Open-source News

There's another great reason to update to 64-bit Linux now  TechRadar

There's another great reason to update to 64-bit Linux now  TechRadar

There's another great reason to update to 64-bit Linux now  TechRadar

How to Manipulate Strings in Bash on Linux  How-To Geek

How to create users and groups in Linux from the command line  ZDNet

Firefox finally ships with long-awaited swipe gestures  TechRepublic

Firefox finally ships with long-awaited swipe gestures  TechRepublic

Intune for Linux: GA coming in Q3 — but will be bare bones.  The Stack

Sunamu is a Slick ‘Now Playing’ Widget for Your Desktop  OMG! Ubuntu!

By Ashwin Ramaswami

Last month, we just concluded the Linux Foundation’s 2022 Open Source Summit North America (OSS NA), when developers, technologists, and community leaders from industry, academia, and government converged in Austin, Texas, from June 21-24 to talk about all things open source. Participants and speakers highlighted open source innovation and efforts to ensure a sustainable open source ecosystem.

What did the summit tell us about the state of OSS security? Several parts of the conference addressed different aspects of this issue – OpenSSF Day, Critical Software Summit, SupplyChainSecurityCon, and the Global Security Vulnerability Summit. Overall, the summit demonstrated an increased emphasis on open source security as a community effort with various stakeholders. More ambitious and innovative approaches to handling the open source security problem – including collaboration, tools, and training – were also introduced. Finally, the summit highlighted the importance for open source users to give back to the community and contribute upstream to the projects they depend on.

Let’s explore these ideas in more detail!

Click on the list on the upper right of this video to view the entire OpenSSF Day playlist (13 videos) Open source security as a community effort

Open source security is not just an isolated effort by users or maintainers of open source software. As OSS NA showed, the stakes of open source security have turned it into a community effort, where a wide variety of diverse stakeholders have an interest and are beginning to get involved.

• As Todd Moore (IBM) mentioned in his keynote, incidents such as log4shell have made open source security a bigger priority for governments – and it is important for existing open source stakeholders, both users and maintainers, to work as a community to take a cohesive message back to the government to articulate our community’s needs and how we are responding to this challenge.
• Speakers at a panel discussion with the Atlantic Council’s Cyber Statecraft Initiative and the Open Source Security Foundation (OpenSSF) discussed the summit held by OpenSSF in Washington, DC on May 12 and 13, where representatives from industry and government met to develop the Open Source Software Security Mobilization Plan, a $150 million plan for better securing the open source ecosystem.
• A panel discussion explored how major businesses are working together to improve the security of the open source supply chain, particularly through the governance structure of the OpenSSF.

New approaches to address open source security

OSS NA featured several initiatives to address fundamental open source security issues, many of which were particularly ambitious and innovative.

• The OpenSSF’s Alpha-Omega Project was announced to address software vulnerabilities for OSS projects that are most critical (alpha) and at the long tail (omega).
• Eric Brewer (Google) gave a keynote discussing the fundamental problem of ensuring accountability in the open source software supply chain. One way of solving this is through curation: creating a repository of vetted and secure packages.
• Standards continue to be important, as always: Art Manion (CERT/CC) discussed the history and future of the CVE Program, while Jennings Aske (New York-Presbyterian Hospital) and Melba Lopez (IBM) discussed the importance of a Software Bill of Materials (SBOM).
• The importance of security tooling was emphasized, with discussions on tools such as sigstore, automation of security checks through Infrastructure as Code tools, and CI/CD pipelines.
• David Wheeler (Linux Foundation) discussed how education in secure software development is critical to ensuring open source software security. Courses like the OpenSSF’s Secure Software Development Fundamentals Courses are available to help developers learn this topic.

Giving back to the community

Participants at the summit recognized that open source security is ultimately a matter of community, governance, and sustainability. Projects that don’t have the right resources or governance structure may not be able to ensure their projects are secure or accept the right funding to do so.

• Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) discussed the release of the 2022 State of Open Source Security report from Snyk and the Linux Foundation. The report noted that open source software is often a one-way street where users see significant benefits with minimal cost or investment. It is recommended that organizations need to close the loop and give back to OSS projects they use for larger open source projects to meet user expectations.
• Aeva Black (Microsoft) discussed approaches to community risk management through drafting and enforcing a code of conduct, and how ignoring community health can lead to sometimes catastrophic technical outcomes for OSS Projects.
• Sean Goggins (CHAOSS) discussed the relationship between community health and vulnerability mitigation in open source projects by using metrics models from the CHAOSS projects.
• Margaret Tucker and Justin Colannino (GitHub) discussed the role that package registries have in open source security, beginning to formulate some principles that would balance these registries’ responsibility for safety and reliability with the freedom and creativity of package maintainers.
• Naveen Srinivasan (Endor Labs) and Laurent Simon (Google) explored the OpenSSF Scorecard to more easily analyze the security of open source projects and proactively improve their security.
• Amir Montazery (OSTIF) discussed the Open Source Technology Improvement Fund’s efforts to help OSS maintainers to work with security experts to improve their projects’ security posture.

Conclusion

In sum, the talks and conversations at OSS Summit NA help paint a picture of how key stakeholders in the open source software ecosystem – OSS communities, industry, academia, and government – are thinking about conceptualizing big-picture issues and directing efforts around OSS security.

But these initiatives and talks still have a lot of room for input! Whether individually or through your institution, consider adding your voice to this discussion as we continue to support the open source software community. Join an OpenSSF working group, another initiative, or contribute upstream to open source projects that you depend on.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux Foundation.

Mesa's Turnip driver that provides open-source Vulkan support for Qualcomm Adreno graphics processors continues maturing nicely and is approaching Vulkan 1.3 conformance...

Linux Operating System Market Investment Analysis | IBM, Ubuntu Linux, Linux Mint, Elementary OS, openSUSE – This Is Ardee  This Is Ardee

Mozilla's Firefox 103 web browser is now available from mirrors as the latest monthly update to this open-source, cross-platform browser...

The "THP_SWAP" option for the Linux kernel allows swapping transparent huge-pages in one piece without splitting. With Linux 5.20 the 64-bit Arm kernel (ARM64 / AArch64) will now support this option as a performance optimization...

For the past several years Latte Dock has been a popular macOS-like "dock" for the KDE Plasma desktop but development has now ceased...

Back in 2020 Intel announced OSPRay Studio as an interactive, ray-traced visualizer that was added to their oneAPI software suite and powered by their OSPRay engine. Released on Monday was the latest update to this open-source program...

Hints about SUSE's 'Adaptable Linux Platform' emerge  The Register

Earlier this year I wrote about the Intel Idle driver support being prepared for Xeon "Sapphire Rapids" CPUs but a limitation with these forthcoming Xeon Scalable processors was that C1 and C1E c-states handling are now mutually exclusive. Unlike earlier Xeon processors, C1 and C1E states couldn't be enabled at the same time. Fortunately, via new Intel firmware they have managed to overcome this limitation...

Feuding Developers, Dueling Distros Make Linux Lineage Revival Legendary  LinuxInsider.com

How I use Bash to automate tasks on Linux Jim Hall Tue, 07/26/2022 - 03:00 1 reader likes this 1 reader likes this

The Bash command line is a great way to automate tasks. Whether you are running Linux on a server and need to manipulate log files or other data, or you're a desktop user who just wants to keep files tidy, you can use a few automation features in Bash to make your work easier.

Linux for command: Automate tasks on a files

If you have a bunch of files to work on at once, and you need to do the same thing with every file, use the for command. This command iterates across a list of files, and executes one or more commands. The for command looks like this:

for variable in list
do
    commands
done

I've added some extra spacing in there to help separate the different parts of the for command. That multi-line command might look difficult to run on the command line, but you can use ; to put everything on one line, like this:

for variable in list ; do commands ; done

Let's see it in action. One way I use the for command is to rename a bunch of files. Most recently, I had a bunch of screenshots that I wanted to rename. The screenshots had names like filemgr.png or terminal.png and I wanted to put screenshot before each name instead. I ran a single for command to rename thirty files at once. Here's an example with just two files:

$ ls
filemgr.png  terminal.png
$ for f in *.png ; do mv $f screenshot-$f ; done
$ ls
screenshot-filemgr.png  screenshot-terminal.png

The for command makes it easy to perform one or more actions on a set of files. You can use a variable name that is meaningful to you, such as image or screenshot, or you can use a "shorthand" variable like f, as I did in my example. When I write scripts that use a for loop, I try to use meaningful variable names. But when I'm using for on the command line, I'll usually use a short variable name like f for files or d for directories.

Whatever name you choose for your variable, be sure to reference the variable using $ in the command. This expands the variable to the name of the file you are acting on. Type help for at your Bash prompt to learn more about the for command.

More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articles Linux conditional execution (if)

Looping across a set of files with for is helpful when you need to do the same thing with every file. But what if you need to do something different for certain files? For that, you need conditional execution with the if statement. The if statement looks like this:

if test
then
    commands
fi

You can also do if/else tests by using the else keyword:

if test
then
    commands
else
    commands
fi

For more complicated processing, you can use if/else-if/else evaluations. I might use this in a script, when I need to automate a job to process a collection of files at once:

if test
then
    commands
elif test2
then
    commands
elif test3
then
    commands
else
    commands
fi

The if command allows you to perform many different tests, such as if a file is really a file, or if a file is empty (zero size). Type help test at your Bash prompt to see the different kinds of tests you can use in an if statement.

For example, let's say I wanted to clean up a log directory that had several dozen files in it. A common task in log management is to delete any empty logs, and compress the other logs. The easiest way to tackle this is to just delete the empty files. There isn't an if test that exactly matches that, but we have -s file to test if something is a file, and if the file is not empty (it has a size). That's the opposite of what we want, but we can negate the test with ! to see if something is not a file or is empty.

Let's look at an example to see this at work. I've created two test files: one is empty, and the other contains some data. We can use if to print the message "empty" if the file is empty:

$ ls
datafile  emptyfile
$ if [ ! -s datafile ] ; then echo "empty" ; fi
$ if [ ! -s emptyfile ] ; then echo "empty" ; fi
empty

We can combine this with for to examine a list of log files to delete the empty files for us:

$ ls -l
total 20
-rw-rw-r--. 1 jhall jhall 2 Jul  1 01:02 log.1
-rw-rw-r--. 1 jhall jhall 2 Jul  2 01:02 log.2
-rw-rw-r--. 1 jhall jhall 2 Jul  3 01:02 log.3
-rw-rw-r--. 1 jhall jhall 0 Jul  4 01:02 log.4
-rw-rw-r--. 1 jhall jhall 2 Jul  5 01:02 log.5
-rw-rw-r--. 1 jhall jhall 0 Jul  6 01:02 log.6
-rw-rw-r--. 1 jhall jhall 2 Jul  7 01:02 log.7
$ for f in log.* ; do if [ ! -s $f ] ; then rm -v $f ; fi ; done
removed 'log.4'
removed 'log.6'
$ ls -l
total 20
-rw-rw-r--. 1 jhall jhall 2 Jul  1 01:02 log.1
-rw-rw-r--. 1 jhall jhall 2 Jul  2 01:02 log.2
-rw-rw-r--. 1 jhall jhall 2 Jul  3 01:02 log.3
-rw-rw-r--. 1 jhall jhall 2 Jul  5 01:02 log.5
-rw-rw-r--. 1 jhall jhall 2 Jul  7 01:02 log.7

Using the if command can add some intelligence to scripts, to perform actions only when needed. I often use if in scripts when I need to test if a file does or does not exist on my system, or if the entry the script is examining is a file or directory. Using if allows my script to take different actions as needed.

Bash has a few handy automation features that make my life easier when working with files on Linux.

Image by:

Opensource.com

Linux What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.