Open source software provides businesses with a number of benefits including cost, flexibility and freedom. This freely distributed software can also be easily altered by any business that is familiar with its source code.
However, licensing issues do arise which could present a major hurdle for an organisation’s legal team. This is why the OpenChain Project was set up to help introduce common standards regarding how companies declare their open source efforts are compliant with licensing standards.
TechRadar Pro spoke with OpenChain’s General Manager, Shane Coughlan to gain a better understanding of how open source licenses work and to learn how the Linux Foundation is making it easier for businesses to take advantage of open source software. …
The OpenChain Project is all about identifying the key requirements of a quality open source compliance program. The OpenChain Specification is the document that describes processes that companies can apply to open source compliance at inbound, internal and external inflection points.
Quick, what was the the most dominant technology skill requested by IT firms in 2018? According to a study from job board Dice, Kubernetes skills dominated among IT firm requests, and this news followed similar findings released last year from jobs board Indeed. The Dice report, based on its available job postings, found that Kubernetes was heavily requested by IT recruiters as well as hiring managers. As SDX Central has reported: “Indeed’s work found that Kubernetes had the fastest year-over-year surge in job searches among IT professionals. It also found that related job postings increased 230 percent between September 2017 and September 2018.”
The demand for Kubernetes skills is so high that companies of all sizes are reporting skills gaps and citing difficulty finding people who have the required Kubernetes and containerization skills. That spells opportunity for those who gain Kubernetes expertise, and the good news is that you have several approachable and inexpensive options for getting trained as well as certified.
Certification Options
Certification is the gold standard in the Kubernetes arena. On that front, last year The Cloud Native Computing Foundation launched its Certified Kubernetes Application Developer exam and a Kubernetes for Developers (LFD259) course ($299). These offerings complement the Certified Kubernetes Administrator program ($300). CNCF, working in partnership with edX, also offers an Introduction to Kubernetes course that is absolutely free, and requires a time commitment of only two to three hours a week for four to five weeks. You can register here, and find out more about Kubernetes Fundamentals (LFS2580) and Developer courses here.
The Kubernetes Fundamentals course comes with extensive course materials, and you can get a free downloadable chapter from the materials here. For those new to Kubernetes, the course covers architecture, networking setup and much more. If you are new to Kubernetes, you can also find a free webinar here, where Kubernetes Founder Craig McLuckie provides an introduction to the Kubernetes project and how it began when he was working at Google.
“As Kubernetes has grown, so has the demand for application developers who are knowledgeable about building on top of Kubernetes,” said Dan Kohn, Executive Director of the Cloud Native Computing Foundation. ”The CKAD exam allows developers to certify their proficiency in designing and building cloud native applications for Kubernetes, while also allowing companies to confidently hire high-quality teams.”
According to the Cloud Native Computing Foundation: “With the majority of container-related job listingsasking for proficiency in Kubernetes as an orchestration platform, the CKAD program will help expand the pool of Kubernetes experts in the market, thereby enabling continued growth across the broad set of organizations using the technology.”
December’s KubeCon + CloudNativeCon conference in Seattle was a sold-out event that has now ushered in a wealth of free Kubernetes-focused content that you can access. In fact, more than 100 lightning talks, keynotes, and technical sessions from the event have already been posted online, with more information here.
You can watch many videos from KubeCon on YouTube. You’ll find videos sharing basics and best practices, explaining how to integrate Kubernetes with various platforms, and discussing the future of Kubernetes. You can also get hear talks in person at these upcoming conferences:
Kubernetes is spreading its reach rapidly for many reasons, including its extensible architecture and healthy open source community, but some still feel that it istoo difficult to use. The resources found here—many of them free—will help you move toward mastery of one of today’s most compelling technology architectures.
OpenChain’s important because the open-source software supply chain goes from companies that are little more than a single developer in his home office to multi-billion dollar businesses. Within it, there are tens of thousands of programs with a wide variety of open-source software licenses. So, how can companies trust and manage all the code’s legal requirements? The answer is with OpenChain.
As the OpenChain project manager Shane Coughlan explained, “The basic idea was simple: Identify key recommended processes for effective open source management. The goal was equally clear: Reduce bottlenecks and risk when using third-party code to make open-source license compliance simple and consistent across the supply chain. The key was to pull things together in a manner that balanced comprehensiveness, broad applicability, and real-world usability.”
The Linux community is dealing with another security flaw, with the latest bug impacting the runC container runtime that underpins Docker, cri-o, containerd, and Kubernetes.
The bug, dubbed CVE-2019-5736, allows an infected container to overwrite the host runC binary and gain root-level code access on the host. This would basically allow the infected container to gain control of the overarching host container and allow an attacker to execute any command.
“It is quite likely that most container runtimes are vulnerable to this flaw, unless they took very strange mitigations beforehand,” explained Aleksa Sarai, a senior software engineer at SUSE and a maintainer for runC, in an email posted on Openwall. Sarai added that the flaw is blocked by the proper implementation of user namespaces “where the host root is not mapped into the container’s user namespace.”
A patch for the flaw has been developed and is being sent out to the runC community. A number of vendor and cloud providers have already taken steps to implement the patch.
If you are familiar with instrumenting applications, you may have heard of OpenMetrics, OpenTracing, and OpenCensus. These projects aim to create standards for application performance monitoring and collecting metric data. Although the projects do overlap in terms of their goals, they each take a different approach to observability and instrumentation. In this post, we’ll provide an introduction to all three projects, along with some key differentiators of each, and how they best support application monitoring.
Key project differences
OpenMetrics aims to create a standard format for exposing metric data, while OpenTracing and OpenCensus focus on creating a standard for distributed tracing. Because the OpenCensus and OpenTracing projects share similar goals, there is a lot of overlap with their tracing APIs. They both employ a standard for tracking requests across process boundaries so you can visualize all the operations (e.g., database calls, caching) that go into fulfilling individual requests. This enables you to monitor application performance with one of the several backends (e.g., Datadog, Zipkin) that OpenTracing or OpenCensus supports.
OpenCensus is a part of the Google Open Source community, and OpenTracing and OpenMetrics are Cloud Native Computing Foundation(CNCF) projects. The OpenCensus and OpenTracing projects use similar mechanisms, though they refer to them in different terms:
Eric Biggers and Paul Crowley were unhappy with the disk encryption options available for Android on low-end phones and watches. For them, it was an ethical issue. Eric said:
We believe encryption is for everyone, not just those who can afford it. And while it’s unknown how long CPUs without AES support will be around, there will likely always be a “low end”; and in any case, it’s immensely valuable to provide a software-optimized cipher that doesn’t depend on hardware support. Lack of hardware support should not be an excuse for no encryption.
Unfortunately, they were not able to find any existing encryption algorithm that was both fast and secure, and that would work with existing Linux kernel infrastructure. They, therefore, designed the Adiantum encryption mode, which they described in a light, easy-to-read and completely non-mathematical way.
As I work, throughout the day, music is always playing in the background. Most often, that music is in the form of vinyl spinning on a turntable. But when I’m not in purist mode, I’ll opt to listen to audio by way of a streaming app. Naturally, I’m on the Linux platform, so the only tools I have at my disposal are those that play well on my operating system of choice. Fortunately, plenty of options exist for those who want to stream audio to their Linux desktops.
In fact, Linux offers a number of solid offerings for music streaming, and I’ll highlight five of my favorite tools for this task. A word of warning, not all of these players are open source. But if you’re okay running a proprietary app on your open source desktop, you have some really powerful options. Let’s take a look at what’s available.
Spotify for Linux isn’t some dumb-downed, half-baked app that crashes every other time you open it, and doesn’t offer the full-range of features found on the macOS and Windows equivalent. In fact, the Linux version of Spotify is exactly the same as you’ll find on other platforms. With the Spotify streaming client you can listen to music and podcasts, create playlists, discover new artists, and so much more. And the Spotify interface (Figure 1) is quite easy to navigate and use.
Figure 1: The Spotify interface makes it easy to find new music and old favorites.
You can install Spotify either using snap (with the command sudo snap install spotify), or from the official repository, with the following commands:
sudo echo deb http://repository.spotify.com stable non-free | sudo tee /etc/apt/sources.list.d/spotify.list
sudo apt-get update
sudo apt-get install spotify-client
Once installed, you’ll want to log into your Spotify account, so you can start streaming all of the great music to help motivate you to get your work done. If you have Spotify installed on other devices (and logged into the same account), you can dictate to which device the music should stream (by clicking the Devices Available icon near the bottom right corner of the Spotify window).
Clementine one of the best music players available to the Linux platform. Clementine not only allows user to play locally stored music, but to connect to numerous streaming audio services, such as:
Amazon Cloud Drive
Box
Dropbox
Icecast
Jamendo
Magnatune
RockRadio.com
Radiotunes.com
SomaFM
SoundCloud
Spotify
Subsonic
Vk.com
Or internet radio streams
There are two caveats to using Clementine. The first is you must be using the most recent version (as the build available in some repositories is out of date and won’t install the necessary streaming plugins). Second, even with the most recent build, some streaming services won’t function as expected. For example, with Spotify, you’ll only have available to you the Top Tracks (and not your playlist … or the ability to search for songs).
With Clementine Internet radio streaming, you’ll find musicians and bands you’ve never heard of (Figure 2), and plenty of them to tune into.
Figure 2: Clementine Internet radio is a great way to find new music.
Odio is a cross-platform, proprietary app (available for Linux, MacOS, and Windows) that allows you to stream internet music stations of all genres. Radio stations are curated from www.radio-browser.info and the app itself does an incredible job of presenting the streams for you (Figure 3).
Figure 3: The Odio interface is one of the best you’ll find.
Odio makes it very easy to find unique Internet radio stations and even add those you find and enjoy to your library. Currently, the only way to install Odio on Linux is via Snap. If your distribution supports snap packages, install this streaming app with the command:
sudo snap install odio
Once installed, you can open the app and start using it. There is no need to log into (or create) an account. Odio is very limited in its settings. In fact, it only offers the choice between a dark or light theme in the settings window. However, as limited as it might be, Odio is one of your best bets for playing Internet radio on Linux.
Streamtuner2 is an outstanding Internet radio station GUI tool. With it you can stream music from the likes of:
Internet radio stations
Jameno
MyOggRadio
Shoutcast.com
SurfMusic
TuneIn
Xiph.org
YouTube
Streamtuner2 offers a nice (if not slightly outdated) interface, that makes it quite easy to find and stream your favorite music. The one caveat with StreamTuner2 is that it’s really just a GUI for finding the streams you want to hear. When you find a station, double-click on it to open the app associated with the stream. That means you must have the necessary apps installed, in order for the streams to play. If you don’t have the proper apps, you can’t play the streams. Because of this, you’ll spend a good amount of time figuring out what apps to install for certain streams (Figure 4).
Figure 4: Configuring Streamtuner2 isn’t for the faint of heart.
VLC has been, for a very long time, dubbed the best media playback tool for Linux. That’s with good reason, as it can play just about anything you throw at it. Included in that list is streaming radio stations. Although you won’t find VLC connecting to the likes of Spotify, you can head over to Internet-Radio, click on a playlist and have VLC open it without a problem. And considering how many internet radio stations are available at the moment, you won’t have any problem finding music to suit your tastes. VLC also includes tools like visualizers, equalizers (Figure 5), and more.
Figure 5: The VLC visualizer and equalizer features in action.
The only caveat to VLC is that you do have to have a URL for the Internet Radio you wish you hear, as the tool itself doesn’t curate. But with those links in hand, you won’t find a better media player than VLC.
Always More Where That Came From
If one of these five tools doesn’t fit your needs, I suggest you open your distribution’s app store and search for one that will. There are plenty of tools to make streaming music, podcasts, and more not only possible on Linux, but easy.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
If you want features, bells and whistles, and configurability in spades, your best choice of desktop is probably KDE’s Plasma desktop. Navigating and discovering all that’s on offer can be a challenge, though.
While many user interface designers advocate simplicity and simplified decision-making for users (which often results in no decision-making at all), the KDE community [1] has stubbornly gone the other way, jam-packing all manner of features and doodads into its Plasma [2] desktop (see the “KDE Is Not a Desktop” box).
KDE Is Not a Desktop
This has been the subject of much controversy and confusion, but, no, KDE is not the name of a desktop environment anymore and hasn’t been for some time now.
The desktop is called Plasma. KDE, on the other hand, is the name given to the community of developers, artists, translators, and so on that create the software. The reason for this shift is because the KDE community builds many things, like Krita, Kdenlive, digiKam, GCompris, and so on, not just Plasma. Many of these applications are not even tied to Linux, much less to the Plasma desktop, and can be run on many other graphical environments, including Mac OS X, Windows, Android, and others.
Also, much like KFC does not stand for Kentucky Fried Chicken anymore, neither does KDE stand for Kool Desktop Environment. KDE is not an acronym for anything. It is just … KDE.
To illustrate Plasma’s flexibility, I’ll show you some tricks you can use to emulate other desktops, starting with global menus. Both Unity and Mac OS use a global menu: It is the menu that appears in a bar at the top of the screen and shows a selected application’s options, instead of having them in a bar along the top of the application.
As the number of open-source projects booms, so does the need for resiliency and interoperability testing.
The Open Platform for NFV (OPNFV) community spent about four years of collective brainpower developing testing tools that can come in handy for open-source projects.
Here’s a brief overview of the three areas in the OPNFV testing ecosystem. Functional testing, called func test “a fairly evolved and fairly flexible framework,” that offers pre-integrated upstream test tools including RefStack,Tempest, OPNFV- specific VNF tests and application-level Kubernetes.
Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding memory corruption bugs, which often have serioussecurityimplications. Manually finding these issues is both difficult and time consuming, and bugs often slip through despite rigorous code review practices. For software projects written in an unsafe language such as C or C++, fuzzing is a crucial part of ensuring their security and stability.
In order for fuzzing to be truly effective, it must be continuous, done at scale, and integrated into the development process of a software project. To provide these features for Chrome, we wrote ClusterFuzz, a fuzzing infrastructure running on over 25,000 cores. Two years ago, we began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz.
Today, we’re announcing that ClusterFuzz is now open source and available for anyone to use.
