Open-source News

How to Install and Use Annotator: An Image Annotation Tool for Linux  MUO - MakeUseOf

How to Configure User Access of Files and Folders in Linux  MUO - MakeUseOf

Why companies should focus on preventing privilege escalation  TechTarget

How to conduct Linux privilege escalations  TechTarget

This article originally appeared on the LF Public Health project’s blog. We republished it here to help spread the word about another impactful project made possible through open source. 

Linux Foundation Public Health (LFPH) launched the Global COVID Certificate Network (GCCN) project in June 2021 to facilitate the safe and free movement of individuals globally during the COVID pandemic. After nine months of dedicated work, LFPH completed the proof-of-concept (POC) of the GCCN Trust Registry Network in partnership with Fraunhofer Institute for Industrial Engineering (Fraunhofer IAO), Symsoft Solutions and Finema in March 2022.

With the ambition to provide a complete suite of technology to address the many challenges for COVID certificates, such as interoperability, data security and privacy protection, LFPH began the GCCN project focusing on one of the challenges not being addressed—a global trust architecture that allows seamless integration of the disparate COVID credential types. At the time, many small and large centralized trust ecosystems that implemented different technical standards and policies, such as the EU Digital COVID Certificate, emerged and began to gain traction. However, without a platform that allows these ecosystems to discover and establish trust with each other, there wouldn’t be interoperability at the global level. The GCCN Trust Registry Network was created to solve exactly this problem.

“We started the GCCN work in response to COVID, but everything we do has a vision for solving the challenge of people needing multiple credentials and constant verifications. The GCCN Trust Registry Network makes possible a new, decentralized way of trust management, which helps revolutionize how identities are shared in a privacy-preserving way. At LFPH, we are dedicated to open source innovation for public health and patient identity. We look forward to working with our members, community and stakeholders to advance the GCCN work both in the US and internationally.” – Jim St.Clair, Executive Director of LFPH

Building on the open source TRAIN Trust Management Infrastructure funded by the European Self-Sovereign Identity Framework (ESSIF) Lab, the GCCN Trust Registry Network allows different COVID certificate ecosystems, which can be a political and economic union (e.g. the EU), a nation state (e.g. India), a jurisdiction (e.g. the State of California), an industry organization (e.g. ICAO) or a company (e.g. a COVID test administrator), to join and find each other on a multi-stakeholder network, and validate each other’s COVID certificate policies. This interaction is known as a discovery mechanism. Then based on the discovery, verifiers will decide whose certificates they accept and use the Trust Registry Network to build a customized trust list based on their entry rules and check the source of incoming certificates against their known list to determine if it’s from a trusted source. If the certificate is from a trusted source, the verifiers will be able to use the public key to decrypt and decode a COVID certificate. For more information about the technical mechanism behind the GCCN Trust Registry Network and how it works, please see our two recent articles, “How does a border control officer know if a COVID certificate is valid?” and “How does a border control officer know if a traveler meets entry rules?”.

.avia-image-container.av-l2hq8cav-e4484434c22ad27d0013ca334b9deea7 .av-image-caption-overlay-center{ color:#ffffff; }

The GCCN Trust Registry Network PoC is composed of two parts, onboarding to the Network and verification of COVID certificates using the Network. The PoC wouldn’t have been a success without the contributions of these partners and the ongoing support of the LFPH community. Fraunhofer IAO, the German research organization that developed the TRAIN Infrastructure, supported the effort throughout. Symsoft Solutions, a US-based enterprise web solutions provider, built the initial demo web application of the Network and web interface for the onboarding process of the POC. Savita Farooqui, the founder of Symsoft Solutions, has been co-leading the design and technical development of GCCN with LFPH staff. Finema, a Thai company specializing in decentralized identity solutions, developed the verifier app for the POC that demonstrates how a verifier can leverage the Network for verifications.

“By working with the LFPH team on the GCCN Trust Registry Network initiative, we had the opportunity to explore and extend the TRAIN Infrastructure for COVID certificate trust management. Prior to this work, TRAIN was already implemented for a variety of use cases such as IoT/Industry 4.0, verification of refugee educational documents. We believe that TRAIN will be able to provide lightweight solutions pertaining to trust management on a global scale for a wide range of public health scenarios. We are looking forward to working on the further developments of the GCCN Trust Registry Network based on the stakeholders’ needs for COVID and beyond.” – Isaac Henderson, Technical Architect, Fraunhofer IAO.

The GCCN Trust Registry Network provides a model for managing global, distributed trust registries/authorities. The Network enrolls trust registries/authorities as entries and supports the structure and meta-data for a variety of trust registries, along with a mechanism to access and update the entries using machine and human accessible formats. We worked with the LFPH team to define the meta-data and workflows for enrollment, and developed the demo application to validate these requirements and the POC interface to integrate with the TRAIN infrastructure. We look forward to continuing to work with LFPH and other partners to further develop the GCCN Trust Registry Network and create a reusable trust management solution for use cases beyond COVID. – Savita Farooqui, Founder, Symsoft Solutions

Finema’s solution plays a big part in the verification of different digital vaccine credentials for the Thailand Pass portal that has been a major factor in reopening Thailand’s borders and encouraging global travel. Through that work, we saw and experienced a clear need for a highly secure global trust network that promotes greater interconnectivity and interoperability between various COVID vaccination credentials from different nations, organizations and individuals throughout the world. Finema was happy to support the POC development of the GCCN Trust Registry Network through our solutions, and we look forward to building further on this work for border reopening and other use cases.  – Pakorn Leesakul, CEO, Finema Co. Ltd.

LFPH will host two webinars about the POC: on May 10, 2022 at 8 am ET / 2 pm CEST, and May 11, 2022 at 7 pm PT / (+1d) 10 am HKT, to have a live demo and Q&A session.

In the meantime, if you have any questions about the GCCN Trust Registry Network and the POC, please email the LFPH team at info@lfph.io.

The post LFPH Completes the Proof-of-Concept of its GCCN Trust Registry Network appeared first on Linux Foundation.

AlmaLinux 9 beta is now available and introduces several improvements  TechRepublic

Microsoft Unveils New Antimalware Engine Capabilities for Linux and macOS  TechDecisions

The Linux Foundation based Yocto Project for making it easy to create Linux-based IoT/embedded operating system software builds is out today with Yocto 4.0...

It's been a rough year for floppy disk support on Linux and goes to show the state of seldom maintained to unmaintained code...

Linux Disabling Raw Access To Floppy Disks "FDRAWCMD" By Default  Phoronix

5 Reasons to Try Out Zorin OS (and Which Edition to Go For)  MUO - MakeUseOf

How to Install Unrar on Rocky Linux or AlmaLinux 8  BollyInside

Windows vs. Linux vs. Mac: the channel comparison  IT PRO

Beelink SER 4 4800U X pairs a Ryzen 7 CPU with Manjaro Linux  Liliputing

Intel open-source engineers sent in their initial batch of "drm-intel-gt-next" updates to DRM-Next today destined for the Linux 5.19 merge window...

10 Reasons to Run Linux in Virtual Machines  It's FOSS

Microsoft discovers ‘several’ vulnerabilities affecting Linux desktop endpoints  The Record by Recorded Future

Microsoft discovers 'several' vulnerabilities affecting Linux desktop endpoints  The Record by Recorded Future

Incredibuild Launches Support for Yocto Project® - Bolstering Solution for Linux  PR Newswire

When I started at The Linux Foundation (LF) a few weeks ago, our research was one of the first things I dug into as I absorbed and learned what all the LF does to advance open source. Plus, since I started, it seems like the LF Research team has published a new report every few days. What a wealth of information!

So, imagine my surprise when I learned that LF Research has just been around for one year. April 15th marked their one year birthday – and they have set the bar high in their first year. 

But are they making a difference? I know my inclination, especially having spent time working in government, is that research reports get published and then sit on virtual shelves, never to be seen again. But LF Research uses the open source model of bringing people together to solve problems and to share the solutions widely. They engage LF members and the community, across the ecosystem, to answer the question, what are the tools we can create, together, for shared value. And, importantly, their reports focus on action items.

Over the past twelve months, LF Research has published 12 reports across a variety of topics and industry verticals. Each of them are presented below. Take time to look at their work, dig in deeper on topics that interest you, and then go, make a difference. 

And  stay tuned for more impactful research in 2022 on topics such as cybersecurity insights in the developer process, mentorship, a guide to enterprise open source, an updated state of the open source program office, a new jobs report, and much, much more.

The Carbon Footprint of NFTs – NFTs are simultaneously overhyped and met with both skepticism and a general lack of understanding on what they are and how they work. Serious concerns have also been raised over energy-intensive proof-of-work (PoW) consensus mechanisms. The report, just released last week, studies the concern that energy-intensive PoW consensus mechanisms for NFTs have a significant impact on the climate. The report details the changes taking place in the blockchain industry to address this issue, and describes howNFTs can have varying carbon footprints depending on their underlying technology stacks. Read it to learn how we can make a difference now.

.avia-image-container.av-l2glvuf9-85cfb1e32eae7a047ddafb5b48fac3ff .av-image-caption-overlay-center{ color:#ffffff; }

AI and Data in Open Source – The report reviews critical challenges in the open source AI ecosystem, such as the talent shortage, the trust gap for AI-enabled products, implementing and verifying trusted and responsible AI systems and processes, and more. But, with challenges are opportunities – opportunities that could change the world. Imagine how marrying AI with edge computing enhances performance and real-time decision making, or how CDLA licenses enable wider sharing and use of open data and the innovation that sparks in AI and machine learning models. The report also reviews how the LF AI & Data Foundation is empowering innovators and accelerating open source development. Read the full report and get excited!

.avia-image-container.av-l2gmqdgs-730ca10469013cbed693e38e7a4e6426 .av-image-caption-overlay-center{ color:#ffffff; }

Paving the Way to Battle Climate Change: How Two Utilities Embraced Open Source to Speed Modernization of the Electric Grid – New technology has to be easy to use and workable to be adopted widely enough to make a difference – this holds true in electricity production. As the energy sector innovates to do its part to arrest climate change, it must find solutions to ease the adoption of new energy sources. As the electricity infrastructure modernizes, electricity is provided into the grid from a variety of sources – homes, business, wind and solar farms, etc. – rather than just from the local power plant. It goes from TSOs (main power lines) to DSOs (the “last mile” so to speak). Netherlands’ Alliander, a DSO, and France’s RTE, a TSO, contributed to three LF Energy projects (SEAPATH, CoMPAS, and OpenSTEF) so their electrical substations will become more modular, interoperable, and scalable. This report digs into the case studies to show how working together via open source enables them to develop more software solutions up to ten times faster than working on their own proprietary solutions.

.avia-image-container.av-l2gmvkqf-89f270ecb094f56080e225d1c0ba27c7 .av-image-caption-overlay-center{ color:#ffffff; }

Open Source in Entertainment: How the Academy Software Foundation Creates Shared Value – Truth be told, when I try to explain open source software and what we foster at the LF among my friends and family, I use the Academy Software Foundation as an example. I mean, let’s be honest, movies are way more interesting and relatable than software supply chains or licensing. The ASWF also serves as a stellar example of why companies would want to join forces and collaborate on a common software solution – let’s share resources to make the foundational tools together and then innovate on top of that on our own. We can all grow together by raising the foundation we start at. This report is a story about industry competitors, who, by working together, have shared and developed the technologies used to create mesmerizing visual effects for professional studios and filmmaking enthusiasts alike. It should spark open source innovation in other industries too (see FINOS below). 

.avia-image-container.av-l2gmxpct-6b50f22002f4248083d47fe21ec9678e .av-image-caption-overlay-center{ color:#ffffff; }

Census II of Free and Open Source Software – Application Libraries – There are more software vulnerabilities out there than there are resources available to fix them, so knowing which ones are more widely utilized and which ones are used in more critical instances allows for better resource prioritization. Makes sense, right? This report builds on the Census I report, which focused on the lower level critical operating system libraries and utilities. It utilizes data from partner Software Composition Analysis (SCA) companies including Synk, the Synopsys Cybersecurity Research Center (CyRC), and FOSSA.  They looked at over half a million observations of Free and Open Source Software libraries used in production applications at thousands of companies.  See the data and read the report written by and see the data here. 

.avia-image-container.av-l2gmzh06-81f434c4ff7809c1d120d7053981b0ba .av-image-caption-overlay-center{ color:#ffffff; }

The Evolution of the Open Source Program Office – The TODO Group is an LF project community to help organizations run successful and effective open source program offices or similar open source initiatives. This report was produced in partnership with them to provide rich insight, direction, and tools to implement an OSPO or an open source initiative with corporate, academic, or public sector environments. It also has case studies from Bloomberg, Comcast, and Porsche – the last of which was especially cool for the car geek in me. Check it out here. 

.avia-image-container.av-l2gn5yxz-b1abc7e248db7dd19588861708260053 .av-image-caption-overlay-center{ color:#ffffff; }

The State of the Software Bill of Materials (SBOM) and Cybersecurity Readiness – An SBOM is a formal and machine-readable metadata that uniquely identifies a software package and its contents. It allows organizations to quickly and accurately determine which software applications and libraries are used and where so they can effectively address vulnerabilities. The report offers fresh insight into the state of SBOM readiness and helps organizations looking to better understand SBOMs as an important tool in securing software supply chains. They need to be adopted now – so go read the report.

.avia-image-container.av-l2gnst64-9c822f544821ebd0da3e4ff02a84759f .av-image-caption-overlay-center{ color:#ffffff; }

Diversity, Equity, and Inclusion in Open Source – Diversity, equity, and inclusion (DEI) in the technology industry — and within open source specifically—is an opportunity we need to continuously leverage for the benefits it brings. In addition to the survey findings on the state of DEI, this research explores a number of DEI initiatives and their efficacy and recommends action items for the entire stakeholder ecosystem to further their efforts and build inclusion by design. Access the report here.

.avia-image-container.av-l2gnvha9-e142861f31e3a41ecd2bf92fa78990da .av-image-caption-overlay-center{ color:#ffffff; }

Data and Storage Trends Report – The SODA Foundation is an open source project under the Linux Foundation that fosters an ecosystem of open source data management and storage software for data autonomy. The report is based on a survey in English, Chinese, and Japanese-speaking markets to identify the current challenges, gaps, and trends for data and storage in the era of Cloud Native, edge, AI, and 5G. The intention is to use this survey data to help guide the SODA Foundation and its surrounding ecosystem on important issues and help its members be better equipped to make decisions, improve their products, and the SODA Foundation to establish new technical directions.

.avia-image-container.av-l2goc9sk-d07f7a6347c5a40cd6486df21cf8d265 .av-image-caption-overlay-center{ color:#ffffff; }

The State of Open Source in Financial Services Report – While the financial services industry has been a long-time consumer of open source software, contributing to software and standards development has not been at the core of their business models and tech strategies. This report creates a baseline of their current activities, highlights obstacles and challenges to improving industry-wide collaboration, and lays out a set of actionable insights for improving the state of open source in financial services. You can read the report here. 

.avia-image-container.av-l2goebpw-6a86ebc14b3202739bbd1df8bb4d50f0 .av-image-caption-overlay-center{ color:#ffffff; }

9th Annual Open Source Jobs Report – ​​ The LF partnered with edX to shed light on the changes and challenges in the global open source jobs market. Employers can use its actionable insights to inform their hiring, training, and diversity awareness efforts. It also gives professionals clear, unbiased insights on which skills are most marketable and how reskilling and certifications benefit job seekers. Dig in here. 

.avia-image-container.av-l2goo8hy-b523b3be036e6444bd470c34d8ea4248 .av-image-caption-overlay-center{ color:#ffffff; }

Hyperledger Brand Study – The study explores the state of the enterprise blockchain market and the Hyperledger brand. It looks at whether enterprises have or are considering adopting blockchain, which solutions they are familiar with, what are desirable attributes of solutions, what problems they are addressing with blockchain technology, and much, much more. You can read the results and access the underlying data here. 

.avia-image-container.av-l2goj7v2-7da491a0d633aab25bce59401e0440e1 .av-image-caption-overlay-center{ color:#ffffff; }

The post LF Research: One Year Recap and Imagining the Future appeared first on Linux Foundation.