Open-source News

1. Fedora 36 is one of the best options for new Linux users  ZDNet
2. Fedora Linux 36 is finally here and it is much better than Ubuntu  BetaNews
3. Fedora 36 Is A Terrific Release Especially For Linux Enthusiasts, Power Users  Phoronix
4. Fedora 36 Releases With GNOME 42 and Linux Kernel 5.17  It's FOSS News
5. Fedora Linux 36 Is Here with GNOME 42, Linux Kernel 5.17, and Wayland for NVIDIA Users  9to5Linux
6. View Full Coverage on Google News

Fedora 36 is one of the best options for new Linux users  ZDNet

How to Fix the "ifconfig: command not found" Error in Linux  MUO - MakeUseOf

White House joins OpenSSF and the Linux Foundation in securing open-source software  ZDNet

Connecting Intel Alder Lake Systems Via USB4/Thunderbolt Can Be Faster Come Linux 5.19  Phoronix

A feature of Thunderbolt seemingly not widely leveraged is allowing two distinct hosts/systems to be connected over a Thunderbolt cable that can then be used for tunneling arbitrary data packets using high-speed DMA rings. Should you find yourself using such a setup, starting with Linux 5.19+ it should open the door for being much faster when running on latest-generation Intel hardware for USB4/Thunderbolt...

Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits  BleepingComputer

Following the groundwork laid in Linux 5.18, Intel VT-x's IPI Virtualization support is set to be introduced with the Linux 5.19 kernel for supporting this new hardware capability found with Xeon Scalable 4th Gen "Sapphire Rapids" server processors...

Linux, OpenSSF Champion Plan to Improve Open Source Security  DARKReading

Nvidia GPUs Are Starting To Embrace Linux More  GameRant

Newest release introduces performance and usability improvements, and marks welcome of O3DCon speaker proposals and discussion suggestions due July 15

SAN FRANCISCO, May 13, 2022 – The Open 3D Foundation (O3DF), home of a vibrant, diverse community focused on building a first-class, open source engine for real-time 3D development, has released 22.05, the latest version of the Open 3D Engine, with a focus on performance, stability and usability enhancements. 

With over 1,460 code merges, this new release offers several improvements aiming to make it easier for developers to build 3D simulations for AAA games and various applications across robotics, AI, metaverse, digital twin, automotive, healthcare, and more. Significant advancements include core stability, installer validation, motion matching updates, user-defined property (UDP) support for the asset pipeline, and automated testing advancements. 

Artists can focus on bringing their visions to life using the tools they feel most comfortable with, such as Blender or Autodesk® Maya®. The Open 3D Engine (O3DE) can now integrate user-defined properties (UDP) metadata into its asset pipeline from source assets so that scene-building and asset-processing logic can be customized using this metadata. UDP metadata can be assigned in content creation tools to store custom properties for mesh, light, animation, and other elements to power asset generation workflows for O3DE.

Animation artists can now utilize motion matching, a data-driven animation technique that synthesizes motions based on existing animation data and current character and input contexts to deliver photorealistic experiences. This feature, introduced as an experimental gem, includes a prefabricated character example that can be controlled using a gamepad. 

Other improvements include: 

• Simpler customization of the render pipeline is now possible using a new set of APIs. Examples of gems that currently exploit this capability include Terrain, LyShine and TressFx. 
• Developers can now re-use Material Types much more easily.
• Developers can now control the spawning of player-controlled, networked entities using an improved interface, a capability that is essential for building multiplayer games.
• Automated tests now verify that an installer build is valid, and ensures that all of the steps within the build are successfully executed. These tests are run nightly for O3DE, and have been designed so that anyone can plug them into their quality verification process. 

The 22.05 Release marks the Open 3D Engine’s first major release of 2022. Releases occur on a bi-annual cadence, in the first half and second half of each year. The next release is scheduled for October 2022, which will coincide with the Open 3D Foundation’s flagship conference, O3DCon.

To learn more about this release and all of its features, read the release notes, or join the community on Discord. You can download the 22.05 Release today. 

O3DCon Call for Proposals Now Open

The Open 3D Foundation also announced the call for proposals (CFPs) for its annual flagship conference, O3DCon. On October 18-19, 2022, in Austin, Texas, technology leaders, independent 3D developers, and the academic community spanning the 3D landscape will come together to share ideas, discuss hot topics and help shape the future of open 3D development across a variety of industries and disciplines. O3DCon will be presented as a hybrid event—attendees can join and participate in person or virtually. Workshops and pre-registration will be held on October 17, a day ahead of the actual conference events.

With over 25 member companies since its public announcement in July 2021, the Open 3D Foundation boasts a healthy, thriving community, adding Microsoft as its latest member. Other premier members include Adobe, AWS, Huawei, Intel and Niantic. The O3D Engine averages up to 2 million line changes and 350-450 commits monthly from 60-100 authors across 41 repos.

“I’m proud of the O3DE community’s focus on core stability while delivering new capabilities aimed to simplify and enhance 3D development for developers around the globe,” said Royal O’Brien, Executive Director of O3DF and General Manager of Games and Digital Media at the Linux Foundation. “I’m also incredibly excited about the opportunity O3DCon offers in bringing together diverse minds to collaborate on advancing the state of open 3D development across so many industries.”

Proposals to speak at O3DCon are being accepted now through Friday, July 15, 2022, at 11:59 pm PDT. All those interested are invited to submit proposals. Those who have submitted proposals will be notified of a decision by Tuesday, August 2. Learn more and submit your proposal today.

Submission types requested include:

• Lightning talks
• Session presentations
• Birds-of-a-feather discussions
• Panel discussions
• Hands-on workshops/training

Suggested topics include:

• 3D Development & Open 3D Engine 101
• Building & Sustaining Open Source in 3D Development
• Game Development
• Metaverse
• AI
• Robotics
• Digital Twin
• Automotive
• Healthcare

Sponsors have the unique opportunity to demonstrate their leadership in this burgeoning arena, forge valuable connections and help shape the future of 3D development. O3DCon offers multiple sponsorship levels for your consideration. To explore all of the sponsorship benefits, please click here. The sponsorship deadline is September 2, 2022. O3DF Members receive a 3% discount on all exhibitor packages. For questions about sponsorships and contract requests, or to become a sponsor, please contact us. 

Visit the O3DF website and follow O3DE on Twitter, Facebook and LinkedIn for all the latest O3DCon updates and announcements.

About the Open 3D Engine Project

Open 3D Engine (O3DE) is the flagship project managed by the Open 3D Foundation (O3DF). The open source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. To learn more, please visit o3de.org. To get involved and connect with the O3DE community, please join us on Discord and GitHub.

About the Open 3D Foundation

Established in July 2021, the mission of the Open 3D Foundation (O3DF) is to make an open-source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The Open 3D Foundation is home to the O3D Engine project. To learn more, please visit o3d.foundation.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Media Inquiries:

pr@o3d.foundation

The post The Open 3D Foundation Announces Latest Enhancements to Open 3D Engine, Invites O3DCon ‘Call for Proposals’ appeared first on Linux Foundation.

Surprise: There's yet another Microsoft Linux distro, CBL-Delridge  ZDNet

Surprise: There's yet another Microsoft Linux distro, CBL-Delridge  ZDNet

Nvidia Plans To Open-source Part Of Its Linux GPU Driver  IT World Canada

10-Point Open Source and Software Supply Chain Security Mobilization Plan Released with Initial Pledges Surpassing $30M

WASHINGTON, DC – May 12, 2022 – The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together over 90 executives from 37 companies and government leaders from the NSC, ONCD, CISA, NIST, DOE, and OMB to to reach a consensus on key actions to take to improve the resiliency and security of open source software. 

Open Source Software Security Summit II, is a follow-up to the first Summit held January 13, 2022 that was led by the White House’s National Security Council. Today’s meeting was convened by the Linux Foundation and OpenSSF on the one year after the anniversary of President Biden’s Executive Order on Improving the Nation’s Cybersecurity. 

The Linux Foundation and OpenSSF, with input provided from all sectors, delivered a first-of-its-kind plan to broadly address open source and software supply chain security. The Summit II plan outlines approximately $150M of funding over two years to rapidly advance well-vetted solutions to the ten major problems the plan identifies. The 10 streams of investment include concrete action steps for both more immediate improvements and building strong foundations for a more secure future. 

A subset of participating organizations have come together to collectively pledge an initial tranche of funding towards implementation of the plan. Those companies are Amazon, Ericsson, Google, Intel;, Microsoft, and VMWare, pledging over $30M. As the plan evolves further more funding will be identified, and work will begin as individual streams are agreed upon.

This builds on the existing investments that the OpenSSF community members make into open source software. An informal poll of our stakeholders indicates they spend over $110M and employ nearly a hundred full-time equivalent employees focused on nothing but securing the open source software landscape. This plan adds to those investments.

KEY QUOTES

Jim Zemlin – Executive Director, Linux Foundation:  “On the one year anniversary of President Biden’s executive order, today we are here to respond with a plan that is actionable, because open source is a critical component of our national security and it is fundamental to billions of dollars being invested in software innovation today. We have a shared obligation to upgrade our collective cybersecurity resilience and improve trust in software itself.  This plan represents our unified voice and our common call to action. The most important task ahead of us is leadership.”

Brian Behlendorf – Executive Director, Open Source Security Foundation (OpenSSF):  “What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it.  The plan we have put together represents the 10 flags in the ground as the base for getting started.  We are eager to get further input and commitments that move us from plan to action.”

Anne Neurenberger, Deputy National Security Advisor, Cyber & Emerging Tech at National Security Council, The White House:

“President Biden signed the Executive Order on Cybersecurity last year to ensure the software our government relies on is secure and reliable, including software that runs our critical infrastructure.  Earlier this year, the White House convened a meeting between government and industry participants to improve the security of Open Source software.  The Open Source security foundation has followed up on the work at that meeting and convened participants from across industry to make substantial progress.  We are appreciative of all participants’ work on this important issue.”

Atlassian Adrian Ludwig, Chief Trust Officer

“Open source software is critical to so many of the tools and applications that are used by thousands of development teams worldwide. Consequently, the security of software supply chains has been elevated to the top of most organizations’ priorities in the wake of recent high-profile vulnerabilities in open source software. Only through concerted efforts by industry, government and other stakeholders can we ensure that open source innovation continues to flourish in a secure environment. This is why we are happy to be participating in OpenSSF, where we can collaborate on key initiatives that raise awareness and drive action around the crucial issues facing software supply chain security today. We’re excited to be a key contributor to driving meaningful change and we are optimistic about what we can achieve through our partnership with OpenSSF and like-minded organizations within its membership.”

Cisco Eric Wenger, Senior Director, Technology Policy, Cisco Systems

“Open source software (OSS) is a foundational part of our modern computing infrastructure. As one of the largest users of and contributors to OSS, Cisco makes significant investments in time and resources to improve the security of widely-used OSS projects. Today’s effort shows the stakeholder community’s shared commitment to making open-source development more secure in ways that are measurable and repeatable.”

Dell

John Roese, Dell Technologies CTO

“Never before has software security been a more critical part of the global supply chain. Today, in a meeting led by Anne Neuberger [linkedin.com], Deputy National Security Advisor for Cyber and Emerging Technology, Dell and my Open Source Security Foundation colleagues committed our software security expertise to execute the Open Source Software Security Mobilization Plan. Dell’s best and brightest engineers will engage with peers  to develop risk-based metrics and scoring dashboards, digital signature methodologies for code signing, and Software Bill of Materials (SBoM) tools – all to address the grand challenge of open-source software security. This is an excellent example of the leadership Dell provides to proactively impact software security and open-source security solutions, and reinforces our commitment to the open-source software community, to our supply chain and to our national security.”

Ericsson

“Ericsson is one of the leading promoters and supporters of the open source ecosystem, accelerating the adoption and industry alignment in a number of key technology areas. The Open Source Security Foundation (OpenSSF) is an industry-wide initiative with the backing of the Linux Foundation with the objective of improving supply chain security in the open source ecosystem.

“As a board member of OpenSSF, we are committed to open source security and we are fully supportive of the mobilization plan with the objective of improving supply chain security in the open source ecosystem. Being an advocate and adopter of global standards, the initiatives aim to strengthen open source security from a global perspective.”

GitHub

Mike Hanley, Chief Security Officer

“Securing the open source ecosystem starts with empowering developers and open source maintainers with tools and best practices that are instrumental to securing the software supply chain. As home to 83M developers around the world, GitHub is uniquely positioned and committed to advance these efforts, and we’ve continued our investments to help developers and maintainers realize improved security outcomes through initiatives including 2FA enforcement on GitHub.com and npm, open sourcing the GitHub Advisory Database, financial enablement for developers through GitHub Sponsors, and free security training through the GitHub Security Lab. 

“The security of open source is critical to the security of all software. Summit II has been an important next step in bringing the private and public sector together again and we look forward to continuing our partnerships to make a significant impact on the future of software security.”

Google Eric Brewer, VP of Infrastructure at Google Cloud & Google Fellow

“We’re thankful to the Linux Foundation and OpenSSF for convening the community today to discuss the open source software security challenges we’re facing and how we can work together across the public and private sectors to address them. Google is committed to supporting many of the efforts we discussed today, including the creation of our new Open Source Maintenance Crew, a team of Google engineers who will work closely with upstream maintainers on improving the security of critical open source projects, and by providing support to the community through updates on key projects like SLSA, Scorecards; and Sigstore, which is now being used by the Kubernetes project. Security risks will continue to span all software companies and open source projects and only an industry-wide commitment involving a global community of developers, governments and businesses can make real progress. Google will continue to play our part to make an impact.”

IBM Jamie Thomas, Enterprise Security Executive

“Today, we had the opportunity to share our IBM Policy Lab’s recommendations on how understanding the software supply chain is key to improving security. We believe that providing greater visibility in the software supply chain through SBoMs ( Software Bill of Materials) and using the Open Source Software  community as a valuable resource to encourage passionate developers to create, hone their skills, and contribute to the public good can help strengthen our resiliency. It’s great to see the strong commitment from the community to work together to secure open source software. Security can always be strengthened and I would like to thank Anne Neuberger today  for her deep commitment and open, constructive, technical dialogue that will help us pave the way to enhancing OSS security. ”

Intel Greg Lavender, Chief Technology Officer and General Manager of the Software and Advanced Technology Group

“Intel has long played a key role in contributing to open source. I’m excited about our role in the future building towards Pat’s Open Ecosystem vision. As we endeavor to live into our core developer tenets of openness, choice and trust – software security is at the heart of creating the innovation platforms of tomorrow.”

Melissa Evers, Vice President, Software and Advanced Technology, General Manager of Strategy to Execution

“Intel commends the Linux Foundation in their work advancing open source security. Intel has a history of leadership and investment in open source software and secure computing: over the last five years, Intel has invested over $250M in advancing open-source software security. As we approach the next phase of Open Ecosystem initiatives, we intend to maintain and grow this commitment by double digit percentages continuing to invest in software security technologies, as well as advance improved security and remediation practices within the community and among those who consume software from the community.”

JFrog Stephen Chin, Vice President of Developer Relations

“While open source has always been seen as a seed for modernization, the recent rise of software supply chain attacks has demonstrated we need a more hardened process for validating open-source repositories. As we say at JFrog, ‘with great software comes great responsibility’, and we take that job seriously. As a designated CNA, the JFrog Security Research team constantly monitors open-source software repositories for malicious packages that may lead to widespread software supply chain attacks and alerts the community accordingly. Building on that, JFrog is proud to collaborate with the Linux Foundation and other OpenSSF members on designing a set of technologies, processes, accreditations, and policies to help protect our nation’s critical infrastructure while nurturing one of the core principles of open source – innovation.” 

JPMorgan Chase Pat Opet, Chief Information Security Officer

“We are proud to have worked with Open Source Security Foundation (OpenSSF) and its members to create the new Open Source Software Security Mobilization Plan, This plan will help to address security issues in the software supply chain which is critical to making the world’s software safer and more secure for everyone.”

Microsoft Mark Russinovich, CTO, Microsoft Azure

“Open source software is core to nearly every company’s technology strategy. Collaboration and investment across the open source ecosystem will strengthen and sustain security for everyone. Microsoft’s commitment to $5M in funding for OpenSSF supports critical cross-industry collaboration. We’re encouraged by the community, industry, and public sector collaboration at today’s summit and the benefit this will have to strengthen supply chain security.”

OWASP Foundation Andrew van der Stock, Executive Director

“OWASP’s mission is to improve the state of software security around the world. We are contributing to the Developer Education and Certification, as well addressing the Executive Order for improving the state and adoption of SBOMs. In particular, we would like to see a single, consumable standard across the board.” 

Mark Curphey (founder of OWASP) and John Viega (author of the first book on software security), Stream Coordinators

“We’re excited to see the industry’s willingness to come together on a single ‘bill of materials’ format. It has the potential to help the entire industry solve many important problems, including drastically improving response speed for when major new issues in open source software emerge.” 

SAP Tim McKnight, SAP Executive Vice President & Chief Information Security Officer

“SAP is proud to be a part of the Open Source Software Security Summit II and contribute to the important dialogue on the topic of Open Source software security.

“SAP is firmly committed to supporting the execution of the Open Source Software Security Mobilization Plan and we look forward to continuing our collaboration with our government, industry, and academic partners.”

Sonatype Brian Fox, CTO of Sonatype and steward of Maven Central

“It’s rare to see vendors, competitors, government, and diverse open source ecosystems all come together like they have today. It shows how massive a problem we have to solve in securing open source, and highlights that no one entity can solve it alone. The Open Source Software Security Mobilization Plan is a great step toward bringing our community together with a number of key tactics, starting with securing OSS production, which will make the entire open source ecosystem stronger and safer.” 

Wipro Andrew Aitken, Global Head of Open Source

“Wipro is committed to helping ensure the safety of the software supply chain through its engagement with OpenSSF and other industry initiatives and is ideally suited to enhance efforts to provide innovative tooling, secure coding best practices and industry and government advocacy to improve vulnerability remediation.

“As the only global systems integrator in the OpenSSF ecosystem and in line with its support of OpenSSF objectives, Wipro will commit to training 100 of its cybersecurity experts to the level of trainer status in LF and OpenSSF secure coding best practices and to host training workshops with its premier global clients and their developer and cybersecurity teams. 

“Further, Wipro will increase its public contributions to Sigstore and the SLSA framework by integrating them into its own solutions and building a community of 50+ contributors to these critical projects.”

KEY BACKGROUND

Three Goals of the 10-Point Plan

• Securing Open Source Security Production

1. 1. 1. Make baseline secure software development education and certification the new normal for pro OSS developers
      2. Establish a public, vendor-neutral, objective-metrics based risk assessment dashboard for the top 10,000 open source components.
      3. Accelerate the adoption of digital signatures on software releases
      4. Eliminate root causes of many vulnerabilities through replacement of non-memory-safe languages.

• Improving Vulnerability Discovery and Remediation

1. 1. 1. Accelerate discovery of new vulnerabilities by maintainers and experts.
      2. Establish the corps of “volunteer firefighter” security experts to assist open source projects during critical times.
      3. Conduct third-party code reviews (and any necessary remediation work) of 200 of the most-critical open source software components yearly
      4. Coordinate industry-wide data sharing to improve the research that helps determine the most critical open source software.

• Shorten ecosystem Patching Response Time

1. 1. Software Bill of Materials (SBOM) Everywhere – improve SBOM tooling and training to drive adoption
   2. Enhance the 10 most critical open source security build systems, package managers, and distribute systems with better supply chain security tools and best practices.

The 10-Point Plan Summarized (available in full here)

1. Security Education Deliver baseline secure software development education and certification to all. 
2. Risk Assessment Establish a public, vendor-neutral, objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.
3. Digital Signatures Accelerate the adoption of digital signatures on software releases.
4. Memory Safety Eliminate root causes of many vulnerabilities through replacement of non-memory-safe languages.
5. Incident Response Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.
6. Better Scanning Accelerate discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.
7. Code Audits Conduct third-party code reviews (and any necessary remediation work) of up to 200 of the most-critical OSS components once per year. 
8. Data Sharing Coordinate industry-wide data sharing to improve the research that helps determine the most critical OSS components.
9. SBOMs Everywhere Improve SBOM tooling and training to drive adoption. 
10. Improved Supply Chains Enhance the 10 most critical OSS build systems, package managers, and distribution systems with better supply chain security tools and best practices.

Media Contact

Edward Cooper
openssf@babelpr.com

The post The Linux Foundation and Open Source Software Security Foundation (OpenSSF) Gather Industry and Government Leaders for Open Source Software Security Summit II appeared first on Linux Foundation.

It was just last week that GCC 12.1 was released and already it's being used by the rolling-release openSUSE Tumbleweed distribution as of today's build...

How to dual boot Linux and Windows  Digital Trends

How to dual boot Linux and Windows  Digital Trends

Windows Subsystem for Linux gets bleeding-edge Ubuntu  The Register

Windows Subsystem for Linux gets bleeding-edge Ubuntu  The Register