Tag Archives: Linuxcom

Happy 30th, Linux! – Linux.com


“I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).

I’ve currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I’ll get something practical within a few months, and I’d like to know what features most people would want. Any suggestions are welcome, but I won’t promise I’ll implement them :-)”

With that note to an online newsgroup 30 years ago today, Linus Torvalds announced what would become arguably the most significant piece of software in history – Linux. Since August 25, 1991, Linux has grown to power all the world’s supercomputers, most mobile devices, financial exchanges, space stations and rovers, and serve as the backbone of the cloud and the internet itself. Companies, organizations, governments and individuals around the world rely on it to conduct business and live their lives every single day.

Our upcoming 2021 Open Source Jobs Report, which will be released in late September, will reveal that demand for Linux talent is as strong as ever, especially as companies rebound from the COVID-19 pandemic. That means now is the perfect time to improve your Linux skills, which is why through the end of 2021 we are offering 30% off select Linux-focused training courses and certification exams in recognition of the 30th anniversary (use code LINUX30 at checkout).

Programs in this offer include:

Certifications:

Linux Foundation Certified IT Associate (LFCA) – Demonstrates knowledge of fundamental IT concepts including operating systems, software application installation and management, hardware installation, use of the command line and basic programming, basic networking functions, security best practices, and other related topics to validate your capability and preparedness for an entry-level IT position.
Linux Foundation Certified System Administrator (LFCS) – Demonstrates you have the ability to design, install, configure, and manage a system installation, and understand key concepts such as networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users. The discount is valid for the standalone exam or bundled with the associated training course.
Linux Foundation Certified Engineer (LFCE) – Demonstrates your ability to deploy and configure the Linux operating system at enterprise scale, and shows you possess all the necessary skills to work as a Linux engineer. The discount is valid for the standalone exam or bundled with the associated training course.

eLearning Courses:

Essentials of Linux System Administration (LFS201) – In this eLearning course, you’ll learn how to administer, configure and upgrade Linux systems running one of the three major Linux distribution families (Red Hat, SUSE, Debian/Ubuntu). You’ll also learn all the tools and concepts you need to efficiently build and manage a production Linux infrastructure. This course also serves as preparation for the LFCS exam.
Linux Networking and Administration (LFS211) – In this eLearning course, you will learn how to design, deploy and maintain a network running under Linux; how to administer the network services; the skills to create and operate a network in any major Linux distribution; how to securely configure the network interfaces; and how to deploy and configure file, web, email and name servers. This course also serves as preparation for the LFCE exam.

To take advantage of this offer, use code LINUX30 at checkout. 

Here’s to 30 more years of Linux innovation!

The post Happy 30th, Linux! appeared first on Linux Foundation – Training.

Linux GECOS information demystified – Linux.com




If you ever wanted to know what GECOS is and why it’s important to you, here are the answers
Read More at Enable Sysadmin



What is an SBOM? – Linux.com


The National Telecommunications and Information Administration (NTIA) recently asked for wide-ranging feedback to define a minimum Software Bill of Materials (SBOM). It was framed with a single, simple question (“What is an SBOM?”), and constituted an incredibly important step towards software security and a significant moment for open standards.

From NTIA’s SBOM FAQ  “A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules that are required to build (i.e. compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access.”  SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.

The ISO International Standard for open source license compliance (ISO/IEC 5230:2020 – Information technology — OpenChain Specification) requires a process for managing a bill of materials for supplied software. This aligns with the NTIA goals for increased software transparency and illustrates how the global industry is addressing challenges in this space. For example, it has become a best practice to include an SBOM for all components in supplied software, rather than isolating these materials to open source.

The open source community identified the need for and began to address the challenge of SBOM “list of ingredients” over a decade ago. The de-facto industry standard, and most widely used approach today, is called Software Package Data Exchange (SPDX). All of the elements in the NTIA proposed minimum SBOM definition can be addressed by SPDX today, as well as broader use-cases.

SPDX evolved organically over the last decade to suit the software industry, covering issues like license compliance, security, and more. The community consists of hundreds of people from hundreds of companies, and the standard itself is the most robust, mature, and adopted SBOM in the market today. 

The full SPDX specification is only one part of the picture. Optional components such as SPDX Lite, developed by Pioneer, Sony, Hitachi, Renesas, and Fujitsu, among others, provide a focused SBOM subset for smaller supplier use. The nature of the community approach behind SPDX allows practical use-cases to be addressed as they arose.

In 2020, SPDX was submitted to ISO via the PAS Transposition process of Joint Technical Committee 1 (JTC1) in collaboration with the Joint Development Foundation. It is currently in the approval phase of the transposition process and can be reviewed on the ISO website as ISO/IEC PRF 5962.

The Linux Foundation has prepared a submission for NTIA highlighting knowledge and experience gained from practical deployment and usage of SBOM in the SPDX and OpenChain communities. These include isolating the utility of specific actions such as tracking timestamps and including data licenses in metadata. With the backing of many parties across the worldwide technology industry, the SPDX and OpenChain specifications are constantly evolving to support all stakeholders.

Industry Comments

The Sony team uses various approaches to managing open source compliance and governance… An example is using an OSS management template sheet based on SPDX Lite, a compact subset of the SPDX standard. Teams need to be able to review the type, version, and requirements of software quickly, and using a clear standard is a key part of this process.

Hisashi Tamai, SVP, Sony Group Corporation, Representative of the Software Strategy Committee

“Intel has been an early participant in the development of the SPDX specification and utilizes SPDX, as well as other approaches, both internally and externally for a number of open source software use-cases.”

Melissa Evers, Vice President – Intel Architecture, Graphics, Software / General Manager – Software Business Strategy

Scania corporate standard 4589 (STD 4589) was just made available to our suppliers and defines the expectations we have when Open Source is part of a delivery to Scania. So what is it we ask for in a relationship with our suppliers when it comes to Open Source? 

1) That suppliers conform to ISO/IEC 5230:2020 (OpenChain). If a supplier conforms to this specification, we feel confident that they have a professional management program for Open Source.  

2) If in the process of developing a solution for Scania, a supplier makes modifications to Open Source components, we would like to see those modifications contributed to the Open Source project. 

3) Supply a Bill of materials in ISO/IEC DIS 5962 (SPDX) format, plus the source code where there’s an obligation to offer the source code directly, so we don’t need to ask for it.

Jonas Öberg, Open Source Officer – Scania (Volkswagen Group)

The SPDX format greatly facilitates the sharing of software component data across the supply chain. Wind River has provided a Software Bill of Materials (SBOM) to its customers using the SPDX format for the past eight years. Often customers will request SBOM data in a custom format. Standardizing on SPDX has enabled us to deliver a higher quality SBOM at a lower cost.

Mark Gisi, Wind River Open Source Program Office Director and OpenChain Specification Chair

The Black Duck team from Synopsys has been involved with SPDX since its inception, and I had the pleasure of coordinating the activities of the project’s leadership for more than a decade. In addition, representatives from scores of companies have contributed to the important work of developing a standard way of describing and communicating the content of a software package.

Phil Odence, General Manager, Black Duck Audits, Synopsys

With the rapidly increasing interest in the types of supply chain risk that a Software Bill of Materials helps address, SPDX is gaining broader attention and urgency. FossID (now part of Snyk) has been using SPDX from the start as part of both software component analysis and for open source license audits. Snyk is stepping up its involvement too, already contributing to efforts to expand the use cases for SPDX by building tools to test out the draft work on vulnerability profiles in SPDX v3.0.

Gareth Rushgrove, Vice President of Products, Snyk

For more information on OpenChain: https://www.openchainproject.org/

For more information on SPDX: https://spdx.dev/

References:

The post What is an SBOM? appeared first on Linux Foundation.

Happy anniversary Enable Sysadmin – Linux.com




Let’s celebrate two years of growth and community.
Read More at Enable Sysadmin



Page not found – Linux.com


Copyright © 2019 The Linux Foundation®. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds.