This Extension Can Save & Restore All Open App Windows in Ubuntu 22.04

I don’t remember when’s the last time auto-save session feature works correctly in my Ubuntu machine. While, enabling hibernation could be the best choice now to save and restore all open app windows in Ubuntu.

But for those who really like the auto-save session feature, here’s an Gnome Shell extension can do the job partially.

It’s ‘Another Window Session Manager’, an extension which adds an indicator icon on top panel system tray area. It provides an option to manually save all open windows, then allows to restore either manually via menu button or automatically at login.

Save open windows

Not only for classic Xorg, but it also supports Wayland session. Also, it remembers window size, position, and workspace. The downsides are that it does not restore the window workspace correctly sometimes, and restores some apps in empty window rather than last open files or URLs.

The extension is not perfect so far, but anyhow it’s better than nothing!

How to Install this session restore extension:

The extension so far support for Gnome 40, 41, 42 and 43. Meaning not only for Ubuntu 22.04, Ubuntu 22.10, it also works in Fedora 35/36/37 workstation, Rocky Linux 9, Arch, and other Linux with recent GNOME desktop.

For Ubuntu 22.04+, first search for and install “Extension Manager” app from Ubuntu Software.

Install Extension Manager in Ubuntu 22.04+

Then, use the tool to search and install “Another Window Session Manager” under Browse tab.

For Fedora 35/36/37 and other Linux with GNOME, visit the extension web page and use ON/OFF switch to install it.

Enable Restore open windows at login

The feature to restore all open app windows on startup after user login is not enabled by default.

You can need to do following steps one by one to enable the function:

    1. First, go to ‘Installed’ tab in Extension Manager. Then open the configuration dialog for the extension, by clicking on the gear button. (or install Gnome Extensions app and use the tool to open the settings).
    2. Next, navigate to “Restore Sessions” tab and:
      • enable ‘Restore at startup’ toggle option.
      • enable ‘Restore at startup without asking’ to skip the confirm dialog on each login (optional)

Finally, open the indicator menu, and turn on the ON/OFF switch for your saved session, so it will restore automatically at next login.

That’s all. Enjoy!

How to Find Open Ports and Close Them in Linux

How to Find Open Ports and Close Them in Linux

So you are dealing with a critical server where you have to maintain security at any cost. And closing ports to block unwanted traffic is the first step you’d take.

sudo ufw deny 80
sudo ufw enable

So this guide will explain how you can find and close open ports in your server.

Find open ports in Linux

In this tutorial, I am going to use the ss command to find open ports.

You can use the -l option with the ss command to get listening ports. But to be more specific, I’m going with -lt to get listening TCP ports:

ss -tl
How to Find Open Ports and Close Them in Linux

Similarly, if you want to have a list of both TCP and UDP in the listening state, you can use the given command:

ss -tul
How to Find Open Ports and Close Them in Linux

And to get the listening port of each service, you can use -n and for more fine-tuned results, you can always use the grep command:

ss -tuln | grep LISTEN
How to Find Open Ports and Close Them in Linux

Enough of finding open ports, let’s jump to how you can close them.

Close open ports in Linux

To close the port, first, you will need to stop the service and to find the service name, you can use the same ss command with -p option:

sudo ss -tulnp | grep LISTEN
How to Find Open Ports and Close Them in Linux

As you can see, the NGINX is utilizing port number 80. So let’s stop it using the given command:

sudo systemctl stop nginx

As it will enable itself on every boot and you can alter this behavior using the given command:

sudo systemctl disable nginx

For better results, I would recommend changing firewall rules.

Here, I’m going to block port no 80 (used by NGINX) in UFW (which is pre-installed in Ubuntu).

First, let’s check the status of UFW:

sudo ufw status
How to Find Open Ports and Close Them in Linux

And if it shows inactive, you can use the given command to enable it:

sudo ufw enable

Now, you just have to pair the deny option with the port number:

sudo ufw deny 80
How to Find Open Ports and Close Them in Linux

And here’s the end result:

How to Find Open Ports and Close Them in Linux

No sign of NGINX!

Wrapping Up

This was my take on how you can find and close open ports in Linux. I hope you will find this helpful.

And if you have any queries, let me know in the comments.

How Secure is Using Open Source Components?

Open source has always been the epitome of security, and this is now more so the case than ever due to the recent influx of software like open source analysis. However, it is still natural for people to have their doubts, and it would be misleading to say that using open source components is always safe one hundred percent of the time. 

Luckily, there are a few ways for us to gauge the security of open source components by looking at the moving parts behind the curtains, and this is exactly what we are going to be delving into in this article. Let’s take a look at how secure using open source components truly is. 

 

lock on keyboard

 

Any Weaknesses Will Be Dealt With As Soon As They Exposed

One of the biggest features that sets open source apart from any other solutions is that its code is accessible by anyone. There are usually thousands of developers working on a project at any given time, and as a direct result of this, any weaknesses are likely going to be resolved near immediately. 

Having this many developers helps improve security all over the board. Not only are any threats/weaknesses going to have much higher chances of being detected with open source, but there is also going to be a whole community of people working for a solution whenever a problem rears its head. This means that the security that open source components can offer is usually far superior to anything else on the market.

This is all the more noticeable when you begin to factor in the fact that issues with fixed solutions can be incredibly difficult to detect, and even when potential problems are detected, it can still take a while for any changes to be made.

Open source components just have a huge advantage over fixed solutions due to the sheer number of people that are working on them, and for an area as delicate as security, this can be extraordinarily beneficial. 

 

The Stakes Have Never Been Higher

If you have ever asked yourself the question of should I use open-source components, there is one crucial factor that you just cannot leave out of the conversation. With open source components, most developers who work on them tend to also have some kind of stake in the venture themselves – why else would they be working on it?

No one is forced to work on open source technology. It is completely voluntary. The only reasons why someone would be working on an open source project would be because they also gain benefit from the component in question or because they happen to have a particular interest in a certain field and want to see it excel.

This means that the people who are working on any given open source component are usually invested in the company themselves, and it is in everybody’s best interest to make sure said technology is the best it can possibly be.

You just don’t get this kind of collateral when working with fixed solutions developed by people who have no stake in the matter – everyone involved has something to lose, and the incentive to improve because of one’s own investment is way stronger than just a good review or the ability to acquire repeat customers. 

 

More Cooks Do Not Always Spoil The Broth 

You have all heard the saying; more cooks spoil the broth. This is true in more than just a few situations – but when it comes to online security, more is usually better. Having thousands of talented/invested developers working on a component is going to lead to far better results than just a small team whose only goal is to make a profit, and this is especially the case since bug testing can be particularly troublesome with a smaller team.

The unusually high number of developers that work on open source projects make finding any issues an absolute breeze, and the chances of a problem being discovered are exponentially higher. 

In practical terms, this means that open source components are going to be much more polished/bug-free than regular solutions, and if you choose to utilise them, you are likely going to get access to security that is much better than anything else you could potentially get your hands on. 

Open source is a prime example of how more cooks can actually be a good thing if the dish in question happens to be practically intricate, and in the vast majority of situations, it is going to be superior to any fixed alternatives. 

We truly hope the insight you have been able to gain from this article will be of use to you. Open source is much safer than you can imagine, and in most cases, it is going to be the better option when compared to fixed solutions. 

There are just too many benefits to open source to ignore – cost-effective, secure, efficient; what else could you ask for? If you choose to use open-source components in any of your upcoming projects, you are going to be much better off for it, and you will soon come to realise just how effective open source can be. 

The post How Secure is Using Open Source Components? appeared first on IT Security Guru.

Elevate Your Organization’s Open Source Strategy

The role of software, specifically open source software, is more influential than ever and drives today’s innovation. Maintaining and growing future innovation depends on the open source community. Enterprises that understand this are driving transformation and rising to the challenges by boosting their collaboration across industries, understanding how to support their open source developers, and contributing to the open source community.

They realize that success depends on a cohesive, dedicated, and passionate open source community, from hundreds to thousands of individuals. Their collaboration is key to achieving the project’s goals.   It can be challenging to manage all aspects of an open source project considering all the different parts that drive it. For example:

Project’s scope and goals
Participating members, maintainers, and collaborators
Management and governance
Legal guidelines and procedures
IT services 
Source control, CI/CD, distribution, and cloud providers
Communication channels and social media

The Linux Foundation’s LFX provides various tools to help open source communities design and adopt a successful project strategy considering all moving parts. So how do they do it? Let’s explore that using the Hyperledger project as an example. 

1. Understand your project’s participation

Through the LFX Individual Dashboard, participants can register the identity they are using to contribute their code to GitHub and Gerrit (Since the Hyperledger project uses both). Then, the tool uses that identity to connect users’ contributions, affiliations, memberships, training, certifications, earned badges, and general information. 

With this information, other LFX tools gather and propagate data charts to help the community visualize their participation in GitHub and Gerrit for the different Hyperledger repositories. It also displays detailed contribution metrics, code participation, and issue participation.  

The LFX Organization Dashboard is a convenient tool to help managers and organizations manage their project memberships, discover similar projects to join, and understand the team’s engagement in the community. In detail, it provides information on:

Code contributions
Committee members
Event speakers and attendees 
Training and certification
Project enrollments

It is vital to have the project’s members and participant identities organized to understand better how their work makes a difference in the project and how their participation interacts with others toward the project’s goals.  

2. Manage your project’s processes

LFX Project Control Center offers a one-stop portal for program managers to organize their project participation, IT services, and quick access to other LFX tools.

Project managers can also connect:

Their project’s source control
Issue tracking tool
Distribution service
Cloud provider
Mail lists
Meeting management
Wiki and hosted domains 

For example, Hyperledger can view all related organizations under their Hyperledger Foundation umbrella, analyze each participant project, and connect services like GitHub, Jira, Confluence, and their communication channels like Groups.io and Twitter accounts.

Managing all the project’s aspects in one place makes it easier for managers to visualize their project scope and better understand how all their services impact the project’s performance.

3. Reach outside and get your project in the spotlight

Social and earned media are vital to ensure your project reaches the ears of its consumers. In addition, it is essential to have good visibility into your project’s influence in the Open Source world and where it is making the best impact.

LFX’s Insights Social Media Metrics provides high-level metrics on a project’s social media account like:

Twitter followers and following information 
Tweets and retweet breakdown
Trending tweets
Hashtag breakdown 
Contributor and user mentions

In the case of Hyperledger, we have an overall view of their tweet and retweet breakdown. In addition, we can also see how tweets by Bitcoin News are making an impression on the interested communities. 

Insights help you analyze how your project impacts other regions, reaches diverse audiences by language, and adjust communication and marketing strategies to reach out to the sources that open source participants rely on to get the latest information on how the community contributes and engages with others. For example, tweets written in English, Japanese, and Spanish made by Hyperledger contributors are visible in an overall languages chart with direct and indirect impressions calculated.

The bottom line

A coherent open source project strategy is a crucial driver of how enterprises manage their open source programs across their organization and industry. LFX is one of the tools that make enterprise open source programs successful. It is an exclusive benefit for Linux Foundation members and projects. If your organization and project would like to join us, learn more about membership or hosting your project.

The post Elevate Your Organization’s Open Source Strategy appeared first on Linux Foundation.

The post Elevate Your Organization’s Open Source Strategy appeared first on Linux.com.

LFX’22 Mentorship Experience with Open Horizon

The following post originally appeared on Medium. The author, Ruchi Pakhle, participated in our LFX Mentorship program this past spring.

echo “amazing experience”

Hey everyone!
I am Ruchi Pakhle currently pursuing my Bachelor’s in Computer Engineering from MGM’s College of Engineering & Technology. I am a passionate developer and an open-source enthusiast. I recently graduated from LFX Mentorship Program. In this blog post, I will share my experience of contributing to Open Horizon, a platform for deploying container-based workloads and related machine learning models to compute nodes/clusters on edge.

Background

I have been an active contributor to open-source projects via different programs like GirlScript Summer of Code, Script Winter of Code & so on.. through these programs I contributed to different beginner-level open-source projects. After almost doing this for a year, I contributed to different organizations for different projects including documentation and code. On a very random morning applications for LFX were opened up and I saw various posts on LinkedIn among that posts one post was of my very dear friend Unnati Chhabra, she had just graduated from the program and hence I went ahead and checked the organization that was a fit as per my skill set and decided to give it a shot.

Why did I apply to Open Horizon?

I was very interested in DevOps and Cloud Native technologies and I wanted to get started with them but have been procrastinating a lot and did not know how to pave my path ahead. I was constantly looking for opportunities that I can get my hands on. And as Open Horizon works exactly on DevOps and Cloud Native technologies, I straight away applied to their project and they had two slots open for the spring cohort. I joined their element channel and started becoming active by contributing to the project, engaging with the community, and also started to read more about the architecture and tried to understand it well by referring to their youtube videos. You can contribute to Open Horizon here.

Application process

Linux Foundation opens LFX mentorship applications thrice a year: one in spring, one in summer, and the winter cohort, each cohort being for a span of 3 months. I applied to the winter cohort for which the applications opened up around February 2022 and I submitted my application on 4th February 2022 for the Open Horizon Project. I remember there were three documents mandatory for submitting the application:

1. Updated Resume/CV

2. Cover Letter

(this is very very important in terms of your selection so cover everything in your cover letter and maybe add links to your projects, achievements, or wherever you think they can add great value)

The cover letter should cover these points primarily

How did you find out about our mentorship program?
Why are you interested in this program?
What experience and knowledge/skills do you have that are applicable to this program?
What do you hope to get out of this mentorship experience?

3. A permission document from your university stating they have no obligation over the entire span of the mentorship was also required (this depends on org to org and may not be asked as well)

Selection Mail

The LFX acceptance mail was a major achievement for me as at that period of time I was constantly getting rejections and I had absolutely no idea about how things were gonna work out for me. I was constantly doubting myself and hence this mail not only boosted my confidence but also gave me a ray of hope of achieving things by working hard towards it consistently. A major thanks to my mentor, Joe Pearson, and Troy Fine for believing in me and giving me this opportunity.

My Mentorship Journey

Starting off from the day I applied to the LFX until getting selected as an LFX Mentee and working successfully for over 3 months and a half, it felt surreal. I have been contributing to open-source projects and organizations before. But being a part of LFX gave me such a huge learning curve and a sense of credibility and ownership that I got here wouldn’t have gotten anywhere else.

I have been contributing to open-source projects and organizations before. But being a part of LFX gave me such a huge learning curve and a sense of credibility and ownership that I got here wouldn’t have gotten anywhere else.

I still remember setting up the mgmt-hub all-in-one script locally and I thought it was just a cakewalk, well it was not. I literally used to try every single day to run the script but somehow it would end up giving some errors, I used to google them and apply the results but still, it would fail. But one thing which I consistently did was share my progress regularly with my mentor, Troy no matter if the script used to fail but still I used to communicate that with Troy, I would send him logs and he used to give me some probable solutions for the same but still the script used to fail. I then messaged in the open-horizon-examples group and Joe used to help with my doubts, a huge thanks to him and Troy for helping me figure out things patiently. After over a month on April 1st, the script got successfully executed and then I started to work on the issues assigned by Troy.

These three months taught me to be consistent no matter what the circumstances are and work patiently which I wouldn’t have learned in my college. This experience would no doubt make me a better developer and engineer along with the best practices followed. A timeline of my journey has been shared here.

Checkout my contributions here
Checkout open-horizon-services repo

Concluding the program

The LFX Mentorship Program was a great great experience and I did get a great learning curve which I wouldn’t have gotten any other way. The program not only encourages developers to kick-start their open-source journey but also provides some great perks like networking, and learning from the best minds. I would like to thank my mentors Joe Pearson, Troy Fine, and Glen Darling because without their support and patience this wouldn’t have been possible. I would be forever grateful for this opportunity.

Special thanks to my mentor Troy for always being patient with me. These kind words would remain with me always although the program would have ended.

The LF Edge Mentorship program is always a great learning experience, and this year was no exception. Because of Ruchi’s work we now have more services following our best practice policies in the open-horizon-services github repository. Despite the time difference she was always flexible when it came to our sync-ups and was never afraid to ask questions or for clarification if something wasn’t clear. I hope Ruchi will continue to provide the meaningful contributions to the Open Horizon project I have seen her demonstrate throughout this mentorship program.

And yes how can I forget to plug in the awesome swags, special thanks, and gratitude to my mentor Joe Pearson for sending me such cool swags and this super cool note

If you have any queries, connect with me on LinkedIn or Twitter and I would be happy to help you out

The post LFX’22 Mentorship Experience with Open Horizon appeared first on Linux Foundation.

The post LFX’22 Mentorship Experience with Open Horizon appeared first on Linux.com.

The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022

Global visionaries headline the premier open source event in Europe to share on OSS adoption in Europe, driving the circular economy, finding inspiration through the pandemic, supply chain security and more. SAN FRANCISCO, August 4, 2022 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open Source Summit…

Source

The post The Linux Foundation Announces Keynote Speakers for Open Source Summit Europe 2022 appeared first on Linux.com.

Public-private partnerships in health: The journey ahead for open source

This original article appeared on the LF Public Health project’s blog.

The past three years have redefined the practice and management of public health on a global scale. What will we need in order to support innovation over the next three years?

In May 2022, ASTHO (Association of State and Territorial Health Officials) held a forward-looking panel at their TechXPO on public health innovation, with a specific focus on public-private partnerships. Jim St. Clair, the Executive Director of Linux Foundation Public Health, spoke alongside representatives from MITRE, Amazon Web Services, and the Washington State Department of Health.

Three concepts appeared and reappeared in the panel’s discussion: reimagining partnerships; sustainability and governance; and design for the future of public health. In this blog post, we dive into each of these critical concepts and what they mean for open-source communities.

Reimagining partnerships

The TechXPO panel opened with a discussion on partnerships for data modernization in public health, a trending topic at the TechXPO conference. Dr. Anderson (MITRE) noted that today’s public health projects demand “not just a ‘public-private’ partnership, but a ‘public-private-community-based partnership’.” As vaccine rollouts, digital applications, and environmental health interventions continue to be deployed at scale, the need for community involvement in public health will only increase.

However, community partnerships should not be viewed as just another “box to check” in public health. Rather, partnerships with communities are a transformative way to gain feedback while improving usability and effectiveness in public-health interventions. As an example, Dr. Anderson referenced the successful VCI (Vaccination Credential Initiative) project, mentioning “When states began to partner to provide data… and offered the chance for individuals to provide feedback… the more eyeballs on the data, the more accurate the data was.”

Cardea, an LFPH project that focuses on digital identity, has also benefited from public-private-community-based partnerships. Over the past two years, Cardea has run three community hackathons to test interoperability among other tools that use Cardea’s codebase. Trevor Butterworth, VP of Cardea’s parent company, Indicio, explained his thoughts on community involvement in open source: “The more people use an open source solution, the better the solution becomes through stress testing and innovation; the better it becomes, the more it will scale because more people will want to use it.” Cardea’s public and private-sector partnerships also include Indicio, SITA, and the Aruba Health Department, demonstrating the potential for diverse stakeholders to unite around public-health goals.

Community groups are also particularly well-positioned to drive innovation in public health: they are often attuned to pressing issues that might be otherwise missed by institutional stakeholders. One standout example is the Institute for Exceptional Care (IEC), a LFPH member organization focused on serving individuals with intellectual and developmental disabilities, “founded by health care professionals, many driven by personal experience with a disabled loved one.” IEC recently presented a webinar on surfacing intellectual and developmental disabilities in healthcare data: both the webinar and Q&A showcased the on-the-ground knowledge of this deeply involved, solution-oriented community.

Sustainability and governance

Sustainability is at the heart of every viable open source project, and must begin with a complete, consensus-driven strategy. As James Daniel (AWS) mentioned in the TechXPO panel, it is crucial to determine “exactly what a public health department wants to accomplish, [and] what their goals are” before a solution is put together. Defining these needs and goals is also essential for long-term sustainability and governance, as mentioned by Dr. Umair Shah (WADOH): “You don’t want a scenario where you start something and it stutters, gets interrupted and goes away. You could even make the argument that it’s better to not have started it in the first place.”

Questions of sustainability and project direction can often be answered by bringing private and public interests to the same table before the project starts. Together, these interests can determine how a potential open-source solution could be developed and used. As Jim St. Clair mentioned in the panel: “Ascertaining where there are shared interests and shared values is something that the private sector can help broker.” Even if a solution is ultimately not adopted, or a partnership never forms, a frank discussion of concerns and ideas among private- and public-sector stakeholders can help clarify the long-term capabilities and interests of all stakeholders involved.

Moreover, a transparent discussion of public health priorities, questions, and ideas among state governments, private enterprises, and nonprofits can help drive forward innovation and improvements even when there is no specific project at hand. To this end, LFPH hosts a public Slack channel as well as weekly Technical Advisory Council (TAC) meetings in which we host new project ideas and presentations. TAC discussions have included concepts for event-driven architecture for healthcare data, a public health data sharing mesh, and “digital twins” for informatics and research.

Design for the future of public health

Better partnerships, sustainability, and governance provide exciting prospects for what can be accomplished in open-source public health projects in the coming years. As Jim St. Clair (LFPH) mentioned in the TechXPO panel: “How do we then leverage these partnerships to ask ‘What else is there about disease investigative technology that we could consider? What other diseases, what other challenges have public health authorities always had?’” These challenges will not be tackled through closed source solutions—rather, the success of interoperable, open-source credentialing and exposure notifications systems during the pandemic has shown that open-source has the upper hand when creating scalable, successful, and international solutions.

Jim St. Clair is not only optimistic about tackling new challenges, but also about taking on established challenges that remain pressing: “Now that we’ve had a crisis that enabled these capabilities around contact tracing and notifications… [they] could be leveraged to expand into and improve upon all of these other traditional areas that are still burning concerns in public health.” For example, take one long-running challenge in United States healthcare: “Where do we begin… to help drive down the cost and improve performance and efficiency with Medicaid delivery? … What new strategies could we apply in population health that begin to address cost-effective care-delivery patient-centric models?”

Large-scale healthcare and public-health challenges such as mental health, communicable diseases, diabetes—and even reforming Medicaid—will only be accomplished by consistently bringing all stakeholders to the table, determining how to sustainably support projects, and providing transparent value to patients, populations and public sector agencies. LFPH has pursued a shared vision around leveraging open source to improve our communities, carrying forward the same resolve as the diverse groups that originally came together to create COVID-19 solutions. The open-source journey in public health is only beginning.

The post Public-private partnerships in health: The journey ahead for open source appeared first on Linux Foundation.

The post Public-private partnerships in health: The journey ahead for open source appeared first on Linux.com.

People of Open Source: Neville Spiteri, Wevr

This post originally appeared on the Academy Software Foundation’s (ASWF) blog. The ASWF works to increase the quality and quantity of contributions to the content creation industry’s open source software base. 

Tell us a bit about yourself – how did you get your start in visual effects and/or animation? What was your major in college?

I started experimenting with the BASIC programming language when I was 12 years old on a ZX81 Sinclair home computer, playing a game called “Lunar Lander” which ran on 1K of RAM, and took about 5 minutes to load from cassette tape.

I have a Bachelor’s degree in Cognitive Science and Computer Science.

My first job out of college was a Graphics Engineer at Wavefront Technologies, working on the precursor to Maya 1.0 3D animation system, still used today. Then I took a Digital Artist role at Digital Domain.

What is your current role?

Co-Founder / CEO at Wevr. I’m currently focused on Wevr Virtual Studio – a cloud platform we’re developing for interactive creators and teams to more easily build their projects on game engines.

What was the first film or show you ever worked on? What was your role?

First film credit: True Lies, Digital Artist.

What has been your favorite film or show to work on and why?

TheBlu 1.0 digital ocean platform. Why? We recently celebrated TheBlu 10 year anniversary. TheBlu franchise is still alive today. At the core of TheBlu was/is a creator platform enabling 3D interactive artists/developers around the world to co-create the 3D species and habitats in TheBlu. The app itself was a mostly decentralized peer-to-peer simulation that ran on distributed computers with fish swimming across the Internet. The core tenets of TheBlu 1.0 are still core to me and Wevr today, as we participate more and more in the evolving Metaverse.

How did you first learn about open source software?

Linux and Python were my best friends in 2000.

What do you like about open source software? What do you dislike?

Likes: Transparent, voluntary collaboration.

Dislikes: Nothing.

What is your vision for the Open Source community and the Academy Software Foundation?

Drive international awareness of the Foundation and OSS projects.

Where do you hope to see the Foundation in 5 years?

A global leader in best practices for real-time engine-based production through international training and education.

What do you like to do in your free time?

Read books, listen to podcasts, watch documentaries, meditation, swimming, and efoiling!

Follow Neville on Twitter and connect on LinkedIn.  

The post People of Open Source: Neville Spiteri, Wevr appeared first on Linux Foundation.

The post People of Open Source: Neville Spiteri, Wevr appeared first on Linux.com.

OSS Security Highlights from the 2022 Open Source Summit North America

By Ashwin Ramaswami

Last month, we just concluded the Linux Foundation’s 2022 Open Source Summit North America (OSS NA), when developers, technologists, and community leaders from industry, academia, and government converged in Austin, Texas, from June 21-24 to talk about all things open source. Participants and speakers highlighted open source innovation and efforts to ensure a sustainable open source ecosystem.

What did the summit tell us about the state of OSS security? Several parts of the conference addressed different aspects of this issue – OpenSSF Day, Critical Software Summit, SupplyChainSecurityCon, and the Global Security Vulnerability Summit. Overall, the summit demonstrated an increased emphasis on open source security as a community effort with various stakeholders. More ambitious and innovative approaches to handling the open source security problem – including collaboration, tools, and training – were also introduced. Finally, the summit highlighted the importance for open source users to give back to the community and contribute upstream to the projects they depend on.

Let’s explore these ideas in more detail!

Click on the list on the upper right of this video to view the entire OpenSSF Day playlist (13 videos)

Open source security as a community effort

Open source security is not just an isolated effort by users or maintainers of open source software. As OSS NA showed, the stakes of open source security have turned it into a community effort, where a wide variety of diverse stakeholders have an interest and are beginning to get involved.

As Todd Moore (IBM) mentioned in his keynote, incidents such as log4shell have made open source security a bigger priority for governments – and it is important for existing open source stakeholders, both users and maintainers, to work as a community to take a cohesive message back to the government to articulate our community’s needs and how we are responding to this challenge.Speakers at a panel discussion with the Atlantic Council’s Cyber Statecraft Initiative and the Open Source Security Foundation (OpenSSF) discussed the summit held by OpenSSF in Washington, DC on May 12 and 13, where representatives from industry and government met to develop the Open Source Software Security Mobilization Plan, a $150 million plan for better securing the open source ecosystem.A panel discussion explored how major businesses are working together to improve the security of the open source supply chain, particularly through the governance structure of the OpenSSF.

New approaches to address open source security

OSS NA featured several initiatives to address fundamental open source security issues, many of which were particularly ambitious and innovative.

The OpenSSF’s Alpha-Omega Project was announced to address software vulnerabilities for OSS projects that are most critical (alpha) and at the long tail (omega).Eric Brewer (Google) gave a keynote discussing the fundamental problem of ensuring accountability in the open source software supply chain. One way of solving this is through curation: creating a repository of vetted and secure packages.Standards continue to be important, as always: Art Manion (CERT/CC) discussed the history and future of the CVE Program, while Jennings Aske (New York-Presbyterian Hospital) and Melba Lopez (IBM) discussed the importance of a Software Bill of Materials (SBOM).The importance of security tooling was emphasized, with discussions on tools such as sigstore, automation of security checks through Infrastructure as Code tools, and CI/CD pipelines.David Wheeler (Linux Foundation) discussed how education in secure software development is critical to ensuring open source software security. Courses like the OpenSSF’s Secure Software Development Fundamentals Courses are available to help developers learn this topic.

Giving back to the community

Participants at the summit recognized that open source security is ultimately a matter of community, governance, and sustainability. Projects that don’t have the right resources or governance structure may not be able to ensure their projects are secure or accept the right funding to do so.

Steve Hendrick (Linux Foundation) and Matt Jarvis (Snyk) discussed the release of the 2022 State of Open Source Security report from Snyk and the Linux Foundation. The report noted that open source software is often a one-way street where users see significant benefits with minimal cost or investment. It is recommended that organizations need to close the loop and give back to OSS projects they use for larger open source projects to meet user expectations.Aeva Black (Microsoft) discussed approaches to community risk management through drafting and enforcing a code of conduct, and how ignoring community health can lead to sometimes catastrophic technical outcomes for OSS Projects.Sean Goggins (CHAOSS) discussed the relationship between community health and vulnerability mitigation in open source projects by using metrics models from the CHAOSS projects.Margaret Tucker and Justin Colannino (GitHub) discussed the role that package registries have in open source security, beginning to formulate some principles that would balance these registries’ responsibility for safety and reliability with the freedom and creativity of package maintainers.Naveen Srinivasan (Endor Labs) and Laurent Simon (Google) explored the OpenSSF Scorecard to more easily analyze the security of open source projects and proactively improve their security.Amir Montazery (OSTIF) discussed the Open Source Technology Improvement Fund’s efforts to help OSS maintainers to work with security experts to improve their projects’ security posture.

Conclusion

In sum, the talks and conversations at OSS Summit NA help paint a picture of how key stakeholders in the open source software ecosystem – OSS communities, industry, academia, and government – are thinking about conceptualizing big-picture issues and directing efforts around OSS security.

But these initiatives and talks still have a lot of room for input! Whether individually or through your institution, consider adding your voice to this discussion as we continue to support the open source software community. Join an OpenSSF working group, another initiative, or contribute upstream to open source projects that you depend on.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux Foundation.

The post OSS Security Highlights from the 2022 Open Source Summit North America appeared first on Linux.com.

Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things

This post originally appeared on the Hyperledger Foundation’s blog. You can read the full case study here

Some years ago, researchers realized that IoT devices would need to buy and sell from one another. In this “Economy of Things,” the items to be traded will include power, data, and connectivity. Most transactions will be fast, low value, and high frequency.

For a company like The Bosch Group that’s active in everything from autonomous vehicles to thermal plants, the Economy of Things will touch many lines of business. That’s why, in 2017, the company’s advanced research group, Bosch Research, was looking to find a way to scale up blockchain transactions to support the Economy of Things.

Bosch set out to do meet that requirement by leveraging a specific, step-by-step open source strategy for developing new markets:

Identify a requirement
Set goals
Consider the terrain
Build a partnership
Pick a suitable license
Use open source archetypes

The goals were to lead an effort to create standards for the Economy of Things and to build a framework where different partners could work together.

A survey for likely partners led the Bosch team to Perun, an early layer-2 protocol that passes state information off-chain through virtual channels. Bosch joined forces with several academics to implement this protocol and start creating an ecosystem.

As part of the process, Perun needed a stable home where everyone could access the latest code, and other people could find it. Hyperledger Labs provides a space where developments can be started without the overhead of creating an official Hyperledger project.

In Q3 2020, Perun was welcomed into Hyperledger Labs, and development has continued with work from the team at Boch and PolyCrypt GbmH, a startup spun out of the Technical University Darmstadt, where much of the academic research behind Perun began.

The Bosch team was eager to talk about its approaches and contributions to Hyperledger Foundation. To that end, they worked with Hyperledger marketing and others in the Perun community on a case study that details not only the business and technology challenges they’ve set out to tackle but also the strategic way they are leveraging open source development to advance the industry for all.

We never know what technology will turn into the Next Big Thing.

Perhaps Perun will be one of them, powering billions of micropayments between IoT devices or enabling people to shop with Central Bank Digital Currencies (CBDCs) that are still on the drawing board today.

Read the full case study here.

The post Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things appeared first on Linux Foundation.

The post Bosch leverages open source model; teams with PolyCrypt to tackle blockchain for the Economy of Things appeared first on Linux.com.