Open-source News

OSS Security Highlights from the 2022 Open Source Summit North America

The Linux Foundation - Tue, 07/26/2022 - 21:00

By Ashwin Ramaswami

Last month, we just concluded the Linux Foundation’s 2022 Open Source Summit North America (OSS NA), when developers, technologists, and community leaders from industry, academia, and government converged in Austin, Texas, from June 21-24 to talk about all things open source. Participants and speakers highlighted open source innovation and efforts to ensure a sustainable open source ecosystem.

What did the summit tell us about the state of OSS security? Several parts of the conference addressed different aspects of this issue – OpenSSF Day, Critical Software Summit, SupplyChainSecurityCon, and the Global Security Vulnerability Summit. Overall, the summit demonstrated an increased emphasis on open source security as a community effort with various stakeholders. More ambitious and innovative approaches to handling the open source security problem – including collaboration, tools, and training – were also introduced. Finally, the summit highlighted the importance for open source users to give back to the community and contribute upstream to the projects they depend on.

Let’s explore these ideas in more detail!

Click on the list on the upper right of this video to view the entire OpenSSF Day playlist (13 videos) Open source security as a community effort

Open source security is not just an isolated effort by users or maintainers of open source software. As OSS NA showed, the stakes of open source security have turned it into a community effort, where a wide variety of diverse stakeholders have an interest and are beginning to get involved.

  • As Todd Moore (IBM) mentioned in his keynote, incidents such as log4shell have made open source security a bigger priority for governments – and it is important for existing open source stakeholders, both users and maintainers, to work as a community to take a cohesive message back to the government to articulate our community’s needs and how we are responding to this challenge.
  • Speakers at a panel discussion with the Atlantic Council’s Cyber Statecraft Initiative and the Open Source Security Foundation (OpenSSF) discussed the summit held by OpenSSF in Washington, DC on May 12 and 13, where representatives from industry and government met to develop the Open Source Software Security Mobilization Plan, a $150 million plan for better securing the open source ecosystem.
  • A panel discussion explored how major businesses are working together to improve the security of the open source supply chain, particularly through the governance structure of the OpenSSF.
New approaches to address open source security

OSS NA featured several initiatives to address fundamental open source security issues, many of which were particularly ambitious and innovative.

  • The OpenSSF’s Alpha-Omega Project was announced to address software vulnerabilities for OSS projects that are most critical (alpha) and at the long tail (omega).
  • Eric Brewer (Google) gave a keynote discussing the fundamental problem of ensuring accountability in the open source software supply chain. One way of solving this is through curation: creating a repository of vetted and secure packages.
  • Standards continue to be important, as always: Art Manion (CERT/CC) discussed the history and future of the CVE Program, while Jennings Aske (New York-Presbyterian Hospital) and Melba Lopez (IBM) discussed the importance of a Software Bill of Materials (SBOM).
  • The importance of security tooling was emphasized, with discussions on tools such as sigstore, automation of security checks through Infrastructure as Code tools, and CI/CD pipelines.
  • David Wheeler (Linux Foundation) discussed how education in secure software development is critical to ensuring open source software security. Courses like the OpenSSF’s Secure Software Development Fundamentals Courses are available to help developers learn this topic.
Giving back to the community

Participants at the summit recognized that open source security is ultimately a matter of community, governance, and sustainability. Projects that don’t have the right resources or governance structure may not be able to ensure their projects are secure or accept the right funding to do so.

  • Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) discussed the release of the 2022 State of Open Source Security report from Snyk and the Linux Foundation. The report noted that open source software is often a one-way street where users see significant benefits with minimal cost or investment. It is recommended that organizations need to close the loop and give back to OSS projects they use for larger open source projects to meet user expectations.
  • Aeva Black (Microsoft) discussed approaches to community risk management through drafting and enforcing a code of conduct, and how ignoring community health can lead to sometimes catastrophic technical outcomes for OSS Projects.
  • Sean Goggins (CHAOSS) discussed the relationship between community health and vulnerability mitigation in open source projects by using metrics models from the CHAOSS projects.
  • Margaret Tucker and Justin Colannino (GitHub) discussed the role that package registries have in open source security, beginning to formulate some principles that would balance these registries’ responsibility for safety and reliability with the freedom and creativity of package maintainers.
  • Naveen Srinivasan (Endor Labs) and Laurent Simon (Google) explored the OpenSSF Scorecard to more easily analyze the security of open source projects and proactively improve their security.
  • Amir Montazery (OSTIF) discussed the Open Source Technology Improvement Fund’s efforts to help OSS maintainers to work with security experts to improve their projects’ security posture.
Conclusion

In sum, the talks and conversations at OSS Summit NA help paint a picture of how key stakeholders in the open source software ecosystem – OSS communities, industry, academia, and government – are thinking about conceptualizing big-picture issues and directing efforts around OSS security.

But these initiatives and talks still have a lot of room for input! Whether individually or through your institution, consider adding your voice to this discussion as we continue to support the open source software community. Join an OpenSSF working group, another initiative, or contribute upstream to open source projects that you depend on.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux Foundation.

Turnip Vulkan Driver Now Works With Zink For OpenGL 4.6, Approaching Vulkan 1.3

Phoronix - Tue, 07/26/2022 - 20:47
Mesa's Turnip driver that provides open-source Vulkan support for Qualcomm Adreno graphics processors continues maturing nicely and is approaching Vulkan 1.3 conformance...

Firefox 103 Better Handles High Refresh Displays, WebGL Performance Fix On NVIDIA Driver

Phoronix - Tue, 07/26/2022 - 18:23
Mozilla's Firefox 103 web browser is now available from mirrors as the latest monthly update to this open-source, cross-platform browser...

Linux 5.20 To Enable THP SWAP On 64-bit Arm For Better Swapping Performance

Phoronix - Tue, 07/26/2022 - 18:04
The "THP_SWAP" option for the Linux kernel allows swapping transparent huge-pages in one piece without splitting. With Linux 5.20 the 64-bit Arm kernel (ARM64 / AArch64) will now support this option as a performance optimization...

Latte Dock Development Officially Ends As Popular KDE Desktop Dock

Phoronix - Tue, 07/26/2022 - 17:48
For the past several years Latte Dock has been a popular macOS-like "dock" for the KDE Plasma desktop but development has now ceased...

Intel Releases OSPRay Studio 0.11.1 For Ray-Traced, Interactive Visualizations

Phoronix - Tue, 07/26/2022 - 17:39
Back in 2020 Intel announced OSPRay Studio as an interactive, ray-traced visualizer that was added to their oneAPI software suite and powered by their OSPRay engine. Released on Monday was the latest update to this open-source program...

Intel Firmware Engineers Make An Important Power Improvement For Sapphire Rapids

Phoronix - Tue, 07/26/2022 - 17:20
Earlier this year I wrote about the Intel Idle driver support being prepared for Xeon "Sapphire Rapids" CPUs but a limitation with these forthcoming Xeon Scalable processors was that C1 and C1E c-states handling are now mutually exclusive. Unlike earlier Xeon processors, C1 and C1E states couldn't be enabled at the same time. Fortunately, via new Intel firmware they have managed to overcome this limitation...

How I use Bash to automate tasks on Linux

opensource.com - Tue, 07/26/2022 - 15:00
How I use Bash to automate tasks on Linux Jim Hall Tue, 07/26/2022 - 03:00 1 reader likes this 1 reader likes this

The Bash command line is a great way to automate tasks. Whether you are running Linux on a server and need to manipulate log files or other data, or you're a desktop user who just wants to keep files tidy, you can use a few automation features in Bash to make your work easier.

Linux for command: Automate tasks on a files

If you have a bunch of files to work on at once, and you need to do the same thing with every file, use the for command. This command iterates across a list of files, and executes one or more commands. The for command looks like this:

for variable in list
do
    commands
done

I've added some extra spacing in there to help separate the different parts of the for command. That multi-line command might look difficult to run on the command line, but you can use ; to put everything on one line, like this:

for variable in list ; do commands ; done

Let's see it in action. One way I use the for command is to rename a bunch of files. Most recently, I had a bunch of screenshots that I wanted to rename. The screenshots had names like filemgr.png or terminal.png and I wanted to put screenshot before each name instead. I ran a single for command to rename thirty files at once. Here's an example with just two files:

$ ls
filemgr.png  terminal.png
$ for f in *.png ; do mv $f screenshot-$f ; done
$ ls
screenshot-filemgr.png  screenshot-terminal.png

The for command makes it easy to perform one or more actions on a set of files. You can use a variable name that is meaningful to you, such as image or screenshot, or you can use a "shorthand" variable like f, as I did in my example. When I write scripts that use a for loop, I try to use meaningful variable names. But when I'm using for on the command line, I'll usually use a short variable name like f for files or d for directories.

Whatever name you choose for your variable, be sure to reference the variable using $ in the command. This expands the variable to the name of the file you are acting on. Type help for at your Bash prompt to learn more about the for command.

More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articles Linux conditional execution (if)

Looping across a set of files with for is helpful when you need to do the same thing with every file. But what if you need to do something different for certain files? For that, you need conditional execution with the if statement. The if statement looks like this:

if test
then
    commands
fi

You can also do if/else tests by using the else keyword:

if test
then
    commands
else
    commands
fi

For more complicated processing, you can use if/else-if/else evaluations. I might use this in a script, when I need to automate a job to process a collection of files at once:

if test
then
    commands
elif test2
then
    commands
elif test3
then
    commands
else
    commands
fi

The if command allows you to perform many different tests, such as if a file is really a file, or if a file is empty (zero size). Type help test at your Bash prompt to see the different kinds of tests you can use in an if statement.

For example, let's say I wanted to clean up a log directory that had several dozen files in it. A common task in log management is to delete any empty logs, and compress the other logs. The easiest way to tackle this is to just delete the empty files. There isn't an if test that exactly matches that, but we have -s file to test if something is a file, and if the file is not empty (it has a size). That's the opposite of what we want, but we can negate the test with ! to see if something is not a file or is empty.

Let's look at an example to see this at work. I've created two test files: one is empty, and the other contains some data. We can use if to print the message "empty" if the file is empty:

$ ls
datafile  emptyfile
$ if [ ! -s datafile ] ; then echo "empty" ; fi
$ if [ ! -s emptyfile ] ; then echo "empty" ; fi
empty

We can combine this with for to examine a list of log files to delete the empty files for us:

$ ls -l
total 20
-rw-rw-r--. 1 jhall jhall 2 Jul  1 01:02 log.1
-rw-rw-r--. 1 jhall jhall 2 Jul  2 01:02 log.2
-rw-rw-r--. 1 jhall jhall 2 Jul  3 01:02 log.3
-rw-rw-r--. 1 jhall jhall 0 Jul  4 01:02 log.4
-rw-rw-r--. 1 jhall jhall 2 Jul  5 01:02 log.5
-rw-rw-r--. 1 jhall jhall 0 Jul  6 01:02 log.6
-rw-rw-r--. 1 jhall jhall 2 Jul  7 01:02 log.7
$ for f in log.* ; do if [ ! -s $f ] ; then rm -v $f ; fi ; done
removed 'log.4'
removed 'log.6'
$ ls -l
total 20
-rw-rw-r--. 1 jhall jhall 2 Jul  1 01:02 log.1
-rw-rw-r--. 1 jhall jhall 2 Jul  2 01:02 log.2
-rw-rw-r--. 1 jhall jhall 2 Jul  3 01:02 log.3
-rw-rw-r--. 1 jhall jhall 2 Jul  5 01:02 log.5
-rw-rw-r--. 1 jhall jhall 2 Jul  7 01:02 log.7

Using the if command can add some intelligence to scripts, to perform actions only when needed. I often use if in scripts when I need to test if a file does or does not exist on my system, or if the entry the script is examining is a file or directory. Using if allows my script to take different actions as needed.

Bash has a few handy automation features that make my life easier when working with files on Linux.

Image by:

Opensource.com

Linux What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

Shrink PDFs with this Linux tool

opensource.com - Tue, 07/26/2022 - 15:00
Shrink PDFs with this Linux tool Howard Fosdick Tue, 07/26/2022 - 03:00 1 reader likes this 1 reader likes this

Excluding HTML, PDF files are probably the most popular document format on the web. Unfortunately, they're not compact. For example, I like to download free eBooks. A quick glance at my eBook directory shows that its 75 PDF files consume about 500 megabytes. On average, that's over 6.6 MB for each PDF file.

Couldn't I save some storage space by compressing those files? What if I want to send a bundle of them through email? Or host them for download on a website? The transmission would be faster if these files were made smaller. This article shows a simple way to reduce PDF file size. The benefit is that it shrinks your PDFs transparently without altering the data content in any way. Plus, you can also compact many PDF files with a single command.

Compare this to the alternatives. You could upload your PDF files to one of the many online file compression websites. Several are free, but you risk the privacy of your documents by uploading them to an unknown website. More importantly, most websites shrink PDFs by tampering with the images they contain. They either change their resolution or their sizes. So you trade lower image quality to get smaller PDF files. That's the same trade-off you face using interactive apps like LibreOffice, or Ghostscript line commands like gs and ps2pdf. The technique we'll illustrate in this article compacts PDFs without altering either the images they contain or their data content. And you can reduce many PDFs with a single line command. Let's get started.

Identify and delete big unused PDFs on Linux

Before you spend time and effort compacting PDF files, identify your largest ones and delete those you don't need. This command lists the 50 biggest PDFs in its directory tree, ordered by descending size:

$ find  -type f  -exec  du -Sh {} +  |  grep .pdf | sort -rh  |  head -n 50

From the output, you can easily identify and eliminate duplicates. You can also delete obsolete files. Getting rid of these space hogs yields big benefits. Now you know which PDFs are the high payback candidates for the reduction technique we'll now cover.

More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articles Transparently compact PDFs

We'll use the open source Minuimus program to compact PDFs. Minuimus is a generalized command-line utility that performs all sorts of useful file conversions and compressions. To shrink PDFs, Minuimus unloads and then rebuilds them, gaining numerous efficiencies along the way. It does this transparently, without altering your data in any way.

To use Minuimus, download its zip file. Then install it as its documentation explains, with these commands:

$ make deps      # Installs all required supporting packages
$ make all       # Compiles helper binaries
$ make install   # Copies all needed files to /usr/bin

Minuimus is a Perl script, so you run it like this:

$ minuimus.pl  input_file.pdf    # replaces the input file with compressed output

When it runs, Minuimus immediately makes a backup of your original input file. It only replaces the input file with its compacted version after it fully verifies data accuracy by comparing before and after bitmaps representing the data.

A big benefit to Minuimus is that it validates any PDF file it works on. I've found that it gives intelligent, helpful error messages if it encounters any problems. For example, on one of my computers, Minuimus said that it couldn't properly invoke a utility it uses called leanify. Yet it still shrunk the PDFs and ran to successful completion.

Here's how to compact many files in one command. This compresses all the PDF files in a directory:

$ minuimus.pl *.pdf

If you have lots of PDFs to convert, Minuimus might process for a while. So if you're converting hundreds of PDFs, for example, you might want to run Minuimus as a background job. Schedule it for off-hours through your GUI scheduler or as a Cron job.

Be sure to redirect its output from the terminal to files so that you can easily review it later:

$ minuimus.pl *.pdf  1>output_messages.txt  2>error_messages.txtHow much space will you reclaim?

Unfortunately, there's no way to predict how much space Minuimus can save. That's because PDFs contain anything from text to images of all different kinds. They vary enormously. I ran Minuimus on my download directory of PDF books. The directory contained 75 PDFs consuming about 500 MB. Minuimus reduced it by about 11%, to about 445 MB. That's impressive for an algorithm that doesn't change the data.

Across a large group of PDFs, size reduction of 10% to 20% appears common. The biggest files often shrink the most. Processing a collection of big PDFs often reclaims much more space than processing many small PDFs. Some PDF files show really dramatic space savings. That's because some applications create absolutely hideous PDFs. I call those files "PDF monsters." You can slay them with a single Minuimus command.

For example, while writing this article, Minuimus knocked an 85 megabyte PDF down to 32 meg. That's just 38% of its original size. The program slimmed several other monsters by 50%, recovering tens of megabytes. This is why I began this article by introducing a command to list your biggest PDF files. If Minuimus identifies a few monsters you can slay, you can reclaim major disk space for free.

Shrink PDFs with Minuimus

PDF files are useful and ubiquitous. But they often consume a good deal of storage space. Minuimus makes it easy to reduce PDF storage space by 10% to 20% without altering the data. Perhaps its biggest benefit is identifying and transforming malformed "PDF monsters" into smaller, more manageable files.

Minuimus is an open source program used to reduce PDF storage space by 10% to 20% without altering the data.

Linux What to read next Shrink PDF size with this command line trick This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

How to Work with PDF Files Using ONLYOFFICE Docs in Linux

Tecmint - Tue, 07/26/2022 - 14:08
The post How to Work with PDF Files Using ONLYOFFICE Docs in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

Those Linux users who deal with PDF files have plenty of programs to choose from. More precisely, there exist a great number of dedicated PDF tools that can be used for various tasks. For

The post How to Work with PDF Files Using ONLYOFFICE Docs in Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

PREEMPT_RT Might Be Ready To Finally Land In Linux 5.20

Phoronix - Tue, 07/26/2022 - 02:30
After years in the works, the "PREEMPT_RT" support for building a real-time Linux kernel might finally be mainlined for the upcoming Linux 5.20 cycle if the last few remaining bits are reviewed/signed-off on in time for next week's merge window...

Pages