Open-source News

For many of us, it has been several years since we’ve been in conference settings, or around many people at all. As we close in on a broader return to in-person events next month, this is the perfect time to reiterate that our events are gatherings intended for professional networking and collaboration for the open source community, that exist to encourage the open exchange of ideas. Thus, they require an environment that recognizes the inherent worth of every person and group. All event participants, whether they are attending an in-person or a virtual event, are expected to behave in accordance with our Event Code of Conduct. In short: Be kind. Be professional. Treat everyone with respect. 

The importance of a diverse, welcoming and inclusive open source community has been widely understood for some time. Progress is slowly being made, but there is a long way to go. We created our Event Code of Conduct in 2011 as one of many ways we at the Linux Foundation could help create a more welcoming community. Events play a huge role in how open source communities collaborate, and it is critical that these are safe spaces, free of harassment and discrimination. 

In the earlier years of our Event Code of Conduct, we received very few incident reports, but that number has grown, especially in recent years. This is a good thing. It means our event participants feel more comfortable speaking up. And the more people speak up, the sooner we can reach our shared goal of a truly inclusive community. 

To that end, we will begin publishing a round-up of Event Code of Conduct reports, starting with this 2021 summary. We only held a few in-person events in 2021, so expect these reports to be longer in the future as we continue to hold more in-person events. Moving forward, these reports will be published bi-annually. We will also publish event-specific reports for events with 2,000+ in-person attendees.

We look forward to seeing you all soon, online or in person.  

The Linux Foundation Events Team
events@linuxfoundation.org

———

2021 Code of Conduct Incidents By Event

KubeCon Europe (Virtual) 

• 2 reports of concern that several CNCF ambassadors were airing grievances about not having talks accepted at the event, which belittled the work of the program committee
  • Resolution: A warning was issued, and we published this blog outlining the review process
• 1 report of inappropriate sexual advance in a virtual session via chat
  • Resolution: A warning was issued

Open Source Summit North America (In Person + Virtual)

• 1 person videotaping other attendees without their consent (In Person)
  • Resolution: A warning was issued
• 1 report of attendee violating the mask mandate
  • Resolution: A warning was issued

KubeCon North America (In Person + Virtual) 

• 1 person videotaping other attendees without their consent (In Person) 
  • Resolution: A 2nd and final warning was issued and letting them know their action is illegal in California
• 2 reports of attendees violating the mask mandate 
  • Resolution: warnings were issued 
• 1 report of staff at a sponsor booth ignoring a woman attendee
  • Resolution: A warning was issued
• 1 person banned from attending the event due to behavior prior to event showed up to the JW Marriott multiple times
  • Resolution: The individual was escorted out of the venue each time
• 1 attendee was speaking unprofessionally to a member of the LF staff when asked to abide by Covid health + safety protocols
  • Resolution: A warning was issued
• 2 sponsors were handing out collateral with profanity on them
  • Resolution: A warning was issued, and they refrained from passing out the offending materials thereafter
• 1 attendee reported (on social media) a staff member at the JW Marriott restaurant was racially profiling them
  • Resolution: LF notified JW Marriott hotel management and LF staff followed up with the attendee that alerted LF of the issue
• Multiple reports of harassment were received against the same attendee. Additional reports were received post-KubeCon as well, for a total of 5 reports.
  • Resolution: The LF conducted an in-depth investigation, involving a neutral outside investigator, and the accused individual participated in the process as well as the reporters. At the conclusion of the investigation, the decision was to ban this person from attending any future Linux Foundation (or LF project) events, and from participating in any leadership position on any Linux Foundation project. The individual was notified of this decision.

PrestoCon Day (Virtual)

• 1 Attendee was spamming links to YouTube videos and memes for competitors in the virtual chat.
  • Resolution: LF staff deleted posts and removed the user from the event platform. The attendee’s registration information was fake, so no further follow up could be done.

The post Linux Foundation Events Code of Conduct Transparency Report – 2021 Event Summary appeared first on Linux Foundation.

How to Extract Text From Images on Linux With TextSnatcher  MUO - MakeUseOf

vRAN (Virtualized Radio Access Network) Ecosystem Market Past Research, Deep Analysis and Present Data With Linux Foundation, MTI Mobile, Rearden – Political Beef  Political Beef

Best Linux Distributions for KDE Plasma 5 of 2022 April  BollyInside

Star Labs Byte is a Linux mini PC with Ryzen 7 5800U  Liliputing

You Can Now Pre-Order the StarBook Mk V Linux Laptop with an AMD Ryzen 7 CPU  9to5Linux

AMD today sent in an initial batch of new feature code today to DRM-Next for staging ahead of the Linux 5.19 kernel cycle...

How to Install and Test a Web Server on Chromebook Linux  BollyInside

What’s New in Fedora 36  How-To Geek

How to Format Your USB Drive on Linux  MUO - MakeUseOf

How to Format Your USB Drive on Linux  MUO - MakeUseOf

Embedded Linux Market to Witness Growth Acceleration | Mitsubishi, Advantech, Mentor Graphics – Political Beef  Political Beef

I am old enough to remember when organizations developed software in-house – all of it. I also clearly remember my information systems college professor teaching it is almost always less expensive and better to use code/programs already written and adapting them for your use than to recreate the wheel from scratch. 

It is a different world now – software is built on a foundation of other programs, libraries, and code bases. Free and open source software (FOSS) is key to this because it is so easy to pickup, use, share, and create code. What an opportunity to speed development and focus innovation on the next thing rather than creating what already exists. This is part of the value of open source software – collaborate on the building blocks and innovate and differentiate on top of that. 

However, there are also challenges in this space, with a good example being the question of how to address licensing. There are A LOT of types of licenses that can apply to a piece of software/code. Each license needs to be understood and tracked with each piece of software it is included in for an organization to ensure nothing is missed. This can quickly multiply into a significant catalog that requires lots of manual work. On top of that, you also need to provide that license information to each of your customers, and they will have their own system and/or processes for providing that information to them and making sure it is up-to-date with each new version of the software. 

You can see where this can quickly consume valuable staff resources and open doors to mistakes. Imagine the possibility of a standard way to track and report the licenses so your teams don’t need to worry about all of the digital paperwork and can instead focus on innovation and adding value to you and your customers.

This is exactly the problem a team of lawyers and governance experts sought to fix back in 2016 and created the OpenChain Project to do just that. They asked, what are the key things for open source compliance that everyone needs, and how do we unify the systems and processes. They envisioned an internationally accepted standard to track and report all of the licenses applicable to a software project. The end result is a more trustable supply chain where organizations don’t need to spend tons of time checking compliance again and again and then remediating. 

The result – a ISO standard  (ISO/IEC 5230) was approved in Q4 2020. The OpenChain Project also hosts a library of 1,000 different reference documents in a wide variety of languages – some are official and many more are community documents, like workflow examples, FAQs, etc.

How are organizations benefiting from OpenChain? I find it encouraging that Toyota is one of the leaders in this. As anyone who has had at least one business class in college knows, Toyota is a leader in innovations for manufacturing over several decades. In the 1970s they pioneered supply chain management techniques with the Toyota Production System (please tell me they had to do TPS reports) – adopted externally as Just in Time manufacturing. They are also known for adopting the philosophy of Kaizen, or continuous improvement. So, as they looked at how to manage software supply chains and all of the licensing, they adopted the OpenChain Specification. They implemented it, in part, with a governance structure and an official group to manage OSS risks and community contributions.

.avia-image-container.av-l20heg6x-cd2d943e933a1c3dd3f8cb175716f4bc .av-caption-image-overlay-bg{ opacity:0.4; background-color:#000000; } .avia-image-container.av-l20heg6x-cd2d943e933a1c3dd3f8cb175716f4bc .av-image-caption-overlay-center{ color:#ffffff; }

Toyota’s OSS governance structure

They are also an active participant in the OpenChain Japan Working Group to help identify bottlenecks across the supply chain, and the group enabled Toyota to develop information sharing guidelines to address licensing challenges with Tier 1 suppliers. They now see reduced bottlenecks, more data for better decision making, and decreased patent and licensing risks. Read more.

PwC is a global auditing, assurance, tax, and consulting firm. As an auditor, much of their business revolves around building trust in society. They also develop software solutions for thousands of clients around the world and receive software from providers of all sizes and maturity levels, making OSS compliance difficult. It was a tremendous effort and caused time delays for them and their clients. Now, PwC is able to provide clients with an Open Source Software compliance assessment based on the latest OpenChain specification. Their clients can share an internationally-recognized PwC audit report to verify OSS compliance. Read more.

And just last month, SAP, a market leader in enterprise application software, announced they are adopting the OpenChain ISO/IEC 5230 standard. It marks the first time that an enterprise application software company has undergone a whole entity conformance. Their reach across the global supply chain is massive – its customers are involved in almost 90% of global trade.

As the ISO/IEC standard is done, what is next for OpenChain? They are looking at security, export control, and more. 

If you or your organization are interested in learning more about OpenChain, adopting the standard, or getting involved in what is next, head over to https://www.openchainproject.org/. We also host an online training course when you are ready to dig in: Introduction to Open Source License Compliance Management. 

My hope is that you now spend less time on compliance and more time on innovation.

The post More Time on Innovating, Less Time on Compliance appeared first on Linux Foundation.

Google has pledged $1 million to the Linux Foundation’s new open source security awards program  BollyInside

Google has pledged $1 million to the Linux Foundation’s new open source security awards program  BollyInside

Microsoft Finally Brings ARM-Based VMs to Azure  thenewstack.io

Sophos upgrades Sophos Cloud Workload Protection  Telecompaper EN

As previously talked about on Phoronix with the in-development Linux 5.18 kernel there is a change to the Linux kernel scheduler around the NUMA imbalance handling when spanning multiple LLCs as is the case with AMD Zen CPUs. Already I've carried out benchmarks looking at some of the areas where AMD EPYC CPUs are enjoying speed-ups on Linux 5.18. Since benchmarking the AMD EPYC 7773X with its hefty 1.5GB of L3 cache for 2P servers via AMD 3D V-Cache, I've been curious to try this forthcoming kernel on that Milan-X configuration. Here are such benchmarks looking at the AMD EPYC 7773X 2P performance on Ubuntu 22.04 with its default Linux 5.15 kernel against Linux 5.17 stable and then the 5.18 development kernel.

A new version of Mold has been released, the high-speed open-source linker successfully challenging the likes of GNU Gold and LLVM LLD...

Running AMD EPYC 7773X Milan-X With Linux 5.18's Performance Improvements  Phoronix