The Linux Foundation

I am old enough to remember when organizations developed software in-house – all of it. I also clearly remember my information systems college professor teaching it is almost always less expensive and better to use code/programs already written and adapting them for your use than to recreate the wheel from scratch. 

It is a different world now – software is built on a foundation of other programs, libraries, and code bases. Free and open source software (FOSS) is key to this because it is so easy to pickup, use, share, and create code. What an opportunity to speed development and focus innovation on the next thing rather than creating what already exists. This is part of the value of open source software – collaborate on the building blocks and innovate and differentiate on top of that. 

However, there are also challenges in this space, with a good example being the question of how to address licensing. There are A LOT of types of licenses that can apply to a piece of software/code. Each license needs to be understood and tracked with each piece of software it is included in for an organization to ensure nothing is missed. This can quickly multiply into a significant catalog that requires lots of manual work. On top of that, you also need to provide that license information to each of your customers, and they will have their own system and/or processes for providing that information to them and making sure it is up-to-date with each new version of the software. 

You can see where this can quickly consume valuable staff resources and open doors to mistakes. Imagine the possibility of a standard way to track and report the licenses so your teams don’t need to worry about all of the digital paperwork and can instead focus on innovation and adding value to you and your customers.

This is exactly the problem a team of lawyers and governance experts sought to fix back in 2016 and created the OpenChain Project to do just that. They asked, what are the key things for open source compliance that everyone needs, and how do we unify the systems and processes. They envisioned an internationally accepted standard to track and report all of the licenses applicable to a software project. The end result is a more trustable supply chain where organizations don’t need to spend tons of time checking compliance again and again and then remediating. 

The result – a ISO standard  (ISO/IEC 5230) was approved in Q4 2020. The OpenChain Project also hosts a library of 1,000 different reference documents in a wide variety of languages – some are official and many more are community documents, like workflow examples, FAQs, etc.

How are organizations benefiting from OpenChain? I find it encouraging that Toyota is one of the leaders in this. As anyone who has had at least one business class in college knows, Toyota is a leader in innovations for manufacturing over several decades. In the 1970s they pioneered supply chain management techniques with the Toyota Production System (please tell me they had to do TPS reports) – adopted externally as Just in Time manufacturing. They are also known for adopting the philosophy of Kaizen, or continuous improvement. So, as they looked at how to manage software supply chains and all of the licensing, they adopted the OpenChain Specification. They implemented it, in part, with a governance structure and an official group to manage OSS risks and community contributions.

.avia-image-container.av-l20heg6x-cd2d943e933a1c3dd3f8cb175716f4bc .av-caption-image-overlay-bg{ opacity:0.4; background-color:#000000; } .avia-image-container.av-l20heg6x-cd2d943e933a1c3dd3f8cb175716f4bc .av-image-caption-overlay-center{ color:#ffffff; }

Toyota’s OSS governance structure

They are also an active participant in the OpenChain Japan Working Group to help identify bottlenecks across the supply chain, and the group enabled Toyota to develop information sharing guidelines to address licensing challenges with Tier 1 suppliers. They now see reduced bottlenecks, more data for better decision making, and decreased patent and licensing risks. Read more.

PwC is a global auditing, assurance, tax, and consulting firm. As an auditor, much of their business revolves around building trust in society. They also develop software solutions for thousands of clients around the world and receive software from providers of all sizes and maturity levels, making OSS compliance difficult. It was a tremendous effort and caused time delays for them and their clients. Now, PwC is able to provide clients with an Open Source Software compliance assessment based on the latest OpenChain specification. Their clients can share an internationally-recognized PwC audit report to verify OSS compliance. Read more.

And just last month, SAP, a market leader in enterprise application software, announced they are adopting the OpenChain ISO/IEC 5230 standard. It marks the first time that an enterprise application software company has undergone a whole entity conformance. Their reach across the global supply chain is massive – its customers are involved in almost 90% of global trade.

As the ISO/IEC standard is done, what is next for OpenChain? They are looking at security, export control, and more. 

If you or your organization are interested in learning more about OpenChain, adopting the standard, or getting involved in what is next, head over to https://www.openchainproject.org/. We also host an online training course when you are ready to dig in: Introduction to Open Source License Compliance Management. 

My hope is that you now spend less time on compliance and more time on innovation.

The post More Time on Innovating, Less Time on Compliance appeared first on Linux Foundation.

This post originally appeared in LF Networking’s blog. 

Now in its fifth year as an umbrella organization, LF Networking (LFN) and its projects enable organizations across the globe to more quickly and effectively achieve digital transformation via the community’s shared development efforts. This includes companies of all sizes and types that rely on LFN’s breadth of commercially-ready ecosystem offerings, all based on open source innovation spearheaded within the LF Networking community.

As mature LFN projects, ONAP (Open Network Automation Platform) and OpenDaylight are currently deployed as critical components in networks around the globe. Below is a sampling of specific case studies currently implemented in the real-world that are allowing organizations to transform their networks. 

• Spark automates disaggregated network in just 6 months using ONAP. As Spark New Zealand Limited (Spark) approached 5G deployment, they started analyzing the status of automation across network and infrastructure and realized they needed an automation suite that would support future use cases that 5G could enable, such as network slicing, and closed loop automation.  In partnership with Infosys, Spark took a relatively short six months to go from kickoff to implementation of ONAP. More details are available here.
• Verizon leverages OpenDaylight as its directional SDN controller. After initial work exploring OpenDaylight (ODL), Verizon decided to pull the testing, packaging, support in-house and create their own optimized ODL distribution. ODL now serves as Verizon’s foundational and directional SDN controller with two use cases in production across the network. Verizon brings a strong developer team to the project with several employees directly participating in ODL on eleven projects. Currently, Verizon is using Yang model driven platform solutions and wants to integrate different types of data modeling technology, Open APIs, rest platforms, and more. More details are available here.
• Deutsche Telekom deploys ONAP in O-RAN Town. In its O-RAN Town project, DT deployed in the city of Neubrandenburg a multi-vendor Open RAN trial network for 4G and 5G services with massive MIMO integrated into the live network — the first in Europe. To automate services on all network domains, DT introduced a vendor-independent Service Management and Orchestration (SMO) component based on ONAP open source. The SMO is to be at the heart of complete lifecycle management of all O-RAN components in this deployment. More details are available here.
•  Orange deploys automation framework powered by ONAP. Realizing a long-pursued goal of using ONAP, Orange has deployed and trialed an automation framework powered by ONAP. The current use case, in production in Orange Egypt, includes automating network services, network connectivity and resource management inside IP/MPLS, and configuration changes such as provisioning virtual private networks. Through this initiative, Orange has demonstrated that ONAP has reached the maturity and modularity for network operators to take combinations of ONAP projects and components from proof of concept to production. More details are available here.
• Bell automates a significant amount of manual configuration, recovery, and provision work by using ONAP in production across multiple use cases. Since 2017, the use of ONAP at Bell Canada has expanded to automating numerous key network services across all business units. Moving forward, ONAP is playing a major role in 5G and multi-access edge computing (MEC) rollouts. The key metric Bell uses to measure the success of ONAP is the number of recurring manual task hours saved per month. Each project that adopts ONAP for a specific service tracks this metric. In 2019 alone, Bell saved a significant amount of recurring manual work per month as a result of using ONAP. In 2020, the team will also measure the acceleration of new services on-boarded to the platform. Currently, the on-boarding process can range from a few weeks to six months. Learn more in this detailed case study.

These are just a few examples of what is possible with open networking. Stay tuned to LF Networking channels for more industry proof points across the ecosystem and follow the LFN community journey (visit our website and follow us on Twitter)  to witness the power of open collaboration on the future of networking.

The post Open Source Networks in Action: How leading telcos are harnessing the power of LF Networking appeared first on Linux Foundation.

Leading open source network operating system enabling dis-aggregation for data centers now hosted by the Linux Foundation to enable neutral governance in a software ecosystem

SAN FRANCISCO– April 14, 2021 –  Today, the Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the Software for Open Networking in the Cloud (SONiC, an open source networking operating system), is now part of the Linux Foundation. The Linux Foundation provides a venue for continued ecosystem, developer growth and diversity, as well as collaboration across the open source networking stack.  

“We are pleased to welcome SONiC to the Linux Foundation family of open networking projects,” said Arpit Joshipura, general manager, Networking, Edge, and IoT, the Linux Foundation. “SONiC is a  leader in open source data center NOS deployments, and we’re looking forward to growing its developer community.” 

The Linux Foundation will primarily focus on the software component of SONiC, and continue to partner with Open Compute Platform(OCP) on aligning hardware and specifications like SAI. 

“Microsoft founded SONiC to bring high reliability and fast innovation to the routers in Azure cloud data centers. We created it as open source so the entire networking ecosystem would grow stronger.  SONiC already runs on millions of ports in the networks of cloud scalers, enterprises, and fintechs.  The SONiC project is thrilled to be joining the Linux Foundation to take the community to its next jump in scale, participation, and usage,” said  Dave Maltz, Technical Fellow and Corporate Vice President, Microsoft Azure Networking.

About SONiC

Created by Microsoft for its Azure data centers, SONiC is an open source network operating system (NOS)  based on Linux that runs on over 100 different switches from multiple vendors and ASICs. It offers a full-suite of network functionality, like BGP and RDMA, that has been production-hardened in the data centers of some of the largest cloud-service providers. It offers teams the flexibility to create the network solutions they need while leveraging the collective strength of a large ecosystem and community. 

Existing Ecosystem

SONiC brings a strong existing ecosystem, with premier members including Alibaba, Broadcom, Dell, Google, Intel, Microsoft, NVIDIA and 50+ global partners. The SONiC community will host its first hackathon later this year. Stay tuned for details and registration information. More information about SONiC, including how to join, is available at SONiC (azure.github.io).

Support from Key Stakeholders & Customers

Alibaba

“This is a big milestone for the SONiC community. After joining the Linux Foundation, the SONiC community will play a much more important role in the networking ecosystem,” said Dennis Cai, Head of Network Infrastructure, Alibaba Cloud. “Congratulations!  As one of the pioneering SONiC users and contributors, Alibaba Cloud has widely deployed SONiC- based whitebox switches in our data centers, edge computing cloud, P4- based network gateways, and will extend the deployment to Wide Area Networks. With modern network OS design and operation- friendly features, we already gained tremendous value from the large-scale deployments. Alibaba is committed to the SONiC community, and will continue bringing our large-scale deployment best practices to the community, such as open hardware specs , network in-band telemetry, high performance networking, and network resiliency features, SRv6, etc.” 

Broadcom

“Large hyperscalers agree that merchant silicon, hardware independence, and open source protocol and management stack are essential for running their data center networks. Broadcom has wholeheartedly supported this vision with leading-edge, predictable silicon execution and contributions to the SONiC project. We are excited to see the SONiC initiative join the Linux Foundation and look forward to working with the streamlined ecosystem to drive the data center and hyperscale needs of the future,” said Mohammad Hanif, senior director of engineering, Core Switching Group, Broadcom.

Dell Technologies 

“We believe SONiC will continue its accelerated adoption into the modern data center, delivering the scale, flexibility and programmability needed to run enterprise-level networks,” said Dave Lincoln, vice president of product management at Dell Technologies. “As a leading SONiC contributor, we see the advantages it brings to the supporting open source community and customers. As we continue the drive to take open-source-based solutions mainstream, we look forward to working with the Linux Foundation and its supporting communities to drive SONIC’s development and adoption.”

EBay

“eBay operates a large-scale network infrastructure to support its growing global business. eBay cares about the openness and quality of NOS to operate its network infrastructure. eBay is an active participant in the SONiC community and deploys SONiC at scale in its infrastructure. eBay is excited to see this next step of growth of the SONiC community,” said Parantap Lahiri, vice president, Network and Datacenter Engineering at eBay. 

EPFL

“At EPFL, we have been looking for a vendor neutral and flexible NOS that can provide HaaS capabilities for our Private Cloud Environment. SONiC OS provides us the solution we have been looking for in our Data Centre, allowing us to migrate to a powerful and modern Data Centre network. We are looking forward to this next phase in the SONiC community,” said Julien Demierre, Network and System architect at EPFL.

Google

“We believe moving SONiC to the Linux Foundation is very important as it will further enhance collaboration across the open source network, community and ecosystem. Google has more than a decade of experience in SDN; our data centers and WAN are exclusively SDN controlled, and we are excited to have helped bring SDN capabilities to SONiC . We fully support the move to the LF and intend to continue making significant upstream contributions to drive feature velocity and make it easier for operators to realize the benefits of SDN with PINS/SONiC and P4,” said  Dan Lenoski, vice president, Engineering, Network Infrastructure, Google. 

Intel 

“Intel has a strong history of working with SONiC and the Linux Foundation to help to propel innovation in an open, cooperative environment where ideas are shared and iterated.  We continually promote open collaboration, encompassing open-source technologies such as the Infrastructure Programmer Developer Kit and P4 integrated networking stack (PINS), using Intel Xeon Scalable processors, Infrastructure Processing Units and Tofino Intelligent Fabric Processors as base hardware,” said Ed Doe, vice president and general manager, Switch and Fabric Group at Intel. “Joining the Linux Foundation will help SONiC to flourish, and in turn create greater benefit for cloud service providers, network operators and enterprises to create customized network solutions and transform data-intensive workloads from data center to the edge.”

NVIDIA

“This is an important milestone for SONiC and the community behind it,” said Amit Katz, vice president of Ethernet Switches at NVIDIA. “NVIDIA is committed to supporting the community version of SONiC that is 100 percent open source, enabling data center operators to control the code inside their cloud fabrics, accelerated by state-of-the-art platforms with SONiC support, such as NVIDIA’s Spectrum family of switches.” 

Open Compute Project 

“The Open Compute Project Foundation is pleased to continue its collaboration with SONIC as part of the OCP’s new hardware – software co-design strategy. The open source SONiC Network Operating System is enabling rapid innovation across the network ecosystem, and it began with the definition of the Switch Abstraction Interface (SAI) at OCP.   Hardware – software co-design focuses on software that requires intimate knowledge of the hardware to drive maximum hardware performance, and speed time-to-market for hardware where system performance and ecological footprint can be highly dependent on software and hardware interactions,” said George Tchaparian, CEO Open Compute Project Foundation.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post Software for Open Networking in the Cloud (SONiC) Moves to the Linux Foundation appeared first on Linux Foundation.

About 3 ½ years ago, Sanath Kumar Ramesh and his wife welcomed their son, Raghav,  into the world. Like any new parents, he immediately became their everything. And, as new parents do, they threw him a 1st birthday bash where many of their friends and family were meeting Raghav for the first time. 

As Sanath was getting ready to cut the cake, he received a call from Raghav’s doctor. The doctor informed him hey received the results from a battery of tests and, “We think he has an ultra-rare genetic disease called SSMD (Spondylometaphyseal Dysplasia), but, unfortunately, we don’t know much about the disease because all of the other kids died just a few weeks after birth. Your son is lucky to be alive.”

Sanath recounts, “I was taken aback. I was standing at my son’s first of many birthday parties to come and someone was telling me that Raghav was lucky to be alive. This was a turning point in my career – in my whole life.” 

In plain English, he has a typo in his GPX4 gene. The G became A. Consequently, he can’t sit, stand, walk, or eat by mouth. 

Raghav has what is called an ultra-rare disease. Only 9 other children have been diagnosed around the world. 

He called hundreds of hospitals, doctors, researchers, etc. and found no treatments. So, he took matters into his own hands. He tried 5 different drugs and saw some improvements, but not enough to “give him the life he deserves.” Raghav did lift his head up at 13 months – something he never did before. At 3, he is still unable to sit, stand, walk, and talk, and it looks like his disease is progressing faster than they anticipated. 

While SSMD only has a handful of known patients, 400 million people around the world live with over 7,000 rare diseases and disorders. 93% have no FDA-approved treatment. 

So, Sanath began asking researchers, How do we bring treatments to all of the rare diseases? Unfortunately, there is no simple solution. The drug development process is a maze and the biology of most is a complete mystery. But the advice he got was to foster open collaboration, lower the cost, and operate at a global scale.

Source: Open Treatments Foundation

Well, that sounds exactly like the open source model – something Sanath knows well. So, in March 2021, he started the Open Treatments Foundation with the mission to, “Create a society where there is at least one treatment for all genetic diseases accessible to all patients.” That is one giant BHAG. 

They settled on four strategies: 

1. Put every disease on the map: increase disease awareness, build a robust patient community
2. Make diseases easy to work with: open source animal models, assays, and natural history data 
3. Generate more money for research: crowdfunding, incentive-based funding, etc.
4. Create more drug developers: decentralize drug development, go global

They also chose to collaborate with The Linux Foundation on the open source software and created the RareCamp project to house the source code under an Apache 2.0 license and to create and foster a community. The ball is rolling.

On a more personal level, I spent the previous five years working for individuals with rare disorders and diseases. Specifically, I worked at the National Fragile X Foundation. Fragile X syndrome is an inherited, intellectual/developmental disability and is rare (but not ultra-rare). My advocacy extended to all individuals with rare diseases/disorders through groups like the EveryLife Foundation and the Friends of the National Center for Birth Defects and Developmental Disorders – so I am especially excited to see this work. 

Our Fragile X parents would often say this isn’t the life they anticipated or hoped for, but they are better for it. I would say our world will be a better place because of sweet Raghav and all the work he is inspiring. Are you inspired? Join us! As Jim Zemlin said when Sanath spoke at the 2021 Open Source Summit, this project is about, “personal motivation and a collective response.” Can you be part of the collective response? Visit rarecamp.org.

This is just one of the many projects at The Linux Foundation that has the potential to make a major, positive impact on the world. As Jim also stated, “We are just getting started addressing huge issues like rare diseases.”

The post A Rarity in Open Source appeared first on Linux Foundation.

Zephyr RTOS Powers T-Mobile’s First Developer Kit, Designed to Increase Developer Innovation & Make Connection to the Network Easy

SAN FRANCISCO, April 14, 2022 – Today, the Zephyr® Project announced that T-Mobile has joined as a Platinum member, leveraging the Real-Time Operating System (RTOS) to power its new Developer Kit, which gives innovators fast and easy access to build on T-Mobile’s network. The Zephyr Project is an open source project at the Linux Foundation that builds a safe, secure and flexible RTOS for resource-constrained devices. T-Mobile is the first wireless carrier to join the project.

“As a leader in the industry and our first telecom member, T-Mobile brings a unique perspective and expertise to the Zephyr ecosystem,” said Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation. “Zephyr’s existing wireless capabilities (Bluetooth Low Energy, Wi-Fi, and 802.15.4), coupled with DevEdge, T-Mobile’s new developer platform, will unleash innovators to create new solutions for the connected future.”

Zephyr RTOS is easy to deploy, secure, connect and manage and supports more than 350 boards running embedded microcontrollers from Arm and RISC-V to Tensilica, NIOS, and ARC as single and multicore systems. It has a growing set of software libraries that can be used across various applications and industry sectors such as Industrial IoT, wearables, machine learning and more. Zephyr is built with an emphasis on broad chipset support, security, dependability, long-term support releases and a growing open source ecosystem.

“T-Mobile is thrilled to be the first wireless provider to join the Zephyr Project. As we shared when we launched DevEdge earlier this month, we envision a future where everything that can be connected, will be. And that requires massive innovation.” said Rob Roy, SVP of Emerging Business Innovation at T-Mobile. “Zephyr’s RTOS will help T-Mobile enable developers to build better and faster, unlocking massive innovation on our network.”

T-Mobile’s new Developer Kit, which will run on Zephyr RTOS, gives developers immediate access to T-Mobile’s network – no out-of-pocket costs, no testing hardware, no lengthy build time required. And for a limited time, T-Mobile is giving away Developer Kits for free while supplies last to developers who sign up now. To learn more, and to sign-up for a kit, developers can visit devedge.t-mobile.com/solutions/iot-developer-kit.

T-Mobile joins other Platinum members including Antmicro, Baumer, Google, Intel, Meta, Nordic Semiconductor, NXP, Oticon and Qualcomm Innovation Center. T-Mobile will join the Zephyr Governing Board and its commitment to ensure balanced collaboration and feedback that meets the needs of its community.

Other Zephyr Project members include AVSystem, BayLibre, Beijing University of Posts and Telecommunications (BUPT), Eclipse Foundation, FIWARE, Foundries.io, Golioth, Infineon, Institute of Communication and Computer Systems (ICCS), Laird Connectivity, Linaro, Memfault, Northeastern University, Parasoft, Percepio, Research Institute of Sweden (RISE), RISC-V, SiFive, Silicon Labs, Synopsys, Texas Instruments and Wind River.

Zephyr Developer Summit

The Zephyr community will gather virtually and in-person at the Computer History Museum in Mountain View, California, on June 8-9. The second annual Zephyr Developer Summit will feature speakers from Antmicro, AVSystem, Bitergia, Boston Technology Law, Entropic Engineering, Circuit Dojo, Facebook/Meta, Golioth, Google, Huawei, Intel, Laird Connectivity, Lattix, Linaro, The Linux Foundation, Nordic Semiconductor, Percepio, Samsung, ST Microelectronics, Synopsys, Wind River and Zonneplan.

The Summit is open to the public with various registration rates to attend in-person or virtually. Learn more and register here: https://events.linuxfoundation.org/zephyr-developer-summit/register/.

A few of highlights of the Zephyr Developer Summit include:

• An Intro to Zephyr Day on June 7 that offer several presentations and overviews for new developers. It will also feature in-depth hands-on tutorials from Golioth and Nordic Semiconductor.
• A Mini-Conference for Testing & Traceability that features sessions about design and testing, unit tests and emulators, new framework for testing fleet of platforms, and a Birds of a Feather (BoF) for quality and testing processes for Zephyr.
• A Mini-Conference for RISC-V collaboration with presentations about SMP support, what it is currently and what lies ahead, as well as the use of the RISC-V architecture in the Zephyr ecosystem.

The complete schedule for the Summit can be found here. The Zephyr Developer Summit is made possible thanks to Diamond Sponsors Antmicro, Google and Intel; Platinum Sponsor Nordic Semiconductor; Gold Sponsor NXP; Silver Sponsors Golioth and Memfault and Session Recording Sponsor BayLibre.

Last year, almost 700 people registered for the first-ever virtual Zephyr Developer Summit in June. The event consisted of 5 mini-conferences, 28 sessions and 51 speakers who presented technical content, best practices, real-world use cases and more. Videos are available on the Zephyr Project YouTube Channel.

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr Project

The Zephyr Project is an open source, scalable real-time operating system (RTOS) supporting multiple hardware architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The post T-Mobile joins the Zephyr Project as Platinum Member appeared first on Linux Foundation.

Premier event for open source developers and community contributors will feature visionary speakers offering insights on a range of topics: WASM, Cloud Native Computing, Diversity, Community Leadership, Linux and more.

SAN FRANCISCO, April 13, 2022 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the first round of keynote speakers taking the stage at Open Source Summit North America, June 21-24, in Austin, TX and virtually.

Open Source Summit North America is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems, and gain knowledge, furthering open source innovation and ensuring a sustainable open source ecosystem. It is a conference umbrella comprising 14 events covering the most important technologies and topics in open source including Linux, Embedded Systems, Supply Chain Security, AI + Data, Cloud, Community Leadership, OSPOs, Software Vulnerabilities, Diversity, IoT, Critical Systems, Containers and more.

2022 Keynote Speakers Include:

• Alena Analeigh, Founder, Brown STEM Girl
• Eric Brewer, Vice President of Infrastructure, Google
• Matt Butcher, Chief Executive Officer, Fermyon Technologies
• Taylor Dolazel, Head of Ecosystem, Cloud Native Computing Foundation
• Melissa Evers, Vice President and General Manager of Software/Ecosystem Strategy, Intel Corporation
• Amy Gilliland, President, General Dynamics Information Technology (GDIT)
• Orion Jean, TIME 2021 Kid of the Year, Author and Kindness Activist
• Todd Moore, Vice President – Open Technology and Developer Advocacy, CTO DEG, IBM
• Melissa Smolensky, Vice President, Corporate Marketing, GitLab
• Linus Torvalds, Creator of Linux & Git in conversation with Dirk Hohndel, Founder, DH Consulting
• Chris Wright, Senior Vice President and Chief Technology Officer, Red Hat

The full schedule of sessions will be announced on April 21, with additional keynotes also being announced in the coming weeks.

Registration (in-person) is offered at the early price of $850 through April 26. Regisration to attend virtually is $25. Members of The Linux Foundation receive a 20 percent discount off registration and can contact events@linuxfoundation.org to request a member discount code.

Applications for diversity and need-based scholarships are currently being accepted. For information on eligibility and how to apply, please click here. The Linux Foundation’s Travel Fund is also accepting applications, with the goal of enabling open source developers and community members to attend events that they would otherwise be unable to attend due to a lack of funding. To learn more and apply, please click here.

Health and Safety
In-person attendees will be required to be fully vaccinated against the COVID-19 virus and will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage.

Event Sponsors
Open Source Summit North America 2022 is made possible thanks to our sponsors, including Diamond Sponsors: Google and IBM, Platinum Sponsors: Cloud Native Computing Foundation, Intel and Red Hat, and Gold Sponsors: Camunda, Checkmarx, Coder, Dell Technologies, GitLab, InfluxData, Kubecost, Styra and Whitesource. For information on becoming an event sponsor, click here or email us.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, Linkedin, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contact

Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation Announces 1st Round of Keynotes Speakers for Open Source Summit North America 2022 appeared first on Linux Foundation.

New Open Source Project at the Linux Foundation brings Cloud, Telecom and Network functions providers together in a Kubernetes world 

San Francisco—April 12, 2022  Today, the Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the formation of project Nephio in partnership with Google Cloud and leaders across the telecommunications industry. The Linux Foundation provides a venue for continued ecosystem, developer growth and diversity, as well as collaboration across the open source ecosystems.

Building, managing and deploying scalable 5G networks across multiple edge locations is complex. The Telco industry needs true cloud-native automation to be faster, simpler and easier, while achieving agility and optimization in cloud based deployments. To address these challenges, Google Cloud and the Linux Foundation have founded “Nephio.”  The project has support from several founding organizations including Service providers: Airtel, Bell Canada, Elisa, Equinix, Jio, Orange, Rakuten Mobile, TIM, TELUS, Vapor IO, Virgin Media O2, WINDTRE as well as Network Function, Service and Infrastructure Vendors: Aarna Networks, ARM, Casa-systems, DZS, Ericsson, F5, Intel, Juniper, Mavenir, Nokia, Parallel Wireless, VMware. 

Cloud Native Principles have come a long way and as we see Cloud Service Providers collaborating with Telecom Service Providers and Enterprises, a new way of simplifying automation of network functions is emerging. 

Nephio aims to deliver carrier-grade, simple, open, Kubernetes-based cloud native intent automation and common automation templates that materially simplify the deployment and management of multi-vendor cloud infrastructure and network functions across large scale edge deployments. 

Additionally, Nephio will enable faster onboarding of network functions to production including provisioning of underlying cloud infrastructure with a true cloud native approach, and reduce costs of adoption of cloud and network infrastructure.

Google Cloud

“Telecommunication companies are looking for new solutions for managing their cloud ready and cloud native infrastructures as well as their 5G networks to achieve the scale, efficiency, and high reliability needed to operate more cost effectively,” said Amol Phadke, managing director, Telecom Industry Products & Solutions, Google Cloud. “We look forward to working alongside The Linux Foundation, and our partners, in the creation of Nephio to set an industry open standard for Kubernetes-based intent automation that will result in faster and better connected cloud-native networks of the future.” 

Linux Foundation 

“Collaboration across Telecom and Cloud Service Providers is accelerating and we are excited to bring Nephio to the open source community,” said Arpit Joshipura, GM Networking, Edge & IOT, The Linux Foundation, “As end users demand end to end open source solutions, projects like Nephio complement the innovation across LFN, CNCF, LF Edge for faster deployment of telecom network functions in a cloud-native world.” 

More information about Nephio is available at www.nephio.org. 

Service Providers

Airtel

“Zero touch deployment, configuration and operations of network functions predominantly on the edge of the network and in multi-cloud and multi-vendor scenarios is a significant challenge for all operators across the globe. A cloud-native orchestration and automation approach is the absolute need of the hour. Airtel is looking forward to being part of the LF and Google initiative to develop innovative solutions to simplify network operations,” said Manish Gangey, SVP and Head – R&D, Bharti Airtel.

Bell

“Similar to our early participation in the Linux Foundation ONAP initiative, Bell Canada is thrilled to collaborate in this next chapter of Telco softwarization,” said Petri Lyytikainen, VP Network, Bell Canada. “With innovations like 5G, ORAN and a new era of distributed cloud computing, Nephio and its community will be key in accelerating network and infrastructure automation towards a true cloud-native and intent-driven approach. This important work will help drive the evolution of network technology that will benefit Bell customers and the telecoms industry in Canada for years to come.”

Elisa   

“Elisa has a long history of network automation and cloud services. That has been utilized by the leading network analytics and automation solution provider Elisa Polystar,” said Anssi Okkonen, CEO of Elisa Polystar. “We are looking forward to working together with Linux Foundation, Google Cloud and Nephio community to enable new cloud-native automation solutions for building the tools for self-driving networks.” 

Equinix

“We believe in innovation through collaboration and are pleased to join the Nephio project to help build advanced digital infrastructure orchestration capabilities for telco (5G) cloud native network functions,” said Justin Dustzadeh, CTO at Equinix. “We look forward to collaborating with the developer community and members of the Nephio project to make it easier for developers to manage distributed infrastructure and help businesses drive digital transformation.”

Jio

“Jio is excited to be part of the Nephio initiative. At a time when 5G Standalone deployments are rapidly coming on-stream globally, Nephio will play a pivotal role in the journey of telcos towards adopting a cloud native 5G Network,” said Aayush Bhatnagar, SVP, Jio. 

Orange

“For telecom operators, Cloud Native technologies will unleash many new opportunities. By providing a cloud native intent automation framework, Nephio should play a key role in the telecommunications ecosystem by enabling on-demand connectivity and zero touch operator capabilities, thus benefiting the entire industry, developers, vendors, integrators, operators,” said Laurent Leboucher, group CTO and SVP, Orange Innovation Networks.

Rakuten Mobile

“The telecommunications industry is undergoing transformative change, with cloud native technologies bringing the industry into the modern era. When building Rakuten Mobile’s cloud native network in Japan, we understood the challenges of an open ecosystem and also realized the many benefits of cloud architecture, including automation, zero-touch provisioning and unprecedented agility. We’re excited to join Nephio in working to reimagine what telecommunications can be in the cloud era,” commented Sharad Sriwastawa, CTO, Rakuten Mobile.

TIM

“We believe that the adoption of Cloud Native technology and philosophy will represent a cornerstone for the future of telecommunications, merging the world of cloud services and the world of telco services into one single digital platform. The automation framework is probably the most sensitive and strategic part of this platform that will be able to stimulate innovation during coming years,” said Crescenzo Micheli, VP Technology & Innovation at Telecom Italia (TIM). “We believe the Nephio project could play a fundamental role to speed up this process.” 

TELUS

“TELUS is excited to be contributing to this Linux Foundation project. Innovation and collaboration have been a life-long journey for us; accelerating the adoption of Cloud Native technologies is a must to meet our customers’ ever-changing expectations,” said Ibrahim Gedeon, CTO at TELUS. “We are excited to build on our 10-year strategic partnership with Google Cloud and collaborate with the Linux Foundation. Together we will maximize the scalability and agility of our global-leading network, simplifying and rethinking the operating digital models of our customers while building a better future for all Canadians and globally. This cannot be more true than with 5G and fiberizing the world as we enter a new era of hyper-connectivity. Combining high speeds, bandwidth and reliability with cloud computing and automation will transform the way we operate, enabling solutions like smart cities and connected cars and transforming key verticals across agriculture, healthcare and manufacturing.”

Vapor IO

“Nephio depends on critical underlying infrastructure like Vapor IO’s Kinetic Grid to automate the deployment of carrier-grade network functions,” said Cole Crawford, founder & CEO of Vapor IO. “Automating at-scale operations across multiple clouds is a complicated task. We applaud Google for selecting the Linux Foundation for bringing these capabilities to market via an open source platform. This could be a watershed moment in the telecom industry, transforming historically complicated network deployments and operations into cloud-native workflows with high degrees of automation. This will lower the cost of 5G deployments and increase the overall competitiveness of the telecom industry.”

Virgin Media O2

“We are continually looking at improving and evolving our automation strategies, especially around Kubernetes.  We are incredibly motivated to work closely with the Linux Foundation and Nephio toward network automation and the process of using software to automate network and security provisioning and management to maximize network efficiency and functionality continuously,” said Paul Greaves, head of Automation and Orchestration Virgin Media O2.

WINDTRE

“Cloudnative platforms are an essential offering for accelerating the enterprises’ digitization journey plans over the next few years. Nephio, the new automation model based on Kubernetes, is the step to support the evolution of 5G networks and the edge infrastructures for dynamic services. We are pleased to be part of the Nephio community,” said Massimo Motta, Architecture and governance director of WINDTRE.

Network Function, Service and Infrastructure Vendors

Aarna Networks

“We actively utilize and contribute back to Linux Foundation Networking projects to help customers simplify the orchestration, lifecycle management, and automated service assurance of 5G networks and edge computing applications,” said Amar Kapadia, co-founder and CEO, Aarna Networks. “Similarly, we look forward to collaborating on the Nephio project to simplify numerous platform, infrastructure, and network pain points of 5G and edge deployments.” 

Arm

​​“5G is expected to be the fastest-deployed mobile technology in history, but only if we can remove the barriers to efficient large-scale deployment. The founding of Nephio brings the benefits of cloud native technology to 5G networks, improving operational agility and reducing deployment costs so that we can economically meet the surge in connectivity demand,” said Eddie Ramirez, VP, Infrastructure Line of Business, Arm.

Casa Systems 

“Next-generation networks require the flexibility and agility of the cloud at the network edge. We are pleased to be working with the Linux Foundation, Google and the broader community of partners on the Nephio initiative to develop industry standards for cloud-native, Kubernetes-based automation and orchestration solutions that will enable tomorrow’s all-connected world,” said Gibson Ang, vice president of Technology and Product Management, Casa Systems. 

DZS

“As an advocate of open standards-based solutions for the network edge, DZS enthusiastically supports this joint initiative with the Linux Foundation and Google. We look forward to collaborating with global converged carrier customers of DZS and other ecosystem partners on the Nephio project as we usher in a new era of connectivity by addressing the industry demand for multi-domain, software-driven automation and orchestration across distributed cloud-native networks for 5G and beyond,” said Andrew Bender, CTO, DZS. 

Ericsson

“The openness and flexibility of the 5G cloud native architecture brings significant opportunities for CSPs to expand existing business as well as building new business for enterprise customers. For CSPs to scale the business, simplification and automation of lifecycle and workload management across hybrid and multi cloud environments is key,” said Anders Vestergren, head of strategy portfolio and technology, Business Area Digital Services, Ericsson. “We look forward to collaborating with other industry leaders as part of the Nephio project to enhance Kubernetes with an industry-standard automation framework for cloud native deployments.”

F5 

“F5 has been partnering with many service providers in their transformation journey building and operating cloud-native infrastructure for 5G, with special focus on scaling and securing telco protocols and workloads. We are excited to join the Linux Foundation and the Nephio project to help accelerate our customers’ digital initiatives,” said Ankur Singla, SVP, GM, Distributed Cloud Services, F5.

Intel 

“Innovation at the edge is the next frontier of business opportunity. Nephio is a ground-breaking step to provide Cloud Service Providers with a carrier-grade, open, and extensible Kubernetes-based cloud-native automation framework, and common automation templates that simplify large scale edge deployment. We are pleased to be working in collaboration with the Linux Foundation and broader Nephio community to help simplify edge automation,” said  Rajesh Gadiyar, VP and CTO, Network Platforms Group at Intel.

Juniper

“Kubernetes-centric automation, leveraging cloud native principles, is an integral part of Juniper Networks’ experience-first networking strategy. We are therefore excited to join the Nephio project at the Linux Foundation as a founding partner, continuing Juniper’s long-standing tradition as a major supporter of and active contributor to the open source community. We look forward to working with other leading technology companies and mobile operators, as well as the broader Kubernetes open source community, to ensure that Nephio helps to advance cloud native automation at scale, for the benefit of all.” Constantine Polychronopoulos, VP of 5G & Telco Cloud at Juniper Networks.

Mavenir

“Network automation is a key driver for Telco network cloudification. A Kubernetes native automation framework with proven success in other vertical applications automation is promising for the Telco space. We are pleased to be part of the Google/Linux  Foundation initiative to accelerate this move on the public cloud and look forward to collaborating with the Nephio community,” said Bejoy Pankajakshan, CTSO of Mavenir.

Nokia           

“Nokia has always led in the drive to deliver open cloud-based networks and services that usher new value and possibilities of customer experience that fuel revenue growth for everyone. Automation of deployment, configuration and operations of network functions, that work seamlessly in a complex multi-cloud and multi-vendor network environment, are key to achieving the above goals. Nokia is pleased to join its customers and partners in a collaboration to co-innovate on the ‘democratic’ building blocks for the right tools of tomorrow’s networks.” Jitin Bhandari, CTO, Cloud and Network Services, Nokia

Parallel Wireless     

Steve Papa, CEO, Parallel Wireless, said, “Parallel Wireless is cloudifying 2G 3G 4G and 5G Open RAN and the Google/Linux Foundation initiative cloud-native architecture will allow fast deployment of RAN services on site, fast and fault-proofed upgrades and scalability — where resources can be scaled in an instant based on the end-user needs. Parallel Wireless is proud to join this initiative to help mobile operators modernize their networks via cloudification and bring innovation and cost savings.”

VMware

Lakshmi Mandyam, vice president of product management and partner ecosystems, Service Provider & Edge, VMware, said, “CSPs are embracing multi-cloud to create revenue-accelerating services, reduce operational costs and simplify network operations.  VMware’s vision for CSPs enables a cloud-first approach to management and orchestration across the core, RAN and edge, aligning with the goals of the Linux Foundation and Nephio project. We look forward to contributing to this initiative that will foster a multi-vendor ecosystem and support faster on-boarding, automation and life-cycle management for cloud-native networks.”

About Nephio

Nephio’s goal is to deliver carrier-grade, simple, open, Kubernetes-based cloud-native intent automation and common automation templates that materially simplify the deployment and management of multi-vendor cloud infrastructure and network functions across large scale edge deployments. Nephio enables faster onboarding of network functions to production including provisioning of underlying cloud infrastructure with a true cloud native approach, and reduces costs of adoption of cloud and network infrastructure. More information can be found at www.nephio.org.

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

#####

The post The Linux Foundation and Google Cloud Launch Nephio to Enable and Simplify Cloud Native Automation of Telecom Network Functions appeared first on Linux Foundation.

• LFN Community publishes white paper highlighting cybersecurity efforts 
• Telecom, Cloud and Enterprise align with 5G Super Blue Print across ONAP, Anuket, EMCO, Magma, ORAN-SC and more projects as Enterprise eBFP project, L3AF, is inducted into LF Networking
• ATOS, GenXComm, Keysight Technologies and Telaverge Communications join LFN as Silver members

SAN FRANCISCO, April 12, 2022 – LF Networking, which facilitates collaboration and operational excellence across open source networking projects, ​today announced continued momentum focused on re-aggregation, with updates to security, 5G blueprints, and the addition of four new Silver members: ATOS, GenXComm, Keysight Technologies, and Telaverge Communications. 

“As the LF Networking community rolls into its fourth year as an umbrella project organization, we are pleased to see robust efforts focused on securing 5G across multiple project & foundations as we welcome even more industry-leading organizations to the project,” said Arpit Joshipura, general manager, Networking, Edge and IoT, the Linux Foundation. “It’s the robust and diverse set of member companies that enable LFN’s collaborative innovation into the future of 5G and networking.”

5G Super Blue Print Ecosystem Expands

The community is making progress with the 5G Super Blueprint,  a community-driven integration/illustration of multiple open source initiatives, projects, and vendors coming together to show use cases demonstrating implementation architectures for end users. The 5G Super Blueprint is now integrated across even more projects––including Magma (1.6), EMCO, and Anuket––building open source components applicable to a variety of industry use cases. Preliminary scoping for future integrations with the O-RAN Software Community have begun, setting the stage for end-to-end open source interoperability from the core through the RAN and future compliance activities.

Meanwhile, the L3AF project has been inducted into the LF Networking umbrella, as membership expands further across the ecosystem with new Silver members. 

L3AF is an open source project, developed by Walmart, housing cutting-edge solutions in the realm of eBPF (a revolutionary technology that allows us to run sandboxed programs in an operating system kernel) that provides complete life-cycle management of eBPF programs with the help of an advanced control plane that has been written in Golang. The  control plane orchestrates and composes independent eBPF programs across the network infrastructure to solve crucial business problems. L3AF’s eBPF programs include load-balancing, rate limiting, traffic mirroring, flow exporter, packet manipulation, performance tuning, and many more.  L3AF joined the Linux Foundation in fall of 2021 and has now been inducted into the LF Networking project umbrella. 

New LFN Silver members include:

• ATOS, a multi-vendor end-to-end system integrator in both IT and telecom network space; specialized in multi-cloud solutions, edge and MEC, 5G-enabled applications with an AI/ML  focus, cybersecurity, and decarbonization.
•  GenXComm Inc.’s mission is to deliver limitless computing power, fast connectivity, and on-demand intelligence to every location on Earth
• Keysight  Technologies, Inc. is a leading technology company that delivers advanced design and validation solutions to help accelerate innovation to connect and secure the world
• Telaverge Communications  is the leader in complete Network Test Automation Orchestration and Digital Transformation products (Regal for Containers and Cloud) designed for enterprises, operators and OEM’s.  Telaverge’s open source based private LTE and 5G cores are pre-integrated with Regal for zero touch testing and deployment.

A full list of LFN member organizations can be found here: https://www.lfnetworking.org/membership/members/ 

LFN Security White Paper

Highlighting its security efforts to help secure open source networking against cybersecurity attacks, the community published a white paper titled “Securing Open Source 5G from End to End” that is now available for download. 

“A unique advantage of developing software in the open is more eyes on the code;  when it comes to security, that translates to large groups of experts who can propose improvements and enhancements in a faster, more scalable fashion– and that is true for LFN,” said Amy Zwarico, vice chair of the ONAP Security subcommittee. “Community collaboration via security working groups and sub-committees to address secure software development practices, SBOMs, DDoS mitigation and other threats are just some of the steps LFN is taking to create code that can be trusted to run our networks.”

At a time when the United States White House has issued multiple Executive Orders to address cybersecurity and supply chain attacks, the LFN community continues to take steps to ensure open source networking is secure. The group is publishing a white paper to outline its security strategies, including the formation of security-focused committees and subcommittees; development and adoption of security Software Bill of Materials (SBOM); OpenSSF badging; and use of the LFX Platform’s Security Dashboard to enable developers to identify and resolve vulnerabilities quickly and easily; and more. Download the white paper for more information. 

Upcoming Events

The LF Networking developer community will host the LFN Developer & Testing Forum this Spring, taking place June 13-16, in Porto, Portugal. Registration for that event is open, with more details to come. 

Open Networking & Edge (ONE) Summit North America will take place November 15-16 in Seattle, Wash. The event will be followed by a two-day LFN Developer & Testing Forum (Nov 17-18) in the same venue. The Open Networking & Edge Summit is the industry’s premier open networking and edge computing event focused on end to end solutions powered by open source in the Telco, Cloud, and Enterprise verticals. Attendees will learn how to leverage open source ecosystems and gain new insights for digital transformation. More information will be available soon. 

Support from new members

“The mission of Atos is to support our customers throughout a multitude of industry sectors on their edge-to-cloud journey. We help telecom customers leverage cloud synergies between their IT and their network, and introduce new edge computing and 5G MEC services. We are excited about ONAP and other programs of the LFN, as they facilitate exactly these synergies in a growing market.”

“Keysight is pleased to join LF Networking as a silver member and contribute to an ecosystem with the common goal of advancing technology and innovation built on open source software and standards,” said Kalyan Sundhar, vice president of Edge-to-Core Networks at Keysight Technologies. “Keysight leverages open source standards for end-to-end network harmonization produced by the LF Networking community to enable this ecosystem to cost-effectively accelerate protocol and performance design validation.”

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

The post Secure Open Source 5G Gains Momentum as Community Focuses on Re-aggregation, with 5G Super-Blueprints and New Members  appeared first on Linux Foundation.

Here at The Linux Foundation’s blog, we share content from our projects, such as this article by Joel Hans from the Cloud Native Computing Foundation’s blog. 

The telecommunications industry is the backbone of today’s increasingly-digital economies, but it faces a difficult new challenge in evolving to meet modern infrastructure practices. How did telecommunications get itself into this situation? Because the risks of incidents or downtime are so severe, the industry has focused almost exclusively on system designs that minimize risk and maximize reliability. That’s fantastic for mission-critical services, whether public air traffic control or private high-speed banking, but it emphasizes stability over productivity and the adoption of new technologies that might make their operations more resilient and performant.

Telecommunications is playing catch-up on cloud native technology, and the downstream effects are starting to show. These organizations are now behind the times on the de facto choices for enterprise and IT, which means they’re less likely to recruit the top-tier engineering talent they need. In increasingly competitive landscapes, they need to escalate productivity and deploy new telephony platforms to market faster, not get quagmired in old custom solutions built in-house.

To make that leap from internally-trusted to industry-trusted tooling, telecommunications organizations need confidence that they’re on track to properly evolve their virtual network function (VNF) infrastructure to enable cloud native functions using Kubernetes. That’s where CNCF aims to help.

Enter the CNF Test Suite for telecommunications

A cloud native network function (CNF) is an application that implements or facilitates network functionality in a cloud native way, developed using standardized principles and consisting of at least one microservice.

And the CNF Test Suite (cncf/cnf-testsuite) is an open source test suite for telcos to know exactly how cloud native their CNFs are. It’s designed for telecommunications developers and network operators, building with Kubernetes and other cloud native technology, to validate how well they’re following cloud native principles and best practices, like immutable infrastructure, declarative APIs, and a “repeatable deployment process.”

The CNCF is bringing together the Telecom User Group (TUG) and the Cloud Native Network Function Working Group (CNF WG) to implement the CNF Test Suite, which helps telco developers and ops teams build faster feedback loops thanks to the suite’s flexible testing and optimized execution time. Because it can be integrated into any CI/CD pipeline, whether in development or pre-production checks, or run as a standalone test for a single CNF, telecommunications development teams get at-a-glance understanding of how their new deployments align with the cloud native ecosystem, including CNCF-hosted projects, technologies, and concepts.

It’s a powerful answer to a difficult question: How cloud native are we?

The CNF Test Suite leverages 10 CNCF-hosted projects and several open source tools. A modified version of CoreDNS is used as an example CNF for end users to get familiar with the test suite in five steps, and Prometheus is utilized in an observability test to check the best practice for CNFs to actively expose metrics. And it packages other upstream tools, like OPA Gatekeeper, Helm linter, and Promtool to make installation, configuration, and versioning repeatable. The CNF Test Suite team is also grateful to contributions from Kyverno on security tests, LitmusChaos for resilience tests, and Kubescope for security policies.

The minimal install for the CNF Test Suite requires only a running Kubernetes cluster, kubectl, curl, and helm, and even supports running CNF tests on air-gapped machines or those who might need to self-host the image repositories. Once installed, you can use an example CNF or bring your own—all you need is to supply the .yml file and run `cnf-testsuite all` to run all the available tests. There’s even a quick five-step process for deploying the suite and getting recommendations in less than 15 minutes.

What the CNF Test Suite covers and why

At the start of 2022, the CNF Test Suite can run approximately 60 workload tests, which are segmented into 7 different categories.

Compatibility, Installability & Upgradability: CNFs should work with any Certified Kubernetes product and any CNI-compatible network that meet their functionality requirements while using standard, in-band deployment tools such as Helm (version 3) charts. The CNF Test Suite checks whether the CNF can be horizontally and vertically scaled using `kubectl` to ensure it can leverage Kubernetes’ built-in functionality.

Microservice: The CNF should be developed and delivered as a microservice for improved agility, or the development time required between deployments. Agile organizations can deploy new features more frequently or allow multiple teams to safely deploy patches based on their functional area, like fixing security vulnerabilities, without having to sync with other teams first.

State: A cloud native infrastructure should be immutable, environmentally-agnostic, and resilient to node failure, which means properly managing configuration, persistent data, and state. A CNF’s configuration should be stateless, stored in a custom resource definition or a separate database over local storage, with any persistent data managed by StatefulSets. Separate stateful and stateless information makes for infrastructure that’s easily reproduced, consistent, disposable, and always deployed in a repeatable way.

Reliability, Resilience & Availability: Reliability in telco infrastructure is the same as standard IT—it needs to be highly secure and reliable and support ultra-low latencies. Cloud native best practices try to reduce mean time between failure (MTBF) by relying on redundant subcomponents with higher serviceability (mean time to recover (MTTR)), and then testing those assumptions through chaos engineering and self-healing configurations. The Test Suite uses a type of chaos testing to ensure CNFs are resilient to the inevitable failures of public cloud environments or issues on an orchestrator level, such as what happens when pods are unexpectedly deleted or run out of computing resources. These tests ensure CNFs meet the telco industry’s standards for reliability on non-carrier-grade shared cloud hardware/software platforms.

Observability & Diagnostics: Each piece of production cloud native infrastructure must make its internal states observable through metrics, tracing, and logging. The CNF Test suite looks for compatibility with Fluentd, Jaeger, Promtool, Prometheus, and OpenMetrics, which help DevOps or SRE teams maintain, debug, and gather insights about the health of their production environments, which must be versioned, maintained in source control, and altered only through deployment pipelines.

Security: Cloud native security requires attention from experts at the operating system, container runtime, orchestration, application, and cloud platform levels. While many of these fall outside the scope of the CNF Test Suite, it still validates whether containers are isolated from one another and the host, do not allow privilege escalation, have defined resource limits, and are verified against common CVEs.

Configuration: Teams should manage a CNF’s configuration in a declarative manner—using ConfigMaps, Operators, or other declarative interfaces—to design the desired outcome, not how to achieve said outcome. Declarative configuration doesn’t have to be executed to be understood, making it far less prone to error than imperative configuration or even the most well-maintained sequences of `kubectl` commands.

After deploying numerous tests in each category, the CNF Test Suite outputs flexible scoring and suggestions for remediation for each category (or one category if you chose that in the CLI), giving you practical next steps on improving your CNF to better follow cloud native best practices. It’s a powerful—and still growing—solution for the telecommunications industry to embrace the cloud native in a way that’s controllable, observable, and validated by all the expertise under the CNCF umbrella.

What’s next for the CNF Test Suite?

The Test Suite initiative will continue to work closely with the Telecom User Group (TUG) and the Cloud Native Network Function Working Group (CNF WG), collecting feedback based on real-world use cases and evolving the project. As the CNF WG publishes more recommended practices for cloud native telcos, the CNF Test Suite team will add more tests to validate each.

In fact, v0.26.0, released on February 25, 2022, includes six new workload tests, bug fixes, and improved documentation around platform tests. If you’d like to get involved and shape the future of the CNF Test Suite, there are already several ways to provide feedback or contribute code, documentation, or example CNFs:

• Visit the CNF Test Suite on GitHub
• Continue the conversation on Slack (#cnf-testsuite-dev)
• Attend CNF Test Suite Contributor calls on Thursdays at 15:15 UTC
• Join the CNF Working Group meetings on Mondays at 16:00 UTC

Looking ahead: The CNF Certification Program

The CNF Test Suite is just the first exciting step in the upcoming Cloud Native Network Function (CNF) Certification Program. We’re looking forward to making the CNF Test Suite the de facto tool for network equipment providers and CNF development teams to prove—and then certify—that they’re adopting cloud native best practices in new products and services.

The wins for the telecommunications industry are clear:

• Providers get verification that their cloud native applications and architectures adhere to cloud native best practices.
• Their customers get verification that the cloud native services or networks they’re procuring are actually cloud native.

And they both get even better reliability, reduced risk, and lowered capital/operating costs.

We’re planning on supporting any product that runs in a certified Kubernetes environment to make sure organizations build CNFs that are compatible with any major public cloud providers or on-premises environments. We haven’t yet published the certification requirements, but they will be similar to the k8s-conformance process, where you can submit results via pull request and receive updates on your certification process over email.

As the CNF Certification Program develops, both the TUG and CNF-WG will engage with organizations that use the Test Suite heavily to make improvements and stay up-to-date on the latest cloud native best practices. We’re excited to see how the telecommunications industry evolves by adopting more cloud native principles, like loosely-coupled systems and immutability, and gathering proof of their hard work via the CNF Test Suite. That’s how we ensure a complex and essential industry makes the right next steps away toward the best technology infrastructure has to offer—without sacrificing an inch on reliability.

To take the next steps with the CNF Test Suite and prepare your organization for the upcoming CNF Certification Program, schedule a personalized CNF Test Suite demo or attend Cloud Native Telco Day, a co-located Event at KubeCon + CloudNativeCon Europe 2022 on May 16, 2022.

The post Looking Ahead: The CNF Certification Program appeared first on Linux Foundation.

SAN FRANCISCO, April 6, 2022 — Automotive Grade Linux (AGL), a collaborative cross-industry effort developing an open source platform for all connected car technologies, announces IndyKite, Marelli and Red Hat as new Bronze members.

“Our active community of automakers and suppliers continues to expand and invest resources in AGL, demonstrating the value of participating in the AGL ecosystem,” said Dan Cauchy, Executive Director of Automotive Grade Linux at the Linux Foundation. “We are excited to welcome our new members to the AGL community, and we look forward to working with them as we continue to expand and enhance the AGL platform.”

AGL is an open source project at The Linux Foundation that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open, shared software platform for all technology in the vehicle, from infotainment to autonomous driving.

Supported by more than 150 members, including 10 automakers, the AGL Unified Code Base (UCB) is a shared software platform that serves as the de facto industry standard for infotainment, telematics, and instrument cluster applications. Sharing a single software platform across the industry reduces fragmentation and accelerates time-to-market by encouraging the growth of a global ecosystem of developers and application providers that can build a product once and have it work for multiple automakers.

New Member Quotes:

IndyKite
“IndyKite is building the identity layer for Web 3.0, with products that securely manage human, IoT, and machine identity. Based on open source standards, IndyKite’s identity platform leverages machine learning and data graphs to deliver context-aware authorization, dynamic policy decisions, computer vision and edge security, built on a knowledge graph data model,” said Lasse Andresen, Founder and CEO of IndyKite. “We are excited to join AGL and connect and collaborate with the community to build identity services for the next generation of automotive and transport software solutions.”

Marelli
“MARELLI is one of the world’s leading global independent suppliers to the automotive sector. Our mission is to transform the future of mobility through working with customers and partners to create a safer, greener and better-connected world,” said Yannick Hoyau, CTO, Electronic Systems, Marelli Corporation. “One way to achieve our mission is collaboration to further upgrade various automotive systems. Operating systems are becoming increasingly important for vehicles to manage complex vehicle systems. Under these circumstances, we believe that AGL will become one of the standard operating systems in the automotive industry in the near future. We are confident that the wealth of expertise and experience that MARELLI has accumulated in the automotive industry will surely contribute to the further development of AGL.”

Red Hat
“Red Hat is looking forward to working alongside AGL as we bring our open source, Linux-based expertise to the automotive software ecosystem,” said Francis Chow, Vice President, Red Hat In-Vehicle OS. “If we, as a community, set our sights on delivering a safe, reliable and flexible foundation for software-defined vehicles, automakers will be able to focus on open innovation – redefining the customer driving experience.”

###

About Automotive Grade Linux (AGL)

Automotive Grade Linux is a collaborative open source project that is bringing together automakers, suppliers and technology companies to accelerate the development and adoption of a fully open software stack for the connected car. With Linux at its core, AGL is developing an open platform from the ground up that can serve as the de facto industry standard to enable rapid development of new features and technologies. Although initially focused on In-Vehicle-Infotainment (IVI), AGL is the only organization planning to address all software in the vehicle, including instrument cluster, heads up display, telematics, advanced driver assistance systems (ADAS) and autonomous driving. The AGL platform is available to all, and anyone can participate in its development. Automotive Grade Linux is hosted at the Linux Foundation. Learn more at automotivelinux.org.

The post Automotive Grade Linux Announces IndyKite, Marelli and Red Hat as New Members appeared first on Linux Foundation.

Open Source Software (OSS) is a proven model that delivers tangible benefits to businesses, including improved time-to-market, reduced costs, and increased flexibility. OSS is pervasive in the technology landscape and beyond it, with adoption across multiple industries. In a 2022 survey by Red Hat, 95 percent of IT leaders said they are using open source in their IT infrastructure, which will only increase.

Artificial intelligence (AI) is no different from any other technology domain where OSS dominates. In a recent paper published by Linux Foundation Research, written by Dr. Ibrahim Haddad, General Manager of the LF AI & Data Foundation, over 300 critical open source projects have been identified offering over 500 million lines of code, contributed by more than 35,000 developers who work side by side to advance the state of technology in an open, collaborative, and transparent way.

Download Research Paper

As with other industries, OSS adoption in the AI field has increased the use of open source in products and services, contributions to existing projects, the creation of projects fostering collaboration, and the development of new technologies due to this amazing success story.

In this paper, you will read that while AI in open source has followed a similar model to other industries embracing the popular methodology, Dr. Haddad has some unique observations to share, which include:

• An incubation model for AI open source projects is effective when appropriately executed by neutral organizations that can scale them, such as the Linux Foundation.
• Consolidation is bound to happen around platforms, frameworks, and libraries that address similar challenges. Unlike typical fragmentation scenarios, where there are winning and losing projects, Dr. Haddad believes the net result will be a win-win as successful projects grab their share of contributors.
• License choices can affect a project’s growth — and licenses approved by the Open Source Initiative (OSI) are most preferred because developers and enterprises are already familiar with them.
• Open data licenses such as Community Data License Agreement (CDLA) have begun to commoditize training data. These license terms will help democratize the overall AI marketplace by lowering the barriers to entry when offering an AI-backed service. Proprietary datasets will continue to exist, but data availability under the CDLA licenses (two versions exist) should allow everyone to build credible products, including smaller players.

So what does this mean for the future of AI? It means that businesses will continue to rely on open source software to power their AI initiatives and that collaboration will be key to success. The open source model has been successful in AI because it allows developers to come together and share code, data, and ideas. This type of collaboration is essential for advancing any technology, and we can expect to see even more impressive innovations come out of the AI community in the years to come. Ultimately, we are faster and more innovative together.

Subscribe to LF Research

The post AI is better with open source appeared first on Linux Foundation.

“Here’s a question from the new guy”. I have been using this a lot the past few weeks after starting here at the Linux Foundation as the lead editor and content manager. How long can I pull that off? 

The reality is that I am new to working professionally in open source software – and really the software/technology industry. But, it has been a long time passion of mine. I spent my formative years in the 1980s and had a drive to learn to program computers. When I was 12, I asked my mom for a computer. Her response, “you have to learn to type first”. 

I went to the library, checked out typing books, and taught myself on our electronic typewriter. We couldn’t afford a computer, but I received a hand-me-down TI-994A and then a Commodore 64 with a tape drive. I taught myself BASIC and also dialed into bulletin board systems (BBS) at a mind-blowing 300bps. If you have never experienced 300bps, imagine yourself reading at 10% of your normal pace. 

I mention BBSs because, in many ways, they were the precursor to open source software. Someone dedicated their PC and a phone line for others to dial in, share messages, exchange software, answer technical questions, etc. 

Fast forward a bit – I taught myself to code enough to get a couple of coding jobs in high school but ended up getting a business degree in college and then working in politics for 15+ years. My passion for software and technology didn’t lapse, but it was mostly a tech hobbyist – taking classes in front-end web development and writing a couple basic web apps, teaching myself some PHP, Python and WordPress development, and reading/writing about software development. And, for the record, I already had a GitHub repo before starting here. 

With that bit of background, let me say that I am very excited about working at the Linux Foundation and diving into the open source community. I am a self-driven, life-long learner, and I want to take you along my journey here to learn about what we do, all of our projects, what open source is, how to advance it, and more. 

At LF, we embrace what we call the three H’s: humble, helpful, and hopeful. It isn’t just lip service. I see it lived out every day, in every interaction I have with my coworkers. My goal with this journey is to be: 

• Humble: There is so much I don’t know about the open source community and the LF. I am learning every day. 
• Helpful: I want to be helpful by sharing what I am learning. Much you may already know, but some you may not.
• Hopeful: My hope is two-fold: I hope others learn too; I am hopeful that our community will continue to grow and thrive and solve some of the world’s toughest challenges. 

The three H’s are perfectly aligned with the general culture of open source. One of the LF’s onboarding tasks for new employees is to take a class entitled Open Source 101. Within that class they teach us Ten Open Source Culture Cores: 

1. Be open. Openness breeds authenticity. Be consistently authentic in all of your work. 
2. Be pragmatic. Action > talk. Work towards measurable value, not obscure, abstract, or irrelevant ideas. (Side note: when I worked in politics, my go-to line when speaking to groups was that I was a bit of an anomaly in Washington, I was long on action and short of talk.) 
3. Be personal. Always focus on a personal level of service and interaction. People don’t join open source communities to talk to computers. 
4. Be positive. Highly positive environments generate positive engagement.
5. Be collaborative. Involve people, gather their feedback, get a gut check, and validate your ideas. The only problem silos solve is how to store grain. 
6. Be a leader. Be open and collaborative–focus on the other 9 Culture Cores too. 
7. Be a role model. Be the person you want to be and you will be the leader other people want you to be. 
8. Be empathetic. Don’t just be empathetic in the privacy of your own mind. Say it, demonstrate it visibly. This all builds trust. Empathy is a powerful driver for building inclusion, which is a powerful driver for innovation.
9. Be down-to-earth. Leave your ego at the door. 
10. Be imperfect. We all make mistakes. Acknowledge them, share them, and learn from them. 

What a great synopsis of the culture of open source technology. 

With that, let me close out this week by first stating the obvious – a lot has transpired in technology since my first TI-994A (never mind the fact that my network speed is literally one million times faster). I hope you will join me on my “Questions from the New Guy” journey. Look for weekly-ish blog posts diving into all aspects of The Linux Foundation, our projects, and open source technology. 

The post Question from the New Guy! appeared first on Linux Foundation.

It’s that time of year – Linux Foundation Training (LiFT) Scholarships are here! Since 2011, The Linux Foundation has awarded over 1,100 scholarships for millions of dollars in training and certification to deserving individuals around the world who would otherwise be unable to afford it. This is part of our mission to grow the open source community by lowering the barrier to entry and making quality training options accessible to those who want them.

Applications are being accepted through April 30 in 12 different categories:

• Open Source Newbies
• Teens-in-Training
• Women in Open Source
• Software Developer Do-Gooder
• SysAdmin Super Star
• Blockchain Blockbuster
• Cloud Captain
• Linux Kernel Guru
• Networking Notable
• Web Development Wiz
• Hardware Hero – NEW
• Cybersecurity Champion – NEW

Whether you are just starting in your open source career, or you are a veteran developer or sysadmin who is looking to gain new skills, if you feel you can benefit from training and/or certification but cannot afford it, you should apply.

Recipients will receive a Linux Foundation eLearning training course and certification exam. All certification exams, and most training courses, are offered remotely, meaning they can be completed from anywhere.

Winners will be announced this summer.

Meet past winners

Apply today!

The post Apply for a Linux Foundation Training Scholarship by April 30 appeared first on Linux Foundation.

Here at The Linux Foundation’s blog, we share content from our projects, such as this article from the Cloud Native Computing Foundation’s blog. The guest post was originally published on Contino Engineering’s blog by Dan Chernoff. 

Supply chain attacks rose by 42% in the first quarter of 2021 [1] and are becoming even more prevalent [2]. In response to secure software supply chain breaches like Solar Winds [3], Kaseya[4], and other less publicized compromises [5], the Biden administration issued an executive order that includes guidance designed to improve the federal government’s defense against cyber threats. With all of this comes the inevitable slew of blog posts that detail a software supply chain and how you would protect it. The Cloud Native Computing Foundation recently released a white paper regarding software supply chain security [7], an excellent summary of the current best practices for securing your software supply chain.

The genesis for the content in this article is work done to implement secure supply chain patterns and practices for a Contino customer. The core goals for the effort were; implement a pipeline agnostic solution that ensures the security of the pipelines and enables secure delivery for the enterprise. We’ll talk a little about why we chose the tools we did in each section and how they supported the end goal.

As we start our journey, we’ll first touch on what a secure software supply chain is and why you should have one to set the context for the rest of the blog post. But let’s assume that you have already decided that your software supply chains need to be secure, and you want to implement the capability for your enterprise. So let’s get into it!

Anteing Up

Before you embark upon the quest of establishing provenance for your software at scale, there are some table stakes elements that teams should already have in place. We won’t delve deeply into any of them here other than to list and briefly describe them.

Centralized Source Control, Git is by far the most popular choice. This ensures a single source of truth for development teams. Beyond just having source control, teams should also implement the signing of their Git commits.

Static Code Analysis. This identifies possible vulnerabilities within ‘static’ (non-running) source code by using techniques such as Taint Analysis and Data Flow Analysis. Analysis and results need to be incorporated into the cadence of development.

Vulnerability Scanning. Implement automated tools that scan the applications and containers that are built to identify potential vulnerabilities in the compiled and sometimes running applications.

Linting is a tool that analyzes source code to flag programming errors, bugs, and stylistic errors. Linting is important to reduce errors and improve the overall code quality. This in turn accelerates development.

CI/CD Pipelines. New code changes are automatically built, tested, versioned, and delivered to an artifact repository. A pipeline then automatically deploys the updated applications into your environments (e.g. test, staging, production, etc.).

Artifact Repositories. Provide management of the artifacts built by your CI/CD systems. An artifact repository can help with the version and access control of your artifacts.

Infrastructure as Code (IaC) is the process of managing and provisioning infrastructure (e.g. virtual machines, databases, load balancers, etc.) through code. As with applications, IaC provides a single source of truth for what the infrastructure should look like. It also provides the ability to test before deploying to production.

Automated…well, everything. Human-in-the-loop systems are not deterministic. They are prone to error which can and will cause outages and security gaps. Manual systems also inhibit the ability of platforms to scale quickly.

What is a Secure Software Supply Chain

A software supply chain consists of anything that goes into the creation of your end software product and the mechanisms you use to deliver the product to customers. This includes things like your source code, your build systems, the 3rd party libraries, deployment infrastructure, or delivery repositories.

Attributes:

• Establishes Provenance — One part of establishing provenance is ensuring that any artifact that is created and accessed by the customer should be able to trace its lineage all the way back to the developer(s) that merged the latest commit. The other part is the ability to demonstrate (or attest) that for each step in the process, the software, components, and other materials that go into creating the final product are tamper-free.
• Trust — Downstream systems and users need a mechanism to verify that the software that is being installed or deployed came from your systems and that the version being used is the correct version. This ensures that malicious artifacts have not been substituted or that older, vulnerable versions have not been relabeled as the current version.
• Transparent — It should be easy to see the results and details for all steps that go into the creation of the final artifact. This can include things like test results, output from vulnerability scans, etc.

Key Elements of a Secure Software Supply Chain

Let’s take a closer look at the things that need to be layered into your pipelines to establish provenance, enable transparency, and ensure tamper resistance.

Here is what a typical pipeline might look like that creates a containerized application. We’ll use this simple pipeline and add elements as we discuss them.

.avia-image-container.av-l1dqmmbb-689723b8d5b686538786f4c56b7a8755 .av-image-caption-overlay-center{ color:#ffffff; }

Establishing Provenance Using in-toto

The first step in our journey is to establish that artifacts built via a pipeline have not been tampered with and to do so in a reliable and repeatable way. As we mentioned earlier, part of this is creating evidence to use as part of the verification. in-toto is an open-source tool that creates a snapshot of the workspace where the pipeline step is running.

These snapshots (“link files” in the in-toto terminology) verify the integrity of the pipeline. The core idea behind in-toto is the concept of materials and products and how they flow, just like in a factory. Each step in the process usually has some material that will create its product. An example of the flow of materials and products is the build step. The build step uses code as the material, and the built artifact (jar, war, etc.) is the product. A later step in the pipeline will use the built artifact as the material and produce another product. In this way, in-toto allows you to chain the materials and products together and identify if a material has been tampered with during or between one of the pipeline steps. For example, if the artifact constructed during the build step changed before testing.

.avia-image-container.av-l1dqo942-ce042b92cdd53a3e9573982398112be6 .av-image-caption-overlay-center{ color:#ffffff; }

At the end of the pipeline, in-toto evaluates the link data (the attestation created at each step) against an in-toto layout (think Jenkins file for attestation) and verifies that all the steps were done correctly and by the approved people or systems. This verification can run anytime the product of the pipeline (container, war, etc.) needs to be verified.

Critical takeaways for establishing provenance

in-toto runs at every step of the process. The attestation compares to an overarching layout during verification. This process enables consumers (users and/or deployment systems) to have confidence that the artifacts built were not altered from start to finish.

Establishing Trust using TUF

You can use in-toto verification to know that the artifact was delivered or downloaded without modification. To do that, you will need to download the artifact(s), the in-toto link files used during the build, the in-toto layout, and the public keys to verify it all. That is a lot of work. An easier way is to sign the artifacts produced with a system that enables centralized trust. The most mature framework for doing so is TUF (The Update Framework).

TUF is a framework that gives consumers of artifacts guarantees that the artifact downloaded or automatically installed came from your systems and is the correct version. The guts of how to accomplish this are outside the scope of this blog post. The functionality we are interested in is verifying that an artifact came from the producer we expected and that the version is the expected version.

Implementing TUF on your own is a fair bit of work. Fortunately, an “out of the box” implementation of TUF is available for use, Docker Content Trust (a.k.a. Notary). Notary enables the signing of regular files as well as containers. In our example pipeline, we sign the container image during build time. This signing allows any downstream system or user to verify the authenticity of the container.

.avia-image-container.av-l1dxbjrl-df9d76a8410e7172b7693c99d9a45f31 .av-image-caption-overlay-center{ color:#ffffff; }

Transparency Centralized Data Storage

One of the gaps that in-toto has as a solution is a mechanism to persist the link data it creates. It is up to the team to implement in-toto to capture and store the link data somewhere. All the valuable metadata for each step can be captured and stored outside of the build system. The goal is twofold; the first is to store the link data outside the pipeline to enable teams to retrieve the link data and use it anytime verification needs to run on the artifacts produced from the pipeline. The second goal is to store the metadata around the build process outside the pipeline. That enables teams to implement visualizations, monitoring, metrics, and rules on the data produced from the pipeline without necessarily needing to keep it in the pipeline.

The Contino team created metadata capture tooling that is independent and agnostic of the pipeline. We chose to write a simple python tool that captures the meta and in-toto data and stores it in a database. If the CI/CD platform is reasonably standard, you can likely use built-in mechanisms to achieve the same results. For example, the Jenkins LogStash plugin can capture the output of a build step and persist data to an elastic datastore.

.avia-image-container.av-l1dxcyvo-49c15d2022e50e89ef3f04841c17955e .av-image-caption-overlay-center{ color:#ffffff; }

PGP and Signing Keys

A core component for in-toto and Notary are keys used to sign and verify link data and artifacts/containers. in-toto uses PGP private keys to sign the link data produced at each step internally. That signing ensures a relationship between the person or system that did the action and the link data. It also ensures that it can be easily detected if the link data gets altered or tampered with in any way.

Notary uses public and private keys generated using the Docker or Notary CLI. The public keys get stored in the notary database. The private keys sign the containers or other artifacts.

Scaling Up

For a small set of pipelines, manually implementing and managing secure software supply chain practices is straightforward. Management of an enterprise that has hundreds if not thousands of pipelines requires some additional automation.

Automate in-toto layout creation. As mentioned earlier, in-toto has a file akin to a Jenkins file that dictates what person or systems can complete a pipeline step, the material and product flow, and how to inspect/verify the final artifact(s). Embedded in this layout are the IDs for the PGP keys of the people or systems who can perform steps. Additionally, the layout is internally signed to ensure that any tampering can be detected once the layout gets created. To manage this at scale, the layouts need to be automatically created/re-created on demand. We approach this as a pipeline that automatically runs on changes to the code that creates layouts. The output of the pipeline is layouts, which are treated as artifacts themselves.

Treat in-toto layouts like artifacts. in-toto payouts are artifacts, just like containers, jars, etc. Layouts should be versioned, and the layout version linked to the version of the artifact. This versioning enables artifacts to be re-verified with the layout, link files, and relevant keys at artifact creation time.

Automate the creation of the signing keys. Signing keys that are used by autonomous systems should be rotated frequently and through automation. Doing this limits the likelihood for compromise of the signing keys used by in-toto and Notary. For in-toto, this frequent rotation will require the automatic re-creation of the in-toto layouts. For Notary, cycling the signing keys will require revocation of the old key when we implement the new key.

Store and use signing keys from a secret store. When generating signing keys for use by automated systems, storing the keys in secret management systems like Hashicorp’s Vault is an important practice. The automated system can retrieve the signing keys (e.g., Jenkins, GitLab ci, etc.) when needed. Centrally storing the signing keys combats “secrets sprawl” in an enterprise and enables easier management.

Pipelines should be roughly similar. A single in-toto layout can be used by many pipelines, as long as they operate in the same way. For example, pipelines that build a Java application that creates a WAR as the artifact probably operates in roughly the same way. These pipelines can all use the same layout if they are similar enough.

Wrapping it All Up

Using the technologies, patterns, and practices here the Contino team was able to deliver an MVP grade solution for the enterprise. The design will be able to scale up to thousands of application pipelines and help ensure software supply chain security for the enterprise.

At its core, a secure software supply chain encompasses anything that goes into building and delivering an application to the end customer. It is built on the foundations of secure software development practices (e.g. following OWASP top 10, SAST, etc.). Any implementation of secure supply chain best practices needs to establish provenance about all aspects of the build process, provide transparency for all steps and create mechanisms that ensure trustworthy delivery.

Sources:

[1] https://www.propertycasualty360.com/2021/04/13/supply-chain-attacks-rose-42-in-q1/?slreturn=20210726153708

[2] https://portswigger.net/daily-swig/four-fold-increase-in-software-supply-chain-attacks-predicted-in-2021-report

[3] https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack

[4] https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/

[5] https://portswigger.net/daily-swig/researcher-hacks-apple-microsoft-and-other-major-tech-companies-in-novel-supply-chain-attack

[6] https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

[7] https://github.com/cncf/tag-security/raw/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf

The post Secure software supply chains: good practices, at scale appeared first on Linux Foundation.

For the second summer, Major League Hacking (MLH) is running the Production Engineering Track of the MLH Fellowship, powered by Meta. This 12-week educational program is 100% remote and uses industry-leading curriculum from Linux Foundation Training & Certification.  The program is hands-on, project-based, and teaches students how to become Production Engineers.  The goal of the program is for all participants to land a job or internship in the Site Reliability Engineering space, and it will be opened to 100 active college students who meet our admissions criteria.

This Summer’s program will start on May 31, 2022 and will end on August 19, 2022.

Applications are now open and will close on May 23, 2022!

Apply Now!

What is Production Engineering?

Production Engineering, also known as Site Reliability Engineering and DevOps, is one of the most in-demand skill sets that leading technology companies are hiring for. However, it is not widely available as a class offering in university settings.

At Meta, Production Engineers (PEs) are a hybrid between software and systems engineers and are core to engineering efforts that keep Meta platforms running and scaling. PEs work within Meta’s product and infrastructure teams to make sure products and services are reliable and scalable; this means, writing code and debugging hard problems in production systems across Meta services – like Instagram, WhatsApp, and Oculus – and backend services like Storage, Cache, and Network.

What is the Production Engineering Track of the MLH Fellowship?

Launched in the summer of 2020, the MLH Fellowship first focused on Open Source Software projects, pairing early career software engineers with projects and engineers from widely-used open source codebases (like AWS, GitHub, and Solana Labs). During the program, Fellows learned important concepts and software practices while contributing production-level code to their projects and showcasing those contributions in their portfolio. Through the Fellowship, 700 global alumni have learned Open Source skills and tools and increased their professional networks in the process.

The Production Engineering Track takes this proven fellowship model and expands on it. As part of the Production Engineering Track, fellows are put in groups of 10 (“Pods”), matched to dedicated mentors from Meta Engineering while they work through projects and curriculum, and receive guidance from Meta’s Talent Acquisition team, too. Successful program graduates will be invited to apply to full-time Meta internships.

What will admitted fellows learn in the Production Engineering Track?

Program participants will gain practical skills from educational content – adopted by the MLH Curriculum Team – licensed from the Linux Foundation’s “Essentials of System Administration” course. The program covers how to administer, configure and upgrade Linux systems, along with the tools and concepts necessary to build and manage a production Linux infrastructure. The complete list of topics covered in the program includes:

• Linux Fundamentals
• Scripting
• Databases
• Services
• Testing
• Containers
• CI/CD
• Monitoring
• Networking
• Troubleshooting
• Interview skills

By pairing this industry-leading curriculum with hands-on, project-based learning – and engineering mentors from Meta – fellows in the Production Engineering Track greatly build on their programming knowledge. Fellows will learn a broader array of technology skills, opening the door to new career options in SRE.

What are the important dates I should know about?

The program will be available to roughly 100 aspiring software engineers and will start on May 31, 2022 and end on August 19, 2022.

Applications are now open and will close on May 23, 2022!

Will I get paid as part of the program?

Each successful participant will earn an educational stipend adjusted for Purchasing Power Parity for the country they’re located in.

Who is eligible?

Eligible students are:

• Rising sophomores or juniors enrolled in a 4 year degree granting program
• United States, Mexico, or Canada-based
• Able to code in at least one language (preferably Python)
• Can dedicate at least 30 hours/week for the 12-weeks of the program

MLH invites and encourages people to apply who identify as women or non-binary. MLH also invites and encourages people to apply who identify as Black/African American or LatinX. In partnership with Meta, MLH is committed to building a more diverse and inclusive tech industry and providing learning opportunities to under-represented technologists.

Apply Now!

This article was originally posted at Major League Hacking.

The post MLH Fellowship Opens Applications for this Summer’s Production Engineering Track appeared first on Linux Foundation.

Register for the ELISA Spring Workshop on April 5-7 to Learn More

SAN FRANCISCO – March 23, 2022 –  Today, the ELISA (Enabling Linux in Safety Applications) Project, an open source initiative that aims to create a shared set of tools and processes to help companies build and certify Linux-based safety-critical applications and systems, announced a stronger ecosystem focused on automotive use cases with the addition of the Automotive Intelligence and Control of China (AICC), LOTUS Cars and ZTE.

“The ELISA ecosystem continues to grow globally with strong support from automakers across Asia and Europe,” Kate Stewart, Vice President of Dependable Embedded Systems at The Linux Foundation. “By leveraging the expertise of current and new ELISA Project members, we are defining the best practices for use of Linux in the automobiles of the future. “

Linux is used in all major industries because it can enable faster time to market for new features and take advantage of the quality of the code development processes. Launched in February 2019 by the Linux Foundation, ELISA works with Linux kernel and safety communities to agree on what should be considered when Linux is to  be used in safety-critical systems. The project has several dedicated working groups that focus on providing resources for System integrators to apply and use to analyze qualitatively and quantitatively on their systems.

The Automotive Working Group discusses the conditions and prerequisites the automotive sector needs to integrate Linux into a safety critical system. The group, which includes collaboration from ADIT, Arm, Codethink, Evidence (a part of Huawei), Red Hat and Toyota, focuses on actual use cases from the Automotive domain to derive the technical requirements to the kernel as a basis for investigation within the Architecture Workgroup and to serve as a blueprint for actual projects in the future. There is also close collaboration with Automotive Grade Linux, which results in a meta-ELISA layer enhancing the instrument cluster demo for safety relevant parts. As leaders in the automotive industry, AICC, LOTUS Cars and ZTE will most likely join the Automotive Working Group.

New Global Automotive Expertise

As the industry’s leading ICV computing infrastructure company, AICC is committed to providing OEMs with intelligent vehicle computing platforms and digital bases for empowering them the differentiated application development ability. In November 2021, AICC released iVBB2.0 series products, which takes ICVOS as the core product, then develops ICVHW, ICVSEC, ICVEC, and other product units. Currently, iVBB2.0 has been delivered to many OEMs and achieved collaboration on cross-platform development, co-built SDV, multi-chip distributed deployment, data security policy deployment and car cloud collaborative computing.

“Becoming a member of the ELISA Project, is in line with the high real-time, high-security, and high-reliability commitment that AICC has always made,” said Dr. Jin Shang, CEO & CTO of AICC. “This will provide a guarantee for the mass production development of AICC’s ICV computing infrastructure platform from security and quality perspectives. Based on the elements, tools, and processes shared by ELISA, AICC will build safety-critical applications and systems relating to Linux requirements, leading to widely used and internationally influential products.”

LOTUS Cars, which was honored as “Manufacturer of the Year” at the News UK Motor Awards in 2021, is focused on the safety of intelligent driving. It is a world-famous manufacturer of sports cars and racing cars noted for their light weight and fine handling characteristics.

“Functional safety is critical to intelligent driving,” said Jie Deng, LOTUS Cars In-Vehicle Operating System Lead. “LOTUS focuses on ‘track-level intelligent drive‘ and is committed to ensuring that drivers stay away from risks through active redundancy of software and hardware. We are very excited to join the ELISA Project and work with industry experts to productize Linux-based safety-critical systems for more drivers to experience intelligent driving in a highly safe and fun way.”

ZTE Corporation is a global leader in telecommunications and information technology.  Founded in 1985, the company has been committed to providing innovative technologies and integrated solutions for operators, government and consumers from over 160 countries. ZTE has established 11 state-of-the-art global R&D centers and 5 intelligent manufacturing bases.

Relying on key technologies and core capabilities in the communications field, ZTE Automotive Electronics is committed to becoming a digital vehicle infrastructure capability provider and an independent high-performance partner in China, facilitating the intelligent and networked development in the automobile field. ZTE has been dedicated to GoldenOS R&D for more than 20 years. On this basis, ZTE proposes the integrated automotive operating system solution of high-performance embedded Linux and high security microkernel OS/Hypervisor, covering all scenarios of intelligent vehicle control, intelligent driving, intelligent cockpit and intelligent network connectivities.

These new members join ADIT, AISIN AW CO., Arm, Automotive Grade Linux, Banma, BMW Car IT GmbH, Codethink, Elektrobit, Horizon Robotics, Huawei Technologies, Intel, Toyota, Kuka, Linuxtronix. Mentor, NVIDIA, SUSE, Suzuki, Wind River, OTH Regensburg and Toyota.

The Spring Workshop

ELISA Project members will come together for its quarterly Spring Workshop on April 5-7 to learn about the latest developments, working group updates, share best practices and collaborate to drive rapid innovation across the industry. Hosted online, this workshop is free and open to the public. Details and registration information can be found here.

Workshop highlights include:

• A keynote by Robert Martin, Senior Principal Engineer at MITRE Corporation, about “Software Supply Chain Integrity Transparency & Trustworthiness and Related Community Efforts.” The presentation will discuss the capabilities emerging across industry and government to assess and address the challenges to providing trustworthy software supplies with assurance of integrity and transparency to their composition, source, and veracity – the building blocks of software supply chains we can gain justifiable confidence in at scale and speed.
• A session by Christopher Temple, Lead Safety & Reliability Systems Architect at Arm Germany GmbH, and Paul Albertella, Consultant at Codethink, about “Mixed-Criticality Processing on Linux.” This talk will help create a common understanding of mixed-criticality processing on Linux and the related problems, collect and discuss alternatives for addressing the problems.
• A discussion led by Philipp Ahmann, Business Development Manager at Robert Bosch GmbH, about a new Industrial IoT (IIoT) Working Group within ELISA. The open forum will allow the community to discuss framing lightweight SOUP safety standards, but focusing on those touch points which are not fully covered by other use case driven working groups.

Speakers include thought leaders from ADIT GmbH, Arm, Bosch GmbH, Bytedance, Codethink, Huawei, Mobileye, The Linux Foundation, MITRE Corporation and Red Hat. Check out the schedule and register to attend the workshop today.

For more information about ELISA, visit https://elisa.tech/.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

The post The ELISA Project Strengthens its Focus on Automotive Use Cases with Expertise from New Members Automotive Intelligence and Control of China, LOTUS Cars and ZTE appeared first on Linux Foundation.

Arresting climate change is no longer an option but a must to save the planet for future generations. The key to doing so is to transition off fossil fuels to renewable energy sources and to do so without tanking economies and our very way of life. 

The energy industry sits at the epicenter of change because energy makes everything else run. And inside the energy industry is the need for a rapid transition to electrification and our vast power grids. Like it or not, utilities face existential decisions on transforming themselves while delivering ever more power to more people without making energy unaffordable or unavailable.

The challenges are daunting:

• How to move away from fossil fuels without crashing the global economy that is fueled by energy?
• Is it possible to speed up the modernization of the electric grid without spending trillions of dollars?
• Can this be done while ensuring that power is safe, reliable, and affordable for all?

These are all significant problems to solve and represent 75% of the problem in combating climate change through decarbonization. In the Linux Foundation’s latest case study, Paving the Way to Battle Climate Change: How Two Utilities Embraced Open Source to Speed Modernization of the Electric Grid, LF Energy explores the opportunities for digital transformation within electric utility providers and the role of open source technologies in accelerating the transition.

Download Case Study Open Source meets climate change challenges with LF Energy

The growth of renewable energy sources is making the challenges of modernizing the modern grid more complicated. In the past, energy flowed from coal and gas generating plants onto the big Transmission System Operator (TSO) lines and then to the smaller Distribution System Operator (DSO) lines to be transformed into a lower voltage suitable for homes and businesses. 

But now, with solar panels and wind turbines increasingly feeding electricity back into the grid, the flow of power is two-way.

This seismic shift requires a new way of thinking about generating, distributing, and consuming energy. And it’s one that open source can help us navigate.

Today, energy travels in all directions, from homes and businesses, and from wind and solar farms, through the DSOs to the TSOs, and back again. This fundamental change in how power is generated and consumed has resulted in a much more complicated system that utilities must administer. They’ll require new tools to guarantee grid stability and manage the greater interaction between TSOs and DSOs as renewables grow.

Open source software allows utilities to keep up with the times while lowering expenses. It also gives utilities a chance to collaborate on common difficulties rather than operating in isolation. 

The communities developing LF Energy’s various software projects provide those tools. It’s helping utilities to speed up the modernization of the grid while reducing costs. And it’s giving them the ability to collaborate on shared challenges rather than operate in silos.

Two European utility providers, the Netherlands’ Alliander and France’s RTE are leading the change by upgrading their systems – markets, controls, infrastructure, and analytics – with open source technology.

RTE (a TSO) and Alliander (a TSO) joined forces initially (as members of the Linux Foundation’s LF Energy projects) because they faced the same problem: accommodating more renewable energy sources in infrastructures not originally designed for them and doing it at the speed and scale required. And while they are not connected due to geography, the problems they are tackling apply to all TSOs and DSOs worldwide.

Two electric utility providers collaborate on shared technology investments, together

The way that Alliander and RTE collaborated via LF Energy on a project known as Short Term Forecasting, or OpenSTEF, illustrates the benefits of open source collaboration to tackle common problems. 

“Short-term forecasting, for us, is the core of our existence,” According to Alliander’s Director of System Operations, Arjan Stam. “We need to know what will be happening on the grid. That’s the only way to manage the power flows,” and to configure the grid to meet customer needs.“The same is true for RTE and “every grid operator across the world,” says Lucian Balea, RTE’s Director of Open Source. 

Alliander has five people devoted to OpenSTEF, and RTE has two.

Balea says that without joining forces, OpenSTEF would develop far less quickly, and RTE may not have been able to work on such a solution in the near term.

Since their original collaboration on OpenSTEF, they have collaborated on additional LF Energy Projects, CoMPAS, and SEAPATH. 

CoMPAS is Configuration Modules for Power industry Automation Systems, which addresses a core need to develop open source software components for profile management and configuration of a power industry protection, automation, and control system. ComPAS is critical for the digital transformation of the power industry and its ability to move quickly to new technologies. It will enable a wide variety of utilities and technology providers to work together on developing innovative new solutions.

SEAPATH, Software Enabled Automation Platform and Artifacts (THerein): aims to develop a platform and reference design for an open source platform built using a virtualized architecture to automate the management and protection of electricity substations. The project is led by Alliander, with RTE and other consortium members contributing.

As we move to a decarbonized future, open source will play an increasingly important role in helping utilities meet their goals. It’s already helping them speed up the grid’s modernization, reduce costs, and collaborate on shared challenges. And it’s only going to become essential as we move toward a cleaner, more sustainable energy system.

Read Paving the Way to Battle Climate Change: How Two Utilities Embraced Open Source to Speed Modernization of the Electric Grid to see how it works and how you and your organization may leverage Open Source. Together, we can develop solutions. 

Subscribe to LF Research

The post LF Energy: Solving the Problems of the Modern Electric Grid Through Shared Investment appeared first on Linux Foundation.

Last year’s Jobs Report generated interesting insights into the nature of the open source jobs market – and informed priorities for developers and hiring managers alike. The big takeaway was that hiring open source talent is a priority, and that cloud computing skills are among the top requested by hiring managers, beating out Linux for the first time ever in the report’s 9-year history at the Linux Foundation. Here are a few highlights:

Now in its 10th year, the jobs survey and report will uncover current market data in a post-COVID (or what could soon feel like it) world. 

This year, in addition to determining which skills job seekers should develop to improve their overall employability prospects, we also seek to understand the nature and impact of the “Great Resignation.” Did such a staffing exodus occur in the IT industry in 2021, and do we expect to feel additional effects of it in 2022? And what can employers do to retain their employees under such conditions? Can we hire to meet our staffing needs, or do we have to increase the skill sets of our existing team members?

The jobs market has changed, and in open source it feels hotter than ever! We’re seeing the formation of new OSPOs and the acceleration of open source projects and standards across the globe. In this environment, we’re especially excited to uncover what the data will tell us this year, to confirm or dispel our hypothesis that open source talent is much in demand, and that certain skills are more sought after than others. But which ones? And what is it going to take to keep skilled people on the job? 

Only YOU can help us to answer these questions. By taking the survey (and sharing it so that others can take it, too!) you’ll contribute to a valuable dataset to better understand the current state of the open source jobs market in 2022. The survey will only take a few minutes to complete, with your privacy and confidentiality protected. 

Thank you for participating!

Take 10th Annual Survey Who We Are Looking To Participate

• Employers
• Hiring Managers
• Human Resources Staff
• Job Seekers
• IT Directors and IT Management
• IT Training Developers and Training Providers

Project Leadership

The project will be led by Clyde Seepersad, SVP & General Manager of Linux Foundation Training & Certification, and Hilary Carter, VP Research at the Linux Foundation.

The post Looking to Hire or be Hired? Participate in the 10th Annual Open Source Jobs Report and Tell Us What Matters Most  appeared first on Linux Foundation.

LF Equality StatementDownload

The post STATEMENT AGAINST TEXAS DISCRIMINATION appeared first on Linux Foundation.

The Linux Foundation’s Board of Directors represents a cross-section of our membership–from different industries with different backgrounds and expertises. This broad, diverse group works hard to ensure the Linux Foundation is achieving its mission to unlock the power of open technology to drive shared innovation for the collective benefit. Their expertise, passion, and work is essential to our joint successes. 

Some of the Board is elected by the other members and their terms are limited. The Board also has turnover as executives in our members’ companies change roles. This year we welcome five new members to the Board. We are excited for the breadth of experience that will make the work we all do more impactful. Read more about each one: 

Suzanne Ambiel is an 11-year veteran of VMware and “experienced traveler” in the technology space, Suzanne caught the open source bug late in life, but now considers herself “all in” thanks to a few inspiring, influential, and patient leaders. During work hours, you’ll find Suzanne playing dual roles — behind the scenes of VMware’s Open Source Program Office and in VMware’s Brand & Creative team. But when the whistle blows, she’s likely out riding the trails, walking her two dachshunds, or pondering why her sourdough didn’t rise (again).

Tim Bird is a longtime Linux kernel developer, with over 25 years experience with the Linux kernel and open source community. He is a principal software engineer and general Open Source technologist at Sony Corporation. Over the last 2 decades he has been involved with many projects in the Linux Foundation and other trade associations to enhance Linux for use in embedded and consumer electronics products. Tim is the founder of the Embedded Linux Conference and the elinux wiki. He recently served on the Linux Foundation Technical Advisory Board, and was previously the CTO of Lineo, an early embedded Linux company.

Ben Maurer is a software engineer at Meta focusing on privacy and security. He joined Meta in 2010 as a member of the infrastructure team where he played a key role in driving the performance and reliability of Meta’s products. Over the course of his time at the company, Ben has worked on several technologies that Meta has open sourced, including jemalloc, Folly, Thrift, and HHVM. He has also built deep partnerships with the open source community such as bringing Restartable Sequences to the Linux kernel and building a team within Meta dedicated to contributing to open source web browsers. Ben is one of the co-creators of the Diem blockchain and led Meta’s technical contributions to the project.

Ben also worked at the White House in 2014 as part of the U.S. Digital Service where he improved the communication tools used by the President and his staff.

Before joining Meta, Ben was an engineer at Google after the company acquired the startup he co-founded, reCAPTCHA, a system that determines if a user is human while simultaneously digitizing books. Ben has also contributed to the Mono and GNOME open source projects.

Shojiro Nakao is a general manager of the R & D Division of the Automotive Company of Panasonic. He is responsible for the development and management of automotive software platforms. He has been working with Linux for over 15 years, in a variety of product development, including mobile, IoT, and automotive devices. Responsible for software platform development, he has been promoting Panasonic’s collaboration with various open source communities. In addition, he is a steering committee member of Automotive Grade Linux.

Phil Robb is the Acting Head of Ericsson Software Technology (EST), where he leads a passionate group of engineers developing open source software across a wide range of projects including Linux, OpenStack, Kubernetes, and ONAP among many others.

Prior to Ericsson, Phil was the V.P. of Operations for the Networking Projects at the Linux Foundation including ORAN, ONAP, OpenDaylight, and Anuket.  In that role, Phil led a team of technical staff who oversaw community software development based on DevOps and open source best practices.  Prior to the Linux Foundation, Phil spent 12 years with Hewlett Packard working on Linux and Open Source starting in 2001.  There, Phil formed and led HP’s Open Source Program Office responsible for open source strategy, tools, processes, and investments as HP transitioned from Unix to Linux in the Enterprise Server market.

The post The Linux Foundation Welcomes New Board Members from Ericsson, Fujitsu, Meta, Panasonic, Sony, and VMWare appeared first on Linux Foundation.