Twitter
Home Blog Page 54

FINOS Announces 2022 State of Open Source in Financial Services Survey

By
-

FINOS, the fintech open source foundation, and its research partners, Linux Foundation Research, GitHub, Intel, Mend, Red Hat, Scott Logic, SUSE, Symphony, Tradeweb, and Wipro, are conducting its second annual survey as part of its ongoing research on the state of open source adoption, contribution, and readiness in the financial services industry. 

The increased prevalence, importance, and value of open source is well understood and widely reported by many industry surveys and studies. However, the rate at which different industries acknowledge this shift and adapt their working practices to capitalize on the new world of open source-first differs considerably.

The financial services industry has been a long-time consumer of open source software; however, many are struggling in contributing to and publishing open source software and standards and adopting open source methodologies. A lack of understanding of building and deploying efficient tooling and governance models is often seen as a limiting factor.

This survey and report seek to explore open source within the context of financial services organizations, including banks, asset managers, and hedge funds but it is designed as a resource to be used by all financial services organizations as an annual tracking of metrics. 

Please participate now; we intend to close the survey in early August. Privacy and confidentiality are important to us. Neither participant names, nor their company names, will be published in the final results.

To take the 2022 FINOS Survey, click the button below:

Take Survey (EN)

BONUS

As a thank-you for completing this survey, you will receive a 25% discount code on enrollment in any course in the Linux Foundation Training catalog.

PRIVACY

Your name and company name will not be published. Reviews are attributed to your role, company size, and industry. Responses will be subject to the Linux Foundation’s Privacy Policy, available at https://linuxfoundation.org/privacy. Please note that survey partners who are not Linux Foundation employees will be involved in reviewing the survey results. If you do not want them to have access to your name or email address, please do not provide this information.

VISIBILITY

We will summarize the survey data and share the findings during Open Source Strategy Forum, 2022. The summary report will be published on the FINOS and Linux Foundation websites. 

QUESTIONS

If you have questions regarding this survey, please email us at info@finos.org

The post FINOS Announces 2022 State of Open Source in Financial Services Survey appeared first on Linux Foundation.

How to configure a firewall on Linux with firewalld

By
-

Learn how to install, configure, and use firewalld to restrict or allow a computer’s access to services, ports, networks, subnets, and IP addresses.

Read More at Enable Sysadmin

Hendrick and Jarvis Talk Software Security

By
Jason Perlow
-

While open source software is ubiquitous and generally regarded as being secure, software development practices vary widely across projects regarding application development practices, protocols to respond to defects, or lack of standardized selection criteria to determine which software components are more likely to be secure. Consequently, software supply chains are vulnerable to attack, with implications and challenges for open source project communities. 

To help improve the state of software supply chain security, the Linux Foundation, the Open Source Security Foundation (OpenSSF), Snyk, the Eclipse Foundation, CNCF, and CI/CD Foundation conducted research and released the findings in the report, Addressing Cybersecurity Challenges in Open Source Software, during the 2022 Open Source Summit North America. 

At the Summit, Stephen Hendrick, LF’s Vice President of Research, and Matt Jarvis, Director of Developer Relations at Snyk, sat down with Alan Shimel of TechStrong TV to discuss the findings and next steps. Here are some key takeaways:

Alan: “ I think we’re always disappointed when we do the surveys that we find out, you know, beyond the lip service that gets paid to security, what actually is going on under the covers, and we’re always wishing for and hoping for more. That being said, I don’t want to be pessimistic. I am of the glass half full opinion that we are doing better and more security now than we probably ever have done.”

Stephen: “On the issue of, do organizations have an open source security policy. What we found was 49% said they had one, that’s good. 34% did not. And 17% said they don’t know.”

Matt: “In larger enterprises… you’ve got that kind of ingrained culture over a long time in terms of security and about how you consume software. . . the hardest problem in security isn’t really about technology at all. It’s always about people and culture. . . We’ve got two kinds of things happening in almost a perfect storm. At the same time, we’ve got this massive rise in supply chain attacks on open source, because, you know, it’s a victim of its own success. And attackers have realized it’s a lot easier to get into the supply chain than it is to find zero days in end user applications. So you’ve got that going on, where all of a sudden, folks are going, well, everything we do is based on open source, like, what do I do about security? And then, as Steve pointed out, you’ve got this, this ongoing, massive transformation of how we develop software, you know, this superfast high velocity.”

Stephen: “We asked. . . how do you intend to improve on the situation?. . . Top of the list was organizations are looking for more intelligent tools. . .  That was at 59%. . . Right behind that at 52% was a strong desire to understand and essentially codify best practices for how to do secure software development”

Matt: “Culture change is such a big part of how you make that transition from your kind of old school, security as gatekeeper kind of function, to this thing, where we put it to the developers, because the developers are the ones who, you know, you fix it at the developer eyeball before it’s got anywhere near production. That is the cheapest.”

Stephen: “You know, I did a report last year on SBOMs. And I gotta tell you that factors right into this. . . we did some stats in this survey on dependencies, you know, both direct and transitive, and found, really, sort of low levels of strong, strong security around organizations understanding the security posture of all these different dependencies and dependencies of dependencies. Really low numbers there. SBOMs would go so far in helping sort all that out.

“They’re going to give you knowledge about the metadata, it’s gonna give you usability, so you know that you’re licensed to use the stuff, and it’s going to know if it was good, if you trust that not only what you’re looking at for metadata is not falsified, but also understanding quite clearly, you know, what’s been fixed, what hasn’t been fixed from a vulnerability standpoint.”

Matt: “I think when people think about policies, they think, Oh, this needs to be like a 100 page document of some kind, you know, then it becomes overwhelming, but really a policy can be a one liner.”

Watch the full interview and read the transcript below.

LEGO and Angel Island

By
-

Like many of the folks in open source, the LF’s Kenny Paul is a huge fan of building things out of LEGO. For Kenny however, it goes a bit beyond just opening a box and following the instruction book. In fact, he rarely ever builds anything from a kit, instead building highly complex and detailed models entirely from his imagination. Yes, for you LEGO Movie fans, Kenny is a Master Builder

 When I get a new kit I usually look at it in terms of pure raw material rather than whatever is shown on the box

 “When I get a new kit I usually look at it in terms of pure raw material rather than whatever is shown on the box”, he says with a smile radiating the possibilities. That approach seems to have worked quite well for him for a long time now. Over the holiday season he builds a 120 square foot display in his garage that often draws 300+ people a day, he worked on the Mythbusters’ Giant LEGO Ball episode (#117), he has scale models of farm equipment in the permanent collection of a local museum, and in January of 2020 he finished second in a competition for one of LEGOLand’s coveted LEGO Master Model Builder positions, of which there are only 13 in all of North America. 

PreviousNext
1234567

Photos: MythBusters Giant LEGO Ball mid-build, LEGOLand’s LEGO Master Model Builder Competition, and Kenny’s holiday garage display

Angel Island

However, he recently finished a project that he says has been the most difficult and meaningful project he has ever been a part of. The subject matter revolves around a troubling chapter in American history and a small bit of rock and scrub brush in the middle of San Francisco Bay called Angel Island.

Ask your average 4th grader if they have ever heard of Ellis Island and they can probably tell you at least something about the well-known narrative surrounding immigration and the United States. Ask them about Angel Island, however, and you’ll probably get a confused look and a shake of the head.

Although Angel Island was often called, “The Ellis Island of the West” in the early 1900s, it was anything but welcoming. In reality it was established specifically for the purpose of excluding immigration for those of Asian descent and Chinese immigrants in particular. It wasn’t a place for, Give me your tired, your poor, your huddled masses… It was more like, Nope, talk to the hand. 

Japanese Internments

When Japan attacked the US Naval base at Pearl Harbor on December 7th, 1941, Angel Island took on an entirely new role during the early stages of the war, but one that was unfortunately still in line with its original anti-Asian roots. Many people are still unaware that following Pearl Harbor, the US Government, on the orders of President Franklin D. Roosevelt, rounded up thousands of US citizens and put them into internment camps for the duration of the war simply because of their Japanese ancestry. Yes, that’s right. This included US citizens who were officially reclassified as enemies of the state purely based upon their heritage. For the first wave of those who were incarcerated, Angel Island was used as the processing center before they were sent off to one of the infamous internment camps across the US, like Manzanar, Tule Lake, or Heart Mountain

How to educate children about the history?

Remember how we mentioned 4th graders earlier?  Well, learning about California history is a pillar of the 4th grade curriculum here in the Golden State and that is what led to this particular project. The problem? Hundreds of 4th graders tour Angel Island every year – How do you engage them on very painful and hard to understand subject matter like internment?  Well, the folks from the California State Park system and the Angel Island Immigration Station Foundation, which runs the museum there, thought that a LEGO model of the site as it existed during WWII might help bridge that gap.

AIISF reached out to the local LEGO club in the Bay Area in August of 2021 to see if anyone might be interested in volunteering for a project. A number of folks joined the introductory Zoom call, but after hearing the scope of what was being requested, it was clear that this was a long duration project that would take months to complete. After that first meeting, only Kenny and two other members of the club, Johannes van Galen and Nick McConnell, agreed to proceed with the build.

The LEGO Build

The model was unveiled as the center anchor point for the exhibit, “Taken From Their Families; …” in May, which is Asian & Pacific Islander Heritage Month. Measuring 4 feet by 6 feet, it contains an estimated 30,000 LEGO pieces. The trio invested over 400 hours between research, design, procuring the parts, and of course the build itself.

Getting the model to the museum was no easy feat either. It had to be built in sections, moved by van about 60 miles from where it was being constructed, taken over to the island on a state park supply ship, then reassembled and “landscaped” once on site. 

PreviousNext
123

The Research

“The research aspect was really fascinating to me”, said Kenny, who was responsible for building all of the buildings. He spent countless hours pouring through archival photos and diagrams and topographic maps provided by the state park and even went as far as looking at records from the Library of Congress in some cases. The goal was to be as accurate as possible while still working within the limitations of scale, plus LEGO part and color availability.  In one case that research took an unexpected turn that as Kenny puts it, “Stood the hairs up on the back of my neck.”  

The largest building in the camp during WWII was still under construction when the war broke out. It replaced a previous building which burned to the ground in 1940. After Pearl Harbor, the new building was rapidly completed and pressed into service. Following the War, it was bulldozed by the Army. The problem was that no one working on the project could figure out what that building actually looked like. Only two grainy photos of the WWII era building could be found and neither photo made sense when compared to the building foundations that can still be seen on the island today. Then Kenny realized a well-known watercolor drawing in the museum’s collection solved the puzzle. The most remarkable aspect of the drawing is that the entire camp is depicted the way it looks from offshore rather than as viewed from the perspective of the detention barracks where prisoners were held. The realization was stunning – it was painted from memory by the artist. It was the way he saw the island the day he steamed into San Francisco Bay from Hawaii as a political prisoner of his own country. Smiling as tears well up in his eyes, Kenny says, “Every time I think about the fact I needed a painting made by one of the very first Japanese Americans arrested during that time to complete a scale model of that same camp 80 years later, it always chokes me up.”  

Every time I think about the fact I needed a painting made by one of the very first Japanese Americans arrested during that time to complete a scale model of that same camp 80 years later, it always chokes me up.

The model is now on permanent display in the same mess hall that was used by the prisoners. For more information on the exhibit, please see https://aiisf.org/taken.

Kenny Paul works as a Senior Technical Community Architect at the Linux Foundation. He currently works on the Open Network Automation Project (ONAP) and LF Networking. His is just one of the many unique backgrounds that make up the people behind open source. To hear more stories, listen to our Untold Stories of Open Source podcast

And on a related aside, this is a gripping and heart-warming story about bonds made at the Heart Mountain Japanese internment camp in Wyoming.

Below are photos of some of Kenny’s favorites builds.

PreviousNext
1234

Photos: Some of Kenny’s favorite builds: B-17; Firehouse #7 in Washington, DC, home to the first all-black engine company in the days of departmental segregation between 1919 and 1962; and, LEGO tractors built for a museum display.

Some other stories behind open source

LEGO and Angel Island

Blog, Diversity & Inclusion, Featured, Linux Foundation, Linux Foundation, Open Source Stories

Untold Stories of Open Source: Priyanka Sharma

Blog, Diversity & Inclusion, Featured, Linux Foundation, Linux Foundation, Open Source Stories

Linux Foundation Podcast Series: “The Untold Stories of Open Source”

Blog, Featured, Linux Foundation, Linux Foundation, Open Source Stories

More Time on Innovating, Less Time on Compliance

Blog, Compliance and Security, Featured, Legal, Linux Foundation, Linux Foundation, Open Source Stories, Projects

A Rarity in Open Source

Blog, Featured, Linux Foundation, Linux Foundation, Open Source Stories, Projects

PreviousNext

The post LEGO and Angel Island appeared first on Linux Foundation.

How to install RHEL a new way with image builder

By
-

Red Hat Enterprise Linux’s image builder service saves time and reduces complexity when deploying optimized systems across datacenters and cloud footprints.

Read More at Enable Sysadmin

Reasons to install Unbreakable Enterprise Kernel release 7 (UEK7) on Oracle Linux

By
-

With the release of UEK7 comes a plethor

Click to Read More at Oracle Linux Kernel Development

How to manage Apache web servers using Jinja2 templates and filters

By
-

Get your infrastructure running quickly and reliably by automating your configuration using Jinja2 templates for Ansible.

Read More at Enable Sysadmin

Google Summer of Code + Zephyr RTOS

By
-

The Google Summer of Code (GSoC) is an international annual program in which Google awards stipends to contributors who successfully complete a free and open source software coding project during the summer. Launched in 2005, GSoC takes place from May to August. Project ideas are submitted by host organizations involved in open source software development, though students can also propose their own project ideas.

This year, the program was opened to anyone 18 years or older – not just students and recent graduates. Participants get paid to write software, with the amount of their stipend depending on the purchasing power parity of the country where they are located.

This is also the first time the Zephyr Project is participating in GSoC under The Linux Foundation umbrella. Please join us in welcoming these contributors and their projects:

Project #1: Arduino module based on Zephyr

1 contributor full-size (350 hours).

Arduino’s popularity is renowned as a popular framework for providing a simplified interface to program embedded devices. Recently, Arduino adopted mbed OS as the base RTOS for some of their newer devices. With that work, they separated out Arduino Core as an independent abstraction layer from Arduino Core for mbed. This opens up the possibility for leveraging Arduino Core on other OSes. The project idea is to create a Zephyr module that leverages the Arduino Core so that a developer can use Zephyr as the underlying OS when they use the Arduino framework on Arduino-compatible devices. The benefits to the user include:

Access to Arduino APIs as well as advanced Zephyr capabilities
Broader set of devices than the standard Arduino ecosystem thanks to Zephyrs’ device support
Ability to re-use Arduino tools like the Arduino IDE and wealth of libraries

Arduino Core is licensed under the GNU Lesser General Public License and Zephyr is licensed under Apache 2. That means this project will most likely need to be developed out of tree and in a separate repo to keep code and license separation. See #22247 for a historic discussion & soburi/arduino-on-zephyr for an earlier attempt prior to the Arduino Core architecture.

The contributor’s task is thus:

Implement a bare-bones Module based on Arduino Core that can compile for any target (no functionality, possibly in QEMU)
Implement a common peripheral from the Arduino API based on Zephyr such as Serial
Target one physical board, such as the Arduino Zero

Mentors:

Jonathan Beri – CEO of Golioth and Zephyr TSC
Alvaro Viebrantz – Founding Engineer of Golioth and Google GDE

Code License: LGPL

Contributor Details:

Name: Dhruva Gole
Project Blog: https://dhruvag2000.github.io/Blog-GSoC22/
Project Poster:

About the contributor: Dhruva is an undergraduate student   majoring in Electrical engineering. He has a broad range of interests from embedded software development to hardware design and has experience in working on SBCs, microcontrollers, and embedded Linux platforms.

Project #2: Apache Thrift Module for Zephyr

1 contributor full-size (350 hours).

Apache Thrift is an IDL specification,RPC framework, and code generator that abstracts away transport and protocol details to let developers focus on application logic.It works across all major operating systems, supports over 27 programming languages, 7 protocols, and 6 low-level transports. Originally developed at Facebook in 2007, it was subsequently shared with the Apache Software Foundation. 

Supporting Thrift in the Zephyr RTOS would benefit the community greatly. It would lead to new software and hardware technologies, new products, and additional means for cloud integration. Thrift can be used over virtually any transport as well and for that reason, it is a natural choice for the many different physical communication layers supported by Zephyr. The project idea is to get the proof-of-concept Thrift for Zephyr Module into shape for upstreaming. To achieve that, the contributor must:

Perform additional integration for Thrift features (protocols, transports)
Author additional sample applications using supported boards or Qemu
Author additional tests and generate coverage reports using the Zephyr Test Framework
Ensure the module follows appropriate coding guidelines and satisfies module requirements
Contribute any necessary improvements back to the Apache Thrift Project.
Contribute any necessary improvements back to the Zephyr Project.

Mentors:

Christopher Friedt – SWE / ASIC FW at Meta and Zephyr TSC member
Stephanos Ioannidis – Zephyr CXX Subsystem Maintainer

Code License: Apache 2.0.

Contributor Details:

Name: Young

About the contributor: Young is a student majoring in  communication engineering, and he will pursue his Master’s degree in computer engineering. He has a broad range of interests from front-end development to hardware design, and has experience in working on the Web, IoT and embedded platforms. A low-cost single-board computer with a RISC-V 64 processor designed by him in 2021 was reported by several geek media.

The post Google Summer of Code + Zephyr RTOS appeared first on Linux Foundation.

ONE Summit North America, Hosted by LF Networking, Invites Industry Experts Across Access, Edge, Cloud and Core to Collaborate In-Person, November 15-16, 2022

By
-

LF Networking Announces ONE Summit North America 2022 Call for Proposals  and Registration are Now Open! ONE Summit is the one industry event focused on best practices, technical challenges, and business opportunities facing network decision makers across Networking, Access, Edge, and CloudReinvigorated for 2022, ONE Summit returns in-person November 15-16 in Seattle, Wash. with a more interactive and creative environment enabling attendees to transform, innovate and collaborate together

SAN FRANCISCO, July 7, 2022 LF Networking,which facilitates collaboration and operational excellence across open source networking projects, announced Registration and the Call For Proposals (CFP) for ONE Summit North America 2022 are now open. Taking place in Seattle, Wash. November 15-16, ONE Summit is the one industry event focused on best practices, technical challenges, and business opportunities facing decision makers across 5G, Cloud, Telco, and Enterprise Networking, as well as Edge, Acces, IoT, and Core. 

For anyone using networking and automation to transform business, whether it’s deploying a 5G network, building government infrastructure, or innovating at their industry’s network edge, the ONE Summit collaborative environment enables peer interaction and learning focused on open source technologies that are redefining the ecosystem. As the network is key to new opportunities across Telecommunications, Industry 4.0, Public and Government Infrastructure, the new paradigm will be open. Come join this interactive and collaborative event, the ONE place to learn, innovate, and create the networks our organizations require. 

“We are pleased to host a rejuvenated ONE Summit, which brings the ecosystem together in-person once again,” said Arpit Joshipura, general manager, Networking, Edge, and IoT, the Linux Foundation. “With a shifting industry that must embrace traditional networking now integrated across verticals such as Access, Edge, Core, and Cloud, we are eager to gather to learn, share, and iterate on the future of open collaboration.”

The event will feature an extensive program of 80+ talks covering the most important and timely topics across Networking, Access, Edge, and Cloud, with diverse options for both business and technical sessions. Presentation tracks include Industry 4.0; Security; The New Networking Stack; Operational Deployments (case studies, success & challenges); Emerging Technologies and Business Models; and more. 

The CFP is now open through July 29, 2022.

To register, visit  https://events.linuxfoundation.org/one-summit-north-america/register/. Corporate attendees should register before August 20 for the best rates. 

Developer & Testing Forum

ONE Summit will be followed by a complimentary two day LF Networking Developer and Testing Forum (DTF), a grassroots hands-on event organized by the LF Networking projects. Attendees are encouraged to extend the experience, roll up sleeves, and join the incredible developer community to advance the open source networking and automation technologies of the future. Information on the Spring 2022 LFN Developer & Testing Forum, which took place June 13-16 in Porto, Portugal, is available here.

Sponsor

ONE Summit  is made possible thanks to generous sponsors. For information on becoming an event sponsor, click here or email for more information and to speak to the team.

Press
Members of the press who would like to request a press pass to attend should contact pr@lfnetworking.org

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. Learn more at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

The post ONE Summit North America, Hosted by LF Networking, Invites Industry Experts Across Access, Edge, Cloud and Core to Collaborate In-Person, November 15-16, 2022 appeared first on Linux Foundation.

How to modify SELinux settings with booleans

By
-

Use semanage, setsebool, and SELinux Troubleshooter to control SELinux policies and specify which files and processes are allowed to interact.

Read More at Enable Sysadmin

1...535455...10,742Page 54 of 10,742