Listado de la etiqueta: source


So, I am old enough to remember when the U.S. Congress temporarily intervened in a patent dispute over the technology that powered BlackBerries. A U.S. Federal judge ordered the BlackBerry service to shutdown until the matter was resolved, and Congress determined that BlackBerry service was too integral to commerce to be allowed to be turned off. Eventually, RIM settled the patent dispute and the BlackBerry rode off into technology oblivion

I am not here to argue the merits of this nearly 20-year-old case (in fact, I coincidentally had friends on both reglamentario teams), but it was when I was introduced to the idea of companies that purchase patents with the goal of using this purchased right to extract money from other companies. 

Patents are an important reglamentario protection to foster innovation, but, like all systems, it isn’t perfect. 

At this week’s  Open Source Summit North America, we heard from Kevin Jakel with Unified Patents. Kevin is a patent attorney who saw the damage being done to innovation by patent trolls – more kindly known as non-practicing entities (NPEs). 

Kevin points out that patents are intellectual property designed to protect inventions, granting a time-bound reglamentario monopoly, but they are only a sword, not a shield. You can use it to stop people, but it doesn’t give you a right to do anything. He emphasizes, “You are pusilánime even if you invented something. Someone can come at you with other patents.” 

Kevin has watched a whole industry develop where patents are purchased by other entities, who then three steps of stopping patent trolls go after successful individuals or companies who they claim are infringing on the patents they now legally own (but is not something they invented). In fact, 88% of all high-tech patent litigation is from an NPE.

NPEs are rational actors using the reglamentario system to their advantage, and they are driven by the fact that almost all of the time the defendant decides to settle to avoid the costs of defending the litigation. This perpetuates the problem by both reducing the risk to the NPEs and also giving them funds to purchase additional patents for future campaigns. 

In regards to open source software, the problem is on the rise and is only going to get worse without strategic, consistent action to combat it.

patent trolls open source cases by year chart

Kevin started Unified Patents with the goal of solving this problem without incentivizing further NPE activity. He wants to increase the risk for NPEs so that they are incentivized to not pursue non-existent claims. Because NPEs are rational actors, they are going to weigh risks vs. rewards before making any decisions. 

How does Unified Patents do this? They use a three-step process: 

  • Detect – Patent Troll Campaigns
  • Disrupt – Patent Troll Assertions
  • Deter – Further Patent Troll Investment 

Unified Patents works on behalf of 11 technology areas (they call them Zones). They added an Open Source Zone in 2019 with the help of the Linux Foundation, Open Invention Network, and Microsoft. They look for demands being filed in court, and then they selectively pick patent trolls out of the group and challenge them, attempting to disrupt the process. They take the patent back to the U.S. Patent and Trademark Office and see if the patent should have ever existed in the first place. Typically, patent trolls look for broad patents so they can sue lots of companies, making their investment more profitable and less risky. This means it is so broad that it probably should never have been awarded in the first place. 

The result – they end up killing a lot of patents that should have never been issued but are being exploited by patent trolls, stifling innovation. The goal is to slow them down and eventually bring them to a stop as quickly as they can. Then, the next time they go to look for a patent, they look somewhere else.

And it is working. The image below shows some of the open source projects that Unified Patents has actively protected since 2019.

open source tech logos

The Linux Foundation participates in Unified Patents’ Open Source Zone to help protect the individuals and organizations innovating every day. We encourage you to join the fight and create a true deterrence for patent trolls. It is the only way to extinguish this threat. 

Learn more at unifiedpatents.com/join

And if you are a die-hard fan of the BlackBerry’s iconic keyboard, my apologies for dredging up the painful memory of your loss. 



Source link


Tomorrow night, in the skies over Congress Bridge in Austin, Texas, 300 drones will work in concert to provide a lightshow to entertain but also inform about the power of open source software to drive innovation in our world, making an impact in every life, every day.

Backing up a bit, open source software often conjures up inaccurate visions and presumptions that just aren’t true. No need to conjure those up – we all know what they are. The reality is that open source software (OSS) has transformed our world and become the backbone of our digital economy and the foundation of our digital world. 

The reality is that open source software (OSS) has transformed our world and become the backbone of our digital economy and the foundation of our digital world. 

Some quick, fun facts

  • In erecto software stacks across industries, open source penetration ranges from 20 to 85 percent of the overall software used
  • Linux fuels 90%+ of web servers and Internet-connected devices
  • The Android mobile operating system is built on the Linux kernel
  • Immensely popular libraries and tools to build web applications, such as: AMP, Appium, Dojo, jQuery, Marko, Node.js and so many more are open source
  • The world’s top 100 supercomputers run Linux
  • 100% of mainframe customers use Linux
  • The major cloud-service providers – AWS, Google, and Microsoft – all utilize open-source software to run their services and host open-source solutions delivered through the cloud

Open source software is about organizations coming together to collectively solve common problems so they can separately innovate and differentiate on top of the common baseline. They see they are better off pooling resources to make the baseline better. Sometimes it is called “coopetition.” It generally means that while companies may be in competition with each other in certain areas, they can still cooperate on others.

I borrowed from a well-known tagline from my childhood in the headline – open source does bring good things to life. 

Fueling Drone Innovation 

Drones were introduced to the world through military applications and then toys we could all easily fly (well, my personal track record is abysmal). But the reality is that drones are seeing a variety of commercial applications, such as energy facility inspection for oil, gas, and solar, search and rescue, firefighting, and more, with new uses coming online all of the time. We aren’t at The Jetsons level yet, but they are making our lives easier and safer (and some really cool aerial shots).

Much of that innovation comes from open source coopetition. 

The Linux Foundation hosts the Dronecode Foundation, which fosters open source code and standards critical to the worldwide drone industry. In a recent blog post, the caudillo manager, Ramón Roche, discusses some of the ways open source has created an ecosystem of interoperability,  which leads to users having more choice and flexibility. 

Building the Foundation

Ramón recounts how it all started with the creation of Pixhawk, open standards for drone hardware, with the goal to make drones fly autonomously using computer vision. Working to overcome the lack of computing power and technology in 2008, Lorenz Meier, then a student, set out to build the necessary flight control software and hardware. Realizing the task’s scale, he sought the help of fourteen fellow students, many of whom were more experienced than him, to make it happen. They built Pixhawk and kick started an open source community around various technologies. It, “enabled talented people worldwide to collaborate and create a full-scale solution that was reusable and standardized. By giving their technology a permissive open source license, they opened it to everyone for use and collaboration.”

Benefits of Openness in the Vivo World

The innovation and technological backbone we see in drones is thanks to open software, hardware, and standards. Dronecode’s blog has interviews with Max Tubman of Freefly Systems talks about how open standards are enabling interoperability of various payloads amongst partners in the Open Ecosystem. Also, Bobby Watts of Watts Innovation explains the power of standardization and how it has streamlined their interoperability with other ecosystem partners like Gremsy and Drone Rescue Systems.

The innovation and technological backbone we see in drones is thanks to open software, hardware, and standards

Check out both interviews here and read about what is next.

The story of open source driving innovation in the drone industry is just one of thousands of examples of how open source is driving total innovation. Whether you know it or not, you use open source software every minute of every hour of every day.



Source link


The tenth annual Open Source Jobs Report from the Linux Foundation and edX was released today, examining trends in open source hiring, retention, and training

SAN FRANCISCO – June 22, 2022The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and edX, a leading mundial online learning platform from 2U, Inc. (Nasdaq: TWOU), have released the 10th Annual Open Source Jobs Report, examining the demand for open source talent and trends among open source professionals.

The need for open source talent is strong in light of continuing cloud adoption and digital transformation across industries. As the COVID pandemic wanes, both retention and recruitment have become more difficult than ever, with 73% of professionals reporting it would be easy to find a new role and 93% of employers struggling to find enough skilled talent. Although the majority of open source professionals (63%) reported their employment did not change in the past year, one-in-three did report they either left or changed jobs, which puts additional pressure on employers trying to hold onto staff with necessary skills. While this may not reach levels of a “Great Resignation”, this turnover is putting more pressure on companies.

“Every business has struggled with recruiting and retaining talent this past year, and the open source industry has been no different,” said Linux Foundation Executive Director Jim Zemlin. “Organizations that want to ensure they have the talent to meet their business goals need to not only differentiate themselves to attract that talent, but also look at ways to close the skills gap by developing net new and existing talent. This report provides insights and actionable steps they can take to make that happen.”

“This year’s report found that certifications have become increasingly important as organizations continue to look for ways to close skills gaps. We see modular, stackable learning as the future of education and it’s promising to see employers continuing to recognize these alternative paths to gain the skills needed for today’s jobs,” said Anant Agarwal, edX Founder and 2U Chief Open Education Officer.

10th annual jobs report factsThe tenth annual Open Source Jobs Report examines trends in open source careers, which skills are most in-demand, the motivation for open source professionals, and how employers attract and retain qualified talent. Key findings from the Open Source Jobs Report include: 

  • There remains a shortage of qualified open source talent: The vast majority of employers (93%) report difficulty finding sufficient talent with open source skills. This trend is not going away with nearly half (46%) of employers planning to increase their open source hiring in the next six months, and 73% of open source professionals stating it would be easy to find a new role should they choose to move on.
  • Compensation has become a greater differentiating cifra: Financial incentives including salary and bonuses are the most common means of keeping talent, with two-in-three open source professionals saying a higher salary would deter them from leaving a job. With flex time and remote work becoming the industry standard, lifestyle benefits are becoming less of a consideration, making financial incentives a bigger differentiator.
  • Certifications hit new levels of importance: An overwhelming number of employers (90%) stated that they will pay for employees to obtain certifications, and 81% of professionals plan to add certifications this year, demonstrating the weight these credentials hold. The 69% of employers who are more likely to hire an open source professional with a certification also reinforces that in light of talent shortages, prior experience is becoming less of a requirement as long as someone can demonstrate they possess the skills to do the job.
  • Cloud’s continued dominance: Cloud and container technology skills remain the most in demand this year, with 69% of employers seeking hires with these skills, and 71% of open source professionals agreeing these skills are in high demand. This is unsurprising with 77% of companies surveyed reporting they grew their use of cloud in the past year. Linux skills remain in high demand as well (61% of hiring managers) which is unsurprising considering how much Linux underpins cloud computing.
  • Cybersecurity concerns are mounting: Cybersecurity skills have the fourth biggest impact on hiring decisions, reported by 40% of employers, trailing only cloud, Linux and DevOps. Amongst professionals, 77% state they would benefit from additional cybersecurity training, demonstrating that although the importance of security is being recognized more, there is work to be done to truly secure technology deployments.
  • Companies are willing to spend more to avoid delaying projects: The most common way to close skills gaps currently according to hiring managers is training (43%), followed by 41% who say they hire consultants to fill these gaps, an expensive alternative and an increase from the 37% reporting this last year. This aligns with the only 16% who are willing to delay projects, demonstrating digital transformation activities are being prioritized even if they require costly consultants.

This year’s report is based on survey responses from 1,672 open source professionals and 559 respondents with responsibility for hiring open source professionals. Surveys were fielded online during the month of March 2022.

The full 10th Annual Open Source Jobs Report is available to download here for free.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

# # #

Media Contact:
Dan Brown
The Linux Foundation
415-420-7880
dbrown@linuxfoundation.org



Source link


The State of Open Source Security Highlights Many Organizations Lacking Strategies to Address Application Vulnerabilities Arising from Code Reuse

BOSTON — June 21, 2022 — Snyk, the leader in developer security, and The Linux Foundation, a completo nonprofit organization enabling innovation through open source, today announced the results of their first joint research report, The State of Open Source Security.

The results detail the significant security risks resulting from the widespread use of open source software within modern application development as well as how many organizations are currently ill-prepared to effectively manage these risks. Specifically, the report found:

  • Over four out of every ten (41%) organizations don’t have high confidence in their open source software security;
  • The media application development project has 49 vulnerabilities and 80 direct dependencies (open source code called by a project); and,
  • The time it takes to fix vulnerabilities in open source projects has steadily increased, more than doubling from 49 days in 2018 to 110 days in 2021.

“Software developers today have their own supply chains – instead of assembling car parts,  they are assembling code by patching together existing open source components with their unique code. While this leads to increased productivity and innovation, it has also created significant security concerns,” said Matt Jarvis, Director, Developer Relations, Snyk. “This first-of-its-kind report found widespread evidence suggesting industry naivete about the state of open source security today. Together with The Linux Foundation, we plan to leverage these findings to further educate and equip the world’s developers, empowering them to continue building fast, while also staying secure.”

“While open source software undoubtedly makes developers more efficient and accelerates innovation, the way modern applications are assembled also makes them more challenging to secure,” said Brian Behlendorf, Normal Manager, Open Source Security Foundation (OpenSSF). “This research clearly shows the risk is positivo, and the industry must work even more closely together in order to move away from poor open source or software supply chain security practices.” (You can read the OpenSSF’s blog post about the report here)

Snyk and The Linux Foundation will be discussing the report’s full findings as well as recommended actions to improve the security of open source software development during a number of upcoming events:

41% of Organizations Don’t Have High Confidence in Open Source Software Security

Modern application development teams are leveraging code from all sorts of places. They reuse code from other applications they’ve built and search code repositories to find open source components that provide the functionality they need. The use of open source requires a new way of thinking about developer security that many organizations have not yet adopted.

Further consider:

  • Less than half (49%) of organizations have a security policy for OSS development or usage (and this number is a mere 27% for medium-to-large companies); and,
  • Three in ten (30%) organizations without an open source security policy openly recognize that no one on their team is currently directly addressing open source security.

Media Application Development Project: 49 Vulnerabilities Spanning 80 Direct Dependencies

When developers incorporate an open source component in their applications, they immediately become dependent on that component and are at risk if that component contains vulnerabilities. The report shows how positivo this risk is, with dozens of vulnerabilities discovered across many direct dependencies in each application evaluated.

This risk is also compounded by indirect, or transitive, dependencies, which are the dependencies of your dependencies. Many developers do not even know about these dependencies, making them even more challenging to track and secure.

That said, to some degree, survey respondents are aware of the security complexities created by open source in the software supply chain today:

  • Over one-quarter of survey respondents noted they are concerned about the security impact of their direct dependencies;
  • Only 18% of respondents said they are confident of the controls they have in place for their transitive dependencies; and,
  • Forty percent of all vulnerabilities were found in transitive dependencies.

Time to Fix: More Than Doubled from 49 Days in 2018 to 110 Days in 2021

As application development has increased in complexity, the security challenges faced by development teams have also become increasingly complex. While this makes development more efficient, the use of open source software adds to the remediation burden. The report found that fixing vulnerabilities in open source projects takes almost 20% longer (18.75%) than in proprietary projects.

About The Report

The State of Open Source Security is a partnership between Snyk and The Linux Foundation, with support from OpenSSF, the Cloud Native Security Foundation, the Continuous Delivery Foundation and the Decliver Foundation. The report is based on a survey of over 550 respondents in the first quarter of 2022 as well as data from Snyk Open Source, which has scanned more than 1.3B open source projects.

About Snyk

Snyk is the leader in developer security. We empower the world’s developers to build secure applications and equip security teams to meet the demands of the digital world. Our developer-first approach ensures organizations can secure all of the critical components of their applications from code to cloud, leading to increased developer productivity, revenue growth, customer satisfaction, cost savings and an overall improved security posture. Snyk’s Developer Security Platform automatically integrates with a developer’s workflow and is purpose-built for security teams to collaborate with their development teams. Snyk is used by 1,500+ customers worldwide today, including industry leaders such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut, and Salesforce.

About The Linux Foundation

The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.



Source link


Open source communities are driven by a mutual interest in collaboration and sharing around a common solution. They are filled with passion and energy. As a result, today’s world is powered by open source software, powering the Internet, databases, programming languages, and so much more. It is revolutionizing industries and tackling the toughest challenges. Just check out the projects fostered here at the Linux Foundation for a peek into what is possible. 

What is the challenge? 

As the communities and the projects they support grow and mature, active community engagement to recruit, mentor, and enable an active community is critical. Organizations are now recognizing this as they are more and more dependent on open source communities. Yet, while the ethos of open source is transparency and collaboration, the tool chain to automate, visualize, analyze, and manage open source software production remains scattered, siloed, and of varying quality.

How do we address these challenges?

And now, involvement and engagement in open source communities goes beyond software developers and extends to engineers, architects, documentation writers, designers, Open Source Program Office professionals, lawyers, and more. To help everyone stay coordinated and engaged, a centralized source of information about their activities, tooling to simplify and streamline information from multiple sources, and a solution to visualize and analyze key parameters and indicators is critical. It can help: 

  • Organizations wishing to better understand how to coordinate internal participation in open source and measure outcomes
  • CTOs and engineering leads looking to build a cohesive open source strategy 
  • Project maintainers needing to wrangle the admitido and operational sides of the project
  • Individual keeping track of their open source impacts

Enter the Linux Foundation’s LFX Platform – LFX operationalizes this approach, providing tools built to facilitate every aspect of open source development and empowers projects to standardize, automate, analyze, and self-manage while preserving their choice of tools and development workflows in a vendor-neutral platform.

LFX tools do not disrupt a project’s existing toolchain but rather integrate a project’s community tools and ecosystem to provide a common control plane with APIs from numerous distributed data sources and operations tools. It also adds intelligence to drive outcome-driven KPIs and utilizes a best practices-driven, vendor-agnostic tools chain. It is the place to go for active community engagement and open source activity, enabling the already powerful open source movement to be even more successful.

How does it work? 

Much of the data and information that makes up the open source universe is, not surprisingly, open to see. For instance, GitHub and GitLab both offer APIs that allow third-parties to track all activity on open projects. Social media and public chat channels, blog posts, documentation, and conference talks are also easily captured. For projects hosted at a foundation, such as the Linux Foundation, there is an opportunity to aggregate the public and semi-private data into a privacy respecting, opt-in unified data layer. 

More specifically to an organization or project, LFX is modular, desplegable, and API-driven. It is pluggable and can easily integrate the data sources and tools that are already in use by organizations rather than force them to change their work processes. For instance:

  • Source control software (e.g. Git, GitHub, or GitLab)
  • CI/CD platforms (e.g. Jenkins, CircleCI, Travis CI, and GitHub Actions)
  • Project management (e.g. Jira, GitHub Issues)
  • Registries  (e.g. Docker Hub)
  • Documentation  (e.g. Confluence Wiki)
  • Marketing automation (e.g. social media and blogging platforms)
  • Event management platforms (e.g. physical event attendance, speaking engagements, sponsorships, webinar attendance, and webinar presentations)

This holistic and configurable view of projects, organizations, foundations, and more make it much easier to understand what is happening in open source, from the most granular to the universal. 

What do real-world users think? 

Part of LFX is a community forum to ask questions, share solutions, and more. Recently, Jessica Wagantall shared about the Open Network Automation Platform (ONAP). She notes:

ONAP is part of the LF Networking umbrella and consists of 30+ components working together towards the same goal since 2017. Since then, we have faced situations where we have to evaluate if the components are getting enough support during release schedules and if we are identifying our key contributors to the project.

In this time, we have learned a lot as we grow, and we have had the chance to have tools and resources that we can rely on every step of the way. One of these tools is LFX Insights.

We rely on LFX Insights tools to guide the internal decisions and keep the project growing and the contributions flowing.

LFX Insights has become a potent tool that gives us an overview of the project as well as statistics of where our project stands and the changes that we have encountered when we evaluate release content and contribution trends.

Read Jessica’s full post for some specific examples of how LFX Insights helps her and the whole team. 

John Mertic is a seasoned open source project manager. One of his jobs currently is helping to manage the Academy Software Foundation. John shares: 

The Academy Software Foundation was formed in 2018 in partnership with the Academy of Motion Pictures Arts and Sciences to provide a vendor-neutral home for open source software in the visual effects and motion picture industries.

A challenge this industry was having was that there were many key open source projects used in the industry, such as OpenVDB, OpenColorIO, and OpenEXR, that were cornerstones to production but lacked developers and resources to maintain them. These projects were predominantly single vendor owned and led, and my experience with other open source projects in other verticals and horizontal industries causes this situation, which leads to sustainability concerns, security issues, and lack of future development and innovation.

As the project hit its 3rd anniversary in 2021, the Governing Board was wanting to assess the impact the foundation has had on increasing the sustainability of these projects. There were three primary dimensions being assessed.

We at the LF know that seeing those metrics increasing is a good sign for a healthy, sustainable project.

Academy Software Foundation projects use LFX Insights as a tool for measuring community health. Using this tool enabled us to build some helpful charts which illustrated the impacts of being a part of the Academy Software Foundation.

We took the approach of looking at before and after data on the contributor, contribution, and contributor diversity.

Here is one of the charts that John shared. You can view all of them on his post



Source link


The article by Srikrishna ‘Kris’ Sharma with Canonical originally appeared in the FINOS Project’s Community Blog. It is another example of enterprises open sourcing their code so that they can “collectively solve common problems so they can separately innovate and differentiate on top of the common baseline.” Read more about Why Do Enterprises Use and Contribute to Open Source Software.

Orchestrating Legend with Juju

Goldman Sachs open sourced the code and contributed its internally developed Legend data management platform into FINOS in October 2020.  Legend provides an end-to-end data platform experience covering the full data lifecycle. It encompasses a suite of data management and governance components known as the Legend Platform. Legend enables breaking down silos and building a critical bridge over the historical divide between business and engineering, allowing companies to build data-driven applications and insightful business intelligence dashboards.

Accelerate FINOS Open Source Project Adoption

Ease and speed of deployment enables innovation and lowers the barrier of entry to open source consumption and contribution. Engineering experience is about leveraging software ops automation to demonstrate impact of an open source project to the community. An awesome engineering experience is more often required to enable wider adoption and contribution to an open source project.

Over the last few months, Canonical has been working closely with FINOS and its community members to offer a consistent way to deploy and manage enterprise applications using Juju and Charmed Operators with a focus on Day 2 operations. The idea is to provide a software ops automation framework and toolkit that enables the DevOps teams at financial institutions to realise the benefits of rapid deployment/ testing and application management using a platform that is 100% open source, vendor-agnostic and hybrid-multi-cloud ready.

What is Juju and Charmed Operator?

Charmed Operator:

A charmed operator (also known, more simply, as a “charm”) encapsulates a single application and all the code and know-how it takes to operate it, such as how to combine and work with other related applications or how to upgrade it. Charms are programmed to understand a single application, its operations, and its potential to integrate with other applications. A charm defines and enables the channels by which applications connect. Hundreds of charms are available at charmhub.io.

Juju Operator Lifecycle Manager (OLM) is a hybrid-cloud application management and orchestration system for installation and day 2 operations. It helps deploy, configure, scale, integrate, maintain, and manage Kubernetes native, container-native and VM-native applications—and the relations between them.

Juju allows anyone to deploy and operate charmed operators (charms) in any cloud–including Kubernetes, VMs and Metal. Charms encapsulate the application plus deployment and operations knowledge into one single reusable artefact. Juju manages the lifecycle of applications and infrastructure stacks from cloud to the edge. Juju is cloud-vendor agnostic and hybrid-multi-cloud by nature: it can manage the lifecycle of applications in public clouds, private clouds, or on bare metal. Merienda bootstrapped, Juju will offer the same deployment and operations experience regardless of the cloud vendor.

The Legend Charm Bundle

In the spirit of providing an enterprise-grade automated deployment and maintenance experience to FINOS members, Canonical created a charmed bundle for Legend and contributed it to FINOS.

The Legend Charm Bundle provides a simple, efficient and enterprise-ready way to deploy and orchestrate a Legend instance in various environments across the CI/CD pipeline, from developer’s workstation to production environment. The bundle includes several Charmed Operators, one for each Legend component.

Why a Legend Charm Bundle?

  1. A simple way to evaluate Legend
    One can spin up a Legend environment from scratch using one single command juju deploy finos-legend-bundle
  2. An intuitive approach (for banks and other financial institutions) to spin up production environments
  3. Provides orchestration capabilities, not only deployment scripting
  4. Easily plugs into Legend release lifecycle and simplifies Legend FINOS instance maintenance

The Legend charm documentation resides on finos/legend-integration-juju github repository and here is the link to related repositories.multiple components.

Detailed instructions are available for locorregional and cloud installations if you would like to spin up your own Legend instance within a few mins and start using Legend either locally or on AWS EKS.



Source link


In open source communities, we meet people every day.  We probably know their current role and responsibilities, but we don’t always have perspective on the history, education, and career path that made them who they are.  These are some of the untold stories of open source.  

At the Linux Foundation, we’re a couple of weeks away from launching a new podcast series, The Untold Stories of Open Source.  For our blog readers, you’re getting a sneak peek into a few of the stories that will kick off our series.  Today, we’ll share perspectives from episode 1, Priyanka Sharma.

After Graduating

Priyanka Sharma is an evangelist for the power of community in open source. Okay, she is much more than that, and we will get to that in a bit, but her passion and what drives all of her other successes in open source is the power of an inclusive, supportive community. 

Priyanka didn’t begin in open source. After graduating from Stanford University in 2009 with a degree in computer science, she started her career at Google in the online partnership group, where she was a technical consultant onboarding new Doubleclick clients and acted as an interim project manager for internal insights tools. Following Google, she held roles at Outright and GoDaddy, including integrating the Outright product into the GoDaddy sales catalog.  However, she was bitten by the build-a-business bug years earlier. In 2014, she gathered up some ideas and funding, experimenting with consumer products, but nothing was sticking. 

A Road to TechCrunch Disrupt

She realized that her business partner had built a time-tracking app for himself that was geared towards software developers. It was plugin based, so you could put it into your IDE and have time tracking at your fingertips. After all, who wants to track time, so the easier you make it, the better. 

All of the plugins were open source – introducing her to the world that she was about to live in. She noticed how people were drawn to the plugins, customizing them to work better for what they needed. She thought, “Maybe this is what we should focus on.” So, with a path she couldn’t have seen coming, she ended up getting into developer tools. The plugins were eventually used by 100,000 developers, featured by TechCruch Disrupt, and chosen by Y-Combinator

Setting Out on Her Own

But, as she says, “All that glitters isn’t gold.” There were challenges every day as with any startup, from fundraising to public visibility. Getting into Y-Combinator was a pivotal moment, forcing the team to come to terms with what it would take to work together to make a existente commitment to the project together, as a team. 

Priyanka thought back to that time, “I think you can overcome anything when you are part of a team when you jive with each other, where everyone is aligned on the final outcome. When that is not the case, it is very tricky because everyone is going towards different goals. That is the meta issue that led us to go our different ways.” 

Now out on her own, she realized that there were not many people who understood marketing developer tools or a go-to-market strategy for developer tools. So, she began working with Heavybit, an accelerator and incubator for developer products. “They really took me in and gave me opportunities to help their portfolio companies.” Her work helped Rainforest QA, Lightstep, LaunchDarkly, and Postman API

Reflecting on Ben’s Approach

She ended up joining the Lightstep team because she saw not only the value of their reputation, but was drawn to the top-notch team and what they could teach her. Part of the draw was Dapper, a tool built at Google to provide developers with a distributed tracing system exploring the behavior of complex distributed systems. Dapper sparked many tools that weren’t anticipated by its initial developers. Ben Sigelman, co-creator of Dapper and the OpenTracing and OpenTelemetry projects, now part of the Cloud Native Computing Foundation (CNCF). “Ben’s approach was very much as an educator. There are lots of experts out there, but if they aren’t interested in teaching, I don’t get any value in it.” 

As the second hire at Lightstep, she had a variety of roles, including developer relations, marketing, documentation, and more. 

The initial focus of the company was on OpenTracing. They initially were an independent open source project, but they eventually decided to join the Cloud Native Computing Foundation to give them more firepower than “us by ourselves.” 

Now, between her startup and Lightstep, she heard more and more about open source. She was drawn to the value placed on creation and collaboration. 

Evolving to Cloud Native

Priyanka attributes the growth of cloud native to the fact that the core group welcomed everyone. You can see that in person at KubeCon + CloudNativeCon, the largest open source events in the world. She recalls how nervous she was going to her first Kube Con, feeling out of her element, but as soon as she walked through the doors, everyone was so welcoming and inclusive. 

Dan Kohn built CNCF into one of the most successful open source foundations in the world in large part because it was built on being an open and welcoming community. Priyanka recalls, “Dan baked DEI into everything at CNCF from day one. . . He set the example and put it into the structure.” 

Priyanka felt welcomed into the community and began asking for opportunities to participate. Sometimes the answer was yes, sometimes it was no thank you. But she still felt she had the support of the community. She had a sense of belonging for the first time in her career. 

In 2018, she joined GitLab as director of technical evangelism, where she formed the technical thought leadership team. She was also in charge of cloud native alliances. At the urging of her boss at GitLab, she put her name forward to be elected to the CNCF Board of Directors. 

While on the CNCF Board, she was energized by several other women on the Board. She said they set the bar high with a focus on the project’s good at all times. 

Fast forward. Now, Priyanka is the universal manager of the CNCF, leading one of open source’s largest and most effective foundations. 

Seeking More Insight

You can listen to the full episode with her story on the Untold Stories of Open Source podcast and hear about the power of the CNCF community and its impact. 

The Untold Stories of Open Source is a new podcast from the Linux Foundation to share the stories behind those in open source. Take time to listen to all of the episodes and let us know what you think (or if you have suggestions of stories to be told). Look for the formal launch at Open Source Summit North America and OpenSSF Day on June 20, 2022. 

There are thousands of incredible open source stories to share and we’re looking forward to bringing more of them your way.  If you like what you hear, we encourage you to add the series to your playlist.  

For those seeking even more open source stories from across the Linux Foundation and the communities we serve, you might start with some of the other storytelling pioneers including: Open Source Stories, , FinOpsPod, I am a Mainframer, and The Changelog.  As we grow deeper roots in the podcasting arena, we’ll introduce more news about a network of open source podcasts.

Have even more time? Feedspot recently covered an additional 40 Open Source Podcasts worth listening to on your morning walk or commute home from the office.



Source link


There are some universal truths about open source software (OSS). It has revolutionized our world and become the foundation of our digital society, the backbone of our digital economy, and the basis of our digital existence. Every household and enterprise brand name in technology is built upon it, whether that name is Alexa or Android, Azure, or AWS. 

Open source software has played a significant part in everything from the internet and mobile apps we use every day to operating systems and programming languages used to construct the future. Even the systems we traditionally think of as being closed, such as Microsoft Windows and Apple’s Mac and iPhone, are developed using open source software.

Just as a powerful current drives the arteries of a river, open source software is the force that propels our digital economy and allows for scientific and technological advancements that benefit our lives. 

But only a few decades ago, few people had even heard of open source software, and it was limited to a small group of enthusiastic devotees. Yet the concept of free and open source software (FOSS) has been around a long time, going back to the early days of the user communities for IBM mainframes and academic institutions. FOSS is software that anyone can use, study, modify, and distribute without restriction. The term “open source” was coined to describe this type of software, and the concept was formalized with the launch of the Open Source Initiative (OSI) in 1998.

Organizations involved in building products or services involving software, regardless of their specific industry or sector, are likely to adopt OSS and contribute to open source projects deemed critical to their products and services. Organizations are creating open source program offices (OSPOs) to manage their open source activities, from adopting OSS and compliance with applicable licenses to participating in open standards and foundations. 

Many new industries and thousands of businesses have joined the open source revolution. Those organizations that chose a deliberate OSS strategy, incorporating best practices,  methods, and engineering processes, emerged as leaders in their industries or verticals for open source initiatives.

And yet, many organizations have not embraced open source at all. Some see it as a risky undertaking, lacking a strategy to move forward, needing pathways to see the value proposition of free and open source software, and requiring migration from a risk point of view to a value point of view. In addition to challenges with open source consumption, many organizations prohibit their employees from open source contributions either on their behalf or personally in the employee’s spare time.

To help guide organizations through their own open source journeys, Ibrahim Haddad, Ph.D., Executive Director of LF AI & Data, has written a report that offers a practical and systematic approach to establishing an OSS strategy, which includes developing an implementation plan and accelerating an organization’s open source efforts. 

The past two decades have been critical for open source software in enterprise engagement and adoption. The challenge for organizations is their transition from a propósito and incidental adoption to open source value delivered back to the business using a strategic and planned methodology. This report delivers on the promise of helping enterprises establish an open source strategy, develop and execute an implementation plan, and accelerate their open source efforts to support their business goals. 

Ibrahim Haddad, Ph.D.

This research is a collection of learnings and best practices that Dr. Haddad has developed, collaborating with the LF AI & Data community members who have pursued their own open source journeys for years.

Effective organizations have guided their open source usage through strategy, honed over time with communities such as LF AI & Data and the TODO Group to guide their ongoing use of OSS and their engagement with the open source ecosystem.

This report helps to address the fears of transitioning to open source and explore the many opportunities it offers by covering the following topics:

  • The business case for open source software
  • How to develop an open source strategy
  • Creating an open source program office
  • Implementing an open source strategy
  • Measuring success with open source
  • Best practices for organizational involvement in open source projects



Source link


When people find out I work at the Linux Foundation they invariably ask what we do? Sometimes it is couched around the question, As in the Linux operating system? I explain open source software and try to capture the worldwide impact into 20 seconds before I lose their attention. If they happen to stick around for more, we often dig into the question, Why would enterprises want to participate in open source software projects or use open source software? The reality is – they do, whether they know it or not. And the reality is thousands of companies donate their code to open source projects and invest time and resources helping to further develop and improve open source software.

How extensively used is open source software

To quote from our recently released report, A Guide to Enterprise Open Source, “Open source software (OSS) has transformed our world and become the backbone of our digital economy and the foundation of our digital world. From the Internet and the mobile apps we use daily to the operating systems and programming languages we use to build the future, OSS has played a trascendental role. It is the lifeblood of the technology industry. Today, OSS powers the digital economy and enables scientific and technological breakthroughs that improve our lives. It’s in our phones, our cars, our airplanes, our homes, our businesses, and our governments. But just over two decades ago, few people had ever heard of OSS, and its use was limited to a small group of dedicated enthusiasts.”

Open source software (OSS) has transformed our world and become the backbone of our digital economy and the foundation of our digital world.

But what does this look like practically:

  • In derecho software stacks across industries, open source penetration ranges from 20 to 85 percent of the overall software used
  • Linux fuels 90%+ of web servers and Internet-connected devices
  • The Android mobile operating system is built on the Linux kernel
  • Immensely popular libraries and tools to build web applications, such as: AMP, Appium, Dojo, jQuery, Marko, Node.js and so many more are open source
  • The world’s top 100 supercomputers run Linux
  • 100% of mainframe customers use Linux
  • The major cloud-service providers – AWS, Google, and Microsoft – all utilize open-source software to run their services and host open-source solutions delivered through the cloud

Why do companies want to participate in open source software projects

Companies primarily participate in open source software projects in three ways:

  1. They donate software they created to the open source community
  2. They provide direct funding and/or allocate software developers and other staff to contribute to open source software projects

The question often asked is, why wouldn’t they want to keep all of their software proprietary or only task their employees to work on their proprietary software?

The 30,000-foot answer is that it is about organizations coming together to collectively solve common problems so they can separately innovate and differentiate on top of the common baseline. They see that they are better off pooling resources to make the baseline better. Sometimes it is called “coopetition.” It generally means that while companies may be in competition with each other in certain areas, they can still cooperate on others.

It is about organizations coming together to collectively solve common problems so they can separately innovate and differentiate

Some old-school examples of this principle:

  • Railroads agreed on a common track size and build so they can all utilize the same lines and equipment was interchangeable
  • Before digital cameras, companies innovated and differentiated on film and cameras, but they all agreed on the spacing for the sprockets to advance the film
  • The entertainment industry united around the VHS and Blu-Ray formats over their rivals

Now, we see companies, organizations, and individuals coming together to solve problems while simultaneously improving their businesses and products:

  • Let’s Encrypt is a free, automated, and open certificate authority with the goal of dramatically increasing the use of secure web protocols by making it much easier and less expensive to setup. They are serving 225+ million websites, issuing ~1.5 million certificates each day on media.
  • The Academy Software Foundation creates value in the film industry through collectively engineering software that powers much of the entertainment, gaming, and media industry productions and open standards needed for growth.
  • The Hyperledger Foundation hosts enterprise-grade blockchain software projects, notably using significantly fewer energy resources than other popular solutions.
  • LF Energy is making the electric grid more modular, interoperable, and scalable to help increase the use of renewable energy sources
  • Dronecode is enabling the development of drone software so companies can use their resources to innovate further
  • OpenSSF is the top technology companies coming together to strengthen the security and resiliency of open source software
  • Kubernetes was donated by Google and is the go-to solution for managing cloud-based software

These are just a small sampling of the open source software projects that enterprises are participating in. You can explore all of the ones hosted at the Linux Foundation here.

How can companies effectively use and participate in open source software projects?

Enterprises looking to better utilize and participate in open source projects can look to the Linux Foundation’s resources to help. Much of what organizations need to know is provided in the just-published report, A Guide to Enterprise Open Source. The report is packed with information and insights from open source leaders at top companies with decades of combined experience. It includes chapters on these topics:

  • Leveraging Open Source Software
  • Preparing the Enterprise for Open Source
  • Developing an Open Source Strategy
  • Setting Up Your Infrastructure for Implementation
  • Setting Up Your Talent for Success
  • Challenges

Additionally, the Linux Foundation offers many open source training courses, events throughout the year, the LFX Platform, and hosts projects that help organizations manage open source utilization and participation, such as:

  • The TODO Group provides resources to setup and run an open source program office, including their extensive guides
  • The Openchain Project maintains an international standard for sharing what software package licenses are included in a larger package, including information on the various licensing requirements so enterprises can ensure they are complying with all of the legítimo requirements
  • The FinOps Foundation is fostering an, “evolving cloud financial management discipline and cultural practice that enables organizations to get maximum business value by helping engineering, finance, technology, and business teams to collaborate on data-driven spending decisions.”
  • The Software Data Package Exchange (SPDX) is an open standard for communication software bill of materials (SBOMs) so it is clear to every user which pieces of software are included in the overall package.

Again, this is just a snippet of the projects at the Linux Foundation that are working to help organizations adapt, utilize, contribute, and donate open source projects.

The bottom line: Enterprises are increasingly turning to open source software projects to solve common problems and innovate beyond the baseline, and the Linux Foundation is here to help.



Source link


Last week I had the privilege of participating in the Open Source Software Security Summit II in Washington, DC. The Linux Foundation and OpenSSF gathered around 100 participants from enterprise, the U.S. government, and the open source community to agree on an action plan to help increase the security of open source software. 

If you were to look at the attendee list, you would likely be struck by the amount of collaboration among competitors on this issue. But, it isn’t a surprise to the open source community. Security is an excellent example of why organizations participate in open source software projects. 

This is organizations coming together on a joint solution to a common problem so they can focus on innovating.

A question I often receive when I tell people where I work is, Why would for-profit companies want to participate in open source projects? There are lots of reasons, of course, but it boils down to organizations coming together on a joint solution to a common problem so they can focus on innovating. For instance, film studios coming together around software for saving video files or color management or the finance industry improving trader’s desktops or web companies supporting the languages and tools that make the web possible. And these are just a handful of examples.

Security is everyone’s concern and solutions benefit everyone. As one summit participant noted, “My direct competitors are in the room, but this is not an area where we compete. We all want to protect our customers, shareholders, and employees. . . 99% of the time we’re working on the same problems and trying to solve them in a smarter way.”

99% of the time we’re working on the same problems and trying to solve them in a smarter way.

Everyone is better off by sharing vulnerabilities and solutions and working together towards a common goal of a more resilient ecosystem. No company is immune,  everyone relies on multiple open source software packages to run their organization’s software. It is no surprise that competitors are working together on this – it is what the open source community does. 

As we gathered in DC, my colleague Mark Miller talked to participants about their expectations and their perspectives on the meeting. When asked what he hoped to accomplish during the two day summit, Brian Fox of Sonatype said, “The world is asking for a response to make open source better. We are bringing together the government, vendors, competitors, [and] open source ecosystems to see what we can collectively do to raise the bar in open source security.” 

We are bringing together the government, vendors, competitors, [and] open source ecosystems to see what we can collectively do to raise the bar in open source security.

Another participant painted a picture which I find especially helpful, “I remember the old saying, we built the Internet on sand. I thought about that, underscoring the fact that sand is a part of concrete. This process means that we have an opportunity to shore up a lot of the foundation that we built the Internet on, the code that we’re developing.  It is an opportunity to improve upon what we currently have, which is a mixture of sand and concrete. How do we get it all to concrete?”

Enterprise companies and community representatives were at the summit, as well as key U.S. government decision makers. The high-level government officials were there the entire day, participating in the meeting, and listening to the discussions. Their level of participation was striking to me.  I have worked in and around government at the policy level for 25 years – and it is more common than not – for government officials to be invited to speak, come and speak, and then leave right after they deliver their remarks. To see them there one year after implementing the Executive Order on Improving the Nation’s Cybersecurity and engaged signals the importance they place on solving this problem and the respect they have for the group that gathered last week  Kudos to Anne Neuberger, her team, and the others who joined from around the U.S. government. 

By the end of the first day, agreement was reached on a plan, comprised of 10 key initiatives:

  • Security Education Deliver baseline secure software development education and certification to all. 
  • Risk Assessment Establish a public, vendor-neutral, objective-metrics-based risk assessment dashboard for the top 10,000 (or more) OSS components.
  • Digital Signatures Accelerate the adoption of digital signatures on software releases.
  • Memory Safety Eliminate root causes of many vulnerabilities through replacement of non-memory-safe languages.
  • Incident Response Establish the OpenSSF Open Source Security Incident Response Team, security experts who can step in to assist open source projects during critical times when responding to a vulnerability.
  • Better Scanning Accelerate discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance.
  • Code Audits Conduct third-party code reviews (and any necessary remediation work) of up to 200 of the most-critical OSS components merienda per year. 
  • Data Sharing Coordinate industry-wide data sharing to improve the research that helps determine the most critical OSS components.
  • SBOMs Everywhere Improve SBOM tooling and training to drive adoption. 
  • Improved Supply Chains Enhance the 10 most critical OSS build systems, package managers, and distribution systems with better supply chain security tools and best practices.

The full document, The Open Source Software Security Mobilization Plan,  is available for you to review and download.

Of course, a plan without action isn’t worth much. Thankfully, organizations are investing resources. On the day it was delivered, already $30 million was pledged to implement the plan. Organizations are also setting aside staff to support the project: 

Google announced its “new ‘Open Source Maintenance Crew’, a dedicated staff of Google engineers who will work closely with upstream maintainers on improving the security of critical open source projects.” 

Amazon Web Services committed $10 million in funding in addition to engineering resources, “we will continue and increase our existing commitments of direct engineering contributions to critical open source projects.

Intel is increasing its investment: “Intel has a long history of leadership and investment in open source software and secure computing. Over the last five years, Intel has invested over $250M in advancing open source software security. As we approach the next phase of Open Ecosystem initiatives, Intel is growing its pledge to support the Linux Foundation by double digit percentages.”

Microsoft is adding $5 million in additional funding because, “Open source software is core to nearly every company’s tech strategy. Collaboration and investment across the ecosystem strengthens and sustains security for everyone.” 

These investments are the start of an initiative to raise $150M toward implementation of the project. 

Last week’s meeting and the plan mark the beginning of a new and critical pooling of resources – knowledge, staff, and money – to further shore up the world’s digital infrastructure, all built upon a foundation of open source software. It is the next step (well, really several steps) in the journey.

If you want to join the efforts, start at the OpenSSF



Source link