Open-source News

The post How to Migrate from CentOS to Oracle Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

With the shift in focus from CentOS project to CentOS Stream which will now serve as the upstream to RHEL, a few CentOS alternatives have been floated to replace CentOS 8. For while now

The post How to Migrate from CentOS to Oracle Linux first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

*/

The OpenSSL project today shipped their OpenSSL 3.0 Beta, which is their equivalent to a release candidate ahead of the planned official 3.0.0 release next quarter...

Microsoft’s Linux repositories were down for 18+ hours  Ars Technica

NVIDIA Resizable BAR Performance - A Big Boost For Some Linux Games  Phoronix

Back in March NVIDIA announced they would be supporting the GeForce RTX 30 series with Resizable BAR support via a video BIOS update for supported systems. Recently I've been looking at the performance of a GeForce RTX 3080 once flashing the graphics card under Linux with Resizable BAR support and the performance is quite compelling for Vulkan-based games where this functionality is working.

While Red Hat Enterprise Linux 9 is dropping support for older x86_64 CPUs by raising the baseline requirement to "x86_64-v2" that roughly correlates to Intel Nehalem era processors and newer, so far Fedora has not changed its default. There was a proposal shot down last year for raising the x86_64 microarchitecture feature level while now that discussion has been restarted or alternatively making use of Glibc's HWCAPS facility for allowing run-time detection and loading of optimized libraries...

Fedora Stakeholders Back To Discussing Raising x86_64 Requirements Or Using Glibc HWCAPS  Phoronix

How to Make a Bootable USB Drive With Etcher in Linux  MUO - MakeUseOf

How to Upload and Share Files From the Terminal Using Transfer.sh  MUO - MakeUseOf

Linux Foundation Announces Software Bill of Materials (SBOM) Industry Standard, Research, Training, and Tools to Improve Cybersecurity Practices  StreetInsider.com

The Linux Foundation responds to increasing demand for SBOMs that can improve supply chain security

SAN FRANCISCO, June 17, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, training, and tools – backed by the SPDX industry standard – to accelerate the use of a Software Bill of Materials (SBOM) in secure software development.

The Linux Foundation is accelerating the adoption of SBOM practices to secure software supply chains with:

• SBOM standard: stewarding SPDX, the de-facto standard for requirements and data sharing
• SBOM survey: highlighting the current state of industry practices to establish benchmarks and best practices
• SBOM training: delivering a new course on Generating a Software Bill of Materials to accelerate adoption
• SBOM tools:  enabling development teams to create SBOMs for their applications

“As the architects of today’s digital infrastructure, the open source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to adopt and generate SBOMs, and then act on the information.” 

Ninety percent (90%) of a modern application is assembled from open source software components. An SBOM accounts for the open source software components contained in an application that details their quality, license, and security attributes. SBOMs are used to ensure developers understand what components are flowing throughout their software supply chains, proactively identify issues and risks, and establish a starting point for their remediation.

The recent presidential Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain. The National Telecommunications and Information Administration (NTIA) followed the issuance of this order by asking for wide-ranging feedback to define a minimum SBOM. The Linux Foundation has responded to the NTIA’s SBOM inquiry here, and the presidential Executive Order here. 

SPDX: The De-Facto SBOM Open Industry Standard

SPDX – a Linux Foundation Project, is the de-facto open standard for communicating SBOM information, including open source software components, licenses, and known security vulnerabilities. SPDX evolved organically over the last ten years by collaborating with hundreds of companies, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard in the market. 

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will be deployed next week and will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM applications. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics.

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open source tooling available to support the generation and consumption of an SBOM. 

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your application using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes such as continuous integration (CI) pipelines and is available for Windows, macOS, and Linux. 

Additional Resources

• What is an SBOM?
• Build an SBOM training course
• Free SBOM tool and APIs

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contacts

Jennifer Cloer

for Linux Foundation

jennifer@storychangesculture.com

503-867-2304

The post Linux Foundation Announces Software Bill of Materials (SBOM) Industry Standard, Research, Training, and Tools to Improve Cybersecurity Practices appeared first on Linux Foundation.

Linux Foundation Announces Software Bill of Materials (SBOM) Industry Standard, Research, Training, and Tools to Improve Cybersecurity Practices  PRNewswire

Microsoft loves Linux so much that packages.microsoft.com has fallen and can't get up  The Register

Google backs Linux project to make Android, Chrome OS harder to hack  CNET

Google wants to see Rust programming language support within the Linux kernel so much so that they have contracted the lead developer working on "Rust for Linux" as the work aims to get mainlined...

Linux Operating System Market to Witness Huge Growth by 2027 | Arch Linux, Linux Mint, Fedora Linux, Red Hat, Inc, IBM Corporation, Debian, SUSE, Elementary, I – The Manomet Current  The Manomet Current

Checking Linux system performance with sar  Network World

The W3C has promoted the Web Audio API to now being an official standard as a JavaScript API for creating and manipulating audio content directly within web browsers...

The Linux Vendor Firmware Service (LVFS) with Fwupd has been serving on average around 40k~50k firmware updates per daay to Linux users relying on this cross-vendor, open-source firmware distribution service with FWUPD for applying firmware updates under Linux. But yesterday its usage just skyrocketed with more than 100,000 firmware updates in a single day... That's great for adoption but the motivation for the mass firmware updates may be something rough on the horizon...