Open-source News

There’s XEDIT, jEdit, NEdit, gedit, and, as it turns out, medit. 

read more

To you learn a new programming language, it's good to focus on the things most programming languages have in common:

• Variables
• Expressions
• Statements

These concepts are the basis of most programming languages. Because of these similarities, once you know one programming language, you can start figuring another one out by recognizing its differences.

read more

No. 1 Visual Studio IDE Feature Request: Linux  Visual Studio Magazine

No. 1 Visual Studio IDE Feature Request: Linux  Visual Studio Magazine

Most of us have gotten a lot more familiar with working from home this year. In my role as a developer advocate, this has meant a lot less travel and a lot more video work, including streaming on Twitch.

As I transitioned to working and streaming video from home in spring 2020, I decided to get a Stream Deck, but I wasn't exactly sure what I'd use it for.

read more

How Kali Linux creators plan to handle the future of penetration testing  Help Net Security

PHP is arguably one of the most widely used server-side programming languages. It’s the language of choice when developing dynamic and responsive websites. In fact, popular CM platforms such as WordPress, Drupal, and Magento

The post How to Install PHP 8.0 on Ubuntu 20.04 / 18.04 first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Intel's Deep Neural Network Library currently known as oneDNN as part of the oneAPI suite (and formerly known as MKL-DNN and DNNL) has reached version 2.0 as an open-source project...

Patch Tuesday, Good Riddance 2020 Edition — Krebs on Security  Krebs on Security

Automotive Grade Linux Releases 10th Version Of Unified Code Base  CleanTechnica

Lilbits: ARM computers, Linux phones, and the Pixel 2 rides off into the sunset  Liliputing

The open-source Intel Graphics Compiler (IGC) that is currently used by their oneAPI Level Zero and OpenCL implementations but likely to see Intel driver Mesa usage in 2021 has a new feature dubbed "IMF LA" that aims to help with the performance and close the gap with Windows...

CentOS Project Shifts Focus to CentOS Stream  HPCwire

Elkhart Lake ultra-compact features triple 2.5GbE with PoE+  LinuxGizmos.com

Four years after Google began developing the "Fuchsia" operating system complete with its own kernel, Google is now becoming more open with Fuchsia development and also accepting community code contributions...

Case Study: Success of Pardus GNU/Linux Migration  Linux Journal

Back in October RISC-V minded startup SiFive announced the HiFive Unmatched development board as the best RISC-V development board we've seen to date. But only having 8GB of RAM was one of the few critiques which the company is now addressing...

SiFive's RISC-V HiFive Unmatched Upgraded To Ship With 16GB Of RAM  Phoronix

New survey reveals why contributors work on open source projects and how much time they spend on security

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) today announced the release of a new report, “Report on the 2020 FOSS Contributor Survey,” which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. The research is part of an ongoing effort to study and identify ways to improve the security and sustainability of open source software.

The FOSS (Free and Open Source Software) contributor survey and report follow the Census II analysis released earlier this year. This combined pair of works represents important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive but not always understood. Census II identified the most commonly used free and open source software (FOSS) components in production applications, while the FOSS Contributor Survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

“The modern economy – both digital and physical – is increasingly reliant on free and open source software,” said Frank Nagle, assistant professor at Harvard Business School. “Understanding FOSS contributor motivations and behavior is a key piece of ensuring the future security and sustainability of this critical infrastructure.”

Key findings from the FOSS Contributor Survey include:

• The top three motivations for contributors are non-monetary. While the overwhelming majority of respondents (74.87 percent) are already employed full-time and more than half (51.65 percent) are specifically paid to develop FOSS, motivations to contribute focused on adding a needed feature or fix, enjoyment of learning and fulfilling a need for creative or enjoyable work.
• There is a clear need to dedicate more effort to the security of FOSS, but the burden should not fall solely on contributors. Respondents report spending, on average, just 2.27 percent of their total contribution time on security and express little desire to increase that time. The report authors suggest alternative methods to incentivizing security-related efforts.
• As more contributors are paid by their employer to contribute, stakeholders need to balance corporate and project interests. The survey revealed that nearly half (48.7 percent) of respondents are paid by their employer to contribute to FOSS, suggesting strong support for the stability and sustainability of open source projects but drawing into question what happens if corporate interest in a project diminishes or ceases.
• Companies should continue the positive trend of corporate support for employees’ contribution to FOSS. More than 45.45 percent of respondents stated they are free to contribute to FOSS without asking permission, compared to 35.84 percent ten years ago. However, 17.48 percent of respondents say their companies have unclear policies on whether they can contribute and 5.59 percent were unaware of what  policies – if any – their employer had.

“Understanding open source contributor behaviors, especially as they relate to security, can help us better apply resources and attention to the world’s most-used software,” said David A. Wheeler, director of open source supply chain security at the Linux Foundation. “It is clear from the 2020 findings that we need to take steps to improve security without overburdening contributors and the findings suggest several ways to do that.”

For an in-depth analysis of these findings, suggested actions and more, please access the full report here: https://www.linuxfoundation.org/blog/2020/12/download-the-report-on-the-2020-foss-contributor-survey

The report authors are Frank Nagle, Harvard Business School; David A. Wheeler, the Linux Foundation; Hila Lifshitz-Assaf, New York University; and Haylee Ham and Jennifer L. Hoffman, Laboratory for Innovation Science at Harvard. They will host a webinar tomorrow, December 9, at 10 am ET. Please register here: https://events.linuxfoundation.org/webinar-why-wont-developers-write-secure-os-software/

The FOSS Contributor Report & Survey is expected to take place again in 2021. For contributors who would like to participate, please sign up here: https://hbs.qualtrics.com/jfe/form/SV_erjkjzXJ2Eo0TDD

About the OpenSSF

Hosted by the Linux Foundation, the OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, to build a community to support the open source security for decades to come. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

About LISH

As a university-wide initiative, the Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post New Open Source Contributor Report from Linux Foundation and Harvard Identifies Motivations and Opportunities for Improving Software Security appeared first on The Linux Foundation.

New Janssen Project seeks to build the world’s fastest and most comprehensive cloud native identity and access management software platform

SAN FRANCISCO, Calif., December 8, 2020 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Janssen Project, a cloud native identity and access management software platform that prioritizes security and performance for our digital society. Janssen is based on the Gluu Server and benefits from a rich set of signing and encryption functionalities. Engineers from IDEMIA, F5, BioID, Couchbase and Gluu will make up the Technical Steering Committee.

Online trust is a fundamental challenge to our digital society. The Internet has connected us. But at the same time, it has undermined trust. Digital identity starts with a connection between a person and a digital device. Identity software conveys the integrity of that connection from the user’s device to a complex web of backend services. Solving the challenge of digital identity is foundational to achieving trustworthy online security.

While other identity and access management platforms exist, the Janssen Project seeks to tackle the most challenging security and performance requirements. Based on the latest code that powers the Gluu Server–which has passed more OpenID self-certification tests than any other platform–Janssen starts with a rich set of signing and encryption functionality that can be used for high assurance transactions. Having shown throughput of more than one billion authentications per day, the software can also handle the most demanding requirements for concurrency thanks to Kubernetes auto-scaling and advances in persistence.

“Trust and security are not competitive advantages–no one wins in an insecure society with low trust,” said Mike Schwartz, Chair of the Janssen Project Technical Steering Committee. “In the world of software, nothing builds trust like the open source development methodology. For organizations who cannot outsource trust, the Janssen Project strives to bring transparency, best practices and collective governance to the long-term maintenance of this important effort. The Linux Foundation provides the neutral and proven forum for organizations to collaborate on this work.”

The Gluu engineering teams chose the Linux Foundation to host this community because of the Foundation’s priority of transparency in the development process and its formal framework for governance to facilitate collaboration among commercial partners.

New digital identity challenges arise constantly, and new standards are developed to address them. Open source ecosystems are an engine for innovation to filter and adapt to changing requirements. The Janssen Project Technical Steering Committee (“TSC”) will help govern priorities according to the charter.  The initial TSC includes:

• Michael Schwartz, TSC Chair, CEO Gluu
• Rajesh Bavanantham, Domain Architect at F5 Networks/NGiNX
• Rod Boothby, Head of Digital Trust at Santander
• Will Cayo, Director of Software Engineering at IDEMIA Digital Labs
• Ian McCloy, Principal Product Manager at Couchbase
• Alexander Werner, Software Engineer at BioID

For more information, see the project Github site: https://github.com/JanssenProject

Supporting Comments

BioID

“BioID’s biometric authentication service provides GDPR compliant, device independent, 3D liveness detection and facial recognition APIs, supported out-of-the-box by the Janssen project. Exposing BioID’s capabilities via OpenID Connect makes sense in many cases, especially as part of the rollout for a large organization.  The availability of a high-quality open source implementation of OpenID Connect gives us more options to build products and to expand the options for our customers to deploy our technology,” said Alexander Werner, Software Engineer at BioID.

Couchbase

“The Couchbase database is supported today in the Janssen project for both caching and persistence. This makes sense given the distributed, elastic, in-memory requirements for a multi-cloud, hyper-scale identity service. Contributing to this project aligns with our goal to advance open source infrastructure software that results in more options for the Couchbase community,” said Ian McCloy, Principal Product Manager at Couchbase.

F5

“It’s an immense pleasure to join the Janssen Project, as it’s aimed to improve the performance, reliability and security on OAuth2 Components that are similar to NGINX Principles. Being part of Linux Foundation, the Janssen Project will be well governed and evolve with the open source community to achieve its goals,” said Rajesh Bavanantham, F5.

IDEMIA

“I have been a part of the Gluu community for many years. I’m excited to see the project moving to the Linux Foundation where we can collaborate with an even larger ecosystem of individuals and companies,” said Will Cayo, IDEMIA.

 

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,500 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

 

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

 

Media Contact
Jennifer Cloer
Story Changes Culture
503-867-2304
jennifer@storychangesculture.com

The post The Janssen Project Takes on World’s Most Demanding Digital Trust Challenges at Linux Foundation appeared first on The Linux Foundation.