQ and WeChat social, video, e-Sports, maps, application market and security, and other hundreds of core businesses. The scale of microservices has reached over one million nodes, perfecting the practice of the industry-standard DevOps philosophy and Tencent’s mass service approach.

Arm

ARM is the world’s leading semiconductor intellectual property (IP) provider. Arm has been working with Tencent over the last year to undertake a complete port of TARS microservices to the Arm architecture. That porting effort is now complete and is available through the Akraino Blueprint ecosystem. The first two Arm deployments within Tencent are AR/VR and autonomous vehicle use cases for internal Tencent use.

“We want to take the most active role in microservices to be ubiquitous, so we choose to be a premier member.”

AfterShip

AfterShip is a Hong Kong startup company offering automated shipment tracking using a SaaS model and supports over 400 shipping services worldwide.

 “We believe microservices will be a new concept for our products, and the TARS Foundation can empower its usage.”

Ampere

Ampere focuses on cloud-native hardware. As such, it needs to ensure that any software used on that hardware runs exceedingly well to meet the demands of their customers’ expectations.

“Microservices have become very popular for several years, so we think cooperation with the TARS Foundation and focusing on microservices will allow us to achieve our vision.”

API7

API7’s open-source project, APISIX, which is based on Nginx and etcd, is a cloud-native microservices API gateway that aims to deliver the ultimate performance, security, open source, and scalable platform for all APIs and microservices. Compared with traditional API gateways, APISIX has dynamic routing and plug-in hot loading, which is especially suitable for API management under a microservices-based system.

Kong

Kong is the world’s most popular open source microservice API gateway. Kong is used to secure, manage, and orchestrate microservice APIs.

“We look forward to collaborating with the TARS Foundation members to drive microservices adoption and innovation across businesses of all industries.”

Zenlayer

Zenlayer is an edge cloud services provider that enables businesses to improve digital user experiences quickly and globally, particularly in emerging markets.

“Integration of microservices with edge computing is now widespread. We look forward to doing more research on that and with the TARS Foundation.”

Conclusion

The TARS Foundation can help make the microservices ecosystem more effective, building a more aligned community of contributors and supporters. As more technology-first companies deploy microservices in production, we expect the trend to extend to traditional industries that are transforming. We hope that more people and companies will participate in the TARS Foundation and welcome everyone to contribute to a better and more open microservice ecosystem.

“The TARS Foundation will accelerate innovation for the microservices ecosystem through an open governance model that allows for rapid and high-quality contributions and collaboration. The Linux Foundation is very happy to support this work and enable its growth.” — Jim Zemlin, Executive Director of the Linux Foundation

The post The TARS Foundation: The Formation of a Microservices Ecosystem appeared first on The Linux Foundation.