Home Blog Page 118

Save up to 50% on Cloud Training Bundles and Bootcamps!

We probably don’t need to tell you how in demand cloud skills are right now, and how big of a shortage there is of qualified professionals. Just read these articles from TechHQ, CRN, TechRepublic, or our own 2020 Open Source Jobs Report which found hiring managers are more influenced by knowledge of cloud technologies than any other skill. If you are looking for a career change or to advance in your current IT career, cloud is the best place to start, and now is the time.

To make it easier to get started, Linux Foundation Training & Certification is offering 40% off our cloud training plus certification bundles, and 50% off our cloud engineer bootcamps through May 18! These offerings provide the knowledge you need to be successful in an entry-level cloud position, and the industry-leading certifications to prove it. 

Bundles, which include a training course and certification exam, are discounted by 40%:

Kubernetes Fundamentals (LFS258) + CKA Exam Bundle

This course will teach you how to use the container management platform used by companies like Google to manage their application infrastructure. It prepares you for the CKA exam, which demonstrates the ability to install, configure and manage production-grade Kubernetes clusters, in addition to your understanding of key concepts such as Kubernetes networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users.

Kubernetes for Developers (LFD259) + CKAD Exam Bundle

This course will teach you how to containerize, host, deploy, and configure an application in a multi-node cluster. It prepares you for the CKAD exam, which demonstrates the ability to design, build, configure and expose cloud native applications for Kubernetes, define application resources and use core primitives to build, monitor, and troubleshoot scalable applications and tools in Kubernetes.

Kubernetes Security Essentials (LFS260) + CKS Exam Bundle

This course exposes you to knowledge and skills needed to maintain security in dynamic, multi-project environments. It prepares you for the CKS exam, which demonstrates the requisite abilities to secure container-based applications and Kubernetes platforms during build, deployment and runtime, and is qualified to perform these tasks in a professional setting.

The above bundles are reduced from $499 to $299 with coupon code CLOUD21.

Bootcamps, which are self-paced programs presented in a structured format with a dedicated mentor and access to live online video office hours with instructors, are discounted 50%:

Cloud Engineer Bootcamp

This program will prepare an absolute beginner to learn the most in-demand cloud computing skills in as little as 6 months. Components of the bootcamp include:

Essentials of Linux System Administration (LFS201) – This course will teach you how to administer, configure and upgrade Linux systems, which serve as the foundation of modern cloud infrastructures.
Linux Networking and Administration (LFS211) – Learn how to design, deploy and maintain a network running under Linux, administer network services and securely configure the network interfaces.
Linux Foundation Certified System Administrator Exam (LFCS) – Take some time to study and redo labs from the previous courses to improve your speed before taking your first certification exam. The performance-based LFCS certification will demonstrate your Linux skills to future employers.
Containers Fundamentals (LFS253) – In our app-driven world, containers and microservices are the perfect home for an application. Containers bundle an application with all its dependencies and deploy it on the platform of our choice. This course will help you build a solid foundation on container technologies.
DevOps and SRE Fundamentals (LFS261) – The DevOps movement is changing the way applications are built, tested, and deployed. This course will teach you the skills to deploy software with confidence, agility and high reliability using modern practices such as Continuous Integration and Continuous Delivery, which are essential to modern cloud administration.
Kubernetes Fundamentals (LFS258) – This course will teach you how to use Kubernetes, the container management platform used by companies like Google to manage their application infrastructure. This includes learning how to install and configure a production-grade Kubernetes cluster, from network configuration to upgrades to making deployments available via services.
Certified Kubernetes Administrator Exam (CKA) – Revisit the labs from LFS253 and LFS258 before sitting for your final exam of the bootcamp. Earning your CKA will demonstrate you have the skills, knowledge, and competency to perform the responsibilities of a Kubernetes administrator and cloud engineer.

Advanced Cloud Engineer Bootcamp

This program is designed for existing IT professionals who want to transition into a cloud administrator or engineer role. It assumes you already have basic knowledge of Linux, networking and related technologies. Components of this bootcamp include:

Containers Fundamentals (LFS253) – In our app-driven world, containers and microservices are the perfect home for an application. This course will help you build a solid foundation for container technologies.
Kubernetes Fundamentals (LFS258) – This course will teach you how to install and configure a production-grade Kubernetes cluster, from network configuration to upgrades to making deployments available via services.
Certified Kubernetes Administrator Exam (CKA) – Earning your CKA will demonstrate you have the skills, knowledge, and competency to perform the responsibilities of a Kubernetes administrator and cloud engineer.
Service Mesh Fundamentals (LFS243) – With the growth of microservices and Kubernetes, production environments need to have tools to monitor and manage network traffic. This course explores the use of Envoy Proxy and Istio to take control of network access.
Monitoring Systems and Services with Prometheus (LFS241) – Prometheus is a monitoring system and time series database that is especially well suited for monitoring dynamic cloud environments. This course walks through installation and deployment, many of its major features, best practices, and use cases.
Cloud Native Logging with Fluentd (LFS242) – Known as the “unified logging layer”, Fluentd provides fast and efficient log transformation and enrichment, as well as aggregation and forwarding. This course is designed to introduce you to a technical background to the Fluentd log forwarding and aggregation tool for use in Cloud Native Logging.
Managing Kubernetes Applications with Helm (LFS244) – Deploying complex and interrelated microservices can be challenging. The course explains how to use Helm to package, install, and verify Kubernetes components in a production cluster.

The following benefits are included with both Bootcamps:

Daily, Live Instructor Office Hours
Access to a Dedicated Mentor
Dedicated Discussion Forum
And More…

 Bootcamps are regularly $999 but currently discounted to $499 with coupon code BOOTCAMP21.

Keep in mind that standard pricing on both the bundles and bootcamps will be increasing on July 1, so by enrolling now you’re saving even more.

Visit the promotion page for more information and to start your journey to a new cloud career!

The post Save up to 50% on Cloud Training Bundles and Bootcamps! appeared first on Linux Foundation – Training.

Enterprise hardware purchases and the sysadmin effect

Are sysadmins the “Go-To” people for opinions on new hardware purchases? Here are two experiences to shed light on the question.
Read More at Enable Sysadmin

The Linux Foundation and NGMN Collaborate on End-to-End 5G and Beyond

SAN FRANCISCO, Calif.  and FRANKFURT, GERMANY – May 10, 2021 – The Linux Foundation and the Next Generation Mobile Network Alliance (NGMN), today announce the signing of a Memorandum of Understanding (MoU) for formal collaboration regarding end-to-end 5G and beyond. 

NGMN’s mission is to provide impactful industry guidance to achieve innovative and affordable mobile telecommunication services for the end user, placing a particular focus on Mastering the Route to Disaggregation, Sustainability and Green Future Networks, as well as on 6G and the continuous support of 5G’s full implementation.

Creating and providing open, scalable building blocks for operators and service providers is critical to the industry adoption of 5G and beyond. Therefore, the collaboration between NGMN and the Linux Foundation will focus on end-to-end 5G architecture and beyond 5G. Specific areas of alignment may include sustainability, network automation and network autonomy based on Artificial Intelligence, security, edge cloud, virtualization, disaggregation, cloud native, and service-based architecture, to name a few. 

“We very much look forward to a mutually inspiring and beneficial collaboration with The Linux Foundation. Open Source is gaining increasing relevance for the strategic topics of our Work Programmes such as Mastering the Route to Disaggregation, Green Future Networks and 6G. We are delighted to partner with The Linux Foundation to jointly drive our mission for the benefit of the global ecosystem”, said Anita Doehler, CEO, NGMN Alliance.

“We are thrilled to be aligning with such an innovative, industry-leading organization,” said Arpit Joshipura, General Manager, Networking, Edge and IoT, the Linux Foundation. “Integrating NGMN’s expertise across pivotal areas like Disaggregation, Green Future Networks, cloud native, automation, and early work on 6G into LF Networking’s 5G Super Blueprint initiative is a natural next step for the industry.”

The Linux Foundation’s vision of harmonizing open source software with open standards has been in effect for several years, including collaborations with ETSI, TMF, MEF, GSMA, the O-RAN Alliance, and more. NGMN also maintains longstanding co-operations with all of these organisations. The alignment between The Linux Foundation and NGMN represents the latest in a long-standing effort to integrate open source and open standards across the industry. 

About NGMN

About NGMN Alliance (www.ngmn.org)

The NGMN Alliance (Next Generation Mobile Networks Alliance) is a forum founded by world-leading Mobile Network Operators and open to all partners in the mobile industry. Its goal is to ensure that next generation network infrastructure, service platforms and devices will meet the requirements of operators and, ultimately, will satisfy end user demand and expectations. The vision of the NGMN Alliance is to provide impactful industry guidance to achieve innovative and affordable mobile telecommunication services for the end user with a particular focus on supporting 5G’s full implementation, Mastering the Route to Disaggregation, Sustainability and Green Networks, and work on 6G.

NGMN seeks to incorporate the views of all interested stakeholders in the telecommunications industry and is open to three categories of participants (NGMN Partners): Mobile Network Operators (Members), vendors, software companies and other industry players (Contributors), as well as research institutes (Advisors).

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The Linux Foundation and NGMN Collaborate on End-to-End 5G and Beyond appeared first on Linux Foundation.

The Linux Foundation and NGMN Collaborate on End-to-End 5G and Beyond

SAN FRANCISCO, Calif.  and FRANKFURT, GERMANY – May 10, 2021 – The Linux Foundation and the Next Generation Mobile Network Alliance (NGMN), today announce the signing of a Memorandum of Understanding (MoU) for formal collaboration regarding end-to-end 5G and beyond. 

NGMN’s mission is to provide impactful industry guidance to achieve innovative and affordable mobile telecommunication services for the end user, placing a particular focus on Mastering the Route to Disaggregation, Sustainability and Green Future Networks, as well as on 6G and the continuous support of 5G’s full implementation.

Creating and providing open, scalable building blocks for operators and service providers is critical to the industry adoption of 5G and beyond. Therefore, the collaboration between NGMN and the Linux Foundation will focus on end-to-end 5G architecture and beyond 5G. Specific areas of alignment may include sustainability, network automation and network autonomy based on Artificial Intelligence, security, edge cloud, virtualization, disaggregation, cloud native, and service-based architecture, to name a few. 

“We very much look forward to a mutually inspiring and beneficial collaboration with The Linux Foundation. Open Source is gaining increasing relevance for the strategic topics of our Work Programmes such as Mastering the Route to Disaggregation, Green Future Networks and 6G. We are delighted to partner with The Linux Foundation to jointly drive our mission for the benefit of the global ecosystem”, said Anita Doehler, CEO, NGMN Alliance.

“We are thrilled to be aligning with such an innovative, industry-leading organization,” said Arpit Joshipura, General Manager, Networking, Edge and IoT, the Linux Foundation. “Integrating NGMN’s expertise across pivotal areas like Disaggregation, Green Future Networks, cloud native, automation, and early work on 6G into LF Networking’s 5G Super Blueprint initiative is a natural next step for the industry.”

The Linux Foundation’s vision of harmonizing open source software with open standards has been in effect for several years, including collaborations with ETSI, TMF, MEF, GSMA, the O-RAN Alliance, and more. NGMN also maintains longstanding co-operations with all of these organisations. The alignment between The Linux Foundation and NGMN represents the latest in a long-standing effort to integrate open source and open standards across the industry. 

About NGMN

About NGMN Alliance (www.ngmn.org)

The NGMN Alliance (Next Generation Mobile Networks Alliance) is a forum founded by world-leading Mobile Network Operators and open to all partners in the mobile industry. Its goal is to ensure that next generation network infrastructure, service platforms and devices will meet the requirements of operators and, ultimately, will satisfy end user demand and expectations. The vision of the NGMN Alliance is to provide impactful industry guidance to achieve innovative and affordable mobile telecommunication services for the end user with a particular focus on supporting 5G’s full implementation, Mastering the Route to Disaggregation, Sustainability and Green Networks, and work on 6G.

NGMN seeks to incorporate the views of all interested stakeholders in the telecommunications industry and is open to three categories of participants (NGMN Partners): Mobile Network Operators (Members), vendors, software companies and other industry players (Contributors), as well as research institutes (Advisors).

About the Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post The Linux Foundation and NGMN Collaborate on End-to-End 5G and Beyond appeared first on Linux Foundation.

Interview with Masato Endo, OpenChain Project Japan

Linux Foundation Editorial Director Jason Perlow had a chance to speak with Masato Endo, OpenChain Project Automotive Chair and Leader of the OpenChain Project Japan Work Group Promotion Sub Group, about the Japan Ministry of Economy, Trade and Industry’s (METI) recent study on open source software management.

JP: Greetings, Endo-san! It is my pleasure to speak with you today. Can you tell me a bit about yourself and how you got involved with the Japan Ministry of Economy, Trade, and Industry?

遠藤さん、こんにちは!本日はお話しできることをうれしく思います。あなた自身について、また経済産業省とどのように関わっていますか?

ME: Hi, Jason-san! Thank you for such a precious opportunity. I’m a manager and scrum master in the planning and development department of new services at a Japanese automotive company. We were also working on building the OSS governance structure of the company, including obtaining OpenChain certification.

As an open source community member, I participated in the OpenChain project and was involved in establishing the OpenChain Japan Working Group and Automotive Working Group. Recently, as a leader of the Promotion SG of the Japan Working Group, I am focusing on promoting OSS license compliance in Japan.

In this project, I contribute to it as a bridge between the Ministry of Economic, Trade, and Industry and the members of OSS community projects such as OpenChain.

For example, I recently gave a presentation of OpenChain at the meeting and introduced the companies that cooperate with the case study.

Jasonさん、こんにちは。このような貴重な機会をありがとうございます。

私は、自動車メーカーの新サービスの企画・開発部署でマネージャーやスクラムマスターを務めています。また、OpenChain認証取得等の会社のオープンソースガバナンス体制構築についても取り組んでいました。

一方、コミュニティメンバーとしてもOpenChainプロジェクトに参加し、OpenChain Japan WGやAutomotive WGの設立に関わりました。最近では、Japan WGのPromotion SGのリーダーとして日本におけるOSSライセンスコンプライアンスの啓発活動に注力しています。

今回のプロジェクトにおいては、経済産業省のタスクフォースとOpenChainとの懸け橋として、ミーティングにてOpenChainの活動を紹介させて頂いたり、ケーススタディへの協力企業を紹介させて頂いたりすることで、コントリビューションさせて頂きました。

JP: What does the Ministry of Economy, Trade, and Industry (METI) do?

経済産業省(METI)はどのような役割の政府機関ですか?

ME: METI has jurisdiction over the administration of the Japanese economy and industry. This case study was conducted by a task force that examines software management methods for ensuring cyber-physical security of the Commerce and Information Policy Bureau’s Cyber Security Division.

経済産業省は経済や産業に関する行政を所管しています。今回のケーススタディは商務情報政策局サイバーセキュリティ課によるサイバー・フィジカル・セキュリティ確保に向けたソフトウェア管理手法等検討タスクフォースにより実施されたものです。

JP: Why did METI commission a study on the management of open source program offices and open source software management at Japanese companies?

なぜ経済産業省は、日本企業のオープンソースプログラムオフィスの管理とオープンソースソフトウェアの管理に関する調査を実施したのですか?

ME: METI itself conducted this survey. The Task Force has been considering appropriate software management methods, vulnerability countermeasures, license countermeasures, and so on.

Meanwhile, as the importance of OSS utilization has increased in recent years, it concluded that sharing the knowledge of each company regarding OSS management methods helps solve each company’s problems.

今回の調査は、METIが主体的に行ったものです。タスクフォースは適切なソフトウェアの管理手法、脆弱性対応やライセンス対応などについて検討してきました。

そんな中、最近はOSS利活用の重要性がより高まっているため、OSSの管理手法に関する各企業の知見の共有が各社の課題解決に有効だという結論に至りました。

JP: How do Japanese corporations differ from western counterparts in open source culture? 

日本の企業は、オープンソース文化において欧米の企業とどのように違いますか?

ME: Like Western companies, Japanese companies also use OSS in various technical fields, and OSS has become indispensable. In addition, more than 80 companies have participated in the Japan Working Group of the OpenChain project. As a result, the momentum to promote the utilization of OSS is increasing in Japan.

On the other hand, some survey results show that Japanese companies’ contribution process and support system are delayed compared to Western companies. So, it is necessary to promote community activities in Japan.

欧米の企業と同様、日本の企業でもOSSは様々な技術領域で使われており、欠かせないものになっています。また、OpenChainプロジェクトのJPWGに80社以上の企業が参加するなど、企業としてOSSの利活用を推進する機運も高まってきています。

一方で、欧米企業と比較するとコントリビューションのプロセスやサポート体制の整備が遅れているという調査結果も出ているため、コミュニティ活動を促進する仕組みをより強化していく必要があると考えられます。

JP: What are the challenges that the open source community and METI have identified due to the study that Japanese companies face when adopting open source software within their organizations? 

日本企業が組織内でオープンソースソフトウェアを採用する際に直面する調査の結果、オープンソースコミュニティと経済産業省が特定した課題は何ですか?

ME: The challenges are:

課題は次のとおりです。

Challenge 1: License compliance

When developing software using OSS, it is necessary to comply with the license declared by each OSS. If companies don’t conduct in-house licensing education and management appropriately, OSS license violations will occur.

Challenge 2: Long term support

Since the development term of OSS depends on the community’s activities, the support term may be shorter than the product life cycle in some cases.

Challenge 3:OSS supply chain management

Recently, the software supply chain scale has expanded, and there are frequent cases where OSS is included in deliveries from suppliers. OSS information sharing in the supply chain has become important to implement appropriate vulnerability countermeasures and license countermeasures.

Challenge 1: ライセンスコンプライアンス

OSSを利用してソフトウエアを開発する場合は、各OSSが宣言しているライセンスを遵守する必要があります。社内におけるライセンスに関する教育や管理体制が不十分な場合、OSSライセンスに違反してしまう可能性があります。 

Challenge 2: ロングタームサポート

OSSの開発期間はコミュニティの活性度に依存するため、場合によっては製品のライフサイクルよりもサポート期間が短くなってしまう可能性があります。

Challenge 3: サプライチェーンにおけるOSSの使用

最近はソフトウエアサプライチェーンの規模が拡大しており、サプライヤからの納品物にOSSが含まれるケースも頻繁に起こっています。適切な脆弱性対応、ライセンス対応などを実施するため、サプライチェーンの中でのOSSの情報共有が重要になってきています。

JP:  Are there initiatives that are working to address these challenges?

これらの課題に取り組むための日本企業の取組の特徴などはありますか?

ME: In this case study, many companies mentioned license compliance. It was found that each company has established a company-wide system and rules to comply with the license and provides education to engineers. The best way to do this depends on the industry and size of the company, but I believe the information from this case study is very useful for each company of all over the world.

In addition, it was confirmed that Software Bill of Materials (SBOM) is becoming more critical for companies in the viewpoint of both vulnerability response and license compliance. Regardless of whether companies are using OSS internally or exchanging software with an external partner, it’s important to clarify which OSS they are using. I recognize that this issue is a hot topic as “Software transparency” in Western companies as well.

In this case study, several companies also mentioned OSS supply chain management. In addition to clarifying the rules between companies, it is characterized by working to raise the level of the entire supply chain through community activities such as OpenChain.

今回のケーススタディでは、多くの企業がライセンスコンプライアンスに言及していました。各企業はライセンスを遵守するために、全社的な体制やルールを整え、エンジニアに対してライセンス教育を実施していることがわかりました。ベストな方法は産業や企業の規模によっても異なりますが、各社の情報はこれからライセンスコンプライアンスに取り組もうとしている企業やプロセスの改善を進めている企業にとって非常に有益なものであると私は考えます。

また、脆弱性への対応、ライセンスコンプライアンスの両面から、企業にとってSBOMの重要性が高まっていることが確認できました。社内でOSSを利用する場合であっても、社外のパートナーとソフトウエアをやりとりする場合であっても、どのOSSを利用しているかを明確にすることが最重要だからです。この課題はソフトウエアの透過性といって欧米でも話題になっているものであると私は認識しています。

このケーススタディの中で複数の企業がOSSのサプライチェーンマネジメントについても言及していました。企業間でのルールを明確化する他、OpenChainなどのコミュニティ活動によって、サプライチェーン全体のレベルアップに取り組むことが特徴になっています。

JP: What are the benefits of Japanese companies adopting standards such as OpenChain and SPDX?

OpenChainやSPDXなどの標準を採用している日本企業のメリットは何ですか?

ME: Companies need to do a wide range of things to ensure proper OSS license compliance, so some guidance is needed. The OpenChain Specification, which has become an ISO as a guideline for that, is particularly useful. In fact, several companies that responded to this survey have built an OSS license compliance process based on the OpenChain Specification.

Also, from the perspective of supply chain management, it is thought that if each supply chain company obtains OpenChain certification, software transparency will increase, and appropriate OSS utilization will be promoted.

In addition, by participating in OpenChain’s Japan Working Group, companies can share the best practices of each company and work together to solve problems.

Since SPDX is a leading international standard for SBOM, it is very useful to use it when exchanging information about OSS in the supply chain from the viewpoint of compatibility.

Japanese companies use the SPDX standard and actively contribute to the formulation of SPDX specifications like SPDX Lite.

企業がOSSライセンスコンプライアンスを適切に行うために行うべきことは多岐に渡るために何かしらの指針が必要です。そのための指針としてISOになったOpenChain Specificationは非常に有用なものです。実際、今回の調査に回答した複数の企業がOpenChain Specificationに基づいてOSSライセンスコンプライアンスプロセスを構築し、認証を取得しています。

また、サプライチェーンマネジメントの観点からも、サプライチェーン各社がOpenChain認証を取得することで、ソフトウエアの透過性が高まり、適切なOSSの利活用を促進されると考えられます。

更にOpenChainのJPWGに参加することで、各社のベストプラクティスを共有したり、協力して課題解決をすることもできます。

SPDXは重要性の高まっているSBOMの有力な国際標準であるため、サプライチェーン内でOSSに関する情報を交換する場合に、SPDXを利用することは互換性等の観点から非常に有益です。

日本企業はSPDXの標準を利用するだけではなく、SPDX LiteのようにSPDXの仕様策定にも積極的にコントリビューションしています。

JP: Thank you, Endo-san! It has been great speaking with you today.

遠藤さん、ありがとうございました!本日は素晴らしい議論になりました。

The post Interview with Masato Endo, OpenChain Project Japan appeared first on Linux Foundation.

Btrfs: Advantages of upgrading from UEK5 to UEK6

Advantages in btrfs you will receive when you upgrade from UEK5 to UEK6
Click to Read More at Oracle Linux Kernel Development

Btrfs: Advantages of upgrading from UEK5 to UEK6

Oracle UEK kernels have been providing the btrfs filesystem since release 5 (UEK5). The most recent UEK kernel is release 6 (UEK6), which is based on Linux kernel 5.4, where as UEK5 is based on Linux kernel 4.14. UEK6 as you would expect contains a lot more fixes and improvements as compared to UEK5.With specific regard to the btrfs filesystem, I will skim through…

Click to Read More at Oracle Linux Kernel Development

OpenPOWER Foundation announces LibreBMC, a POWER-based, fully open-source BMC

News from the OpenPOWER Blog:

Baseboard management controllers (BMCs) are a mainstay in data centers. They enable remote monitoring and access to servers, and they’re responsible for the rise of “lights out management.” But from a hardware perspective, there has been little innovation in this space for years. BMC processors are built on legacy architectures that are proprietary and closed.

The OpenPOWER Foundation is announcing a new workgroup to develop LibreBMC, the first ever baseboard management controller with completely open-source software and hardware. The processor will be based on the POWER ISA, which was open-sourced by IBM at OpenPOWER Summit North America in August, 2019.

Read more at OpenPOWER

Interview with Masato Endo, OpenChain Project Japan

Linux Foundation Editorial Director Jason Perlow had a chance to speak with Masato Endo, OpenChain Project Automotive Chair and Leader of the OpenChain Project Japan Work Group Promotion Sub Group, about the Japan Ministry of Economy, Trade and Industry’s (METI) recent study on open source software management.

JP: Greetings, Endo-san! It is my pleasure to speak with you today. Can you tell me a bit about yourself and how you got involved with the Japan Ministry of Economy, Trade, and Industry?

遠藤さん、こんにちは!本日はお話しできることをうれしく思います。あなた自身について、また経済産業省とどのように関わっていますか。

ME: Hi, Jason-san! Thank you for such a precious opportunity. I’m a manager and scrum master in the planning and development department of new services at a Japanese automotive company. We were also working on building the OSS governance structure of the company, including obtaining OpenChain certification.

As an open source community member, I participated in the OpenChain project and was involved in establishing the OpenChain Japan Working Group and Automotive Working Group. Recently, as a leader of the Promotion SG of the Japan Working Group, I am focusing on promoting OSS license compliance in Japan.

In this project, I contribute to it as a bridge between the Ministry of Economic, Trade, and Industry and the members of OSS community projects such as OpenChain.

For example, I recently gave a presentation of OpenChain at the meeting and introduced the companies that cooperate with the case study.

Jasonさん、こんにちは。このような貴重な機会をありがとうございます。

私は、自動車メーカーの新サービスの企画・開発部署でマネージャーやスクラムマスターを務めています。また、OpenChain認証取得等の会社のオープンソースガバナンス体制構築についても取り組んでいました。

一方、コミュニティメンバーとしてもOpenChainプロジェクトに参加し、OpenChain Japan WGやAutomotive WGの設立に関わりました。最近では、Japan WGのPromotion SGのリーダーとして日本におけるOSSライセンスコンプライアンスの啓発活動に注力しています。

今回のプロジェクトにおいては、経済産業省のタスクフォースとOpenChainとの懸け橋として、ミーティングにてOpenChainの活動を紹介させて頂いたり、ケーススタディへの協力企業を紹介させて頂いたりすることで、コントリビューションさせて頂きました。

JP: What does the Ministry of Economy, Trade, and Industry (METI) do?

経済産業省(METI)はどのような役割の役所ですか?

ME: METI has jurisdiction over the administration of the Japanese economy and industry. This case study was conducted by a task force that examines software management methods for ensuring cyber-physical security of the Commerce and Information Policy Bureau’s Cyber Security Division.

経済産業省は経済や産業に関する行政を所管しています。今回のケーススタディは商務情報政策局サイバーセキュリティ課によるサイバー・フィジカル・セキュリティ確保に向けたソフトウェア管理手法等検討タスクフォースにより実施されたものです。

JP: Why did METI commission a study on the management of open source program offices and open source software management at Japanese companies?

なぜ経済産業省は、日本企業のオープンソースプログラムオフィスの管理とオープンソースソフトウェアの管理に関する調査を実施したのですか?

ME: METI itself conducted this survey. The Task Force has been considering appropriate software management methods, vulnerability countermeasures, license countermeasures, and so on.

Meanwhile, as the importance of OSS utilization has increased in recent years, it concluded that sharing the knowledge of each company regarding OSS management methods helps solve each company’s problems.

今回の調査は、METIが主体的に行ったものです。タスクフォースは適切なソフトウェアの管理手法、脆弱性対応やライセンス対応などについて検討してきました。

そんな中、昨今のOSS利活用の重要性が高まる中、OSSの管理手法に関する各企業の知見の共有が各社の課題解決に有効だという結論に至りました。

JP: How do Japanese corporations differ from western counterparts in open source culture?

日本の企業は、オープンソース文化において欧米の企業とどのように違いますか?

ME: Like Western companies, Japanese companies also use OSS in various technical fields, and OSS has become indispensable. In addition, more than 80 companies have participated in the Japan Working Group of the OpenChain project. As a result, the momentum to promote the utilization of OSS is increasing in Japan.

On the other hand, some survey results show that Japanese companies’ contribution process and support system are delayed compared to Western companies. So, it is necessary to promote community activities in Japan.

欧米の企業と同様、日本の企業でもOSSは様々な技術領域で使われており、欠かせないものになっています。また、OpenChainプロジェクトのJPWGに80社以上の企業が参加するなど、企業としてOSSの利活用を推進する機運も高まってきています。

一方で、欧米企業と比較するとコントリビューションのプロセスやサポート体制の整備が遅れているという調査結果も出ているため、コミュニティ活動を促進する仕組みをより強化していく必要があると考えられます。

JP: What are the challenges that the open source community and METI have identified due to the study that Japanese companies face when adopting open source software within their organizations?

日本企業が組織内でオープンソースソフトウェアを採用する際に直面する調査の結果、オープンソースコミュニティと経済産業省が特定した課題は何ですか?

ME: In this case study, many companies mentioned license compliance. It was found that each company has established a company-wide system and rules to comply with the license and provides education to engineers. The best way to do this depends on the industry and size of the company, but I believe the information from this case study is very useful for each company of all over the world.

In addition, it was confirmed that Software Bill of Materials (SBOM) is becoming more critical for companies in the viewpoint of both vulnerability response and license compliance. Regardless of whether companies are using OSS internally or exchanging software with an external partner, it’s important to clarify which OSS they are using. I recognize that this issue is a hot topic as “Software transparency” in Western companies as well.

In this case study, several companies also mentioned OSS supply chain management. In addition to clarifying the rules between companies, it is characterized by working to raise the level of the entire supply chain through community activities such as OpenChain.

今回のケーススタディでは、多くの企業がライセンスコンプライアンスに言及していました。各企業はライセンスを遵守するために、全社的な体制やルールを整え、エンジニアに対してライセンス教育を実施していることがわかりました。ベストな方法は産業や企業の規模によっても異なりますが、各社の情報はこれからライセンスコンプライアンスに取り組もうとしている企業やプロセスの改善を進めている企業にとって非常に有益なものであると私は考えます。

また、脆弱性への対応、ライセンスコンプライアンスの両面から、企業にとってSBOMの重要性が高まっていることが確認できました。社内でOSSを利用する場合であっても、社外のパートナーとソフトウエアをやりとりする場合であっても、どのOSSを利用しているかを明確にすることが最重要だからです。この課題はソフトウエアの透過性といって欧米でも話題になっているものであると私は認識しています。

このケーススタディの中で複数の企業がOSSのサプライチェーンマネジメントについても言及していました。企業間でのルールを明確化する他、OpenChainなどのコミュニティ活動によって、サプライチェーン全体のレベルアップに取り組むことが特徴になっています。

Challenge 1: License compliance

When developing software using OSS, it is necessary to comply with the license declared by each OSS. If companies don’t conduct in-house licensing education and management appropriately, OSS license violations will occur.

Challenge 2: Long term support

Since the development term of OSS depends on the community’s activities, the support term may be shorter than the product life cycle in some cases.

Challenge 3:OSS supply chain management

Recently, the software supply chain scale has expanded, and there are frequent cases where OSS is included in deliveries from suppliers. OSS information sharing in the supply chain has become important to implement appropriate vulnerability countermeasures and license countermeasures.

Challenge 1: ライセンスコンプライアンス

OSSを利用してソフトウエアを開発する場合は、各OSSが宣言しているライセンスを遵守する必要があります。社内におけるライセンスに関する教育や管理体制が不十分な場合、OSSライセンスに違反してしまう可能性があります。

Challenge 2: ロングタームサポート

OSSの開発期間はコミュニティの活性度に依存するため、場合によっては製品のライフサイクルよりもサポート期間が短くなってしまう可能性があります。

Challenge 3: サプライチェーンにおけるOSSの使用

最近はソフトウエアサプライチェーンの規模が拡大しており、サプライヤからの納品物にOSSが含まれるケースも頻繁に起こっています。適切な脆弱性対応、ライセンス対応などを実施するため、サプライチェーンの中でのOSSの情報共有が重要になってきています。

JP: What are the benefits of Japanese companies adopting standards such as OpenChain and SPDX?

OpenChainやSPDXなどの標準を採用している日本企業のメリットは何ですか?

ME: Companies need to do a wide range of things to ensure proper OSS license compliance, so some guidance is needed. The OpenChain Specification, which has become an ISO as a guideline for that, is particularly useful. In fact, several companies that responded to this survey have built an OSS license compliance process based on the OpenChain Specification.

Also, from the perspective of supply chain management, it is thought that if each supply chain company obtains OpenChain certification, software transparency will increase, and appropriate OSS utilization will be promoted.

In addition, by participating in OpenChain’s Japan Working Group, companies can share the best practices of each company and work together to solve problems.

Since SPDX is a leading international standard for SBOM, it is very useful to use it when exchanging information about OSS in the supply chain from the viewpoint of compatibility.

Japanese companies use the SPDX standard and actively contribute to the formulation of SPDX specifications like SPDX Lite.

企業がOSSライセンスコンプライアンスを適切に行うために行うべきことは多岐に渡るために何かしらの指針が必要です。そのための指針としてISOになったOpenChain Specificationは非常に有用なものです。実際、今回の調査に回答した複数の企業がOpenChain Specificationに基づいてOSSライセンスコンプライアンスプロセスを構築し、認証を取得しています。

また、サプライチェーンマネジメントの観点からも、サプライチェーン各社がOpenChain認証を取得することで、ソフトウエアの透過性が高まり、適切なOSSの利活用を促進されると考えられます。

更にOpenChainのJPWGに参加することで、各社のベストプラクティスを共有したり、協力して課題解決をすることもできます。

SPDXは重要性の高まっているSBOMの有力な国際標準であるため、サプライチェーン内でOSSに関する情報を交換する場合に、SPDXを利用することは互換性等の観点から非常に有益です。

日本企業はSPDXの標準を利用するだけではなく、SPDX LiteのようにSPDXの使用策定にも積極的にコントリビューションしています。

JP: Thank you, Endo-san! It has been great speaking with you today.

遠藤さん、ありがとうございました!本日は素晴らしい議論になりました。

The post Interview with Masato Endo, OpenChain Project Japan appeared first on Linux Foundation.

Top 5 Linux man command options for browsing man pages

My five favorite options for getting the most from the man command.
Read More at Enable Sysadmin