Open-source News

Intel i915g Mesa Driver Now Goes Goes Through NIR, Fixes Some Past Test Failures

Phoronix - Fri, 06/18/2021 - 17:19
While this week's landing of the Crocus Gallium3D driver for Intel Gen4 through Gen7 graphics (i965 through Haswell) in Mesa is exciting for Linux users that are still running aging Intel systems, going back even further has been the i915g Gallium3D driver and there this week there happens to be a big improvement too...

5 more reasons to run Kubernetes in your Linux homelab

opensource.com - Fri, 06/18/2021 - 15:02

In 5 reasons to run Kubernetes on your Raspberry Pi homelab, I explain why you might want to use Kubernetes at home. Those reasons are relatively arbitrary, and they mostly focus on outcomes. Aside from what Kubernetes can do, there are several other good reasons to look at Kubernetes as an important next step in your personal computing experience.

1. It's built on the foundation of Linux


read more

DevSecOps: An open source story

opensource.com - Fri, 06/18/2021 - 15:01

Recent supply chain breaches, plus President Biden's new Cybersecurity executive order, are bringing renewed attention to DevSecOps' value for the enterprise. DevSecOps brings culture changes, frameworks, and tools into open source software (OSS). To understand DevSecOps, you must understand its relationship with OSS.


read more

Use this nostalgic text editor on FreeDOS

opensource.com - Fri, 06/18/2021 - 15:00

In the very early days of DOS, the standard editor was a no-frills line editor called Edlin. Tim Paterson wrote the original Edlin for the first version of DOS, then called 86-DOS and later branded PC-DOS and MS-DOS. Paterson has commented that he meant to replace Edlin eventually, but it wasn't until ten years later that MS-DOS 5 (1991) replaced Edlin with Edit, a full-screen editor.


read more

Modula-2 Programming Language Front-End Still Looking Towards Mainline GCC In 2021

Phoronix - Fri, 06/18/2021 - 14:00
The Modula-2 programming language developed from the late 70's to 80's might finally see mainline GNU Compiler Collection (GCC) support in 2021...

OpenSSL 3.0 Release Candidate Arrives With Big Changes

Phoronix - Fri, 06/18/2021 - 06:42
The OpenSSL project today shipped their OpenSSL 3.0 Beta, which is their equivalent to a release candidate ahead of the planned official 3.0.0 release next quarter...

NVIDIA Resizable BAR Performance - A Big Boost For Some Linux Games

Phoronix - Fri, 06/18/2021 - 03:00
Back in March NVIDIA announced they would be supporting the GeForce RTX 30 series with Resizable BAR support via a video BIOS update for supported systems. Recently I've been looking at the performance of a GeForce RTX 3080 once flashing the graphics card under Linux with Resizable BAR support and the performance is quite compelling for Vulkan-based games where this functionality is working.

Fedora Stakeholders Back To Discussing Raising x86_64 Requirements Or Using Glibc HWCAPS

Phoronix - Fri, 06/18/2021 - 02:07
While Red Hat Enterprise Linux 9 is dropping support for older x86_64 CPUs by raising the baseline requirement to "x86_64-v2" that roughly correlates to Intel Nehalem era processors and newer, so far Fedora has not changed its default. There was a proposal shot down last year for raising the x86_64 microarchitecture feature level while now that discussion has been restarted or alternatively making use of Glibc's HWCAPS facility for allowing run-time detection and loading of optimized libraries...

Linux Foundation Announces Software Bill of Materials (SBOM) Industry Standard, Research, Training, and Tools to Improve Cybersecurity Practices

The Linux Foundation - Thu, 06/17/2021 - 23:00

The Linux Foundation responds to increasing demand for SBOMs that can improve supply chain security

SAN FRANCISCO, June 17, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced new industry research, training, and tools – backed by the SPDX industry standard – to accelerate the use of a Software Bill of Materials (SBOM) in secure software development.

The Linux Foundation is accelerating the adoption of SBOM practices to secure software supply chains with:

  • SBOM standard: stewarding SPDX, the de-facto standard for requirements and data sharing
  • SBOM survey: highlighting the current state of industry practices to establish benchmarks and best practices
  • SBOM training: delivering a new course on Generating a Software Bill of Materials to accelerate adoption
  • SBOM tools:  enabling development teams to create SBOMs for their applications

“As the architects of today’s digital infrastructure, the open source community is in a position to advance the understanding and adoption of SBOMs across the public and private sectors,” said Mike Dolan, Senior Vice President and General Manager Linux Foundation Projects. “The rise in cybersecurity threats is driving a necessity that the open source community anticipated many years ago to standardize on how we share what is in our software. The time has never been more pressing to surface new data and offer additional resources that help increase understanding about how to adopt and generate SBOMs, and then act on the information.” 

Ninety percent (90%) of a modern application is assembled from open source software components. An SBOM accounts for the open source software components contained in an application that details their quality, license, and security attributes. SBOMs are used to ensure developers understand what components are flowing throughout their software supply chains, proactively identify issues and risks, and establish a starting point for their remediation.

The recent presidential Executive Order on Improving the Nation’s Cybersecurity referenced the importance of SBOMs in protecting and securing the software supply chain. The National Telecommunications and Information Administration (NTIA) followed the issuance of this order by asking for wide-ranging feedback to define a minimum SBOM. The Linux Foundation has responded to the NTIA’s SBOM inquiry here, and the presidential Executive Order here. 

SPDX: The De-Facto SBOM Open Industry Standard

SPDX – a Linux Foundation Project, is the de-facto open standard for communicating SBOM information, including open source software components, licenses, and known security vulnerabilities. SPDX evolved organically over the last ten years by collaborating with hundreds of companies, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard in the market. 

SBOM Readiness Survey

Linux Foundation Research is conducting the SBOM Readiness Survey. It will be deployed next week and will examine obstacles to adoption for SBOMs and future actions required to overcome them related to the security of software supply chains. The recent US Executive Order on Cybersecurity emphasizes SBOMs, and this survey will help identify industry gaps in SBOM applications. Survey questions address tooling, security measures, and industries leading in producing and consuming SBOMs, among other topics.

New Course: Generating a Software Bill of Materials

The Linux Foundation is also announcing a free, online training course, Generating a Software Bill of Materials (LFC192). This course provides foundational knowledge about the options and the tools available for generating SBOMs and how to use them to improve the ability to respond to cybersecurity needs. It is designed for directors, product managers, open source program office staff, security professionals, and developers in organizations building software. Participants will walk away with the ability to identify the minimum elements for an SBOM, how they can be assembled, and an understanding of some of the open source tooling available to support the generation and consumption of an SBOM. 

New Tools: SBOM Generator

Also announced today is the availability of the SPDX SBOM generator, which uses a command-line interface (CLI) to generate SBOM information, including components, licenses, copyrights, and security references of your application using SPDX v2.2 specification and aligning with the current known minimum elements from NTIA. Currently, the CLI supports GoMod (go), Cargo (Rust), Composer (PHP), DotNet (.NET), Maven (Java), NPM (Node.js), Yarn (Node.js), PIP (Python), Pipenv (Python), and Gems (Ruby). It is easily embeddable in automated processes such as continuous integration (CI) pipelines and is available for Windows, macOS, and Linux. 

Additional Resources

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

###

Media Contacts

Jennifer Cloer

for Linux Foundation

jennifer@storychangesculture.com

503-867-2304

The post Linux Foundation Announces Software Bill of Materials (SBOM) Industry Standard, Research, Training, and Tools to Improve Cybersecurity Practices appeared first on Linux Foundation.

Pages