Linux Foundation Newsletter: April 2023
The Linux Foundation | 27 April 2023
In this edition, catch up on big news stemming from KubeCon CloudNativeCon Europe, including the EU Cyber Resiliency Act, the launch of the TLA+ Foundation, a new World of Open Source survey, and recently published reports from LF Research on the business value of the OSPO and best practices on managing open source projects on GitHub.
- LF Europe GM Gabriele Columbro on the EU Cyber Resilience Act
- Announcing the TLA+ Foundation
- Participate in the World of Open Source Global Spotlight Survey
- New Research on the Business Value of the OSPO, Managing Open Source Projects on GitHub
- LFX Mentorship
- Upcoming events
- Diversity, equity, and inclusion
- Linux Foundation project news and updates
- LF in the Media
- Follow us
Interested in reading our Training newsletter? Click here to subscribe.
LF Europe GM Gabriele Columbro on the EU Cyber Resilience Act
LF Europe GM Gabriele Columbro at KubeCon CloudNativeCon Europe 2023
The European Union's Cyber Resilience Act (CRA) is currently being debated in the European Parliament and Council. The Act aims to improve cybersecurity and the security of the software supply chain in the European Union, but there are concerns that the current draft may unfairly assign liability to open source developers and non-profit foundations that host open source software.
Gabriele Columbro, LF Europe General Manager, recently gave a keynote address at KubeCon CloudNativeCon Europe 2023, calling for the open source community to take action to help amend the CRA to better safeguard their interests.
In his keynote, Gabriele explained the risks associated with the CRA in its current form, stating that it could "fragment open source – and load risk onto devs." Gabriele's concerns about the CRA in its current form were also reported by DevClass, highlighting the risks associated with the legislation.
Linux Foundation Europe has also taken several actions to support this effort, including working under the auspices of Open Forum Europe to propose concrete amendments, educating participants about the legislation, co-signing an open letter with other open source foundations, hosting a panel discussion at KubeCon and CloudNativeCon Europe, and is working to create venues for ongoing cross-foundation policy collaboration.
The voice of the open source community should be heard: you can get actively involved by contacting Linux Foundation Europe or joining the LF Europe Discord Server. The Linux Foundation is committed to working with policymakers to ensure that any cybersecurity and software supply chain security legislation strikes an appropriate balance between security objectives and the health of the open source community.
Announcing the TLA+ Foundation
The Linux Foundation has launched the TLA+ Foundation, which aims to promote adopting and developing the TLA+ programming language and its community of practitioners. TLA+ is a high-level language for modeling programs and systems, especially concurrent and distributed ones, and it helps detect design flaws early in the development process.
Inaugural members of the TLA+ Foundation include Amazon Web Services (AWS), Oracle, and Microsoft. The foundation will promote adoption, provide education and training resources, fund research, develop tools, and build a community of TLA+ practitioners. It will also serve as the language committee, ensuring the continuous improvement and evolution of the TLA+ language. For more information, view the TLA+ Foundation website.
The launch has been well received in the media. Here’s a roundup of the TLA+ coverage:
- Embedded Computer Design: TLA+ Foundation Corrects Early Errors Saving Time and Money
- Infoworld: Linux Foundation launches TLA+ language foundation
- TechCrunch: Daily Crunch: Starting today, Twitter says all advertisers must obtain verified accounts
- The New Stack: TLA+ App Modeling Language Comes Correct with a Proper Foundation
- TFiR: Linux Foundation Launches TLA+ Foundation To Promote Adoption Of Formal Methods For Robust Software
Participate in the World of Open Source Global Spotlight 2023 Survey
Take the Linux Foundation’s World of Open Source: Global Spotlight 2023 Survey and share your perspective on the state of open source worldwide. The survey will explore regional open source trends and investigate using and adopting open source technologies and best practices. The survey takes only 10-15 minutes to complete, and upon completion, you'll receive a 25% discount on any Linux Foundation e-learning training course or certification exam.
New Research on the Business Value of the OSPO, Managing Open Source Projects on GitHub
The Business Value of the OSPO, a new report by the TODO Group and industry experts explores the value of Open Source Program Offices (OSPOs) from a business perspective. The report includes insights from OSPO leaders around the world on what makes an OSPO valuable, how to measure that value, and how to navigate challenges. Whether starting an OSPO or working with an established program, readers will gain tools to communicate and measure the value of OSPOs. Read the report here.
The Linux Foundation has just released a report highlighting Recommended Practices for Hosting and Managing Open Source projects on GitHub. Written by Ibrahim Haddad, Ph.D., LF VP of Strategic Programs (AI and Data) and featuring a foreword by Jeff McAffer, Senior Director of Product at GitHub, the report offers recommendations for enhancing the engagement, organization, and understandability of projects, covering everything from documentation to embedding open source principles. The aim is to help developers make the most of the platform's tools and opportunities. Read the report here.
Image: Speakers at KubeCon CloudNativeCon Europe 2023.
Summer 2023 LFX Mentorships have been announced. Projects include CNCF, GraphQL, Hyperledger, LF Networking, Linux Kernel, OpenHPC, Open Mainframe Project, and RISC-V. Plan to visit the LFX Mentorship Program site to check eligibility, browse and apply.
- BLOG: Do I Belong? Investigating Belonging in Open Source through the Sense of Virtual Community
- BLOG: Behind the scenes of running Linux Kernel Mentorship Programs
- OpenSSF Day North America May 10, Vancouver
- Linux Security Summit North America, May 10-12, Vancouver
- cdCon + GitOpsCon May 8-9, Vancouver
- Linux Storage, Filesystem, MM + BPF Summit, May 8-9, Vancouver
- LF Energy Summit, Jun 1-2, Paris
To register (for in-person attendance or virtual), please view our full calendar of events here, and be sure to subscribe to our events newsletter. Check out our Flickr stream for photos of past events!
Diversity, equity, and inclusion
- The next Making Our Strong Community Stronger, a collaborative initiative sponsored by BMC, Broadcom Mainframe Software, IBM, Open Mainframe Project, Rocket Software, TechChannel, and VirtualZ Computing, is hosting a live conversation on May 17 at 9 am PST/12 pm EST about “Fostering Inclusive Work Environments for the LGBTQIA+ Community.” LF Energy’s Dan Brown is one of the panelists who will share his personal journey. Learn more.
- Learn from some of PyTorch's great women contributors Peng Wu, Lin Qiao, Parinita Rahi, Geeta Chauhan, and Natalia Gimelshein, how we can continue to support women in tech.
- Check out our new Diversity & Inclusivity resources page; Diversity Scholarships are offered for events. For more eligibility information and how to apply, please visit the individual event’s website (all listed here), click the “Attend” tab, and select the “Registration Scholarships” option.
- The Shubhra Kar Linux Foundation Training (LiFT) Scholarship Program is taking applications through April 30.
- The Linux Foundation's Travel Fund provides open source developers and community members with financial support to attend events they may not have been able to otherwise and prioritizes those from underrepresented or lower socioeconomic groups. Learn more about the fund and how to apply.
Linux Foundation project news and updates
(Image: “Open Source Utopia” by Jason Perlow, Bing Image Creator)
- Education Program Manager Barbaño González has written two great Linux.com blogs about contributing to open source, AsyncAPI: A Springboard for Open Source Professionals, and Multiculturalism in Technology and its Limits: AsyncAPI and the Long Road to Open Source Utopia
- Delta Lake and Ray are two open source tools that enable scalable and reliable data processing and machine learning pipelines. Learn how to use the new deltaray in this article.
- AWS Lambda now supports the deltalake package for read and write access to Delta Lake tables with the latest release of AWS SDK for pandas (2.20) layer. Find out more about the benefits of using Delta Lake from AWS Lambda and how to build your own Lambda layer with deltalake.
- Delta Lake 2.3.0 on Apache Spark 3.3 has been released with new features such as zero-copy convert to Delta from Iceberg tables, support for idempotent writes for DML operations, and support for reading Change Data Feed (CDF) in SQL queries. Check out the full list of features.
- Join Gerhard Brueckl and Denny Lee for a live session on the journey from traditional BI and data warehousing to highly scalable big data solutions using Apache Spark and Delta Lake and the role of Power BI and Databricks. RSVP here!
- Shuah Khan, Linux Fellow at the Linux Foundation and member of the ELISA Project TSC, and Shefali Sharma, a senior student at the Meerut Institute of Engineering and Technology in India and ELISA Project Mentee in 2022, offer an update on how to discover the linux kernel subsystems used by a workload.
- Philipp Ahmann, Chair of the ELISA Project TSC, and Sudip Mukherjee, Member of the ELISA Tools Working Group, shares how automation tools make it easier for collaboration particularly ELISA’s CI enablement.
- The schedule for the Safety-Critical Software Summit, sponsored by the ELISA Project, is now live. Check out the full schedule here. Register to join the Linux community in Prague, Czech Republic, or virtually on June 27-30.
- The LF Energy Summit is coming to Paris, France on June 1-2. cloud7 has published an overview of the event, and LF Energy Head of Communications Dan Brown previews some of the highlights in a video.
- The EVerest Project aims to ensure EV charging is interoperable and easily deployed, has graduated to Early Adoption, and released version 2023.3.0 of the EVerest-Core, providing a 50x boost to ISO charging speed.
- LF Energy aims to create an open specification around carbon accounting. A new video featuring Daniel Roesler of UtilityAPI explains this initiative.
- Open source is making its way into the digital strategies of power grid operators, as evidenced by a case study about LF Energy member RTE in this recent article from Think Smartgrids.
- LF Energy has been selected as part of the Climate Tech 100 from Climate Tech Review. In an interview, LF Energy Governing Board Chair Lucian Balea explains how LF Energy works to speed up the energy transition and address existing barriers.
- FinOps X is happening from June 27-30, where you can invest in your FinOps career, knowledge, and connect with practitioners across the globe. A new speaker lineup and agenda showcases technical content from FinOps experts.
- A new FinOps assessment tool is available to help organizations assess their capabilities and benchmark their progress toward their goals.
- Connect with the local FinOps community through FinOps events, including regional meetups, virtual summits, and upcoming Roadshows in NYC, Stockholm, and London.
- FINOS is hosting a virtual Global Accessibility Awareness Day Hackathon from April 24 to May 18 and another hackathon in-person at BMO in NYC on May 3-4.
- The Member Meeting will occur in London on June 14-15.
- The Open Source in Finance Forum (OSFF) will occur on November 1, and the CFP is now open. You can also sponsor and register your interest.
- A new case study details the Hyperledger Fabric-powered exchange for plant-sourced water that Fujitsu developed for Botanical Water Technologies.
- Brazil’s Central Bank announced the start of a formal pilot for its bank digital currency (CBDC), built using Hyperledger Besu.
- Daniela Barbosa, Hyperledger Foundation’s executive director, was featured by Cointelegraph as one of seven women “shaping the future of crypto and Web 3.”
- Heather Dahl, CEO of Indicio and Hyperledger Foundation board member, penned a thoughtful take on “The Role of Decentralized Identity in Implementing the White House National Cybersecurity Strategy.”
- TODO is preparing for the 2023 OSPO survey and is inviting organizations and open source projects to become partners for this upcoming survey. The survey will focus on insights into the adoption and impact of OSPOs across sectors and industries, balancing openness and control in OSPOs, and the security and sustainability of open source ecosystems.
- The OSPO Mind Map project has added Chinese and Japanese versions to its interactive visual representation of an Open Source Program Office's responsibilities, roles, behavior, and team size within an organization. The mind map helps OSPO practitioners and others engaging with OSPO roles understand the different elements of an OSPO and how it can be structured.
- OpenAI’s groundbreaking ChatGPT uses the OpenAPI Initiative’s OAS to enable the building of plugins to connect ChatGPT to third-party applications.
- The new Release of Node.js Version 16.20.0 is now available.
- OpenJS World, part 2, is scheduled, and the CFP is open! Join us in Bilbao, Spain, September 19-23. Check out the guidelines and details in our blog.
- We have two OpenJS Collaborator Summits planned for this year - one in Vancouver, Canada, and one in Bilbao, Spain. Join us by registering today!
- Standards concise guides are now available! Check out the guides to finding and resolving web standards published on the /standards repo.
Open 3D Engine (O3DE)
- Together with AWS, Red Hat, and the International Game Developers Association, the Open 3D Foundation is hosting O3DE's first jam on May 5-7. Submissions can be 3D graphics, games, simulations, or anything else built with O3DE and aligned with the theme, Navigating the Wasteland.
- Two new tutorials are now available to help you easily port a vast array of assets into O3DE from Sketchfab, Unreal Engine, and many other sources.
- The world’s first VSCode Debugger Extension is now available to debug Lua scripts on O3DE.
- To learn more about how the O3DE community is helping advance the standardization of mobile graphics, listen to this panel discussion with AWS, Carbonated, Heroic Labs, Huawei, Imagination Technologies, and OPPO.
Open Metaverse Foundation (OMF)
- Building an interoperable infrastructure for the Metaverse is a monumental and exciting task requiring open collaboration. Read this blog to learn how we establish clear priorities, define tangible steps, and get work done.
- Join us at the Open Metaverse Summit (co-located with Open Source Summit) in Vancouver on May 10-12 to explore the power of open source in helping realize the promise of the Metaverse. View the full agenda here. Register by April 23 to save US$250 off in-person registration, and for an additional 20% off, use code OSSNA23OPENMETA.
Open Mainframe Project
- Open Mainframe Project announces new 2023 Ambassadors - learn more about how these thought leaders will contribute to the project and fun facts like a competitive tango dancer, a chef that cooks global food, and someone who hasn’t owned a television in 15 years.
- Under the Open Mainframe Project, GenevaERS combines the processing capability of a high-level mainframe reporting solution and open-source techniques to become a data extraction and transformation engine specifically tuned for high-volume systems. Learn more in this video.
- Andreas Krebbel, a Linux on zSystems AI and Compiler Developer at IBM Research and Development GmbH, introduced the AI hardware capabilities of the IBM z16 at Open Mainframe Summit. Watch here.
- PyTorch 2.0 is making progress with the help of its members and partners. Check out their latest blogs from Hugging Face, Google, Meta, AMD, Microsoft, and Intel.
- The PyTorch Foundation celebrated six months of its inception in March, with a focus on PyTorch 2.0, ecosystem partners, and community growth.
- Join the first PyTorch Foundation Mini Summit at Open Source Summit North America on May 9th to learn about new releases, ML/DL development, production trends, and how to get involved. Registration is open now.
- RISC-V Summit 2023 is in Santa Clara, California, November 7-8.
- RISC-V Foundational Associate Certification is now available in English and Mandarin.
- RISC-V Summit Europe is on June 5-9 in Barcelona, with open registration and available sponsorships.
- Embedded World 2023 showcased RISC-V technologies; its talks can be watched on YouTube.
- Several security initiatives are progressing this year, including the AP-TEE interface proposal, SPMP extension, and the shadow stacks and landing pads extension.
Open Source Security Foundation (OpenSSF)
- The OpenSSF Day North America Agenda is now live! Register for OpenSSF Day on May 10th in Vancouver.
- Town Hall: Improving Open Source Security Through Collaboration
- We have clarified the terms that apply when users submit data to the community-hosted instance of Sigstore, so Mike Dolan of the Linux Foundation explains the changes
- We launched a new series featuring an OpenSSF Working Group each month. First up? OpenSSF Best Practices Working Group that provides security guidance and tools for open source developers by WG Lead Christopher “CRob” Robinson
- Jacques Chester of Shopify and Brandon Lum of Google discuss Taking the Pulse of Leading Software Repositories’ Security
- Rebecca Rumbul, Executive Director & CEO of the Rust Foundation, explores the Role of Foundations in Securing OSS
- New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security by David A. Wheeler, the Linux Foundation; John Speed Meyers, Chainguard; Mikaël Barbero, Eclipse Foundation; and Rebecca Rumbul, Rust Foundation.
SPDX and Software Bill of Materials (SBOMs)
- The New Stack: Creating a Minimum Elements SBOM Document in 5 Minutes
- Kate Stewart and Chris Blask, Chief Evangelist of Cybeats, present on SBOMs at the RSAC Conference
- Vincent Danen of Red Hat and Tracy Ragan of DeployHub explore the topic: SBOMs, So Far, So Good, So What?
- Josh Bressers of Anchore and Kate Stewart of the Linux Foundation provide an update on SBOM Everywhere and Python SPDX-Tools
- The Cybersecurity and Infrastructure Security Agency (CISA) has released two important reports on Software Bill of Materials (SBOM). The first report aims to help readers choose suitable SBOM-sharing solutions based on various factors, while the second report outlines different types of SBOMs drafted by a community-led working group on SBOM Tooling and Implementation. This is not the SPDX community's first collaboration with Federal agencies. They previously worked with NTIA to conduct PoCs in highly regulated industries like Healthcare, which successfully addressed operational and cyber risks.
- Stephen Berard, Chief Technology Officer at Nubix, shares why they moved from FreeRTOS to Zephyr RTOS.
- If you weren’t at Embedded World in Nuremberg, Germany, Susan Remmert shares a recap of the demos, on-site activities, and videos to check out.
- Missing interrupts with Zephyr RTOS on the Microbit V2.21 - Frank Duignan, Electronics Engineer and Lecturer at TU Dublin, Ireland, offers a tutorial here.
- The Zephyr Developer Summit schedule is now live - check out all the virtual sessions and register to join the Zephyr community in Prague, Czech Republic, on June 27-30 today.
LF in the Media
- Auterion partners with Dronecode Foundation to advance drone open standards.
- News on the Overture Maps Foundation
- Linux 6.3, a “nice, controlled” release
- Coverage of OpenSSF SLSA 1.0 release
- IBM acquires Ahana and joins Presto Foundation, proving permissive OSS models are better for ecosystem and community development.
- The CNCF has sparked discussions about the environmental impact of systems and software design, which are now gaining traction among developers and are considered important factors in the tech industry.
- Companies are moving away from DIY Kubernetes, opting for vendor-supplied solutions and service providers, according to a recent survey.
- KubeEdge attains SLSA Level 3 compliance, a CNCF incubating project for the supply chain.
- Wayfair uses open source, cloud native, and Kubernetes to build and run its platform.
- Grafana supports CNCF's OpenTelemetry.
- Isovalent writes about how eBPF is changing cloud-native with a new OS-level abstraction layer and extending all new functionality into the kernel.
- AMD's Pensando DPU Switch acquisition shows progress on Open Programmable Infrastructure.
- Interview with Calista Redmond on RISC-V in the datacenter
- Another part of a great Q&A series on RISC-V verification tooling
- RISC-V could benefit from AMD price increases in IPO run-up.
- Nordic combines ARM and RISC-V cores in chips for advanced wearables, smart homes, Matter designs, and medical, audio, industrial, and gaming sectors.
- Tenstorrent shares the roadmap of Ultra-High-Performance RISC-V CPUs and AI accelerators.
- Bloomberg's new GPT models are powered by PyTorch.
- PyTorch 2.0 compiler improvements are impressive, as reported by various sources.
- An article on creating metaverse standards mentions ONNX [Open Neural Network Exchange], an open standard for machine learning interoperability.
- LF Fellow Shuah Khan provides insights into supported Linux system calls and features to assess the security of the system and its runtime activity.
Follow the Linux Foundation on social media to get all the latest info, updates on upcoming events, and breaking news and announcements from the global open source ecosystem. Follow us here: Mastodon, Twitter, Facebook, and LinkedIn.
2023 Compliance and Security Cloud Computing Projects Linux How-To Diversity & Inclusion Open Source Open Source Best Practices 2022 Cross Technology Training and Certification Newsletter 2024 LFX AI LF Research Legal Research Networking and Edge Topic: Data Blog Data Governance Featured LF Energy Linux Linux Foundation Open Mainframe Open Models OpenChain System Administration Topic: Security eBPF generative AI kernel license compliance maintainer techtalentsurvey