Twitter
Home Blog Page 86

A 2021 Linux Foundation Update from the‭ ‬Executive Director

By
-

In 2021 the Linux Foundation (“LF”) emerged from the worst pandemic in a century and embraced new horizons. The collaborative activities in our project communities weathered the COVID-19 crisis exceptionally well, and many communities are now pushing forward with a renewed sense of purpose. 

Jim Zemlin

Our organization’s namesake project, the Linux kernel, has celebrated an amazing milestone: its 30th birthday. Over the years, more than 55,000 people have contributed code to improve Linux, and today, Linux can be found everywhere. Over 5.4 billion people rely on Linux as it powers the vast majority of smartphones, the world’s largest cloud environments, and the world’s fastest computers. It’s also assisting in scientific discovery on Mars. After three decades of development, the project continues to ship new code, features, and performance enhancements. 

While our community continues to accelerate innovation in software development, the rising tide of cybersecurity threats has planted itself firmly on our shores. We all rely on software supply chains that are constantly under attack by an increasingly sophisticated adversary, causing us to reflect on our role and responsibility in securing the world’s critical technology infrastructure. 

In 2021 we saw much progress in our quest to “harden” the software supply chain. The Software Package Data Exchange® (SPDX®) community received formal recognition as an international ISO/IEC standard (5962:2021), making it easier for organizations to require a Software Bill of Materials (SBOM) with suppliers and customers. This came on the heels of OpenChain receiving ISO/IEC approval as an international standard (5230:2020) for open source licensing compliance. We also saw new collaborations emerge this year, like sigstore, which is on its way to becoming a de facto standard for signing packages and digital artifacts used throughout a supply chain.

The Open Source Security Foundation (OpenSSF), launched in August 2020, brought together a community of experts focused on software supply chain security challenges. This community had an amazing start publishing guidance for best practices (e.g., badges and scorecards), creating new tools and frameworks (e.g., SLSA), establishing and collecting metrics, developing free, globally accessible training materials, and publishing research, such as the findings of its FOSS Contributor Survey in collaboration with Harvard’s Laboratory for Innovation Science. 

Our members responded to the progress by doubling down and making significant additional investments in OpenSSF as a vehicle for solving the world’s supply chain security challenges. In October, we announced that the Linux Foundation and OpenSSF raised over $10 million to invest in leadership and initiatives, boldly aspiring to impact supply chain security dramatically. The LF could not have done this without significant support from our members, including OpenSSF’s premier members 1Password, AWS, Cisco, Citi, Dell Technologies, Ericsson, Meta, Fidelity, GitHub, Google, Huawei, Intel, IBM, JP Morgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMWare.

The importance of open source in the world’s cybersecurity efforts highlights its importance to our modern society. As new organizations, new industries, and policymakers have approached the LF for guidance on open source, we recognize there is a need for modern insights into why and how open collaboration works. There is a need to understand the dynamics of communities, where and how value is derived, and the intersection of supply chains and open source collaboration. To that end, this year, we launched Linux Foundation Research to explore the role of open source software, standards, and communities as a framework for mass innovation, collaboration, and problem-solving. 

Research into important topics such as cybersecurity and SBOM readiness is already underway, along with project-specific insights sought by our project communities. We think this investment will provide actionable data and insights supporting more informed decision-making across technology and industry ecosystems. Finally, while most research organizations hoard data privately, our research approach has an open flair — we’re making all non-personally identifiable data available under the Community Data License Agreement — Permissive, Version 2.0, a revised data-sharing framework our legal community worked to release this year.

Having a research capability also provides new opportunities to more deeply explore challenges and opportunities in community collaboration. For example, this year LF Research partnered with AWS, CHAOSS, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Renesas, Panasonic, Red Hat, and VMware to examine the state of diversity, equity, and inclusion (DEI) in open source communities. To nurture and grow open source, we need to understand better how DEI is practiced and encouraged in open source communities. We hope this research will also support other collaborative efforts supporting DEI goals, such as the Inclusive Naming Initiative, the Software Developer Diversity and Inclusion Project (SDDI), Fair Change, and Open Sentencing.

And with our industry partners, such as Microsoft and Accenture, we’ve launched several new projects and foundations that are meaningful to humanity. The Green Software Foundation seeks to add sustainability to software engineering efforts. The AgStack Foundation, launched in May 2021, is building an open source digital infrastructure for agriculture to accelerate that industry’s digital transformation and address climate change.

While open source drove innovation across the technology landscape, it also saw acceleration within industry verticals. The LF helped launch several new collaborations focused on driving 5G and telecommunications, including the 5G Super Blueprint, a partnership with Next Generation Mobile Network Alliance (NGMN), Magma Foundation, and the new Mobile Native Foundation. Our members also expanded open source innovation in the media and entertainment industry with the launch of Open 3D Engine (O3DE), a new open source AAA 3D engine for gaming, simulation, and storytelling. The O3DE ecosystem complements our existing Academy Software Foundation (ASWF). ASWF’s community added a new project for shading materials in graphics this year called MarterialX. Moviegoers may have experienced the effects of this project in Star Wars: The Force Awakens.

Our project communities’ ambitions often lead to a focus on building communities. We’ve seen many experts continue to collaborate on community engagement in the highly active TODO Group. However, there comes a time when our communities need tools to help scale and support their growth. In 2020, the LF embarked on a journey with key community leaders to build tools that enable those leaders and others to better understand and more effectively engage with a project community. The results of these investments are now starting to roll out as the LFX platform. I’d like to thank all those in our community who provided feedback, guidance, suggestions, and sometimes the raw critiques we needed to build something better. 

We started with tools we knew would make maintainers more efficient on tasks they really did not want to spend time on, such as processing Contributor License Agreements (CLAs) electronically in EasyCLA. Many maintainers were also interested in understanding their community dynamics leading to the creation of LFX Insights, which aggregates, analyzes, and contextualizes data across all of a community’s repositories, communication channels, and contributors. Conversations about community health led to requests for tools to recruit and engage new project participants, particularly from diverse sources, and LFX Mentorship was born. Once engineers on our projects saw what LFX could do, they requested additional capabilities to configure and manage their projects. LFX Project Control Center now promises to enable engineers to provision and configure resources online in minutes with API-driven automation for common open source project tasks such as provisioning new cloud resources, managing DNS, and more. 

The LF also heard the needs of our corporate members to have better visibility into how their organization is engaged in our communities. We’ve developed the LFX MyOrg tool to help corporate managers get a better view across their organization’s participation, find paths to collaborating in projects, exercise the benefits available to them as members, and more — all from a single system. All of these tools are now available to our communities and members through lfx.linuxfoundation.org.

Many of our members have been faced with a skills shortage. The LF’s 2021 Jobs Report, released in October with edX, shows trained and certified open source professionals, particularly with cloud and container expertise, are in high demand and are in short supply. Such data points highlight the need to train people and enable new opportunities to grow their careers in open source. Our training and certification efforts continued to gain steam this year. Over 68,00 individuals registered for new certifications in the past year, a 50% increase over 2020, while 2 million people enrolled in the LF’s free training courses. 

And finally, I’ll wrap up by saying we sincerely missed seeing our communities in person. The last two years have been difficult — to harrowing — for many suffering from the lingering pandemic. However, this year we have seen hope on the horizon. We produced dozens of successful virtual conferences throughout 2021, but the feedback was clear: people wanted to meet in person again. Our events team did a thorough job researching and soliciting advice from experts and public health authorities. That preparation enabled us to welcome our communities back together, in-person, this fall at events like Open Source Summit in Seattle, Open Source Strategy Forum and OSPOCon Europe in London, and KubeCon+CloudNativeCon North America in Los Angeles, the latter of which gathered over 3,000 community members in person. These events would not have been possible without our commitment to attendee safety by requiring vaccinations and using vaccine verification technologies, diligent on-site health checks, and strict enforcement of the use of masks and social distancing protocols. With borders opening up shortly, we are ecstatic to see even more of our community, live and in-person, again in 2022.

On behalf of the entire Linux Foundation team, I congratulate our communities for their exceptional outcomes under another extraordinarily challenging year and wish all of you a happy and prosperous 2022, when I hope we get to see you in person once again.

Jim Zemlin
Executive Director,
The Linux Foundation

These efforts are made possible by our members. To learn how your organization can get involved with the Linux Foundation, click here.

The post A 2021 Linux Foundation Update from the‭ ‬Executive Director appeared first on Linux Foundation.

Launch Flatpaks from your terminal with easier-to-remember commands

By
-

Meet Fuzzpak, a script that helps you install apps without having to remember complex Flatpak formal names.

Read More at Enable Sysadmin

The Cyber-Investigation Analysis Standard Expression Transitions to Linux Foundation

By
-

SAN FRANCISCO, Calif., December 7, 2021— The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Cyber-investigation Analysis Standard Expression (CASE) is becoming a community project as part of the ​​Cyber Domain Ontology (CDO) project under the Linux Foundation. CASE is an ontology-based specification that supports automated combination and intelligent analysis of cyber-investigation information. CASE concentrates on advancing interoperability and analytics across a broad range of cyber-investigation domains, including digital forensics and incident response (DFIR).

“Becoming part of the Linux Foundation is a major milestone for CASE that will significantly benefit the broader open source and cyber-investigation communities,” said Eoghan Casey, Presiding Director of CASE. “As an evolving standard supporting structured expression and exchange of cyber-investigation information, CASE will substantially enhance efforts to address growing challenges in the modern world, including cyberattacks, ransomware, online fraud, sexual exploitation, and terrorism. Our objective is to create a culture of common comprehension and collaborative problem solving across cyber-investigation domains.”

Organizations involved in joint operations or intrusion investigations can efficiently and consistently exchange information in standard format with CASE, breaking down data silos and increasing visibility across all information sources. Tools that support CASE facilitate correlation of differing data sources and exploration of investigative questions, giving analysts a more comprehensive and cohesive view of available information, opening new opportunities for searching, pivoting, contextual analysis, pattern recognition, machine learning and visualization.

Development of CASE began in 2014 as a collaboration between the DoD Cyber Crime Center (DC3) and MITRE, led by Dr. Eoghan Casey and Sean Barnum, involving the National Institute of Standards and Technology (NIST). In response to international interest, this initiative became an open source evolving standard, with hundreds of participants in industry, government and academia around the globe.

Early contributors include the Netherlands Forensic Institute (NFI), the Italian Institute of Legal Informatics and Judicial Systems (IGSG-CNR), FireEye, and University of Lausanne. CASE governance and community coordination were formalized with support of Harm van Beek, Rich Brown, Ryan Griffith, Cory Hall, Christopher Hargreaves, Jessica Hyde, Deborah Nichols, and Martin Westman. Growing international involvement is tracked on the CASE website: https://caseontology.org/community/members.html

The Technical Director is Alex Nelson, and the Ontology Committee is led by Paul Brandt. The Adoption Committee brings together developers from diverse backgrounds to share experiences and battle test ontologies. The success of these efforts depends on members of the community actively contributing to CASE development and implementation. The project welcomes anyone interested in elevating cyber-investigation capabilities to strengthen evidence-based decision making in any context, including court, boardroom, and battlefield.

CASE, built on the Hansken trace model developed and implemented by the NFI, aligns with and extends the Unified Cyber Ontology (UCO). This year has seen the release of UCO 0.7.0, and most recently CASE 0.5.0. CASE and UCO now both are built on SHACL constraints, providing an instance data validation capability. Currently, CASE is developing a representation for Inferences, both human formulated and computer generated, to bind investigative conclusions to supporting evidence and associated chain of custody.

The CASE community has multiple collaborative repositories and activities, including translators for common digital forensic tool outputs as well as mapping CASE to the W3C provenance ontology (PROV-O). CASE uses the Apache-2.0 license.

Organizations and individuals interested in contributing to CASE can go to https://caseontology.org/

Supporting Comments

Hexordia

“The news that CASE will be transitioning to The Linux Foundation is an exciting move for the Digital Forensics, Incident Response, and Cyber Security communities,” said Jessica Hyde, founder of Hexordia. “One of the special things about CASE is that it has been developed to specifically support cyber investigations by those who understand the domain from a variety of sectors including academia, law enforcement, government, non-profits, and commercial entities. This uniquely positions CASE to describe the provenance, metadata, and data recovered in a multitude of environments and allow different organizations and a variety of tools to look at data with the same definitions of what the data is describing. What an exciting day for uncovering truth in data and ensuring common definitions of data as it moves through the nexus of tools, organizations, and jurisdictions that need to work together in today’s cyber investigations.”

IGSG-CNR

“The CASE transition to the Linux Foundation is remarkable news and encourages widespread use of this standard in a broad range of cyber-investigation domains to foster

interoperability, establish authenticity, and advance analysis,” said Fabrizio Turchi, senior

technologist at the IGSG-CNR, Italian National Research Council. “The European EXEC-II project includes a bespoke application for packaging evidence with metadata in CASE format for automated exchange, while maintaining provenance information to streamline cross-border cooperation among judicial authorities in the EU member states. In addition to searching for specific keywords or characteristics within a single case or across multiple cases, having a structured representation of cyber-investigation information allows more sophisticated processing such as data mining, machine learning and natural language processing techniques as in the European INSPECTr project and a shared intelligent platform for gathering, analysing and presenting key data to help predict, detect and manage crime in support of multiple law enforcement agencies.”

MITRE

“The MITRE Corporation is proud to see the continued growth and acceptance of the Cyber-investigation Analysis Standard Expression (CASE) open source project. MITRE is one of several organizations that helped create CASE and bring together the initial community of contributors,” said Cory Hall, principal cybersecurity engineer at MITRE. “With the transition of CASE to the Linux Foundation we see a bright future for the effort as the community advances this project to benefit digital investigators everywhere. The MITRE Corporation expects to continue contributing to this effort for years to come.”

MSAB

“As a long-term member of the CASE open source project, MSAB looks forward to the new possibilities that Linux Foundation will provide for CASE as the de facto standard for adoption by digital forensic tools. MSAB is preparing to implement CASE on our XRY and XAMN solutions to enable our products to seamlessly interact with tools from other vendors, academia, nonprofit organizations, and enthusiasts alike. With the common data exchange platform that CASE provides, our industry can process greater volumes of data faster, more accurately and with greater interoperability than ever before. We are committed to continuing to develop CASE under the Linux Foundation and are excited for the future of the project,” said Martin Westman, exploit research manager, MSAB.

Netherlands Forensic Institute

“CASE is the solid foundation for interconnecting digital forensic tools and combining their results to come to new insights. This is paramount not only for the NFI, but for the entire community to quickly apply science to day-to-day operations to fight crime,” said Harm van Beek, senior digital forensic scientist at the Netherlands Forensic Institute (NFI). “We support CASE and the digital forensic community by implementing and extending the standard in Hansken, our open digital forensic platform.”

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contacts

Jennifer Cloer

503-867-2304

jennifer@storychangesculture.com

The post The Cyber-Investigation Analysis Standard Expression Transitions to Linux Foundation appeared first on Linux Foundation.

How to set an out-of-office message on GNU Mailman

By
-

Set up an auto-responder to let people on your mailing list know you’re taking a few days off work.

Read More at Enable Sysadmin

Linux as a Screensaver for Windows: The Gift of Open Source Games and SBOMs for the Holidays

By
Linux.com Editorial Staff
-

Abstract: Construct and package a Linux® Live DVD to install using the standard Microsoft® Windows® install process and operate as a classic Windows screensaver. 

Introduction

  • Back in 2005, IBM wanted to promote Linux, so developerWorks was offering $1000 per article to IBMers who wrote articles for the Linux Zone. The 2005 article is no longer online from IBM but is available on ResearchGate https://www.researchgate.net/publication/272094609_Linux_screensaver_for_Windows for the interested reader.
  • This software still works and is still fun to use and to decorate your Windows desktop.
  • Since 2005, there have been improvements and changes. Debian is now used instead of the original KNOPPIX. Additionally, full mouse integration now works between Windows and the screensaver due to kernel contributions.
  • Future possibilities probably lie with the integration of hardware virtualization acceleration.
  • Like all software of significant size, many components need tracking. The modern standard for this is SPDX and SBOM; as this screensaver is built fully from public source code, it makes a cool demo for SPDX and SBOM, which anyone may use.
  • Though putting Linux on screen saver is a very interesting idea, there is a bit of a downside: power consumption. Screen savers initially proposed to protect the screen by providing moving pixels (by activating different pixels to avoid pixels burnin) when the user is not using their screen. If the power/energy option is not set properly it may draw more power/energy [1]. Basically, the Linux system (power governers) would prevent the OS from entering the deep power state where there are lots of opportunities to save energy when the system is idle. 

Answering the most common concern about open source software, this article shows that, yes, Linux will run under Windows. 

So why should you read this article? Why, indeed, should I write it? My motive is to help remove two obstacles to the wider adoption of free and open source software. 

Those obstacles are: 

  • The perceived difficulty and disruptive effects of installing Linux
  • The uncertainty of hardware support for Linux 

Most computer users are familiar with a Microsoft Windows environment and the variety of screensavers available to prevent unauthorized access to the data on the computer when unattended. The good news is that there is plenty of free and open source software available nowadays to enable Linux to install and run as a Windows screensaver. This article shows you how to construct an appropriate package, and in doing so, demonstrates that the “free” and “non-free” sides of the software Grand Canyon are not so far apart after all. 

Running Linux under Windows as a Screensaver App

But which Linux? Without knowing what a client intends to do, it would be irresponsible to make a blanket recommendation. However, on December 25, 2021, the demand for games will be great, and the delivery capability will be sufficient. And if you configure it as a screensaver, even the possibility of pressing the wrong key to start it is eliminated.

Making it work: Nuts, bolts, and screws 

Getting the ISO to run under another operating system requires an open source PC emulator, including an open source BIOS and an open source virtual graphics adapter (such as QEMU version 6.1.0). The emulator enables you to set up a virtual PC within a real one. To construct a screensaver, the best way is to configure it with a virtual DVD drive, keyboard, screen, and mouse, but without any virtual disks. This all runs using the magic of software emulation, but modern PC hardware is sufficiently fast for the task (which we originally designed in 2005). Some corporate environments would require the virtual PC not to have a network adapter — you can run Firefox in the screensavers here. This package has a network adapter, but it is simple to change this if required since all source code is supplied.

Here are the steps to make this work. 

QEMU 

You can build QEMU from source available here https://www.qemu.org/download/ , but there is a suitable prebuilt QEMU for Windows available at https://qemu.weilnetz.de/ . This example was built and tested with QEMU 6.1.0 .

It is necessary to write a small stub program to go into the C:\WINDOWS\SYSTEM32 directory as an SCR file, which runs QEMU with appropriate parameters. https://github.com/tjcw/screensavers/blob/master/packaging/crunqemu-usb.c is sufficient for this; it runs QEMU with 1024 MB of memory, one processor, and the mouse connected as if it were a USB tablet.

This stub can be built with mingw64, from the Cygwin open source package, or presumably (though untested) with a commercial Windows C compiler.

Disabling the network adapter in the virtual PC can be done with parameter “-nic none” on the QEMU command line.

Inno Setup

Inno Setup is an open-source packaging/installation tool for Windows available here https://jrsoftware.org/isinfo.php . I used version 6.0 for this example. Packaging with Inno Setup results in a warning from Microsoft Defender when installing the screensaver; this warning can be overridden with 2 mouse clicks. A future version of this blog will explain how to package with Microsoft-licenced (non-open-source) tooling to eliminate this warning.

Prebuilt screensaver distribution

The screensavers are available here on this torrent feed: 

https://linuxtracker.org/index.php?page=downloadcheck&id=1185c790b15b92b039d616ed742e873ae57db6ce

You will need a torrent client, such as Transmission, to download it. It is especially important to check the sha256sum values as this channel is not under the control of Linux Foundation.

After downloading, you should check the ‘sha256sum’ of the files. This validates that you have indeed got the files the author intends. For Windows there is a no-charge ‘Hash Tool’ in the Microsoft app store which will do the job; for Linux you use the command line.

$ sha256sum *

b483ed3250fbfdb91c3bace04f46ad9ad0b507a9890e3a58185c3342e6711441  QemuSaverOpen-1-6.zip

95f3a8d6217f2ff93932ab5ac6d8a2a30a4d0ea09afe3096f148f5be17961428  QemuSaverOpenGames-1-4.zip

Extract the two zip files using the built-in Windows extract feature, and run the installer .exe files. Then go to the Windows screensaver selection screen and select either ‘fr2’ or ‘gk2’ as appropriate. 

There will be a 4-minute hiatus in the middle of startup while the X server initializes — be patient.

QemuSaverOpen-1-6.zip’ is the required base package with the educational screensaver named fr2, and ‘QemuSaverOpenGames-1-4.zip’ is an optional extension package with the games screensaver called gk2.

The source code for all components is available on the public Internet, and these links will lead you to it.

The screensavers can be uninstalled with the standard Windows uninstall tool.

File structure for the extracted zip file

The following file structure is used for the live DVD filesystem: 

  • An exe file is the installer. 
  • Files in /qemu are the installable QEMU files, which will be copied to C:\Program Files\qemusaver. 
  • Files in /extras are the screensaver and the built Live Linux ISO
  • Files in /screensavers are a clone of my git repository. They are not used by the installed screensaver but are provided for the convenience of anyone who wants to explore how it works.

Creating the ISO image 

The live-build package does the ‘hard work’ of building the ISO in Debian Testing (There is currently a bug in the Debian 11 version of live-build). You will need to install a (real or virtual) machine with the Debian Testing image available here:

https://www.debian.org/devel/debian-installer/

A script https://github.com/tjcw/screensavers/blob/master/bin/do_oi wraps this to provide a simple interface; see https://github.com/tjcw/screensavers/blob/master/README.md for a short guide on how to use it.

The ISO is bootable, so it is also possible to write this to a USB key and boot your system from there. Rufus https://rufus.ie/en/ is a suitable open-source tool if you want to do this under Windows. You will need a USB key of 16GB or larger to try this option.

That’s really all it takes to install Linux from a zip file to run as a screensaver on a Windows machine.

Future directions

The screensaver could usefully be enhanced to exploit hardware virtualization acceleration. This is done with HAXM on an Intel processor or WHPX on an AMD processor. It requires changing a BIOS setting and some configuration in the internals of Windows, so it is not currently suitable for use in a simple screensaver application.

As Linux and Windows march forward, it may be necessary to rebuild the screensaver package from time to time, mainly to pick up new certificates for web browsing.

Software Bill of Materials (SBOM) for the Live DVD

In furthering the desire to improve education around open source software and increase awareness of how to minimize security vulnerabilities and exposure in the software supply chain, we wanted to update this article with a short tutorial on generating a Software Bill of Materials (SBOM) using the SPDX toolset.

This is how it is done.

The first is the script that needs to be injected into the screensaver build process:

#!/bin/bash -x

cp -pr live-build/config/content/. .

cd /var/cache/apt/archives && (

dpkg --version >/tmp/dpkg.version

COLUMNS=100 dpkg -l >/tmp/dpkg.dependencies

awk '{ print $2 }' </tmp/dpkg.dependencies >/tmp/dpkg.inslist

for p in $(</tmp/dpkg.inslist)

do

  dpkg --info $p*|grep Depends

done >/tmp/dpkg.deplist

for p in $(</tmp/dpkg.inslist)

do

  dpkg -p $p

done >/tmp/dpkg.depdetail

) </dev/null

This results in 5 files that need to be fed to the SPDX/SBOM tool. This script is in place in the ‘screensavers’ repository above and results in the files being placed in /tmp in the screensaver, also available as chroot/tmp on the screensaver build system.

Then it is a simple matter to run the SPDX/SBOM tool, and the ISO standards dependency list is generated.

[1] https://www.environment.admin.cam.ac.uk/resources/mythbusters-facts-top-tips/screens

Author: Chris Ward, Sr. Programmer, IBM
Co-authors: Nirav Patel, Vice President and Chief Architect, Linux Foundation and Eun Kyung Lee, Manager Hybrid Cloud Infrastructure Software Research, IBM

10 storage guides for sysadmins heading into 2022

By
-

From resizing logical volumes to doing routine backups, storage and data management are essential sysadmin duties.

Read More at Enable Sysadmin

Hyperledger Foundation 2021 End-of-Year Update

By
-

In 2021, after six years of community building and expanding from two projects to 18 projects, to over 50 labs, 16 Special Interest and Working Groups, and over 200 members, Hyperledger became a Foundation. 

This newfound identity arches over all of its projects, labs, regional chapters, and community groups. Hyperledger Foundation is now leading the collective effort to advance enterprise blockchain technology and fulfill its mission to foster and coordinate the premier open source enterprise blockchain community.

At Hyperledger Foundation, being open is core to what we do. We’re here to lead an open, global and welcoming enterprise blockchain ecosystem—a community where no contribution is seen as too small or insignificant. Our foundation comprises organizations, developers, executives, students, teachers, government leaders, and more. It’s supported by the Technical Steering Committee, various working groups, special interest groups, and Meetup communities all across the globe, now numbering more than 80,000 participants. 

According to LFXInsights, there has been a 53% growth in the total commits in the last three years, and new code contributors increased by 37%. A total of 366 organizations from both large and small companies have made code commits since 2016. And the pace of activity among new community members is accelerating as commits by new contributors have increased by 286% in the last year.

Some of the largest and most important production enterprise blockchain projects today are built using Hyperledger technologies. They include:

Supply chain networks, like IBM and Walmart’s Food Trust (Hyperledger Fabric)Circulor’s mine to manufacturer traceability of a conflict-mineral for automobile sustainable supply chains (Hyperledger Fabric) Top trade finance platforms such as TradeLens (Hyperledger Fabric), which has more than 300 orgs, across 600 ports and terminals and has tracked over 42 million container shipments, with close to 2.2 billion events we.trade, who have already onboarded 16 banks across 15 countries to join their blockchain-enabled trade finance platform (Hyperledger Fabric)

Over 13 Central Bank Digital Currency production and pilots using multiple Hyperledger projects have been identified this year alone.

With this transition, Hyperledger Foundation also gained new leadership with the appointment of Daniela Barbosa as its new Executive Director. Barbosa is a seasoned veteran of the open source community with over 20 years of enterprise technology experience, including previously serving as Hyperledger’s Vice President of Worldwide Alliances, where she was responsible for the project’s community outreach and overall network growth.

New Growth in Hyperledger Technologies 

According to research from Blockdata, Hyperledger Fabric is used by more of the top 100 public companies in the world than any other blockchain platform. 

Hyperledger-based networks are used by some of the largest corporations around the world, including more than half of the companies on the Forbes Blockchain 50, a list of companies with revenue or a valuation of at least $1 billion that lead in employing distributed ledger technology.

As an ever-growing library of case studies shows, Hyperledger technologies are already transforming many market spaces, including supply chains, trade finance, and healthcare. Hyperledger technologies are used in everything from powering global trade networks and supply chains to fighting counterfeit drugs, banking “unbanked” populations, and ensuring sustainable manufacturing. 

In addition, Hyperledger technologies are being applied to a number of new markets and business models. These include digital identity and payments, Central Bank Digital Currencies (CBDCs), and NFTs like Damien Hirst’s The Currency project and DC Comics powered by Palm NFT with a near-zero carbon footprint using Hyperledger Besu.

Digital Identity 

Hyperledger technologies are being adopted to put individuals in charge of their own identity. People often need to verify their status, prove a birthdate, board a plane, comply with vaccine mandates, prove their education, or access money. Leveraging Hyperledger Aries and Hyperledger Indy, organizations worldwide are reshaping how digital information is managed and verified to increase online trust and privacy. These digital identity solutions create verified credentials that are effective, secure, accessible, and privacy-preserving. 

The Aruba Health App makes it easy for visitors who have provided required health tests to the Aruba government to share a trusted traveler credential — based on their health status — privately and securely on their mobile device. Launched initially as a trial, the Aruba Health App is built using Cardea, an open-source code base that has since been contributed to the Linux Foundation Public Health (LFPH) project. Cardea leverages Hyperledger Indy, Hyperledger Aries, and Hyperledger Ursa.IDUnion addresses the demand for migrating centralized identity systems towards decentralized self-sovereign management of digital identities for people, organizations, and machines. The service has 39 cross-sector partners building production-level infrastructure to verify identity data in finance, manufacturing, the public sector, and healthcare. IDunion has launched a Hyperledger Indy test network, built components for allocating, verifying, managing digital identities, and more. This consortium includes Hyperledger member companies Siemens, Bosch, Deutsche Telecom, and others.The International Air Transport Association IATA Travel Pass, built in partnership with Evernym using Hyperledger Indy and Hyperledger Aries, is a mobile app that helps travelers store and manage their verified certifications for COVID-19 tests or vaccines. MemberPass, built on Hyperledger Indy by Bonifii, is the first global digital identity ecosystem for credit unions and their members. It provides consumer identity while protecting personal information. Adopted by more than seven credit unions and counting, 20,000+ credentials issued. 

Digital Currency

Blockchain technology has already helped rewrite some of the rules for currencies and payments. Governments worldwide are now moving towards Central Bank Digital Currencies (CBDCs) or digital forms of their official currency. These will give central banks a more flexible, more secure form of their national currencies and lower the risks from alternative cryptocurrencies. Backed by a central bank, any CBDC, whether developed for wholesale or retail use, will be legal tender with the stability that regulation confers.

Governments are moving carefully, but many of the early projects are using Hyperledger platforms. The goals range from modernizing payment processes to removing barriers and costs associated with back-end settlement to boosting financial inclusion.

This fireside chat from Hyperledger Global Forum on CBDCs by experts from Accenture and DTTC offers a great overview of the benefits and different approaches to these new currencies and a look at the current landscape of CBDC research and experimentation across the globe.

The Eastern Caribbean Central Bank launched DCash, built on Hyperledger Fabric, as a mobile phone app for person-to-person and merchant payments. ECCB stated at an OECD event in 2020 that it selected Hyperledger Fabric because of its strong security architecture (a private permissioned blockchain with strong identity management) and open source code, contributing to its security, flexibility, and scalability, among other desired attributes.The National Bank of Cambodia created Bakong, a fiat-backed digital currency, using Hyperledger Iroha to promote its national currency use, giving the large percentage of its population without bank accounts a mobile payment system and cutting costs for interbank transfers.Additionally, a mix of retail and wholesale CBDCs trials using Hyperledger Besu has helped several other countries, including Thailand and Spain, to advance planning for new digital fiat currencies.

These efforts are made possible by the dozens of enterprises that support the Hyperledger Foundation. To learn how your organization can get involved, click here

The post Hyperledger Foundation 2021 End-of-Year Update appeared first on Linux Foundation.

10 Podman guides to do more with containers in 2022

By
-

From support for Kubernetes and Docker to running Podman on Macs, these 10 guides can enhance how you use the Pod Manager tool.

Read More at Enable Sysadmin

10 of our favorite sysadmin stories from 2021

By
-

Is time flying or stalling? It often depends on how much fun you’re having.

Read More at Enable Sysadmin

State of FinOps Survey 2022: Built by and for the FinOps Community

By
-

The FinOps Foundation team is beyond excited to launch the 2022 State of FinOps Survey. Yes, there are plenty of self-published industry reports out there, but what makes this one different is that it’s built by and for the FinOps community.

Why do we create the State of FinOps each year?

FinOps, the operating model for cloud finance management, is a fundamental practice for organizations leveraging the cloud to align those costs with business value and outcomes. The FinOps Foundation community represents a broad spectrum of practitioners, including many leaders and forerunners in the space. Annual surveys help gather a snapshot of the current activities and perspectives across the community to deepen the understanding and surface trends. 

The results of each State of FinOps Survey become a report that delivers insights and benchmarks that helps us inform the roadmap of how the Foundation can improve the educational materials to advance practitioners and their practices. The more we understand how our community and practitioners are growing, maturing their practices, and the challenges they are struggling with, the richer the community projects can support everyone.

Evolving from the previous year

The first State of FinOps Survey and Report was released in 2021, creating a report template, data visualization style, and a first test at how our information and insights would help the community. We found success in gaining constructive analyst, press, and community feedback. 

In our first year:

We created the industry’s first community-focused and led survey and report on the FinOps disciplineCommunity members held us accountable for achieving key outcomes that we promised would be built from the report’s insightsWe strengthened our FinOps Framework by adding user-generated projects and stories by practitioners of various skill levels and from all types of organizations across the world

For the 2022 report, we focused on ways to incorporate even more practitioner and leadership feedback from the beginning. We also made a significant investment into the academic and data integrity of the report.

As FinOps practitioners and leaders worldwide look to this resource as a means of guiding and building their practices, we needed to ensure that the body of work contained a blend of academic merit and data-driven depth.

Doubling down on community and practitioner involvement

We created several working groups of staff and FinOps practitioners to help us build a better survey and report for 2022. These groups looked at the 2021 report and gave us constructive feedback to help us create a better asset and resource for the community.

“By refining the survey for 2022 on community feedback, it can be used for multiple areas and projects by the community in the coming year – it will be exciting to understand all the different perspectives in the FinOps category.” Joe Daly, Director of Community, FinOps Foundation

Leveraging Linux Foundation’s research team

A majority of the FinOps Foundation staff have FinOps experience, but we were honest with ourselves about needing more data analysis help with this year’s survey and report. Fortunately, we were able to utilize the expertise of the Linux Foundation’s newly established Research Team.

The team was with us from the outset, where they integrated with FinOps experts so that they could understand more about our community-centric approach.

“Designing the State of FinOps 2022 survey was a truly collaborative effort. It was clear from the beginning that establishing a Working Group to aid in the survey instrument’s design was necessary to generate the kind of data that would add value across the FinOps ecosystem.” Stephen Hendrick, VP Research

With LF Research’s help and support, we also decided to translate the 2022 survey to engage FinOps practitioners in French-speaking regions, who represent a significant demographic of our community. LF Research helped to achieve the French language translation as a new element in this year’s research effort to make the survey more accessible and inclusive.

We are very thankful for their guidance in structuring our survey and look forward to their expertise once we start analyzing results and building the 2022 report.

Building a long-lasting resource for our community

We learned a lot of lessons from the 2021 survey and report. One of the biggest lessons was an internal one in that this survey collects such a variety of information and data. It informed us that we could go one of two ways with this research tool: keep building one-off reports, or do the work and build something long-term for the community.

Our community leaders advised us that we needed to focus more on generating annual benchmarking and insights based on key practices. They also helped us iron out the method and approach to our questions to align more with the framework to get the best data possible from the survey.

Our goal is to have something more than another data report to add to the Internet. We want to create a valuable tool for FinOps practitioners and partners to improve their practice. We want this tool to be informed and built by the community, for the community.

Ideal outcomes from the 2022 survey

With the survey into its first weeks of collecting data, we’re very interested in measuring and understanding the following:

Are practitioners maturing their FinOps practices? What FinOps “maturity level” do they self-identify as?What phase in the FinOps lifecycle are practitioners operating for specific capabilities, how did they get there, and what are they planning to do next?What are the benchmarks practitioners use for FinOps capabilities?How do practitioners measure their success when implementing their FinOps capabilities?

We’re looking forward to seeing how the results inform our hypotheses and questions.

Building upon this report with open source standards

When done right, it turns out you can use open source software standards to encourage contribution and community even with a topic like cloud financial management. We’re very proud to find a way to work closely with our community while championing Linux Foundation open source principles.

Do you know someone who qualifies in taking the State of FinOps Survey? If so, feel free to share it with them. The survey is open, and we look forward to learning more about the FinOps community and industry to help strengthen it.

The post State of FinOps Survey 2022: Built by and for the FinOps Community appeared first on Linux Foundation.

1...858687...10,742Page 86 of 10,742