Modalità di lettura

↗️

Automating Compliance Management with UTMStack’s Open Source SIEM & XDR

✇Linux.com
di: Linux.com Editorial Staff

Achieving and maintaining compliance with regulatory frameworks can be challenging for many organizations. Managing security controls manually often leads to excessive use of time and resources, leaving less available for strategic initiatives and business growth.

Standards such as CMMC, HIPAA, PCI DSS, SOC2 and GDPR demand ongoing monitoring, detailed documentation, and rigorous evidence collection. Solutions like UTMStack, an open source Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) solution, streamlines this complex task by leveraging its built-in log centralization, correlation, and automated compliance evaluation capabilities. This article explores how UTMStack simplifies compliance management by automating assessments, continuous monitoring, and reporting.

Understanding Compliance Automation with UTMStack

UTMStack inherently centralizes logs from various organizational systems, placing it in an ideal position to dynamically assess compliance controls. By continuously processing real-time data, UTMStack automatically evaluates compliance with critical controls. For instance, encryption usage, implementation of two-factor authentication (2FA) and user activity auditing among many others can be evaluated automatically.

Figure 1: Automated evaluation of Compliance framework controls.

Example Compliance Control Evaluations:

  • Encryption Enforcement: UTMStack continuously monitors logs to identify instances where encryption is mandatory (e.g., data in transit or at rest). It evaluates real-time compliance status by checking log events to confirm whether encryption protocols such as TLS are actively enforced and alerts administrators upon detection of potential non-compliance. The following event, for example would trigger an encryption control failure:

    “message”: [{“The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate”.}]
  • Two-Factor Authentication (2FA): By aggregating authentication logs, UTMStack detects whether 2FA policies are consistently enforced across the enterprise. Compliance is assessed in real-time, and automated alerts are generated if deviations occur, allowing immediate remediation. Taking Office365 as an example, the following log would confirm the use of 2FA in a given use authentication attempt:

    ’’authenticationDetails": [
    {
    "authenticationStepDateTime": "2025-04-29T08:15:45Z",
    "authenticationMethod": "Microsoft Authenticator",
    "authenticationMethodDetail": "Push Notification", "succeeded": true,
    "authenticationStepResultDetail": "MFA requirement satisfied"
    }’’
  • User Activity Auditing: UTMStack processes comprehensive activity logs from applications and systems, enabling continuous auditing of user  and devices actions. This includes monitoring privileged account usage, data access patterns, and identifying anomalous behavior indicative of compliance risks. This is a native function of UTMSatck and automatically checks the control if the required integrations are configured.

No-Code Compliance Automation Builder

One of UTMStack’s standout features is its intuitive, no-code compliance automation builder. Organizations can easily create custom compliance assessments and automated monitoring workflows tailored to their unique regulatory requirements without any programming experience. This flexibility empowers compliance teams to build bespoke compliance frameworks rapidly that update themselves and send reports on a schedule.

Figure 2: Compliance Framework Builder with drag and drop functionality.

Creating Custom Compliance Checks

UTMStack’s no-code interface allows users to:

  • Define custom compliance control logic visually.
  • Establish automated real-time monitoring of specific compliance conditions.
  • Generate and schedule tailored compliance reports.

This approach significantly reduces the administrative overhead, enabling compliance teams to respond swiftly to evolving regulatory demands.

Unified Compliance Management and Integration

Beyond automation, UTMStack serves as a centralized compliance dashboard, where controls fulfilled externally can be manually declared compliant within the platform. This unified “pane of glass” ensures that all compliance assessments—automated and manual—are consolidated into one comprehensive view, greatly simplifying compliance audits.

Moreover, UTMStack offers robust API capabilities, facilitating easy integration with existing Governance, Risk, and Compliance (GRC) tools, allowing seamless data exchange and further enhancing compliance management.

Sample Use Case: CMMC Automation

For CMMC compliance, organizations must demonstrate rigorous data security, availability, processing integrity, confidentiality, and privacy practices. UTMStack automatically evaluates controls related to these areas by analyzing continuous log data, such as firewall configurations, user access patterns, and audit trails.

Automated reports clearly detail compliance status, including specific control numbers and levels, enabling organizations to proactively address potential issues, dramatically simplifying CMMC assessments and future audits.

Figure 3: CMMC Compliance Control details

Compliance Control Evidence Remediation

When a framework control is identified as compliant, UTMStack automatically gathers the necessary evidence to demonstrate compliance. This evidence includes logs extracted from source systems and a dedicated, interactive dashboard for deeper exploration and analysis. Conversely, if the control evaluation identifies non-compliance, UTMStack employs an AI-driven technique known as Retrieval-Augmented Generation to provide remediation steps to security analysts and system engineers.

Compliance controls for each framework are not only evaluated but also provide dashboards for better understanding and navigation:

Figure 4: Compliance automation dashboards.

API-First Compliance Integration

UTMStack’s API-first approach enables compliance automation workflows to integrate effortlessly into existing IT ecosystems. Organizations leveraging various GRC platforms can easily synchronize compliance data, automate reporting, and centralize compliance evidence, thus minimizing manual data handling and significantly improving accuracy and efficiency.

Summary

Compliance management doesn’t have to be complicated or resource-draining. UTMStack’s open source SIEM and XDR solution simplifies and automates compliance with major standards such as CMMC, HIPAA, PCI DSS, SOC2, GDPR, and GLBA. By continuously monitoring logs, dynamically assessing compliance controls, and providing a user-friendly, no-code automation builder, UTMStack dramatically reduces complexity and enhances efficiency.

Organizations can easily customize and automate compliance workflows, maintain continuous monitoring, and integrate seamlessly with existing compliance tools, making UTMStack an invaluable resource for streamlined compliance management.

Join Our Community

We’re continuously improving UTMStack and welcome contributions from the cybersecurity and compliance community.

Your participation helps shape the future of compliance automation. Join us today!

The post Automating Compliance Management with UTMStack’s Open Source SIEM & XDR appeared first on Linux.com.

  •  
  • ↗️
↗️

A Simple Way to Install Talos Linux on Any Machine, with Any Provider

✇Linux.com
di: Linux.com Editorial Staff

Talos Linux is a specialized operating system designed for running Kubernetes. First and foremost it handles full lifecycle management for Kubernetes control-plane components. On the other hand, Talos Linux focuses on security, minimizing the user’s ability to influence the system. A distinctive feature of this OS is the near-complete absence of executables, including the absence of a shell and the inability to log in via SSH. All configuration of Talos Linux is done through a Kubernetes-like API.

Talos Linux is provided as a set of pre-built images for various environments.

The standard installation method assumes you will take a prepared image for your specific cloud provider or hypervisor and create a virtual machine from it. Or go the bare metal route and load  the Talos Linux image using ISO or PXE methods.

Unfortunately, this does not work when dealing with providers that offer a pre-configured server or virtual machine without letting you upload a custom image or even use an ISO for installation through KVM. In that case, your choices are limited to the distributions the cloud provider makes available.

Usually during the Talos Linux installation process, two questions need to be answered: (1) How to load and boot the Talos Linux image, and (2) How to prepare and apply the machine-config (the main configuration file for Talos Linux) to that booted image. Let’s talk about each of these steps.

Booting into Talos Linux

One of the most universal methods is to use a Linux kernel mechanism called kexec.

kexec is both a utility and a system call of the same name. It allows you to boot into a new kernel from the existing system without performing a physical reboot of the machine. This means you can download the required vmlinuz and initramfs for Talos Linux, and then, specify the needed kernel command line and immediately switch over to the new system. It is as if the kernel were loaded by the standard bootloader at startup, only in this case your existing Linux operating system acts as the bootloader.

Essentially, all you need is any Linux distribution. It could be a physical server running in rescue mode, or even a virtual machine with a pre-installed operating system. Let’s take a look at a case using Ubuntu on, but it can be literally any other Linux distribution.

Log in via SSH and install the kexec-tools package, it contains the kexec utility, which you’ll need later:

apt install kexec-tools -y

Next, you need to download the Talos Linux, that is the kernel and initramfs. They can be downloaded from the official repository:

wget -O /tmp/vmlinuz https://github.com/siderolabs/talos/releases/latest/download/vmlinuz-amd64
wget -O /tmp/initramfs.xz https://github.com/siderolabs/talos/releases/latest/download/initramfs-amd64.xz

If you have a physical server rather than a virtual one, you’ll need to build your own image with all the necessary firmware using Talos Factory service. Alternatively, you can use the pre-built images from the Cozystack project (a solution for building clouds we created at Ænix and transferred to CNCF Sandbox) – these images already include all required modules and firmware:

wget -O /tmp/vmlinuz https://github.com/cozystack/cozystack/releases/latest/download/kernel-amd64
wget -O /tmp/initramfs.xz https://github.com/cozystack/cozystack/releases/latest/download/initramfs-metal-amd64.xz

Now you need the network information that will be passed to Talos Linux at boot time. Below is a small script that gathers everything you need and sets environment variables:

IP=$(ip -o -4 route get 8.8.8.8 | awk -F"src " '{sub(" .*", "", $2); print $2}')
GATEWAY=$(ip -o -4 route get 8.8.8.8 | awk -F"via " '{sub(" .*", "", $2); print $2}')
ETH=$(ip -o -4 route get 8.8.8.8 | awk -F"dev " '{sub(" .*", "", $2); print $2}')
CIDR=$(ip -o -4 addr show "$ETH" | awk -F"inet $IP/" '{sub(" .*", "", $2); print $2; exit}')
NETMASK=$(echo "$CIDR" | awk '{p=$1;for(i=1;i<=4;i++){if(p>=8){o=255;p-=8}else{o=256-2^(8-p);p=0}printf(i<4?o".":o"\n")}}')
DEV=$(udevadm info -q property "/sys/class/net/$ETH" | awk -F= '$1~/ID_NET_NAME_ONBOARD/{print $2; exit} $1~/ID_NET_NAME_PATH/{v=$2} END{if(v) print v}')

You can pass these parameters via the kernel cmdline. Use ip= parameter to configure the network using the Kernel level IP configuration mechanism for this. This method lets the kernel automatically set up interfaces and assign IP addresses during boot, based on information passed through the kernel cmdline. It’s a built-in kernel feature enabled by the CONFIG_IP_PNP option. In Talos Linux, this feature is enabled by default. All you need to do is provide a properly formatted network settings in the kernel cmdline.

Set the CMDLINE variable with the ip option that contains the current system’s settings, and then print it out:

CMDLINE="init_on_alloc=1 slab_nomerge pti=on console=tty0 console=ttyS0 printk.devkmsg=on talos.platform=metal ip=${IP}::${GATEWAY}:${NETMASK}::${DEV}:::::"
echo $CMDLINE

The output should look something like:

init_on_alloc=1 slab_nomerge pti=on console=tty0 console=ttyS0 printk.devkmsg=on talos.platform=metal ip=10.0.0.131::10.0.0.1:255.255.255.0::eno2np0:::::

Verify that everything looks correct, then load our new kernel:

kexec -l /tmp/vmlinuz --initrd=/tmp/initramfs.xz --command-line="$CMDLINE"
kexec -e

The first command loads the Talos kernel into RAM, the second command switches the current system to this new kernel.

As a result, you’ll get a running instance of Talos Linux with networking configured. However it’s currently running entirely in RAM, so if the server reboots, the system will return to its original state (by loading the OS from the hard drive, e.g., Ubuntu).

Applying machine-config and installing Talos Linux on disk

To install Talos Linux persistently on the disk and replace the current OS, you need to apply a machine-config specifying the disk to install. To configure the machine, you can use either the official talosctl utility or the Talm, utility maintained by the Cozystack project (Talm works with vanilla Talos Linux as well).

First, let’s consider configuration using talosctl. Before applying the config, ensure it includes network settings for your node; otherwise, after reboot, the node won’t configure networking. During installation, the bootloader is written to disk and does not contain the ip option for kernel autoconfiguration.

Here’s an example of a config patch containing the necessary values:

# node1.yaml
machine:
  install:
    disk: /dev/sda
  network:
    hostname: node1
    nameservers:
    - 1.1.1.1
    - 8.8.8.8
    interfaces:
    - interface: eno2np0
      addresses:
      - 10.0.0.131/24
      routes:
      - network: 0.0.0.0/0
        gateway: 10.0.0.1

You can use it to generate a full machine-config:

talosctl gen secrets
talosctl gen config --with-secrets=secrets.yaml --config-patch-control-plane=@node1.yaml <cluster-name> <cluster-endpoint>

Review the resulting config and apply it to the node:

talosctl apply -f controlplane.yaml -e 10.0.0.131 -n 10.0.0.131 -i 

Once you apply controlplane.yaml, the node will install Talos on the /dev/sda disk, overwriting the existing OS, and then reboot.

All you need now is to run the bootstrap command to initialize the etcd cluster:

talosctl --talosconfig=talosconfig bootstrap -e 10.0.0.131 -n 10.0.0.131

You can view the node’s status at any time using dashboard commnad:

talosctl --talosconfig=talosconfig dashboard -e 10.0.0.131 -n 10.0.0.131

As soon as all services reach the Ready state, retrieve the kubeconfig and you’ll be able to use your newly installed Kubernetes:

talosctl --talosconfig=talosconfig kubeconfig kubeconfig
export KUBECONFIG=${PWD}/kubeconfig

Use Talm for configuration management

When you have a lot of configs, you’ll want a convenient way to manage them. This is especially useful with bare-metal nodes, where each node may have different disks, interfaces and specific network settings. As a result, you might need to hold a patch for each node.

To solve this, we developed Talm — a configuration manager for Talos Linux that works similarly to Helm.

The concept is straightforward: you have a common config template with lookup functions, and when you generate a configuration for a specific node, Talm dynamically queries the Talos API and substitutes values into the final config.

Talm includes almost all of the features of talosctl, adding a few extras. It can generate configurations from Helm-like templates, and remember the node and endpoint parameters for each node in the resulting file, so you don’t have to specify these parameters every time you work with a node.

Let me show how to perform the same steps to install Talos Linux using Talm:

First, initialize a configuration for a new cluster:

mkdir talos
cd talos
talm init

Adjust values for your cluster in values.yaml:

endpoint: "https://10.0.0.131:6443"
podSubnets:
- 10.244.0.0/16
serviceSubnets:
- 10.96.0.0/16
advertisedSubnets:
- 10.0.0.0/24

Generate a config for your node:

talm template -t templates/controlplane.yaml -e 10.0.0.131 -n 10.0.0.131 > nodes/node1.yaml

The resulting output will look something like:

# talm: nodes=["10.0.0.131"], endpoints=["10.0.0.131"], templates=["templates/controlplane.yaml"]
# THIS FILE IS AUTOGENERATED. PREFER TEMPLATE EDITS OVER MANUAL ONES.
machine:
  type: controlplane
  kubelet:
    nodeIP:
      validSubnets:
        - 10.0.0.0/24
  network:
    hostname: node1
    # -- Discovered interfaces:
    # eno2np0:
    #   hardwareAddr:a0:36:bc:cb:eb:98
    #   busPath: 0000:05:00.0
    #   driver: igc
    #   vendor: Intel Corporation
    #   product: Ethernet Controller I225-LM)
    interfaces:
      - interface: eno2np0
        addresses:
          - 10.0.0.131/24
        routes:
          - network: 0.0.0.0/0
            gateway: 10.0.0.1
    nameservers:
      - 1.1.1.1
      - 8.8.8.8
  install:
    # -- Discovered disks:
    # /dev/sda:
    #    model: SAMSUNG MZQL21T9HCJR-00A07
    #    serial: S64GNG0X444695
    #    wwid: eui.36344730584446950025384700000001
    #    size: 1.9 TB
    disk: /dev/sda
cluster:
  controlPlane:
    endpoint: https://10.0.0.131:6443
  clusterName: talos
  network:
    serviceSubnets:
      - 10.96.0.0/16
  etcd:
    advertisedSubnets:
      - 10.0.0.0/24

All that remains is to apply it to your node:

talm apply -f nodes/node1.yaml -i 


Talm automatically detects the node address and endpoint from the “modeline” (a conditional comment at the top of the file) and applies the config.

You can also run other commands in the same way without specifying node address and endpoint options. Here are a few examples:

View the node status using the built-in dashboard command:

talm dashboard -f nodes/node1.yaml

Bootstrap etcd cluster on node1:

talm bootstrap -f nodes/node1.yaml

Save the kubeconfig to your current directory:

talm kubeconfig kubeconfig -f nodes/node1.yaml

Unlike the official talosctl utility, the generated configs do not contain secrets, allowing them to be stored in git without additional encryption. The secrets are stored at the root of your project and only in these files: secrets.yaml, talosconfig, and kubeconfig.

Summary

That’s our complete scheme for installing Talos Linux in nearly any situation. Here’s a quick recap:

  1. Use kexec to run Talos Linux on any existing system.
  2. Make sure the new kernel has the correct network settings, by collecting them from the current system and passing via the ip parameter in the cmdline. This lets you connect to the newly booted system via the API.
  3. When the kernel is booted via kexec, Talos Linux runs entirely in RAM. To install Talos on disk, apply your configuration using either talosctl or Talm.
  4. When applying the config, don’t forget to specify network settings for your node, because on-disk bootloader configuration doesn’t automatically have them.
  5. Enjoy your newly installed and fully operational Talos Linux.

Additional materials:

The post A Simple Way to Install Talos Linux on Any Machine, with Any Provider appeared first on Linux.com.

  •  
  • ↗️
↗️

The Linux Kernel Organization

✇The Linux Kernel Archives

The Linux Kernel Organization is a California Public Benefit Corporation established in 2002 to distribute the Linux kernel and other Open Source software to the public without charge. We are recognized by the IRS as a 501(c)3 private operating foundation.

The Linux Kernel Organization is managed by The Linux Foundation, which provides full technical, financial and staffing support for running and maintaining the kernel.org infrastructure.

Legal information

Due to U.S. Exports Regulations, all cryptographic software on this site is subject to the following legal notice:

This site includes publicly available encryption source code which, together with object code resulting from the compiling of publicly available source code, may be exported from the United States under License Exception "TSU" pursuant to 15 C.F.R. Section 740.13(e).

This legal notice applies to cryptographic software only. Please see the Bureau of Industry and Security for more information about current U.S. regulations.

Our servers are located in Corvallis, Oregon, USA; Palo Alto and San Francisco, California, USA; Portland, Oregon, USA; and Montréal, Québec, Canada.

Use in violation of any applicable laws is prohibited.

Linux is a Registered Trademark of Linus Torvalds. All trademarks are property of their respective owners.

  •  
  • ↗️
↗️

About Linux Kernel

✇The Linux Kernel Archives

What is Linux?

Linux is a clone of the operating system Unix, written from scratch by Linus Torvalds with assistance from a loosely-knit team of hackers across the Net. It aims towards POSIX and Single UNIX Specification compliance.

It has all the features you would expect in a modern fully-fledged Unix, including true multitasking, virtual memory, shared libraries, demand loading, shared copy-on-write executables, proper memory management, and multistack networking including IPv4 and IPv6.

Although originally developed first for 32-bit x86-based PCs (386 or higher), today Linux also runs on a multitude of other processor architectures, in both 32- and 64-bit variants.

New to Linux?

If you're new to Linux, you don't want to download the kernel, which is just a component in a working Linux system. Instead, you want what is called a distribution of Linux, which is a complete Linux system. There are numerous distributions available for download on the Internet as well as for purchase from various vendors; some are general-purpose, and some are optimized for specific uses. We currently have mirrors of several distributions available at https://mirrors.kernel.org/.

Note, however, that most distributions are very large (several gigabytes), so unless you have a fast Internet link you may want to save yourself some hassle and purchase a CD-ROM with a distribution; such CD-ROMs are available from a number of vendors.

Mailing lists

The Linux kernel is discussed on the linux-kernel mailing list at vger.kernel.org. Please read the FAQ before subscribing.

Although there is no official archive site, unofficial archives of the list can be found at:

  •  
  • ↗️
↗️

Frequently asked questions

✇The Linux Kernel Archives

If you have questions, comments or concerns about the F.A.Q. please contact us at helpdesk@kernel.org.

Is Linux Kernel Free Software?

Linux kernel is released under the terms of GNU GPL version 2 and is therefore Free Software as defined by the Free Software Foundation.

For more information, please consult the documentation:

I heard that Linux ships with non-free "blobs"

Before many devices are able to communicate with the OS, they must first be initialized with the "firmware" provided by the device manufacturer. This firmware is not part of Linux and isn't "executed" by the kernel -- it is merely uploaded to the device during the driver initialization stage.

While some firmware images are built from free software, a large subset of it is only available for redistribution in binary-only form. To avoid any licensing confusion, firmware blobs were moved from the main Linux tree into a separate repository called linux-firmware.

It is possible to use Linux without any non-free firmware binaries, but usually at the cost of rendering a lot of hardware inoperable. Furthermore, many devices that do not require a firmware blob during driver initialization simply already come with non-free firmware preinstalled on them. If your goal is to run a 100% free-as-in-freedom setup, you will often need to go a lot further than just avoiding loadable binary-only firmware blobs.

Can I use the word "Linux" or the Tux logo?

Linux is a registered trademark of Linus Torvalds and its use is governed by the Linux Trademark Institute. Please consult the following page for further information:

The Tux penguin logo was created by Larry Ewing using Gimp software. It is free to use, including commercially, as long as you give Larry Ewing proper credit ("if someone asks"). For any other permissions, please reach out to Mr. Larry Ewing directly.

What does "stable/EOL" and "longterm" mean?

As kernels move from the "mainline" into the "stable" category, two things can happen:

  1. They can reach "End of Life" after a few bugfix revisions, which means that kernel maintainers will release no more bugfixes for this kernel version, or
  2. They can be put into "longterm" maintenance, which means that maintainers will provide bugfixes for this kernel revision for a much longer period of time.

If the kernel version you are using is marked "EOL," you should consider upgrading to the next major version as there will be no more bugfixes provided for the kernel version you are using.

Please check the Releases page for more info.

Why is an LTS kernel marked as "stable" on the front page?

Long-term support ("LTS") kernels announced on the Releases page will be marked as "stable" on the front page if there are no other current stable kernel releases. This is done to avoid breaking automated parsers monitoring kernel.org with an expectation that there will always be a kernel release marked as "stable."

Linus has tagged a new release, but it's not listed on the front page!

Linus Torvalds PGP-signs git repository tags for all new mainline kernel releases, however a separate set of PGP signatures needs to be generated by the stable release team in order to create downloadable tarballs. Due to timezone differences between Linus and the members of the stable team, there is usually a delay of several hours between when the new mainline release is tagged and when PGP-signed tarballs become available. The front page is updated once that process is completed.

Is there an RSS feed for the latest kernel version?

Yes, and you can find it at https://www.kernel.org/feeds/kdist.xml.

We also publish a .json file with the latest release information, which you can pull from here: https://www.kernel.org/releases.json.

Where can I find kernel 3.10.0-1160.45.1.foo?

Kernel versions that have a dash in them are packaged by distributions and are often extensively modified. Please contact the relevant distribution to obtain the exact kernel source.

See the Releases page for more info on distribution kernels.

How do I report a problem with the kernel?

If you are running a kernel that came with your Linux distribution, then the right place to start is by reporting the problem through your distribution support channels. Here are a few popular choices:

If you are sure that the problem is with the upstream kernel, please refer to the following document that describes how to report bugs and regressions to the developers:

How do I get involved with Linux Kernel development?

A good place to start is the Kernel Newbies website.

Can I get an account on kernel.org?

Kernel.org accounts are usually reserved for subsystem maintainers or high-profile developers. It is absolutely not necessary to have an account on kernel.org to contribute to the development of the Linux kernel, unless you submit pull requests directly to Linus Torvalds.

If you are listed in the MAINTAINERS file or have reasons to believe you should have an account on kernel.org because of the amount of your contributions, please refer to the accounts page for the procedure to follow.

  •  
  • ↗️
↗️

Contacts

✇The Linux Kernel Archives

Email is the only reliable way of contacting Kernel.org administrators.

General contacts

helpdesk@kernel.org:
All questions about kernel.org infrastructure.

Please do not send general Linux questions or bug reports to these addresses. We do not have the resources to reply to them.

Please try the following sites for general Linux help:

Linux Foundation also offers training opportunities if you are interested in learning more about Linux, want to become a more proficient Linux systems administrator, or want to know more about how Linux can help your company succeed.

Mailing address

Please send any mail correspondence to the Linux Foundation:

The Linux Foundation
1 Letterman Drive
Building D, Suite D4700
San Francisco, CA 94129
Phone/Fax: +1 415 723 9709
  •  
  • ↗️
↗️

Linux.dev mailing list service

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

We are pleased to announce the availability of a new mailing list service running under the new lists.linux.dev domain. The goal of this deployment is to offer a subscription service that:

  • prioritizes mail delivery to public-inbox archives available via lore.kernel.org
  • conforms to DMARC requirements to ensure subscriber delivery
  • makes minimal changes to email headers and no changes to the message body content for the purposes of preserving patch attestation

If you would like to host a Linux development mailing list on this platform, please see further details on the subspace.kernel.org site.

Why another mailing list service?

Linux development started in 1991 and has been ongoing for the past 30 years at an ever-increasing pace. Many popular code collaboration platforms have risen throughout these three decades -- and while some of them are still around, many others have shut down and disappeared without offering any way to preserve the history of the projects they used to host.

Development via mailed-in patches remains the only widely used mechanism for code collaboration that does not rely on centralized infrastructure maintained by any single entity. The Linux developer community sees transparency, independence and decentralization as core guiding principles behind Linux development, so it has deliberately chosen to continue using email for all its past and ongoing collaboration efforts.

What about vger.kernel.org?

The infrastructure behind lists.linux.dev supports multiple domains, so all mailing lists hosted on vger.kernel.org will be carefully migrated to the same platform while preserving current addresses, subscribers, and list ids. The only thing that will noticeably change is the procedure to subscribe and unsubscribe from individual lists. As majordomo is no longer maintained, we will instead switch to using separate subscribe/unsusbscribe addresses per each list.

There are no firm ETAs for this migration, but if you are currently subscribed to any mailing list hosted on vger.kernel.org, you will receive a message when the migration date is approaching.

  •  
  • ↗️
↗️

Git mirror available in Beijing

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

If you are a developer located around Beijing, or if your connection to Beijing is faster and more reliable than to locations outside of China, then you may benefit from the new git.kernel.org mirror kindly provided by Code Aurora Forum at https://kernel.source.codeaurora.cn/. This is a full mirror that is updated just as frequently as other git.kernel.org nodes (in fact, it is managed by the same team as the rest of kernel.org infrastructure, since CAF is part of Linux Foundation IT projects).

To start using the Beijing mirror, simply clone from that location or add a separate remote to your existing checkouts, e.g.:

git remote add beijing git://kernel.source.codeaurora.cn/pub/scm/.../linux.git
git fetch beijing master

You may also use http:// and https:// protocols if that makes it easier behind corporate firewalls.

  •  
  • ↗️
↗️

Code of Conduct

✇The Linux Kernel Archives

The Linux kernel community operates a Code of Conduct based on the Contributor Covenant Code of Conduct with a Linux Kernel Contributor Covenant Code of Conduct Interpretation.

Code of Conduct Committee

The Linux kernel Code of Conduct Committee is currently made up of the following people:

Committee members can be reached all at once by writing to <conduct@kernel.org>.

Committee Reports

We would like to thank the Linux kernel community members who have supported the adoption of the Code of Conduct and who continue to uphold the professional standards of our community. If you have any questions about these reports, please write to <conduct@kernel.org>.

March 2026

Archival copy: https://lore.kernel.org/lkml/f833fdfe-12f1-413f-966a-4c3ce9ad626e@kernel.org/T/#u

In the period of October 1, 2025 through March 31st, 2026, the Code of Conduct Committee received the following reports:

Reports received: 3

Code of Conduct scope and enforcement related reports: 3

  • Education and coaching on the role and scope of the Code of Conduct.
  • Report about insensitive comments about projects and code that don't fall under the scope of the Code of Conduct.
  • Report about insensitive comments made in a setting outside the scope and purview of the Code of Conduct.

We would like to thank the Linux kernel community members who have supported the adoption of the Code of Conduct and who continue to uphold the professional standards of our community. If you have questions about this report, please write to <conduct@kernel.org>.

September 2025

Archival copy: https://lore.kernel.org/all/dfa4d9f3-8b56-46fc-9d1b-68e07a3d6edc@kernel.org/

In the period of April 1, 2025 through September 30, 2025, the Code of Conduct Committee received the following reports:

Reports received: 3

Code of Conduct scope and enforcement related reports: 2

  • Education and coaching on the role and scope of the Code of Conduct.
  • Report about insensitive comments about projects and code that don't fall under the scope of the Code of Conduct.
  • Report with questions about DCO which doesn't fall under the scope of the Code of Conduct.
Actions:
  • Ban on a developer was lifted after it expired.

Unacceptable behavior or comments in email: 1

  • Resolved with the individual making amends for their behavior.

We would like to thank the Linux kernel community members who have supported the adoption of the Code of Conduct and who continue to uphold the professional standards of our community. If you have questions about this report, please write to <conduct@kernel.org>.

March 2025

Archival copy: https://lore.kernel.org/all/2025043021-reprogram-gloss-acb5@gregkh/

Updates to the Code of Conduct documents:

  • The Code of Conduct documentation has been updated to clearly outline the enforcement when Unacceptable Behavior Code of Conduct Violations take place, and outline the Technical Advisory Board's role in approving remedial actions recommended by the Code of Conduct Committee.
Reference:
https://docs.kernel.org/process/code-of-conduct-interpretation.html#code-of-conduct-interpretation

In the period of April 1, 2024 through March 31, 2025, the Code of Conduct Committee received the following reports:

Reports received: 17

Development process related reports:

  • Education and coaching on maintainers' right to accept or reject patches. Clarifying the expectations that developers can't demand their patches to be reviewed and/or accepted by the community. These reports were about a developer demanding their patch to be accepted even after repeated attempts by maintainers advising the developers to understand the development process.

Code of Conduct scope and enforcement related reports:

  • Education and coaching on the role and scope of the Code of Conduct. Several reports from people outside the kernel community reporting past incidents before the Code of Conduct was adopted. Reports resolved clarifying the scope and validity of reports about past incidents before adopting the Code of Conduct.

Insensitive comments reports:

  • Education and coaching on the role and scope of the Code of Conduct. Reports about Office of Foreign Assets Control (OFAC) related actions and offhand comments in technical discussions that do not rise to the level of violations.

Unacceptable behavior or comments in email: 6

We would like to thank the Linux kernel community members who have supported the adoption of the Code of Conduct and who continue to uphold the professional standards of our community. If you have questions about this report, please write to <conduct@kernel.org>.

March 2024

Archival copy: https://lore.kernel.org/r/355aee5f-13ce-4e20-9ce8-e5bcddd14bc2@linuxfoundation.org

In the period of October 1, 2023 through March 31, 2024, the Code of Conduct Committee received the following reports:

  • Unprofessional behavior or comments in email: 2

The result of the investigation:

  • Education and coaching clarifying the role of Code of Conduct conduct on conversations that don't go against the CoC.
  • Education and coaching the individuals on the impact of making unprofessional comments which could be misunderstood leading to negative impressions about the community.

The reports were about the offhand comments made while rejecting the code which are not violations of the Code of Conduct

Unacceptable behavior or comments on a private invitee only chat channel: 1

  • Education and coaching clarifying the role of Code of Conduct conduct on conversations that occur on a private chat channel.

We would like to thank the Linux kernel community members who have supported the adoption of the Code of Conduct and who continue to uphold the professional standards of our community. If you have questions about this report, please write to <conduct@kernel.org>.

September 2023

Archival copy: https://lore.kernel.org/r/3351be6b-854e-479d-832c-83cb8829c010@linuxfoundation.org

In the period of April 1, 2023 through September 30, 2023, the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email: 4

The result of the investigation:

  • Education and coaching clarifying the Code of Conduct conduct related to normal review and patch acceptance process: 3
  • Clarification on the Code of Conduct conduct related to maintainer rights and responsibility to reject code: 1

The reports were about the discussion during the patch review and decisions made in rejecting code and these actions are not viewed as violations of the Code of Conduct.

Please see the excerpt from the Responsibilities section in the Linux Kernel Contributor Covenant Code of Conduct Interpretation document:

setting expertise expectations, making decisions and rejecting unsuitable
contributions are not viewed as a violation of the Code of Conduct.

March 2023

Archival copy: https://lore.kernel.org/r/557ef895-ad2d-eff9-7cb8-70dbcf41adea@linuxfoundation.org

In the period of October 1, 2022 through March 31, 2023, the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email: 6

The result of the investigation:

  • Education and coaching clarifying the Code of Conduct conduct related to normal review and patch acceptance process: 1
  • Clarification on the Code of Conduct conduct related to maintainer rights and responsibility to reject code: 5

The reports were about the decisions made in rejecting code and these actions are not viewed as violations of the Code of Conduct.

Please see the excerpt from the Responsibilities section in the Linux Kernel Contributor Covenant Code of Conduct Interpretation document:

setting expertise expectations, making decisions and rejecting unsuitable
contributions are not viewed as a violation of the Code of Conduct.

September 2022

Archival copy: https://lore.kernel.org/r/57a492fb-928b-9e0a-5f0e-dc95ef599309@linuxfoundation.org

In the period of April 1, 2022 through September 30, 2022, the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email: 1

The result of the investigation:

  • Resolved with a public apology from the violator with a commitment from them to abide by the Code of Conduct in the future.

March 2022

Archival copy: https://lore.kernel.org/r/4401af50-083d-0239-6b7f-3454c8d69fec@linuxfoundation.org

In the period of October 1, 2021 through March 31, 2022, the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email: 2

The result of the investigation:

  • Education and coaching clarifying the Code of Conduct conduct related to normal review process: 2

September 2021

Archival copy: https://lore.kernel.org/r/e81f0726-5f8f-f10f-d926-a9126941d38e@linuxfoundation.org

In the period of May 1, 2021 through September 30, 2021, the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email: 1

The result of the investigation:

  • Education and coaching clarifying the Code of Conduct conduct related to normal review process: 1

April 2021

Archival copy: https://lore.kernel.org/r/448b06e4-41fc-26df-a862-c3ba2f70b6b3@linuxfoundation.org

In the period of November 1, 2020 through April 30, 2021 the Code of Conduct Committee received the following reports:

  • Unacceptable behavior or comments in email (3rd party): 4

The result of the investigation:

  • Education and coaching: 1
  • Public response to call attention to the behavior and request correction with consequence of ban if behavior persists: 1
  • Public response to attention to the behavior and request correction: 1
  • Clarification on the Code of Conduct conduct related to maintainer rights and responsibility to reject code: 1

October 2020

Archival copy: https://lore.kernel.org/lkml/20201105083002.GA3429143@kroah.com/

In the period of January 1, 2020 through October 31, 2020 the Committee received the following reports:

  • Unacceptable behavior or comments in email: 1
  • Unacceptable comments in github repo by non-community members: 1
  • Unacceptable comments toward a company: 1

The result of the investigation:

  • Education and coaching: 1
  • Locking of github repo for any comments: 1
  • Clarification that the Code of Conduct covers conduct related to individual developers only: 1

December 2019

Archival copy: https://lore.kernel.org/lkml/20200103105614.GC1047442@kroah.com/

In the period of December 1, 2019 through December 30, 2019 the Committee received the following report:

  • Insulting behavior in email: 1

The result of the investigation:

  • Education and coaching: 1

August to November 2019

Archival copy: https://lore.kernel.org/lkml/20191218090054.GA5120@kroah.com/

In the period of August 1, 2019 through November 31, 2019, the Committee received no reports.

September 2018 to July 2019

Archival copy: https://lore.kernel.org/lkml/20190810120700.GA7360@kroah.com/

In the period of September 15, 2018 through July 31, 2019, the Committee received the following reports:

  • Inappropriate language in the kernel source: 1
  • Insulting behavior in email: 3

The result of the investigations:

  • Education and coaching: 4
  •  
  • ↗️
↗️

Get notifications for your patches

✇The Linux Kernel Archives

We are trialing out a new feature that can send you a notification when the patches you send to the LKML are applied to linux-next or to the mainline git trees. If you are interested in trying it out, here are the details:

  • The patches must be sent to the LKML (linux-kernel@vger.kernel.org).
  • One of the cc's must be notify@kernel.org (Bcc will not work).
  • Alternatively, there should be a "X-Patchwork-Bot: notify" email header.
  • The patches must not have been modified by the maintainer(s).
  • All patches in the series must have been applied, not just some of them.

The last two points are important, because if there are changes between the content of the patch as it was first sent to the mailing list, and how it looks like by the time it is applied to linux-next or mainline, the bot will not be able to recognize it as the same patch. Similarly, for series of multiple patches, the bot must be able to successfully match all patches in the series in order for the notification to go out.

If you are using git-format-patch, it is best to add the special header instead of using the Cc notification address, so as to avoid any unnecessary email traffic:

--add-header="X-Patchwork-Bot: notify"

You should receive one notification email per each patch series, so if you send a series of 20 patches, you will get a single email in the form of a reply to the cover letter, or to the first patch in the series. The notification will be sent directly to you, ignoring any other addresses in the Cc field.

The bot uses our LKML patchwork instance to perform matching and tracking, and the source code for the bot is also available if you would like to suggest improvements.

  •  
  • ↗️
↗️

List archives on lore.kernel.org

✇The Linux Kernel Archives

You may access the archives of many Linux development mailing lists on lore.kernel.org. Most of them include a full archive of messages going back several decades.

If you would like to suggest another kernel development mailing list to be included in this list, please follow the instructions on the following wiki page:

Archiving software

The software managing the archive is called Public Inbox and offers the following features:

  • Fast, searchable web archives
  • Atom feeds per list or per individual thread
  • Downloadable mbox archives to make replying easy
  • Git-backed archival mechanism you can clone and pull
  • Read-only nntp gateway

We collected many list archives going as far back as 1998, and they are now all available to anyone via a simple git clone. We would like to extend our thanks to everyone who helped in this effort by donating their personal archives.

Obtaining full list archives

Git clone URLs are provided at the bottom of each page. Note, that due mailing list volume, list archives are sharded into multiple repositories, each roughly 1GB in size. In addition to cloning from lore.kernel.org, you may also access these repositories on erol.kernel.org.

Mirroring

You can continuously mirror the entire mailing list archive collection by using the grokmirror tool. The following repos.conf file should get you all you need:

[lore.kernel.org]
site = https://lore.kernel.org
manifest = https://lore.kernel.org/manifest.js.gz
toplevel = /path/to/your/local/folder
mymanifest = /path/to/your/local/folder/manifest.js.gz
pull_threads = 4

Please note, that you will require at least 20+ GB of local storage. The mirroring process only replicates the git repositories themselves -- if you want to use public-inbox with them, you will need to run "public-inbox-init" and "public-inbox-index" to create the database files required for public-inbox operation.

Linking to list discussions from commits

If you need to reference a mailing list discussion inside code comments or in a git commit message, please use the "permalink" URL provided by public-inbox. It is available in the headers of each displayed message or thread discussion. Alternatively, you can use a generic message-id redirector in the form:

That should display the message regardless in which mailing list archive it's stored.

  •  
  • ↗️
↗️

Minor changes to kernel tarball releases

✇The Linux Kernel Archives

We'd like to announce several small changes to the way Linux tarballs are produced.

Mainline release tarball signatures

Starting with the 4.18 final release, all mainline tarball PGP signatures will be made by Greg Kroah-Hartman instead of Linus Torvalds. The main goal behind this change is to simplify the verification process and make all kernel tarball releases available for download on kernel.org be signed by the same developer.

Linus Torvalds will continue to PGP-sign all tags in the mainline git repository. They can be verified using the git verify-tag command.

Sunsetting .gz tarball generation

We stopped creating .bz2 copies of tarball releases 5 years ago, and the time has come to stop producing .gz duplicate copies of all our content as well, as XZ tools and libraries are now available on all major platforms. Starting September 1st, 2018, all tarball releases available via /pub download locations will only be available in XZ-compressed format.

If you absolutely must have .gz compressed tarballs, you may obtain them from git.kernel.org by following snapshot download links in the appropriate repository view.

No future PGP signatures on patches and changelogs

For legacy purposes, we will continue to provide pre-generated changelogs and patches (both to the previous mainline and incremental patches to previous stable). However, from now on they will be generated by automated processes and will no longer carry detached PGP signatures. If you require cryptographically verified patches, please generate them directly from the stable git repository after verifying the PGP signatures on the tags using git verify-tag.

  •  
  • ↗️
↗️

Best way to do linux clones for your CI

✇The Linux Kernel Archives

If you are in charge of CI infrastructure that needs to perform frequent full clones of kernel trees from git.kernel.org, we strongly recommend that you use the git bundles we provide instead of performing a full clone directly from git repositories.

It is better for you, because downloading the bundle from CDN is probably going to be much faster for you than cloning from our frontends due to the CDN being more local. You can even copy the bundle to a fileserver on your local infrastructure and save a lot of repeated external traffic.

It is better for us, because if you first clone from the bundle, you only need to fetch a handful of newer objects directly from git.kernel.org frontends. This not only uses an order of magnitude less bandwidth, but also results in a much smaller memory footprint on our systems -- git daemon needs a lot of RAM when serving full clones of linux repositories.

Here is a simple script that will help you automate the process of first downloading the git bundle and then fetching the newer objects:

Thank you for helping us keep our systems fast and accessible to all.

  •  
  • ↗️
↗️

Nitrokey digital tokens for kernel developers

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

The Linux Foundation IT team has been working to improve the code integrity of git repositories hosted at kernel.org by promoting the use of PGP-signed git tags and commits. Doing so allows anyone to easily verify that git repositories have not been altered or tampered with no matter from which worldwide mirror they may have been cloned. If the digital signature on your cloned repository matches the PGP key belonging to Linus Torvalds or any other maintainer, then you can be assured that what you have on your computer is the exact replica of the kernel code without any omissions or additions.

To help promote the use of PGP signatures in Linux kernel development, we now offer a detailed guide within the kernel documentation tree:

Nitrokey logo

Further, we are happy to announce a new special program sponsored by The Linux Foundation in partnership with Nitrokey -- the developer and manufacturer of smartcard-compatible digital tokens capable of storing private keys and performing PGP operations on-chip. Under this program, any developer who is listed as a maintainer in the MAINTAINERS file, or who has a kernel.org account can qualify for a free digital token to help improve the security of their PGP keys. The cost of the device, including any taxes, shipping and handling will be covered by The Linux Foundation.

To participate in this program, please access the special store front on the Nitrokey website:

Who qualifies for this program?

To qualify for the program, you need to have an account at kernel.org or have your email address listed in the MAINTAINERS file (following the "M:" heading). If you do not currently qualify but think you should, the easiest course of action is to get yourself added to the MAINTAINERS file or to apply for an account at kernel.org.

Which devices are available under this program?

The program is limited to Nitrokey Start devices. There are several reasons why we picked this particular device among several available options.

First of all, many Linux kernel developers have a strong preference not just for open-source software, but for open hardware as well. Nitrokey is one of the few companies selling GnuPG-compatible smartcard devices that provide both, since Nitrokey Start is based on Gnuk cryptographic token firmware developed by Free Software Initiative of Japan. It is also one of the few commercially available devices that offer native support for ECC keys, which are both faster computationally than large RSA keys and generate smaller digital signatures. With our push to use more code signing of git objects themselves, both the open nature of the device and its support for fast modern cryptography were key points in our evaluation.

Additionally, Nitrokey devices (both Start and Pro models) are already used by open-source developers for cryptographic purposes and they are known to work well with Linux workstations.

What is the benefit of digital smartcard tokens?

With usual GnuPG operations, the private keys are stored in the home directory where they can be stolen by malware or exposed via other means, such as poorly secured backups. Furthermore, each time a GnuPG operation is performed, the keys are loaded into system memory and can be stolen from there using sufficiently advanced techniques (the likes of Meltdown and Spectre).

A digital smartcard token like Nitrokey Start contains a cryptographic chip that is capable of storing private keys and performing crypto operations directly on the token itself. Because the key contents never leave the device, the operating system of the computer into which the token is plugged in is not able to retrieve the private keys themselves, therefore significantly limiting the ways in which the keys can be leaked or stolen.

Questions or problems?

If you qualify for the program, but encounter any difficulties purchasing the device, please contact Nitrokey at shop@nitrokey.com.

For any questions about the program itself or with any other comments, please reach out to info@linuxfoundation.org.

  •  
  • ↗️
↗️

Linux kernel releases PGP signatures

✇The Linux Kernel Archives

All kernel releases are cryptographically signed using OpenPGP-compliant signatures. Everyone is strongly encouraged to verify the integrity of downloaded kernel releases by verifying the corresponding signatures.

Basic concepts

Every kernel release comes with a cryptographic signature from the person making the release. This cryptographic signature allows anyone to verify whether the files have been modified or otherwise tampered with after the developer created and signed them. The signing and verification process uses public-key cryptography and it is next to impossible to forge a PGP signature without first gaining access to the developer's private key. If this does happen, the developers will revoke the compromised key and will re-sign all their previously signed releases with the new key.

To learn more about the way PGP works, please consult Wikipedia.

Kernel.org web of trust

PGP keys used by members of kernel.org are cross-signed by other members of the Linux kernel development community (and, frequently, by many other people). If you wanted to verify the validity of any key belonging to a member of kernel.org, you could review the list of signatures on their public key and then make a decision whether you trust that key or not. See the Wikipedia article on the subject of the Web of Trust.

Using the Web Key Directory

If the task of maintaining your own web of trust is too daunting to you, you can opt to shortcut this process by using the "Trust on First Use" (TOFU) approach and rely on the kernel.org Web Key Directory (WKD).

To import keys belonging to many kernel developers, you can use the following command:

$ gpg2 --locate-keys [username]@kernel.org

For example, to import keys belonging to Linus Torvalds and Greg Kroah-Hartman, you would use:

$ gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org

This command will verify the TLS certificate presented by kernel.org before importing these keys into your keyring.

Using GnuPG to verify kernel signatures

All software released via kernel.org has detached PGP signatures you can use to verify the integrity of your downloads.

To illustrate the verification process, let's use Linux 4.6.6 release as a walk-through example. First, use "curl" to download the release and the corresponding signature:

$ curl -OL https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.6.6.tar.xz
$ curl -OL https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.6.6.tar.sign

You will notice that the signature is made against the uncompressed version of the archive. This is done so there is only one signature required for .gz and .xz compressed versions of the release. Start by uncompressing the archive, using unxz in our case:

$ unxz linux-4.6.6.tar.xz

Now verify the .tar archive against the signature:

$ gpg2 --verify linux-4.6.6.tar.sign

You can combine these steps into a one-liner:

$ xz -cd linux-4.6.6.tar.xz | gpg2 --verify linux-4.6.6.tar.sign -

It's possible that you get a "No public key error":

gpg: Signature made Wed 10 Aug 2016 06:55:15 AM EDT using RSA key ID 38DBBDC86092693E
gpg: Can't check signature: No public key

Please use the "gpg2 --locate-keys" command listed above to download the key for Greg Kroah-Hartman and Linus Torvalds and then try again:

$ gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
$ gpg2 --verify linux-4.6.6.tar.sign
gpg: Signature made Wed 10 Aug 2016 06:55:15 AM EDT
gpg:                using RSA key 38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

To make the "WARNING" message go away you can indicate that you choose to trust that key using TOFU:

$ gpg2 --tofu-policy good 38DBBDC86092693E
$ gpg2 --trust-model tofu --verify linux-4.6.6.tar.sign
gpg: Signature made Wed 10 Aug 2016 06:55:15 AM EDT
gpg:                using RSA key 38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [full]
gpg: gregkh@kernel.org: Verified 1 signature in the past 53 seconds.  Encrypted
     0 messages.

Note that you may have to pass "--trust-model tofu" the first time you run the verify command, but it should not be necessary after that.

The scripted version

If you need to perform this task in an automated environment or simply prefer a more convenient tool, you can use the following helper script to properly download and verify Linux kernel tarballs:

Please review the script before adopting it for your needs.

Important fingerprints

Here are key fingerprints for Linus Torvalds, Greg Kroah-Hartman, Sasha Levin, and Ben Hutchings, who are most likely to be releasing kernels:

Developer Fingerprint
Linus Torvalds ABAF 11C6 5A29 70B1 30AB  E3C4 79BE 3E43 0041 1886
Greg Kroah-Hartman 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E
Sasha Levin E27E 5D8A 3403 A2EF 6687  3BBC DEA6 6FF7 9777 2CDC
Ben Hutchings AC2B 29BD 34A6 AFDD B3F6  8F35 E7BF C8EC 9586 1109

Please verify the TLS certificate for this site in your browser before trusting the above information.

If you get "BAD signature"

If at any time you see "BAD signature" output from "gpg2 --verify", please first check the following first:

  1. Make sure that you are verifying the signature against the .tar version of the archive, not the compressed (.tar.xz) version.
  2. Make sure the the downloaded file is correct and not truncated or otherwise corrupted.

If you repeatedly get the same "BAD signature" output, please email helpdesk@kernel.org, so we can investigate the problem.

Kernel.org checksum autosigner and sha256sums.asc

We have a dedicated off-the-network system that connects directly to our central attached storage and calculates checksums for all uploaded software releases. The generated sha256sums.asc file is then signed with a PGP key generated for this purpose and that doesn't exist outside of that system.

These checksums are NOT intended to replace developer signatures. It is merely a way for someone to quickly verify whether contents on one of the many kernel.org mirrors match the contents on the master mirror. While you may use them to quickly verify whether what you have downloaded matches what we have on our central storage system, you should continue to use developer signatures for best assurance.

Kernel releases prior to September, 2011

Prior to September, 2011 all kernel releases were signed automatically by the same PGP key:

pub   1024D/517D0F0E 2000-10-10 [revoked: 2011-12-11]
      Key fingerprint = C75D C40A 11D7 AF88 9981  ED5B C86B A06A 517D 0F0E
uid                  Linux Kernel Archives Verification Key <ftpadmin@kernel.org>

Due to the kernel.org systems compromise, this key has been retired and revoked. It will no longer be used to sign future releases and you should NOT use this key to verify the integrity of any archives. It is almost certain that this key has fallen into malicious hands.

All kernel releases that were previously signed with this key were cross-checked and signed with another key, created specifically for this purpose:

pub   3072R/C4790F9D 2013-08-08
      Key fingerprint = BFA7 DD3E 0D42 1C9D B6AB  6527 0D3B 3537 C479 0F9D
uid   Linux Kernel Archives Verification Key
      (One-off resigning of old releases) <ftpadmin@kernel.org>

The private key used for this purpose has been destroyed and cannot be used to sign any releases produced after 2011.

  •  
  • ↗️
↗️

RC tarballs and patches starting with 4.12-rc1

✇The Linux Kernel Archives

As you may be aware, starting with 4.12-rc1 Linus will no longer provide signed tarballs and patches for pre-release ("-rc") kernels. Reasons for this are multiple, but largely this is because people who are most interested in pre-release tags -- kernel developers -- do not rely on patches and tarballs to do their work.

Obtaining tarballs on your own

Here is how you can generate the tarball from a pre-release tag using the "git archive" command (we'll use 4.12-rc1 in these examples):

git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
cd linux
git verify-tag v4.12-rc1
git archive --format=tar.gz --prefix=linux-4.12-rc1/ \
  -o linux-4.12-rc1.tar.gz v4.12-rc1

The upside of this method is that during the "git verify-tag" step you will check the PGP signature on the tag to make sure that what you cloned is exactly the same tree as on Linus Torvalds's computer.

The downside of this method is that you will need to download about 1 GiB of data -- the entire git history of the Linux kernel -- just to get the latest tag. Notably, when -rc2 is tagged, all you'll need to do is run a quick "git pull" to get the latest objects and it will be dramatically less data to download, so cloning the whole tree may be worth it to you in the long run if you plan to do this again in the future.

If you do not want to download the whole git repository and just want to get the latest tarball, you can download the version automatically generated by cgit at the following (or similar URL):

wget https://git.kernel.org/torvalds/t/linux-4.12-rc1.tar.gz

Please note that you will not be able to cryptographically verify the integrity of this archive, but the download will be about 10 times less in size than the full git tree.

Obtaining patches to the previous mainline

If you would like to get just the patch to the previous mainline release, you can get it from cgit as well:

wget -O patch-4.12-rc1 https://git.kernel.org/torvalds/p/v4.12-rc1/v4.11

Unfortunately, cgit does not currently offer an easy way to get gzip-compressed patches, but if you would like to reduce the amount of data you download, you can use http-level gzip compression:

wget -O patch-4.12-rc1.gz --header="accept-encoding: gzip" \
  https://git.kernel.org/torvalds/p/v4.12-rc1/v4.11

The links to these patches are available on the front page of https://www.kernel.org/.

Why not provide these at their old locations?

We intentionally did not provide these automatically generated tarballs and patches in locations previously used by Linus (/pub/linux/kernel/v4.x/testing), even if this meant potentially breaking automated scripts relying on contents published there. Anything placed in the /pub tree is signed and curated directly by developers and all patches and software archives published there invariably come with a PGP signature provided directly by the developer of that software (or one of the developers).

Patches and tarballs automatically generated by git.kernel.org are NOT a replacement for this stringent process, but merely a convenience service that comes with very different trust implications. By providing these at different URLs we wanted all users of these services to make a conscious decision on whether they want to trust these automatically generated tarballs and patches, or whether they want to change their process to continue to use PGP-verifiable tags directly from the git tree.

  •  
  • ↗️
↗️

If you got "BAD Signature" this morning

✇The Linux Kernel Archives

The XZ tarballs for the following kernel releases did not initially pass signature verification due to benign changes to the tarball structure done by the pixz compression tool:

  • 4.11.1
  • 4.10.16
  • 4.9.28
  • 4.4.68

These changes would have resulted in GPG returning "Bad Signature" if you tried to verify their integrity. Once we identified the problem, we generated new XZ tarballs without tar header modifications and now they should all pass PGP signature verification.

We preserved the original .xz tarballs as -badsig files in the archives in case you wanted to verify that there was nothing malicious in them, merely tar header changes. You can find them in the same v4.x directory:

Our apologies for this problem and thanks to Brad Spengler and everyone else who alerted us about this issue.

  •  
  • ↗️
↗️

Fast new frontends with Packet

✇The Linux Kernel Archives
Packet logo

We are extremely happy to announce that Packet has graciously donated the new hardware systems providing read-only public access to the kernel.org git repositories and the public website (git.kernel.org and www.kernel.org, respectively). We have avoided using cloud providers in the past due to security implications of sharing hypervisor memory with external parties, but Packet's hardware-based single-tenant approach satisfies our security requirements while taking over the burden of setting up and managing the physical hardware in multiple worldwide datacenters.

As of March 11, 2017, the four new public frontends are located in the following geographical locations:

  • San Jose, California, USA
  • Parsippany, New Jersey, USA
  • Amsterdam, Netherlands
  • Tokyo, Japan

We have changed our DNS configuration to support GeoDNS, so your requests should be routed to the frontend nearest to you.

Each Packet-hosted system is significantly more powerful than our previous generation frontends and have triple the amount of available RAM, so they should be a lot more responsive even when a lot of people are cloning linux.git simultaneously.

Our special thanks to the following organizations who have graciously donated hosting for the previous incarnation of kernel.org frontends:

If you notice any problems with the new systems, please email helpdesk@kernel.org.

  •  
  • ↗️
↗️

Shutting down FTP services

✇The Linux Kernel Archives

Those of you who have been around for a while may remember a time when you used to be able to mount kernel.org directly as a partition on your system using NFS (or even SMB/CIFS). The Wayback Machine shows that this was still advertised some time in January 1998, but was removed by the time the December 1998 copy was made.

Let's face it -- while kinda neat and convenient, offering a public NFS/CIFS server was a Pretty Bad Idea, not only because both these protocols are pretty terrible over high latency connections, but also because of important security implications.

Well, 19 years later we're thinking it's time to terminate another service that has important protocol and security implications -- our FTP servers. Our decision is driven by the following considerations:

  • The protocol is inefficient and requires adding awkward kludges to firewalls and load-balancing daemons
  • FTP servers have no support for caching or accelerators, which has significant performance impacts
  • Most software implementations have stagnated and see infrequent updates

All kernel.org FTP services will be shut down by the end of this year. In hopes to minimise the potential disruption, we will be doing it in two stages:

  1. ftp://ftp.kernel.org/ service will be terminated on March 1, 2017
  2. ftp://mirrors.kernel.org/ service will be terminated on December 1, 2017

If you have any concerns, please feel free to contact ftpadmin@kernel.org (ah, the irony).

  •  
  • ↗️
↗️

Gandi.net TLS certificates

✇The Linux Kernel Archives
Gandi logo

If your browser alerted you that the site certificates have changed, that would be because we replaced our StartCOM, Ltd certificates with those offered by our DNS registrar, Gandi. We are very thankful to Gandi for this opportunity.

A common question is why we aren't using the certificates offered by the Let's Encrypt project, and the answer is that there are several technical hurdles (on our end) that currently make it complicated. Once we resolve them, we will most likely switch to using certificates issued by our fellow Linux Foundation project.

  •  
  • ↗️
↗️

Cloning Linux from a bundle

✇The Linux Kernel Archives

If you find yourself on an unreliable Internet connection and need to perform a fresh clone of Linux.git, you may find it tricky to do so if your connection resets before you are able to complete the clone. There is currently no way to resume a git clone using git, but there is a neat trick you can use instead of cloning directly -- using git bundle files.

Here is how you would do it.

  1. Start with "wget -c", which tells wget to continue interrupted downloads. If your connection resets, just rerun the same command while in the same directory, and it will pick up where it left off:

    wget -c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/clone.bundle

  2. Next, clone from the bundle:

    git clone clone.bundle linux

  3. Now, point the origin to the live git repository and get the latest changes:

    cd linux
git remote remove origin
git remote add origin https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git pull origin master

Once this is done, you can delete the "clone.bundle" file, unless you think you will need to perform a fresh clone again in the future.

The "clone.bundle" files are generated weekly on Sunday, so they should contain most objects you need, even during kernel merge windows when there are lots of changes committed daily.

  •  
  • ↗️
↗️

Introducing Fastly CDN

✇The Linux Kernel Archives
Fastly logo

We are happy to announce that Fastly has offered their worldwide CDN network to provide fast download services for Linux kernel releases, which should improve download speeds for those of you located outside North America. We have modified the front page to offer CDN-powered download links, but all the existing URLs should continue to work.

If you would like to avoid using Fastly, you can simply change the URL to have "www.kernel.org" instead of "cdn.kernel.org". As always, please use PGP Signature Verification for all downloaded files regardless of where you got them.

  •  
  • ↗️
↗️

Hurr, Durr Im'a Sheep

✇The Linux Kernel Archives

Linus named the upcoming 4.0 release of the kernel "Hurr Durr I'ma Sheep" (see his git commit), so we are celebrating this April Fool's day with a minor prank. If you've been redirected to imasheep.hurrdurr.org, do not panic. It's all part of the joke.

We've also restored all FTP and Rsync access to the mirrors.kernel.org servers, as we seem to have resolved our SSD and dm_cache problems. If you're still using FTP, however, please consider switching to HTTP. FTP is a protocol designed for a different era -- these days everyone should be avoiding it for multiple reasons.

  •  
  • ↗️
↗️

FTP limited on mirrors.kernel.org

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

We've had to temporarily limit FTP access to mirrors.kernel.org due to high IO load.

We have recently upgraded our hardware in order to increase capacity -- 16TB was no longer nearly sufficient enough to host all the distro mirrors and archives. We chose larger but slower disks and offset the loss of performance by heavily utilizing SSD IO caching using dm-cache.

While it was performing very well, we have unfortunately run across an FS data corruption bug somewhere along this stack:

megaraid_sas + dm_cache + libvirt/virtio + xfs

We've temporarily removed dm-cache from the picture and switched to Varnish on top of SSD for http object caching. Unfortunately, as Varnish does not support FTP, we had to restrict FTP protocol to a limited number of concurrent sessions in order to reduce disk IO. If you are affected by this, simply switch to HTTP protocol that does not have such restrictions.

This is a temporary measure until we identify the dm-cache problem that was causing data corruption, at which point we will restore unrestricted FTP access.

  •  
  • ↗️
↗️

Heartbleed statement

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

Since we rely on the OpenSSL library for serving most of our websites, we, together with most of the rest of the open-source world, were vulnerable to the HeartBleed vulnerability. We have switched to the patched version of OpenSSL within hours of it becoming available, plus have performed the following steps to mitigate any sensitive information leaked via malicious SSL heartbeat requests:

  • Replaced all SSL keys across all kernel.org sites.
  • Expired all active sessions on Bugzilla, Patchwork, and Mediawiki sites, requiring everyone to re-login.
  • Changed all passwords used for admin-level access to the above sites.

As kernel.org developers do not rely on SSL to access git repositories, there is no need to replace any SSH or PGP keys used for developer authentication.

If you have any questions or concerns, please email us at webmaster@kernel.org for more information.

  •  
  • ↗️
↗️

Happy new year and good-bye bzip2

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

Good-bye bzip2

We started listing xz-compressed versions of kernel archives in all our announcements back in March 2013, and the time has come to complete the switch. Effective immediately, we will no longer be providing bzip2-compressed versions for new releases of the Linux kernel and other software. Any previously released .tar.bz2 archives will continue to be available without change, and we will also continue to provide gzip-compressed versions of all new releases for the foreseeable future.

So, from now on, all releases will be offered as both .tar.gz and .tar.xz, but not as .tar.bz2. We apologize if this interferes with any automated tools.

Happy new year!

Happy new year to all kernel.org users and visitors. The Linux Foundation and Linux Kernel Archives teams extend their warmest wishes to you all, and we hope that 2014 proves to be just as awesome (or awesomer) for the Linux kernel.

  •  
  • ↗️
↗️

New frontend and googlesource.com

✇The Linux Kernel Archives
di: Konstantin Ryabitsev

Montreal frontend

We have added another official frontend for serving the kernel content, courtesy of Vexxhost, Inc. There is now a total of three frontends, one in Palo Alto, California, one in Portland, Oregon, and one in Montreal, Quebec. This should allow for better geographic dispersion of official mirrors, as well as better fault tolerance.

Kernel.googlesource.com

We are happy to announce that kernel.googlesource.com is now relying on grokmirror manifest data to efficiently mirror git.kernel.org, which means that if accessing git.kernel.org is too high latency for you due to your geographical location (EMEA, APAC), kernel.googlesource.com should provide you with a fast local mirror that is at most 5 minutes behind official sources.

We extend our thanks to Google for making this available to all kernel hackers and enthusiasts worldwide.

TLS 1.2 and PFS

With the latest round of upgrades, we are now serving TLS 1.2 with PFS across all kernel.org sites, offering higher protection against eavesdropping.

  •  
  • ↗️
↗️

Mirroring kernel.org repositories

✇The Linux Kernel Archives

If you would like to mirror all or a subset of kernel.org git repositories, please use a tool we wrote for this purpose, called grokmirror. Grokmirror is git-aware and will create a complete mirror of kernel.org repositories and keep them automatically updated with no further involvement on your part.

Grokmirror works by keeping track of repositories being updated by downloading and comparing the master manifest file. This file is only downloaded if it's newer on the server, and only the repositories that have changed will be updated via "git remote update".

You can read more about grokmirror by reading the README file.

Obtaining grokmirror

If grokmirror is not yet packaged for your distribution, you can obtain it from a git repository:

git clone git://git.kernel.org/pub/scm/utils/grokmirror/grokmirror.git

In additon to git, you will need to install the following python dependencies on your mirror server:

Setting up a kernel.org mirror

It is recommended that you create a dedicated "mirror" user that will own all the content and run all the cron jobs. It is generally discouraged to run this as user "root".

The default repos.conf already comes pre-configured for kernel.org. We reproduce the minimal configuration here:

[kernel.org]
site = git://git.kernel.org
manifest = http://git.kernel.org/manifest.js.gz
default_owner = Grokmirror User
#
# Where are we going to put the mirror on our disk?
toplevel = /var/lib/git/mirror
#
# Where do we store our own manifest? Usually in the toplevel.
mymanifest = /var/lib/git/mirror/manifest.js.gz
#
# Where do we put the logs?
log = /var/log/mirror/kernelorg.log
#
# Log level can be "info" or "debug"
loglevel = info
#
# To prevent multiple grok-pull instances from running at the same
# time, we first obtain an exclusive lock.
lock = /var/lock/mirror/kernelorg.lock
#
# Use shell-globbing to list the repositories you would like to mirror.
# If you want to mirror everything, just say "*". Separate multiple entries
# with newline plus tab. Examples:
#
# mirror everything:
#include = *
#
# mirror just the main kernel sources:
#include = /pub/scm/linux/kernel/git/torvalds/linux.git
#          /pub/scm/linux/kernel/git/stable/linux-stable.git
#          /pub/scm/linux/kernel/git/next/linux-next.git
#
# mirror just git:
#include = /pub/scm/git/*
include = *
#
# This is processed after the include. If you want to exclude some specific
# entries from an all-inclusive globbing above. E.g., to exclude all
# linux-2.4 git sources:
#exclude = */linux-2.4*
exclude =

Install this configuration file anywhere that makes sense in your environment. You'll need to make sure that the following directories (or whatever you changed them to) are writable by the "mirror" user:

  • /var/lib/git/mirror
  • /var/log/mirror
  • /var/lock/mirror

Mirroring kernel.org git repositories

Now all you need to do is to add a cronjob that will check the kernel.org mirror for updates. The following entry in /etc/cron.d/grokmirror.cron will check the mirror every 5 minutes:

# Run grok-pull every 5 minutes as "mirror" user
*/5 * * * * mirror /usr/bin/grok-pull -p -c /etc/grokmirror/repos.conf

(You will need to adjust the paths to the grok-pull command and to repos.conf accordingly to reflect your environment.)

The initial run will take many hours to complete, as it will need to download about 50 GB of data.

Mirroring a subset of repositories

If you are only interested in carrying a subset of git repositories instead of all of them, you are welcome to tweak the include and exclude parameters.

  •  
  • ↗️
↗️

Fifty shades of Tux

✇The Linux Kernel Archives

Special thanks to Benoît Monin for donating a MIT-licensed CSS theme to the kernel.org project to replace the one we hastily put together. Though the Pelican authors have since obtained a free-license commitment from the copyright owners of the CSS files shipping with Pelican, we wanted to have something that looked a bit less like the default theme anyway.

If anyone else wants to participate, full sources of the kernel.org website are available from the git repository.

  •  
  • ↗️
↗️

/pub tree resync-ing

✇The Linux Kernel Archives

Due to a failure in one of the rsync scripts during the maintenance window, the mirrors of /pub hierarchy on www.kernel.org got erased. We are resyncing them now from the master storage, but in the meantime you will probably get an occasional "Forbidden". The entirety of the archive should be rsync'ed in a few hours.

We apologize profusely for the problem and will fix the script to make sure this doesn't happen again.

Contents of git.kernel.org are unaffected.

  •  
  • ↗️
↗️

Cleanroom styles

✇The Linux Kernel Archives

You are probably wondering what happened to the site's look. Unfortunately, we've been alerted that the default theme shipped by Pelican (which we largely adapted) has an unclear license. Until this is cleared up, we've put together a quick-and-dirty cleanroom CSS reimplementation that preserves the functional aspects of the site, but sacrifices a lot of the bells and whistles.

If you are a CSS designer and would like to donate your own cleanroom style, please let us know at webmaster@kernel.org.

Our apologies, and we promise to keep a keener eye on licensing details of various templates distributed with open-source products.

  •  
  • ↗️
↗️

Pelican

✇The Linux Kernel Archives

Welcome to the reworked kernel.org website. We have switched to using Pelican in order to statically render our site content, which simplifies mirroring and distribution. You can view the sources used to build this website in its own git repository.

Additionally, we have switched from using gitweb-caching to using cgit for browsing git repositories. There are rewrite rules in place to forward old gitweb URLs to the pages serviced by cgit, so there shouldn't be any broken links, hopefully. If you notice that something that used to work with gitweb no longer works for you with cgit, please drop us a note at webmaster@kernel.org.

  •  
  • ↗️
↗️

Legal disclaimers and copyright

✇The Linux Kernel Archives

Copyright and license

Except where otherwise stated, content on this site is copyright (C) 1997-2014 by The Linux Kernel Organization, Inc. and is made available to you under the Creative Commons Attribution ShareAlike 4.0 International License.

Distributed software is copyrighted by their respective contributors and are distributed under their own individual licenses.

Legal Disclaimer

This site is provided as a public service by The Linux Kernel Organization Inc., a California 501(c)3 nonprofit corporation. Our servers are located in San Francisco, CA, USA; Palo Alto, CA, USA; Corvallis, OR, USA; Portland, OR, USA and Montréal, Québec, Canada. Use in violation of any applicable laws is strictly prohibited.

Neither the Linux Kernel Organization nor any of its sponsors make any guarantees, explicit or implicit, about the contents of this site. Use at your own risk.

Trademarks

Linux is a Registered Trademark of Linus Torvalds. All trademarks are property of their respective owners.

  •  
  • ↗️
↗️

Linux Foundation Announces an Intent to Form the OpenWallet Foundation

✇Linux Foundation
di: The Linux Foundation

A Consortium of Companies and Non Profit Organizations Collaborating to Create an Open Source Software Stack to Advance a Plurality of Interoperable Wallets

DUBLIN—September 13, 2022—The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced the intention to form the OpenWallet Foundation (OWF), a new collaborative effort to develop open source software to support interoperability for a wide range of wallet use cases. The initiative already benefits from strong support including leading companies across technology, public sector, and industry vertical segments, and standardization organizations.

The mission of the OWF is to develop a secure, multi-purpose open source engine anyone can use to build interoperable wallets. The OWF aims to set best practices for digital wallet technology through collaboration on open source code for use as a starting point for anyone who strives to build interoperable, secure, and privacy-protecting wallets.

The OWF does not intend to publish a wallet itself, nor offer credentials or create any new standards. The community will focus on building an open source software engine that other organizations and companies can leverage to develop their own digital wallets.  The wallets will support a wide variety of use cases from identity to payments to digital keys and aim to achieve feature parity with the best available wallets.

Daniel Goldscheider, who started the initiative, said, “With the OpenWallet Foundation we push for a plurality of wallets based on a common core. I couldn’t be happier with the support this initiative has received already and the home it found at the Linux Foundation.”

Linux Foundation Executive Director Jim Zemllin said, “We are convinced that digital wallets will play a critical role for digital societies. Open software is the key to interoperability and security. We are delighted to host the OpenWallet Foundation and excited for its potential.”

OpenWallet Foundation will be featured in a keynote presentation at Open Source Summit Europe on 14 September 2022 at 9:00 AM IST (GMT +1) and a panel at 12:10 PM IST (GMT +1). In order to participate virtually and/or watch the sessions on demand, you can register here

Pramod Varma, Chief Architect Aadhaar & India Stack, said, “Verifiable credentials are becoming an essential digital empowerment tool for billions of people and small entities. India has been at the forefront of it and is going all out to convert all physical certificates into digitally verifiable credentials via the very successful Digilocker system. I am very excited about the OWF effort to create an interoperable and open source credential wallet engine to supercharge the credentialing infrastructure globally.”

“Universal digital wallet infrastructure will create the ability to carry tokenized identity, money, and objects from place to place in the digital world. Massive business model change is coming, and the winning digital business will be the one that earns trust to directly access the real data in our wallets to create much better digital experiences,” said David Treat, Global Metaverse Continuum Business Group & Blockchain lead, Accenture. “We are excited to be part of the launch and development of an open-source basis for digital wallet infrastructure to help ensure consistency, interoperability, and portability with privacy, security, and inclusiveness at the core by design.”

Drummond Reed, Director of Trust Services at Avast, a brand of NortonLifeLock, said, “We’re on a mission to protect digital freedom for everyone. Digital freedom starts with the services used by the individual and the ability to reclaim their personal information and reestablish trust in digital exchanges. Great end point services start with the core of digital identity wallet technology. We are proud to be a founding supporter of the OpenWallet Foundation because collaboration, interoperability, and open ecosystems are essential to the trusted digital future that we envision.”

“The mobile wallet industry has seen significant advances in the last decade, changing the way people manage and spend their money, and the tasks that these wallets can perform have rapidly expanded. Mobile wallets are turning into digital IDs and a place to store documents whereby the security requirements are further enhanced,” said Taka Kawasaki CoFounder of Authlete Inc. “We understand the importance of standards that ensure interoperability as a member of the OpenID Foundation and in the same way we are excited to work with the Linux Foundation to develop a robust implementation to ensure the highest levels in security.”

“Providing secure identity and validated credential services are key for enabling a high assurance health care service. The OpenWallet Foundation could contribute a key role in promoting the deployment of highly effective secure digital health care systems that benefits the industry,” said Robert Samuel, Executive Director of Technology Research & Innovation, CVS Health.

“Daon provides the digital identity verification/proofing and authentication technology that enables digital trust at scale and on a global basis”, said Conor White, President – Americas at Daon, “Our experience with VeriFLY demonstrated the future importance of digital wallets for consumers and we look forward to supporting the OpenWallet Foundation.”

“We are building and issuing wallets for decentralized identity applications for several years now. Momentum and interest for this area has grown tremendously, far beyond our own community. It is now more important than ever that a unified wallet core embracing open standards is created, with the ambition to become the global standard. The best industry players are pulling together under the OpenWallet Foundation. esatus AG is proud to be among them as experience, expertise, and technology contributor,” said Dr. Andre Kudra, CIO, esatus AG 

Kaliya Young, Founder & Principal, Identity Woman in Business, said, “As our lives become more and more digital, it is critical to have strong and interoperable digital wallets that can properly safeguard our digital properties, whether it is our identities, data, or money. We are very excited to see the emergence of the OpenWallet Foundation, particularly its mission to bring key stakeholders together to create a core wallet engine (instead of another wallet) that can empower the actual wallet providers to build better products at lower cost. We look forward to supporting this initiative by leveraging our community resources and knowledge/expertise to develop a truly collaborative movement.”

Masa Mashita, Senior Vice President, Strategic Innovations, JCB Co., Ltd. said, “Wallets for the identity management as well as the payment will be a key function for the future user interface. The concept of OpenWallet will be beneficial for the interoperability among multiple industries and jurisdictions.”

“Secure and open wallets will allow individuals the world over to store, combine and use their credentials in new ways – allowing them to seamlessly assert their identity, manage payments, access services, etc., and empower them with control of their data. This brings together many of our efforts in India around identity, payments, credentials, data empowerment, health, etc. in an open manner, and will empower billions of people around the world,” said Sanjay Jain, Chairman of the Technology Committee of MOSIP.

“The Open Identity Exchange (OIX) welcomes and supports the creation of the OpenWallet Foundation. The creation of open source components that will allow wallet providers to work to standards and trust framework policies in a consistent way is entirely complementary to our own work on open and interoperable Digital Identities. OIX’s Global Interoperability working group is already defining a ‘trust framework policy characteristics methodology,’ as part of our contribution to GAIN. This will allow any trust framework to systematically describe itself to an open wallet, so that a ‘smart wallet’ can seamlessly adapt to the rules of a new framework within which the user wants to assert credentials,” said Nick Mothershaw, Chief Identity Strategist, OIX.

“Okta’s vision is to enable anyone to safely use any technology”, says Randy Nasson, Director of Product Management at Okta. “Digital wallets are emerging as go-to applications for conducting financial transactions, providing identity and vital data, and storing medical information such as vaccination status. Wallets will expand to include other credentials, including professional and academic certifications, membership status, and more. Digital credentials, including their issuance, storage in wallets, and presentation, will impact the way humans authenticate and authorize themselves with digital systems in the coming decade. Okta is excited about the efforts of the OpenWallet Foundation and the Linux Foundation to provide standards-based, open wallet technology for developers and organizations around the world.”

“The OpenID Foundation welcomes the formation of the OpenWallet Foundation and its efforts to create an open-source implementation of open and interoperable technical standards, certification and best practices.” – Nat Sakimura, Chairman, OpenID Foundation.

 “We believe the future of online trust and privacy starts with a system for individuals to take control over their digital identity, and interoperability will create broad accessibility,” says Rakesh Thaker, Chief Development Officer at Ping Identity. “We intend to actively participate and contribute to creating common specifications for secure, robust credential wallets to empower people with control over when and with whom they share their personal data.”

Wallet technologies that are open and interoperable are a key factor in enabling citizens to protect their privacy in the digital world. At polypoly – an initiative backed by the first pan-European cooperative for data – we absolutely believe that privacy is a human right! We are already working on open source wallets and are excited to collaborate with others and to contribute to the OpenWallet Foundation,” said Lars Eilebrecht, CISO, polypoly.

“Digital credentials and the wallets that manage them form the trust foundation of a digital society. With the future set to be characterised by a plurality of wallets and underlying standards, broad interoperability is key to delivering seamless digital interactions for citizens. Procivis is proud to support the efforts of the OpenWallet Foundation to build a secure, interoperable, and open wallet engine which enables every individual to retain sovereignty over their digital identities,”  Daniel Gasteiger, Chief Executive Officer, Procivis AG.

“It is essential to cross the boundaries between humans, enterprises, and systems to create value in a fully connected world. There is an urgent need for a truly portable, interoperable identity & credentialing backbone for all digital-first processes in government, business, peer-to-peer, smart city systems, and the Metaverse. The OpenWallet Foundation will establish high-quality wallet components that can be assembled into SW solutions unlocking a new universe of next-level digitization, security, and compliance,” said Dr. Carsten Stöcker, CEO Spherity & Chairman of the Supervisory Board IDunion SCE.

“Transmute has long promoted open source standards as the foundation for building evolved solutions that challenge the status quo. Transmute believes any organization should be empowered to create a digital wallet that can securely manage identifiers, credentials, currencies, and payments while complying with regulatory requirements regarding trusted applications and devices. Transmute supports a future of technology that will reflect exactly what OpenWallet Foundation wants to achieve: one that breaks with convention to foster innovation in a secure, interoperable way, benefitting competitive companies, consumers, and developers alike,” said Orie Steele, Co-Founder and CTO of Transmute.

“The Trust Over IP (ToIP) Foundation is proud to support the momentum of an industry-wide open-source engine for digital wallets. We believe this can be a key building block in our mission to establish an open standard trust layer for the Internet. We look forward to our Design Principles and Reference Architecture benefitting this endeavor and collaborating closely with this new Linux Foundation project,” said Judith Fleenor, Director of Strategic Engagement, Trust Over IP Foundation.

For more information about the project and how to participate in this work, please visit: openwallet.foundation

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 3,000 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact:

Dan Whiting
for the Linux Foundation
+1 202-531-9091
dwhiting@linuxfoundation.org

The post Linux Foundation Announces an Intent to Form the OpenWallet Foundation appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Welcoming PyTorch to the Linux Foundation

✇Linux Foundation
di: Jim Zemlin

Today we are more than thrilled to welcome PyTorch to the Linux Foundation. Honestly, it’s hard to capture how big a deal this is for us in a single post but I’ll try. 

TL;DR — PyTorch is one of the most important and successful machine learning software projects in the world today. We are excited to work with the project maintainers, contributors and community to transition PyTorch to a neutral home where it can continue to enjoy strong growth and rapid innovation. We are grateful to the team at Meta, where PyTorch was incubated and grew into a massive ecosystem, for trusting the Linux Foundation with this crucial effort. The journey will be epic.

The AI Imperative, Open Source and PyTorch

Artificial Intelligence, Machine Learning, and Deep Learning are critical to present and future technology innovation. Growth around AI and ML communities and the code they generate has been nothing short of extraordinary. AI/ML is also a truly “open source-first” ecosystem. The majority of popular AI and ML tools and frameworks are open source. The community clearly values transparency and the ethos of open source. Open source communities are playing and will play a leading role in development of the tools and solutions that make AI and ML possible — and make it better over time. 

For all of the above reasons, the Linux Foundation understands that fostering open source in AI and ML is a key priority. The Linux Foundation already hosts and works with many projects that are either contributing directly to foundational AI/ML projects (LF AI & Data) or contributing to their use cases and integrating with their platforms. (e.g., LF Networking, AGL, Delta Lake, RISC-V, CNCF, Hyperledger). 

PyTorch extends and builds on these efforts. Obviously, PyTorch is one of the most important foundational platforms for development, testing and deployment of AI/ML and Deep Learning applications. If you need to build something in AI, if you need a library or a module, chances are there is something in PyTorch for that. If you peel back the cover of any AI application, there is a strong chance PyTorch is involved in some way. From improving the accuracy of disease diagnosis and heart attacks, to machine learning frameworks for self-driving cars, to image quality assessment tools for astronomers, PyTorch is there.

Originally incubated by Meta’s AI team, PyTorch has grown to include a massive community of contributors and users under their community-focused stewardship. The genius of PyTorch (and a credit to its maintainers) is that it is truly a foundational platform for so much AI/ML today, a real Swiss Army Knife. Just as developers built so much of the technology we know today atop Linux, the AI/ML community is building atop PyTorch – further enabling emerging technologies and evolving user needs. As of August 2022, PyTorch was one of the five-fastest growing open source software communities in the world alongside the Linux kernel and Kubernetes. From August 2021 through August 2022, PyTorch counted over 65,000 commits. Over 2,400 contributors participated in the effort, filing issues or PRs or writing documentation. These numbers place PyTorch among the most successful open source projects in history.  

Neutrality as a Catalyst

Projects like PyTorch that have the potential to become a foundational platform for critical technology benefit from a neutral home. Neutrality and true community ownership are what has enabled Linux and Kubernetes to defy expectations by continuing to accelerate and grow faster even as they become more mature. Users, maintainers and the community begin to see them as part of a commons that they can rely on and trust, in perpetuity. By creating a neutral home, the PyTorch Foundation, we are collectively locking in a future of transparency, communal governance, and unprecedented scale for all.

As part of the Linux Foundation, PyTorch and its community will benefit from our many programs and support communities like training and certification programs (we already have one in the works), to community research (like our Project Journey Reports) and, of course, community events. Working inside and alongside the Linux Foundation, the PyTorch community also has access to our LFX collaboration portal, enabling mentorships and helping the PyTorch community identify future leaders, find potential hires, and observe shared community dynamics. 

PyTorch has gotten to its current state through sound maintainership and open source community management. We’re not going to change any of the good things about PyTorch. In fact, we can’t wait to learn from Meta and the PyTorch community to improve the experiences and outcomes of other projects in the Foundation. For those wanting more insight about our plans for the PyTorch Foundation, I invite you to join Soumith Chintala (co-creator of PyTorch) and Dr. Ibrahim Haddad (Executive Director of the PyTorch Foundation) for a live discussion on Thursday entitled, PyTorch: A Foundation for Open Source AI/ML.

We are grateful for Meta’s trust in “passing us the torch” (pun intended). Together with the community, we can build something (even more) insanely great and add to the global heritage of invaluable technology that underpins the present and the future of our lives. Welcome, PyTorch! We can’t wait to get started!

The post Welcoming PyTorch to the Linux Foundation appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Meta Transitions PyTorch to the Linux Foundation, Further Accelerating AI/ML Open Source Collaboration

✇Linux Foundation
di: The Linux Foundation

PyTorch Foundation to foster an ecosystem of vendor-neutral projects alongside founding members AMD, AWS, Google Cloud, Meta, Microsoft Azure, and NVIDIA 

DUBLIN – September 12, 2022 –  The Linux Foundation, a global nonprofit organization enabling innovation through open source, today announced PyTorch is moving to the Linux Foundation from Meta where it will live under the newly-formed PyTorch Foundation. Since its release in 2016, over 2400 contributors and 18,0000 organizations have adopted the PyTorch machine learning framework for use in academic research and production environments. The Linux Foundation will work with project maintainers, its developer community, and initial founding members of PyTorch to support the ecosystem at its new home.

Projects like PyTorch—that have the potential to become a foundational platform for critical technology—benefit from a neutral home. As part of the Linux Foundation, PyTorch and its community will benefit from many programs and support infrastructure like training and certification programs, research, and local to global events. Working inside and alongside the Linux Foundation, PyTorch will have access to the LFX collaboration portal—enabling mentorships and helping the PyTorch community identify future leaders, find potential hires, and observe shared project dynamics. 

“Growth around AI/ML and Deep Learning has been nothing short of extraordinary—and the community embrace of PyTorch has led to it becoming one of the five-fastest growing open source software projects in the world,” said Jim Zemlin, executive director for the Linux Foundation. “Bringing PyTorch to the Linux Foundation where its global community will continue to thrive is a true honor. We are grateful to the team at Meta—where PyTorch was incubated and grown into a massive ecosystem—for trusting the Linux Foundation with this crucial effort.”

“Some AI news: we’re moving PyTorch, the open source AI framework led by Meta researchers, to become a project governed under the Linux Foundation. PyTorch has become one of the leading AI platforms with more than 150,000 projects on GitHub built on the framework. The new PyTorch Foundation board will include many of the AI leaders who’ve helped get the community where it is today, including Meta and our partners at AMD, Amazon, Google, Microsoft, and NVIDIA. I’m excited to keep building the PyTorch community and advancing AI research,” said Mark Zuckerberg, Founder & CEO, Meta.

The Linux Foundation has named Dr. Ibrahim Haddad, its Vice President of Strategic Programs, as the Executive Director of the PyTorch Foundation.  The PyTorch Foundation will support a strong member ecosystem with a diverse governing board including founding members: AMD, Amazon Web Services (AWS), Google Cloud, Meta, Microsoft Azure and NVIDIA. The project will promote continued advancement of the PyTorch ecosystem through its thriving maintainer and contributor communities. The PyTorch Foundation will ensure the transparency and governance required of such critical open source projects, while also continuing to support its unprecedented growth.

Member Quotes

AMD

“Open software is critical to advancing HPC, AI and ML research, and we’re ready to bring our experience with open software platforms and innovation to the PyTorch Foundation,” said Brad McCredie, corporate vice president, Data Center and Accelerated Processing, AMD. “AMD Instinct accelerators and ROCm software power important HPC and ML sites around the world, from exascale supercomputers at research labs to major cloud deployments showcasing the convergence of HPC and AI/ML. Together with other foundation members, we will support the acceleration of science and research that can make a dramatic impact on the world.”

Amazon Web Services

“AWS is committed to democratizing data science and machine learning, and PyTorch is a foundational open source tool that furthers that goal,” said Brian Granger, senior principal technologist at AWS. “The creation of the PyTorch Foundation is a significant step forward for the PyTorch community. Working alongside The Linux Foundation and other foundation members, we will continue to help build and grow PyTorch to deliver more value to our customers and the PyTorch community at large.”

Google Cloud

“At Google Cloud we’re committed to meeting our customers where they are in their digital transformation journey and that means ensuring they have the power of choice,” said Andrew Moore, vice president and general manager of Google Cloud AI and industry solutions. “We’re participating in the PyTorch Foundation to further demonstrate our commitment of choice in ML development. We look forward to working closely on its mission to drive adoption of AI tooling by building an ecosystem of open source projects with PyTorch along with our continued investment in JAX and Tensorflow.”

Microsoft Azure

“We’re honored to participate in the PyTorch Foundation and partner with industry leaders to make open source innovation with PyTorch accessible to everyone,” Eric Boyd, CVP, AI Platform, Microsoft, said. “Over the years, Microsoft has invested heavily to create an optimized environment for our customers to create, train and deploy their PyTorch workloads on Azure. Microsoft products and services run on trust, and we’re committed to continuing to deliver innovation that fosters a healthy open source ecosystem that developers love to use. We look forward to helping the global AI community evolve, expand and thrive by providing technical direction based on our latest AI technologies and research.”

NVIDIA

“PyTorch was developed from the beginning as an open source framework with first-class support on NVIDIA Accelerated Computing”, said Ian Buck, General Manager and Vice President of Accelerated Computing at NVIDIA. “NVIDIA is excited to be an originating member of the PyTorch Foundation to encourage community adoption and to ensure using PyTorch on the NVIDIA AI platform delivers excellent performance with the best experience possible.”

Additional Resources:

  • Visit pytorch.org to learn more about the project and the PyTorch Foundation
  • Read Jim Zemlin’s blog discussing the PyTorch transition
  • Read Meta AI’s blog about transitioning PyTorch to the Linux Foundation
  • Read this blog from Soumith Chintala, PyTorch Lead Maintainer and AI Researcher at Meta, about the future of the project
  • Join Soumith Chintala and Dr. Ibahim Haddad for a fireside chat on Thursday, September 15, at 3pm GMT / 11am ET / 8am PT
  • Learn more about PyTorch training opportunities from the Linux Foundation
  • Follow PyTorch on Facebook, LinkedIn, Spotify, Twitter, and YouTube

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 3,000 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Dan Whiting

for the Linux Foundation

202-531-9091

dwhiting@linuxfoundation.org

The post Meta Transitions PyTorch to the Linux Foundation, Further Accelerating AI/ML Open Source Collaboration appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Open 3D Foundation Welcomes New Members OPPO and Heroic Labs as Community Optimizes Software to Embrace Mobile-First Gaming

✇Linux Foundation
di: The Linux Foundation

Foundation growth driven by organizations seeing new use cases that require modular solutions to build the future of 3D technology

SAN FRANCISCO – September 7, 2022 – As gaming increasingly becomes a mobile-first experience, OPPO and Heroic Labs are joining as Premier and General members, respectively, of the Open 3D Foundation (O3DF). The two companies are working with the community to optimize the open-source Open 3D Engine project for mobile gaming.

OPPO is a global technology company focused on delivering consumer devices, notably mobile phones, and advocating for advancing cloud-native technologies. Heroic Labs is a creator of scalable, social infrastructure for cloud services and app server development. In joining O3DF, OPPO and Heroic Labs will collaborate with other O3DF members to accelerate standardization of 3D graphics development across a diversity of mobile platforms. 

This collaboration will happen inside a newly proposed O3DE (Open 3D Engine) Mobile Device Working Group, through which the O3DE community aims to build portable libraries and interfaces that can be used across a myriad of environments, freely available under the Apache 2.0/MIT license model. We invite all of those interested in shaping the development of 3D graphics standards for mobile devices to review and comment on this open proposal.

“We’re excited to welcome OPPO and Heroic to the community, and we look forward to their contributions in helping advance 3D graphics standards through the O3DE project,” said Royal O’Brien, general manager of Digital Media and Games at the Linux Foundation and executive director of O3DF. “These newest members personify the value of O3DE’s modular architecture, which makes it easier for developers to build 3D solutions that combine the technologies best suited to a diverse set of use cases. Mobile gaming is a great example of how that modular approach fosters extensibility and adaptability from our core technology.” 

“Today, 3D graphics technology has become an essential element of modern society, with application domains ranging from visual effects, gaming and medical imaging to next-generation content like Metaverse,” said Hansen Hong, director of OPPO Software Technology Planning. “We are excited to join the Open 3D Foundation as a Premier member at the early stage of its development. Through our collaboration within the Foundation, we are eager to contribute to the Open 3D Engine with mobile platforms as our focus. Together with the Mobile Device Working Group, we will bring smoother and more user-friendly mobile development experiences to O3DE developers, while generating more efficient yet immersive and realistic rendering applications for mobile users. “

“At the heart of our mission is making game development easy for everyone,” said Mo Firouz, co-founder and chief operations officer at Heroic Labs. “This goal is accelerated by joining O3DF and actively participating in the establishment of 3D graphic development standards that will benefit every level of game creation. Creating this future in community with other O3DF members aligns with our overall commitment to accessibility through open source.”

A Burgeoning Community
Over 25 member companies have joined O3DF since its launch in July 2021. Newest members include OPPO and Heroic Labs, as well as Microsoft, LightSpeed Studios and Epic Games. Other Premier members include Adobe, Amazon Web Services (AWS), Huawei, Intel and Niantic. In May, O3DE announced its latest release, focused on performance, stability and usability enhancements. The O3D Engine community is very active, averaging up to 2 million line changes and 350-450 commits monthly from 60-100 authors across 41 repos.

Attend O3DCon

O3DF will host O3DCon October 17-19 in Austin, Texas. The event will convene a vibrant, diverse community focused on building an unencumbered, first-class, 3D engine poised to revolutionize real-time 3D development across a variety of applications—from game development, metaverse, digital twin and AI, to automotive, healthcare, robotics and more. Early bird pricing expires September 16.

About the Open 3D Engine

Open 3D Engine (O3DE) is the flagship project managed by the Open 3D Foundation (O3DF). The open-source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. To learn more, please visit o3de.org and get involved and connect with the community on Discord.com/invite/o3de and GitHub.com/o3de.

About the Open 3D Foundation

Established in July 2021, the mission of the Open 3D Foundation (O3DF) is to make an open-source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The Open 3D Foundation is home to the O3D Engine project. To learn more, please visit o3d.foundation.

About the Linux Foundation

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org

The post Open 3D Foundation Welcomes New Members OPPO and Heroic Labs as Community Optimizes Software to Embrace Mobile-First Gaming appeared first on Linux Foundation.

  •  
  • ↗️
↗️

35 Podcasts Recommended by People You Can Trust

✇Linux Foundation
di: Mark Miller
recommended podcasts from people you trust

Because of my position as Executive Producer and host of The Untold Stories of Open Source, I frequently get asked, “What podcasts do you listen to when you’re not producing your own.” Interesting question. However, my personal preference, This American Life, is more about how they create their shows, how they use sound and music to supplement the narration, and just in general, how Ira Glass does what he does. Only podcast geeks would be interested in that, so I reached out to my friends in the tech industry to ask them what THEY listen to.

The most surprising thing I learned was people professing to not listen to podcasts. “I don’t listen to podcasts, but if I had to choose one…”, kept popping up. The second thing was people in the industry need a break and use podcasts to escape from the mayhem of their day. I like the way Jennifer says it best, “Since much of my role is getting developers on board with security actions, I gravitate toward more psychology based podcasts – Adam Grant’s is amazing (it’s called WorkLife).”

Now that I think of it, same here. This American Life. Revisionist History. Radio Lab. The Moth. You get the picture. Escaping from the mayhem of the day.

Without further digression, here are the podcasts recommended by the people I trust, no particular order. No favoritism.

The Haunted Hacker

The Haunted Hacker

Hosted by Mike Jones and Mike LeBlanc

Mike Jones and Mike LeBlanc built the H4unt3d Hacker podcast and group from a really grass roots point of view. The idea was spawned over a glass of bourbon on the top of a mountain. The group consists of members from around the globe and from various walks of life, religions, backgrounds and is all inclusive. They pride themselves in giving back and helping people understand the cybersecurity industry and navigate through the various challenges one faces when they decide cybersecurity is where they belong.

“I think he strikes a great balance between newbie/expert, current events and all purpose security and it has a nice vibe” – Alan Shimel, CEO, Founder, TechStrong Group

Risky Biz Security Podcast

Risky Biz Security Podcast

Hosted by Patrick Gray

Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals. We are also known to publish blog posts from time to time.

“My single listen-every-week-when-it-comes out is not that revolutionary: the classic Risky Biz security podcast. As a defender, I learn from the offense perspective, and they also aren’t shy about touching on the policy side.” – Allan Friedman, Cybersecurity and Infrastructure Security Agency

Security Weekly Podcast

Application Security Weekly

Hosted by Mike Shema, Matt Alderman, and John Kinsella

If you’re looking to understand DevOps, application security, or cloud security, then Application Security Weekly is your show! Mike, Matt, and John decrypt application development  – exploring how to inject security into the organization’s Software Development Lifecycle (SDLC); learn the tools, techniques, and processes necessary to move at the speed of DevOps, and cover the latest application security news.

“Easily my favorite hosts and content. Professional production, big personality host, and deeply technical co-host. Combined with great topics and guests.” – Larry Maccherone, Dev[Sec]Ops Transformation Architect, Contrast Security

Azure DevOps Podcast

Hosted by Jeffrey Palermo

The Azure DevOps Podcast is a show for developers and devops professionals shipping software using Microsoft technologies. Each show brings you hard-hitting interviews with industry experts innovating better methods and sharing success stories. Listen in to learn how to increase quality, ship quickly, and operate well.

“I am pretty focused on Microsoft Azure these days so on my list is Azure DevOps” – Bob Aiello CM Best Practices Founder, CTO, and Principal Consultant

Chaos Community Broadcast

Chaos Community Broadcast

Hosted by Community of Chaos Engineering Practitioners

We are a community of chaos engineering practitioners. Chaos Engineering is the discipline of experimenting on a system in order to build confidence in the system’s capability to withstand turbulent conditions in production.

“This is so good, it’s hardly even fair to compare it to other podcasts!” – Casey Rosenthal, CEO, Co-founder, Verica

Daily Beans Podcast

The Daily Beans. News. With Swearing

Hosted by Allison Gill (A.G.)

The Daily Beans is a women-owned and operated progressive news podcast for your morning commute brought to you by the webby award-winning hosts of Mueller, She Wrote. Get your social justice and political news with just the right amount of snark.

The Daily Beans covers political news without hype. The host is a lawyer and restricts her coverage to what can actually happen while other outlets are hyping every possibility under the sun including possibilities that get good ratings but will never happen. She mostly covers the former president’s criminal cases.” – Tom Limoncelli, Manager, Stack Overflow

Software Engineering Radio

Software Engineering Radio

Hosted by Community of Various Contributors

Software Engineering Radio is a podcast targeted at the professional software developer. The goal is to be a lasting educational resource, not a newscast. Now a weekly show, we talk to experts from throughout the software engineering world about the full range of topics that matter to professional developers. All SE Radio episodes feature original content; we don’t record conferences or talks given in other venues.

The one that I love to keep tabs on is called Software Engineering Radio, published by the IEEE computer society. It is absolutely a haberdashery of new ideas, processes, lessons learned. It also ranges from very practical action oriented advice the whole way over to philosophical discussions that are necessary for us to drive innovation forward. Professionals from all different domains contribute. It’s not a platform for sales and marketing pitches!” – Tracy Bannon, Senior Principal/ Software Architect & DevOps Advisor, MITRE

Cybrary Podcast

Cybrary Podcast

Hosted by Various Contributors

Join thousands of other listeners to hear from the current leaders, experts, vendors, and instructors in the IT and Cybersecurity fields regarding DevSecOps, InfoSec, Ransomware attacks, the diversity and the retention of talent, and more. Gain the confidence, consistency, and courage to succees at work and in life.

Relaxed chat, full of good info, and they got right to the point. Would recommend.” – Wendy Nather, Head of Advisory CISOs, CISCO

Open Source Underdogs Podcast

Open Source Underdogs

Hosted by Michael Schwartz

Open Source Underdogs is the podcast for entrepreneurs about open source software. In each episode, we chat with a founder or leader to explore how they are building thriving businesses around open source software. Our goal is to demystify how entrepreneurs can stay true to their open source objectives while also building sustainable, profitable businesses that fuel innovation and ensure longevity.

Mike Schwartz’s podcast is my favourite. Really good insights from founders.” – Amanda Brock, CEO, OpenUK

Ten Percent Happier

Hosted by Dan Harris

Ten Percent Happier publishes a variety of podcasts that offer relatable wisdom designed to help you meet the challenges and opportunities in your daily life.

I listen to Ten Percent Happier as my go-to podcast. It helps me with mindfulness practice, provides a perspective on real-life situations, and makes me a kinder person. That is one of the most important traits we all need these days.” – Arun Gupta, Vice President and General Manager for Open Ecosystem, Intel

Making Sense Podcast

Making Sense

Hosted by Sam Harris

Sam Harris is the author of five New York Times best sellers. His books include The End of Faith, Letter to a Christian Nation, The Moral Landscape, Free Will, Lying, Waking Up, and Islam and the Future of Tolerance (with Maajid Nawaz). The End of Faith won the 2005 PEN Award for Nonfiction. His writing and public lectures cover a wide range of topics—neuroscience, moral philosophy, religion, meditation practice, human violence, rationality—but generally focus on how a growing understanding of ourselves and the world is changing our sense of how we should live.

Sam dives deep on topics rooted in our culture, business, and minds. The conversations are very approachable and rational. With some episodes reaching an hour or more, Sam gives topics enough space to cover the necessary angles.” – Derek Weeks, CMO, The Linux Foundation

Darknet Diaries

Darknet Diaries

Hosted by Jack Rhysider

Darknet Diaries produces audio stories specifically intended to capture, preserve, and explain the culture around hacking and cyber security in order to educate and entertain both technical and non-technical audiences.

This is a podcast about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network.

Darknet Diaries would be my recommendation. Provided insights into the world of hacking, data breaches and cyber crime. And Jack Rhysider is a good storyteller ” – Edwin Kwan, Head of Application Security and Advisory, Tyro Payments

Under the Skin

Under the Skin

Hosted by Russel Brand

Under the Skin asks: what’s beneath the surface – of the people we admire, of the ideas that define our times, of the history we are told. Speaking with guests from the world of academia, popular culture and the arts, they’ll teach us to see the ulterior truth behind or constructed reality. And have a laugh.

“He interviews influential people from all different backgrounds and covers everything from academia to tech to culture to spiritual issues” – Ashleigh Auld, Global Director Partner Marketing, Linnwood

Cyberwire Daily

Hosted by Dave Bittner

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also included interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

“I’d recommend the CyberWire daily podcast has got most relevant InfoSec news items and stories industry pros care about. XX” – Ax Sharma, Security Researcher, Tech Reporter, Sonatype

7 Minute Security Podcast

Hosted by Brian Johnson

7 Minute Security is a weekly audio podcast (once in a while with video!) released on Wednesdays and covering topics such Penetration testing, Blue teaming, and Building a career in security.

In 2013 I took on a new adventure to focus 100% on information security. There’s a ton to learn, so I wanted to write it all down in a blog format and share with others. However, I’m a family man too, and didn’t want this project to offset the work/family balance.

So I thought a podcast might fill in the gaps for stuff I can’t – or don’t have time to – write out in full form. I always loved the idea of a podcast, but the good ones are usually in a longer format, and I knew I didn’t have time for that either. I was inspired by the format of the 10 Minute Podcast and figured if it can work for comedy, maybe it can work for information security!

Thus, the 7 Minute Security blog and its child podcast was born.

7 Minute Security Podcast – because Brian makes the best jingles!” – Björn Kimminich, Product Group Lead Architecture Governance, Kuehne + Nagel (AG & Co.) KG

Continuous Delivery

Continuous Delivery

Hosted by Dave Farley

Explores ideas that help to produce Better Software Faster: Continuous Delivery, DevOps, TDD and Software Engineering.

Hosted by Dave Farley – a software developer who has done pioneering work in DevOps, CD, CI, BDD, TDD and Software Engineering. Dave has challenged conventional thinking and led teams to build world class software.

Dave is co-author of the award wining book – “Continuous Delivery”, and a popular conference speaker on Software Engineering. He built one of the world’s fastest financial exchanges, is a pioneer of BDD, an author of the Reactive Manifesto, and winner of the Duke award for open source software – the LMAX Disruptor.

Dave Farley’s videos are a treasure trove of knowledge that took me and others years to uncover when we were starting out. His focus on engineering and business outcomes rather than processes and frameworks is a breath of fresh air. If you only have time for one source of information, use his.Bryan Finster, Value Stream Architect, Defense Unicorns

The Prof G Show

The Prof G Show

Hosted by Scott Galloway

A fast and fluid weekly thirty minute show where Scott tears into the taxonomy of the tech business with unfiltered, data-driven insights, bold predictions, and thoughtful advice.

Very current very modern. Business and tech oriented. Talks about markets and economics and people and tech.” – Caroline Wong, Chief Strategy Officer, Cobalt

Open Source Security Podcast

Open Source Security Podcast

Hosted by Josh Bressers and Kurt Seifried

Open Source Security is a collaboration by Josh Bressers and Kurt Seifried. We publish the Open Source Security Podcast and the Open Source Security Blog.

We have a security tabletop game that Josh created some time ago. Rather than play a boring security tabletop exercise, what if had things like dice and fun? Take a look at the Dungeons and Data tabletop game

It has been something I’ve been listening to a lot lately with all of the focus on Software Supply Chain Security and Open Source Security. The hosts have very deep software and security backgrounds but keep the show light-hearted and engaging as well. ” – Chris Hughes, CISO, Co-Founder Aquia Inc

Pivot Podcast

Pivot

Hosted by Kara Swisher and Professor Scott Galloway

Every Tuesday and Friday, tech journalist Kara Swisher and NYU Professor Scott Galloway offer sharp, unfiltered insights into the biggest stories in tech, business, and politics. They make bold predictions, pick winners and losers, and bicker and banter like no one else. After all, with great power comes great scrutiny. From New York Magazine and the Vox Media Podcast Network.

As a rule, I don’t listen to tech podcasts much at all, since I write about tech almost all day. I check out podcasts about theater or culture — about as far away from my day job as I can get. However, I follow a ‘man-about-town’ guy named George Hahn on social media, who’s a lot of fun. Last year, he mentioned he’d be a guest host of the ‘Pivot’ podcast with Kara Swisher and Scott Galloway, so I checked out Pivot. It’s about tech but it’s also about culture, politics, business, you name it. So that’s become the podcast I dip into when I want to hear a bit about tech, but in a cocktail-party/talk show kind of way.” – Christine Kent, Communications Strategist, Christine Kent Communications

The Idealcast

The Idealcast

Hosted by Gene Kim

Conversations with experts about the important ideas changing how organizations compete and win. In The Idealcast, multiple award-winning CTO, researcher and bestselling author Gene Kim hosts technology and business leaders to explore the dangerous, shifting digital landscape. Listeners will hear insights and gain solutions to help their enterprises thrive in an evolving business world.

“I like this because it has a good balance of technical and culture/leadership content.” – Courtney Kissler, CTO, Zulily

Trustedsec Security Podcast

TrustedSec Security Podcast

Hosted by Dave Kennedy and Various Team Contributors

Our team records a regular podcast covering the latest security news and stories in an entertaining and informational discussion. Hear what our experts are thinking and talking about.

I LOVE LOVE LOVE the TrustedSec Security Podcast. Dave Kennedy’s team puts on a very nice and often deeply technical conversation every two weeks. The talk about timely topics from today’s headlines as well as jumping into purple team hackery which is a real treat to listen in and learn from.” – CRob Robinson, Director of Security Communications Intel Product Assurance and Security, Intel

Profound Podcast

Profound Podcast

Hosted by John Willis

Ramblings about W. Edwards Deming in the digital transformation era. The general idea of the podcast is derived from Dr. Demming’s seminal work described in his New Economics book – System of Profound Knowledge ( SoPK ). We’ll try and get a mix of interviews from IT, Healthcare, and Manufacturing with the goal of aligning these ideas with Digital Transformation possibilities. Everything related to Dr. Deming’s ideas is on the table (e.g., Goldratt, C.I. Lewis, Ohno, Shingo, Lean, Agile, and DevOps).

I don’t listen to podcasts much these days (found that consuming books via audible was more useful… but I guess it all depends on how emerging the topics are you are interested in). I only mention this as I am thin I recommendations. I’d go with John Willis’s Profound or Gene Kim’s Idealcast. Some overlap in (world class) guests but different interview approaches and perspectives.” – Damon Edwards, Sr. Director, Product PagerDuty

Security Now Podcast

Security Now

Hosted by Steve Gibson and Leo Laporte

Stay up-to-date and deepen your cybersecurity acumen with Security Now. On this long-running podcast, cybersecurity authority Steve Gibson and technology expert Leo Laporte bring their extensive and historical knowledge to explore digital security topics in depth. Each week, they take complex issues and break them down for clarity and big-picture understanding. And they do it all in an approachable, conversational style infused with their unique sense of humor. Listen and subscribe, and stay on top of the constantly changing world of Internet security. Security Now records every Tuesday afternoon and hits your podcatcher later that evening.

“The shows cover a wide range of security topics, from the basics of technologies such as DNSSec & Bitcoin, to in depth, tech analysis of the latest hacks hitting the news, The main host, Steve Gibson, is great at breaking down tech subjects over an audio . It’s running at over 800 episodes now, regular as clockwork every week, so you can rely on it. Funnily Steve Gibson has often reminded me of you – able to assess what’s going on with a subject, calmly find the important points, and describe them to the rest of us in way that’s engaging and relatable.medium – in a way you can follow and be interested in during your commute or flight.” – Gary Robinson, Chief Security Officer, Ulseka

The Jordan Harbinger Show Podcast

The Jordan Harbinger Show

Hosted by Jordan Harbinger

Today, The Jordan Harbinger Show has over 15 million downloads per month and features a wide array of guests like Kobe Bryant, Moby, Dennis Rodman, Tip “T.I.” Harris, Tony Hawk, Cesar Millan, Simon Sinek, Eric Schmidt, and Neil deGrasse Tyson, to name a few. Jordan continues to teach his skills, for free, at 6-Minute Networking. In addition to hosting The Jordan Harbinger Show, Jordan is a consultant for law enforcement, military, and security companies and is a member of the New York State Bar Association and the Northern California Chapter of the Society of Professional Journalists.

Excellent podcasts where he interviews people from literally every walk of life, how they have become successful, why they have failed (if they have) as well as great personal development coaching ideas.” – Jeff DeVerter, CTO, Products and Services, RackSpace

WorkLife Podcast

WorkLife with Adam Grant

Hosted by Adam Grant

Adam hosts WorkLife, a chart-topping TED original podcast. His TED talks on languishing, original thinkers, and givers and takers have been viewed more than 30 million times. His speaking and consulting clients include Google, the NBA, Bridgewater, and the Gates Foundation. He writes on work and psychology for the New York Times, has served on the Defense Innovation Board at the Pentagon, has been honored as a Young Global Leader by the World Economic Forum, and has appeared on Billions.

I don’t listen to many technical podcasts. I like Caroline Wongs and have listened to it a number of times (Humans of InfoSec) but since much of my role is getting developers on board with security actions, I gravitate toward more psychology based podcasts – Adam Grant’s is amazing (it’s called WorkLife).” – Jennifer Czaplewski, Senior Director, Cyber Security, Target

You know lately I have been listening to WorkLife with Adam Grant. Not a tech podcast but a management one.” – Paula Thrasher, Senior Director Infrastructure, PagerDuty

SRE Podcast

SRE Prodcast

Hosted by Core Team Members:  Betsy Beyer, MP English, Salim Virji, Viv

The Google Prodcast Team has gone through quite a few iterations and hiatuses over the years, and many people have had a hand in its existence. For the longest time, a handful of SREs produced the Prodcast for the listening pleasure of the other engineers here at Google.

We wanted to make something that would be of interest to folks across organizations and technical implementations. In his last act as part of the Prodcast, JTR put us in touch with Jennifer Petoff, Director of SRE Education, in order to have the support of the SRE organization behind us.

The SRE Prodcast is Google’s podcast about Site Reliability Engineering and production software. In Season 1, we discuss concepts from the SRE Book with experts at Google.” – Jennifer Petoff, Director, Program Management, Cloud Technical Education Google

Make Me Smart Podcast

Make Me Smart

Hosted by Kai Ryssdal And Kimberly Adams

Every weekday, Kai Ryssdal and Kimberly Adams break down the news in tech, the economy and culture. How do companies make money from disinformation? How can we tackle student debt? Why do 401(k)s exist? What will it take to keep working moms from leaving the workforce? Together, we dig into complex topics to help make today make sense

I literally learn 3 new things about topics i never would have tried to learn about.” – Kadi Grigg, Enablement Specialist, Sonatype

EconTalk

EconTalk

Hosted by Russ Roberts

Conversations for the Curious is an award-winning weekly podcast hosted by Russ Roberts of Shalem College in Jerusalem and Stanford’s Hoover Institution. The eclectic guest list includes authors, doctors, psychologists, historians, philosophers, economists, and more. Learn how the health care system really works, the serenity that comes from humility, the challenge of interpreting data, how potato chips are made, what it’s like to run an upscale Manhattan restaurant, what caused the 2008 financial crisis, the nature of consciousness, and more.

The only podcast I listen to is actually EconTalk, which has nothing to do with tech!” – Kelly Shortridge, Senior Principal, Product Technology, Fastly

Leading the Future of Work

Leading the Future of Work

Hosted by Jacob Morgan

The Future of Work With Jacob Morgan is a unique show that explores how the world of
work is changing, and what we need to do in order to thrive. Each week several episodes are
released which range from long-form interviews with the world’s top business leaders and
authors to shorter form episodes which provide a strategy or tip that listeners can apply to
become more successful.

The show is hosted by 4x best-selling author, speaker and futurist Jacob Morgan and the
goal is to give listeners the inspiration, the tools, and the resources they need to succeed
and grow at work and in life.

Episodes are not scripted which makes for fun, authentic, engaging, and educational
episodes filled with insights and practical advice.

It is hard for me to keep up with podcasts. The one I listen to regularly is “Leading The Future of Work” by Jacob Morgan. I know it is not technical, but I think it is extremely important for technical people to understand what the business thinks and is concerned about.” – Keyaan Williams, Managing Director, CLASS-LLC

Hacking Humans Podcast

Hacking Humans

Hosted by Dave Bittner and Joe Carrigan

Deception, influence, and social engineering in the world of cyber crime.

Join Dave Bittner and Joe Carrigan each week as they look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world.

In case we needed any reminders that humanity is a scary place.” – Matt Howard, SVP and CMO, Virtu

Cloud Security Podcast

Cloud SecurityPodcast

Hosted by Ashish Rajan, Shilpi Bhattacharjee, and Various Contributors

Cloud Security Podcast is a WEEKLY Video and Audio Podcast that brings in-depth cloud security knowledge to you from the best and brightest cloud security experts and leaders in the industry each week over our LIVE STREAMs.

We are the FIRST podcast that carved the niche for Cloud Security in late 2019. As of 2021, the large cloud service providers (Azure, Google Cloud, etc.) have all followed suit and started their own cloud security podcasts. While we recommend you listen to their podcasts as well, we’re the ONLY VENDOR NEUTRAL podcast in the space and will preserve our neutrality indefinitely.

I really love Ashish’s cloud security podcast, listened to it for a while now. He gets really good people on it and it’s a nice laid back listen, too.” – Simon Maple, Field CTO, Snyk

DSO Overflow Podcast

DSO Overflow

Hosted by Glenn Wilson, Steve Giguere, Jessica Cregg

In depth conversations with influencers blurring the lines between Dev, Sec, and Ops!

We speak with professionals working in cyber security, software engineering and operations to talks about a number of DevSecOps topics. We discuss how organisations factor security into their product delivery cycles without compromising the value of doing DevOps and Agile.

One of my favourite meetups in London ‘DevSecOps London Gathering’ has a podcast where they invite their speakers https://dsolg.com/#podcast” – Stefania Chaplin, Solutions Architect UK&I, GitLab

Pardon the Interruption

Pardon the Interruption

Hosted by Tony Kornheiser and Mike Wilbon

Longtime sportswriters Tony Kornheiser and Mike Wilbon debate and discuss the hottest topics, issues and events in the world of sports in a provocative and fast-paced format.

Similar in format to Gene Siskel and Roger Ebert‘s At the Movies,[2][3] PTI is known for its humorous and often loud tone, as well as the “rundown” graphic which lists the topics yet to be discussed on the right-hand side of the screen. The show’s popularity has led to the creation of similar shows on ESPN and similar segments on other series, and the rundown graphic has since been implemented on the morning editions of SportsCenter, among many imitators.[4] – Wikipedia

I’m interested in sports, and Tony and Mike are well-informed, amusing, and opinionated. It also doesn’t hurt any that I’ve known them since they were at The Washington Post and I was freelancing there. What you see on television, or hear on their podcast, is exactly how they are in real life. This sincerity of personality is a big reason why they’ve become so successful.” – Steven Vaughan-Nichols, Technology and business journalist and analyst. Red Ventures

The post 35 Podcasts Recommended by People You Can Trust appeared first on Linux Foundation.

  •  
  • ↗️
↗️

You want content? We’ve got your content right here!

✇Linux Foundation
di: The Linux Foundation
ONE Summit LF Networking November 15-16

ONE Summit Agenda is now live!

This post originally appeared on LF Networking’s blog. The author, Heather Kirksey, is VP Community & Ecosystem. ONE Summit is the Linux Foundation Networking event that focuses on the networking and automation ecosystem that is transforming public and private sector innovation across 5G network edge, and cloud native solutions. Our family of open source projects address every layer of infrastructure needs from the user edge to the cloud/core. Attend ONE Summit to get the scoop on hot topics for 2022!

Today LF Networking announced our schedule for ONE Summit, and I have to say that I’m extraordinarily excited. I’m excited because it means we’re growing closer to returning to meeting in-person, but more importantly I was blown away by the quality of our speaking submissions. Before I talk more about the schedule itself, I want to say that this quality is all down to you: You sent us a large number of thoughtful, interesting, and innovative ideas; You did the work that underpins the ideas; You did the work to write them up and submit them. The insight, lived experience, and future-looking thought processes humbled me with its breadth and depth. You reminded me why I love this ecosystem and the creativity within open source. We’ve all been through a tough couple of years, but we’re still here innovating, deploying, and doing work that improves the world. A huge shout out to everyone across every company, community, and project that made the job of choosing the final roster just so difficult.

Now onto the content itself. As you’ve probably heard, we’ve got 5 tracks: Industry 4.0, Security and Privacy, The New Networking Stack, Operationalizing Deployment, and Emerging Technologies and Business Models:

  • “Industry 4.0” looks at the confluence of edge and networking technologies that enable technology to uniquely improve our interactions with the physical world, whether that’s agriculture, manufacturing, robotics, or our homes. We’ve got a great line-up focused both on use cases and the technologies that enable them.
  • “Security and Privacy” are the most important issues with which we as global citizens and we as an ecosystem struggle. Far from being an afterthought, security is front and center as we look at zero-trust and vulnerability management, and which technologies and policies best serve enterprises and consumers.
  • Technology is always front and center for open source groups and our “New Networking Stack” track dives deep into the technologies and components we will all use as we build the infrastructure of the future. In this track we have a number of experts sharing their best practices, as well as ideas for forward-looking usages.
  • In our “Operationalizing Deployment” track, we learn from the lived experience of those taking ideas and turning them into workable reality. We ask questions like,  How do you bridge cultural divides? How do you introduce and truly leverage DevOps? How do you integrate compliance and reference architectures? How do you not only deploy but bring in Operations? How do you automate and how to you use tools to accomplish digital transformation in our ecosystem(s)?
  • Not just content focusing only on today’s challenges and success, we look ahead with “Emerging Technologies and Business Models.” Intent, Metaverse, MASE, Scaling today’s innovation to be tomorrow’s operations, new takes on APIs – these are the concepts that will shape us in the next 5-10 years; we  talk about how we start approaching and understanding them?

Every talk that made it into this program has unique and valuable insight, and I’m so proud to be part of the communities that proposed them. I’m also honored to have worked with one of the best Programming Committees in open source events ever. These folks took so much time and care to provide both quantitative and qualitative input that helped shape this agenda. Please be sure to thank them for their time because they worked hard to take the heart of this event to the next level. If you want to be in the room and in the hallway with these great speakers, there is only ONE place to be. Early bird registration ends soon, so don’t miss out and register now!

And please don’t forget to sponsor. Creating a space for all this content does cost money, and we can’t do it without our wonderful sponsors. If you’re still on the fence, please consider how amazing these sessions are and the attendee conservations they will spark. We may not be the biggest conference out there, but we are the most focused on decision makers and end users and the supply chains that enable them. You won’t find a more engaged and thoughtful audience anywhere else.

The post You want content? We’ve got your content right here! appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Is it time for an OSPO in your organization?

✇Linux Foundation
di: The Linux Foundation

Is your organization consuming open source software, or is it starting to contribute to open source projects? If so, perhaps it’s time for you to start an OSPO: an open source program office.

At the LF, we’re dedicating resources to improving your understanding of all things open source, such as our Guide to Enterprise Open Source and the Evolution of the Open Source Program Office, published the last year. 

In a new Linux Foundation Research report, A Deep Dive into Open Source Program Offices, published in partnership with the TODO Group, authored by Dr. Ibrahim Haddad, Ph.D, showcases the many forms of OSPOs, their maturity models, responsibilities, and challenges they face in open source enterprise adoption, and also their staffing requirements are discussed in detail. 

“The past two decades have accelerated open source software adoption and increased involvement in contributing to existing projects and creating new projects. Software is where a lot of value lies and the vast majority of software developed is open source software providing access to billions of dollars worth of external R&D. If your organization relies on open source software for products or services and does not have a formalized OSPO yet ​​to manage all aspects of working with open source, please consider this report a call to establish your OPSO and drive for leadership in the open source areas that are critical to your products and services.”Ibrahim Haddad, Ph.D., General Manager, LF AI & Data Foundation

Here are some of the report’s important lessons:

An OSPO can help you manage and track your company’s use of open source software and assist you when interacting with other stakeholders. It can also serve as a clearinghouse for information about open source software and its usage throughout your organization.

Your OSPO is the central nervous system for an organization’s open source strategy and provides governance, oversight, and support for all things related to open source.

OSPOs create and maintain an inventory of your open source software (OSS) assets and track and manage any associated risks. The OSPO also guides how to best use open source software within the organization and can help coordinate external contributions to open source projects.

To be effective, the OSPO needs to have a deep understanding of the business and the technical aspects of open source software. It also needs to work with all levels of the organization, from executives to engineers.

An OSPO is designed to:

  • Be the center of competency for an organization’s open source operations and structure,
  • Place a strategy and set of policies on top of an organization’s open source efforts.

This can include creating policies for code use, distribution, selection, auditing, and other areas; training developers; ensuring legal compliance, and promoting and building community engagement to benefit the organization strategically.

An organization’s OSPO can take many different forms, but typically it is a centralized team that reports to the company’s executive level. The size of the team will depend on the size and needs of the organization, and how it is adopted also will undergo different stages of maturity.

When starting, an OSPO might just be a single individual or a very small team. As the organization’s use of open source software grows, the OSPO can expand to include more people with different specialties. For example, there might be separate teams for compliance, legal, and community engagement.

This won’t be the last we have to say about the OSPO in 2022. There are further insights in development, including a qualitative study on the OSPO’s business value across different sectors, and the TODO group’s publication of the 2022 OSPO Survey results will take place during OSPOCon in just a few weeks. 

There is no board template to build an OSPO. Its creation and growth can vary depending on the organization’s size, culture, industry, or even its milestones.

That’s why I keep seeing more and more open source leaders finding critical value in building connections with other professionals in the industry. OSPOCon is an excellent networking and learning space where those working (or willing to work) in open source program offices that rely on open source technologies come together to learn and share best practices, experiences, and tools to overcome challenges they face.” Ana Jiménez, OSPO Program Manager at TODO Group

Join us there and be sure to read the report today to gain key insights into forming and running an OSPO in your organization. 

The post Is it time for an OSPO in your organization? appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Addressing Cybersecurity Challenges in Open Source Software: What you need to know

✇Linux Foundation
di: The Linux Foundation

by Ashwin Ramaswami

June 2022 saw the publication of Addressing Cybersecurity Challenges in Open Source Software, a joint research initiative launched by the Open Source Security Foundation in collaboration with Linux Foundation Research and Snyk. The research dives into security concerns in the open source ecosystem. If you haven’t read it, this article will give you the report’s who, what, and why, summarizing its key takeaways so that it can be relevant to you or your organization.

Who is the report for?

This report is for everyone whose work touches open source software. Whether you’re a user of open source, an OSS developer, or part of an OSS-related institution or foundation, you can benefit from a better understanding of the state of security in the ecosystem.

Open source consumers and users: It’s very likely that you rely on open source software as dependencies if you develop software. And if you do, one important consideration is the security of the software supply chain. Security incidents such as log4shell have shown how open source supply chain security touches nearly every industry. Even industries and organizations that have traditionally not focused on open source software now realize the importance of ensuring their OSS dependencies are secure. Understanding the state of OSS security can help you to manage your dependencies intelligently, choose them wisely, and keep them up to date.

Open source developers and maintainers: People and organizations that develop or maintain open source software need to ensure they use best practices and policies for security. For example, it can be valuable for large organizations to have open source security policies. Moreover, many OSS developers also use other open source software as dependencies, making understanding the OSS security landscape even more valuable. Developers have a unique role to play in leading the creation of high-quality code and the respective governance frameworks and best practices around it.

Institutions: Institutions such as open source foundations, funders, and policymaking groups can benefit from this report by understanding and implementing the key findings of the research and their respective roles in improving the current state of the OSS ecosystem. Funding and support can only go to the right areas if priorities are informed by the problems the community is facing now, which the research assists in identifying.

What are the major takeaways?

The data from this report was collected by conducting a worldwide survey of:

  • Individuals who contribute to, use, or administer OSS;
  • Maintainers, core contributors, and occasional contributors to OSS;
  • Developers of proprietary software who use OSS; and
  • Individuals with a strong focus on software supply chain security

The survey also included data collected from several major package ecosystems by using Snyk Open Source, a static code analysis (SCA) tool free to use for individuals and open source maintainers.

Here are the major takeaways and recommendations from the report:

  • Too many organizations are not prepared to address OSS security needs: At least 34% of organizations did not have an OSS security policy in place, suggesting these organizations may not be prepared to address OSS security needs.
  • Small organizations must prioritize developing an OSS security policy: Small organizations are significantly less likely to have an OSS security policy. Such organizations should prioritize developing this policy and having a CISO and OSPO (Open Source Program Office).
  • Using additional security tools is a leading way to improve OSS security: Security tooling is available for open source security across the software development lifecycle. Moreover, organizations with an OSS security policy have a higher frequency of security tool use than those without an OSS security policy.
  • Collaborate with vendors to create more intelligent security tools: Organizations consider that one of the most important ways to improve OSS security across the supply chain is adding greater intelligence to existing software security tools, making it easier to integrate OSS security into existing workflows and build systems.
  • Implementing best practices for secure software development is the other leading way to improve OSS security: Understanding best practices for secure software development, through courses such as the OpenSSF’s Secure Software Development Fundamentals Courses, has been identified repeatedly as a leading way to improve OSS supply chain security.
  • Use automation to reduce your attack surface: Infrastructure as Code (IaC) tools and scanners allow automating CI/CD activities to eliminate threat vectors around manual deployments.
  • Consumers of open source software should give back to the communities that support them: The use of open source software has often been a one-way street where users see significant benefits with minimal cost or investment. For larger open source projects to meet user expectations, organizations must give back and close the loop by financially supporting OSS projects they use.

Why is this important now?

Open source software is a boon: its collaborative and open nature has allowed society to benefit from various innovative, reliable, and free software tools. However, these benefits only last when users contribute back to open source software and when users and developers exercise due diligence around security. While the most successful open source projects have gotten such support, other projects have not – even as open source use has continued to be more ubiquitous.

Thus, it is more important than ever to be aware of the problems and issues everyone faces in the OSS ecosystem. Some organizations and open source maintainers have strong policies and procedures for handling these issues. But, as this report shows, other organizations are just facing these issues now.

Finally, we’ve seen the risks of not maintaining proper security practices around OSS dependencies. Failure to update open source dependencies has led to costs as high as $425 million. Given these risks, a little investment in strong security practices and awareness around open source – as outlined in the report’s recommendations – can go a long way.

We suggest you read the report – then see how you or your organization can take the next step to keep yourself secure!

The post Addressing Cybersecurity Challenges in Open Source Software: What you need to know appeared first on Linux Foundation.

  •  
  • ↗️
↗️

The Network Evolves: ONE Summit Presents Collaborative and Transformative Program Across Networking, Edge, IoT

✇Linux Foundation
di: Jill Lovato
  • Industry experts will share their knowledge across 5G, factory floor, agriculture, government, Smart Home, and Robotics use cases
  • Speakers from  50+ companies, 20 end users, 16 countries during ONE Summit 
  • Industry experts across the expanding open networking and edge ecosystems confirmed to present insights during ONE Summit North America, November 15-16, in Seattle, WA

SAN FRANCISCO, August 31, 2022 LF Networking, the facilitator of collaboration and operational excellence across open source networking projects, announced the ONE Summit North America 2022 session schedule is now available. Taking place in Seattle, WA November 15-16, ONE Summit is the one  industry event that brings together decision makers and implementers for two days of in-depth presentations and interactive conversations around 5G, Access, Edge, Telco, Cloud, Enterprise Networking, and more open source technology developments. 

“LF Networking is proud to set a high bar with the quality of content submissions for this year’s ONE Summit, and to offer an innovative line-up of diverse sessions,” said Arpit Joshipura, General Manager, Networking, Edge, and IoT, the Linux Foundation. “We will also touch on gaming, robotics, 5G network automation, factory floor, agriculture and more, with a strong program based on the power of connectivity.” 

The event will feature an extensive program of 70+ diverse business and technical sessions that cover cutting-edge topics across five presentation tracks: Industry 4.0; Security; The New Networking Stack; Operational Deployments (case studies, success & challenges); and Emerging Technologies and Business Models. 

Conference Session Highlights:

ONE Summit returns in-person for the first time in two years in its best format ever! The use-case driven content is strong in breadth and depth and includes sessions from open source users with whom LF Networking is engaged for the first time. Attendees will have a choose your own adventure experience as they select from a variety of content formats from interactive sessions, panels, in-depth tutorials, to lightning talk sessions with quick glances of future- looking thought processes. 

  • Real-world deployment stories of open source in action, from:
    • leading telco and enterprise organizations including TELUS, Google,  Deutsche Telekom, Red Hat, Verizon, Nokia, China Mobile, Equinix, Netgate, Pantheon and others. 
    • government and academic institutions including DARPA, the Naval Information Warfare Center (NWIC), UK Government, University of Southern California, Jeju National University, Georgia Tech, and others. 
  • Use case examples across the Metaverse, Robotics, Smart Home, Digital Twins, 5G Automation, Edge Orchestration, AI/ML, Kubernetes Orchestration, and more. 
  • Hands-on experiential learning and technical deep-dives in IoT and edge deployments led by expert practitioners.
  • Lightning talks offer the opportunity to quickly learn about security and emerging technologies.
  • Sessions contributing insight into open source projects across the ecosystem, including Akraino, CAMARA, eBPF, EdgeX Foundry, EVE, Nephio, OAI, OIF, ONAP, OpenSSF, ORAN-SC, SONiC, and more.

Registration

ONE Summit attendees engage directly with thought leaders across 5G, Cloud Native and Network Edge and expand knowledge of open source networking technology progression. Register today to gain fresh insights on technical and business collaboration shaping the future of networking, edge, and cloud computing.

Corporate registration is offered at the early price of US$995 through Sept. 9. Day passes are available for US$675 and Individual/Hobbyist (US$350) and  Academic/Student (US$100) passes are also available. Members of The Linux Foundation, LF Networking, and  LF Edge receive a 20 percent discount off registration and can contact events@linuxfoundation.org to request a member discount code. Members of the press who would like to request a press pass to attend should contact pr@lfnetworking.org

To register, visit  https://events.linuxfoundation.org/one-summit-north-america/register/. Corporate attendees should register before September 9, 2022 for the best rates. 

Developer & Testing Forum

ONE Summit will be followed by a complimentary, two-day LF Networking Developer and Testing Forum (DTF), a grassroots hands-on event organized by the LF Networking projects. ONE Summit attendees are encouraged to extend the experience, roll up sleeves, and join the incredible developer community to advance the open source networking and automation technologies of the future. Session videos from the Spring 2022 LFN Developer & Testing Forum, which took place June 13-16 in Porto, Portugal, are available here.

Sponsors

ONE Summit  is made possible thanks to generous sponsors, including: Diamond sponsor Dell Technologies; Gold sponsor kyndryl; Silver sponsor Futurewei Technologies; and Bronze sponsors Data Bank and Netris.ai. 

For information on becoming an event sponsor, click here or email for more information and to speak to the team.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. Learn more at linuxfoundation.org.


The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. ###

The post The Network Evolves: ONE Summit Presents Collaborative and Transformative Program Across Networking, Edge, IoT appeared first on Linux Foundation.

  •  
  • ↗️
↗️

Open 3D Foundation (O3DF) Announces Keynote Lineup for O3DCon—Online and In-Person in Austin, October 17-19

✇Linux Foundation
di: The Linux Foundation

Keynotes, workshops and sessions will explore innovations in open source 3D development and use of Open 3D Engine (O3DE) for gaming, entertainment, metaverse, AI/ML, healthcare applications and more

SAN FRANCISCO—August 30, 2022—The Open 3D Foundation (O3DF) today announced a slate of keynote speakers for O3DCon, its flagship conference, which will be held October 17-19 in Austin, Texas and online. O3DCon will bring together technology leaders, indie developers and academia to share ideas and best practices, discuss hot topics and foster the future of 3D development across a variety of industries and disciplines. The schedule is available at https://events.linuxfoundation.org/o3dcon/program/schedule/

Industry luminaries will headline the keynote sessions, including:

  • Bill Vass, vice president of engineering, Amazon Web Services
  • Bryce Adelstein Lelbach, principal architect, NVIDIA and standard C++ Library Evolution chair, “C++ Horizons”
  • Deb Nicholson, executive director, Python Software Foundation and founding board member, SeaGL (the Seattle GNU/Linux Conference), “Open Source is a Multiplier”
  • Denis Dyack, founder, Apocalypse Studios, “The Successes, Challenges and Future of O3DE”
  • Mathew Kemp, game director, Hadean, “Supercharging Gameworld Performance Using the Cloud”
  • Nithya Ruff, head, Open Source Program Office, Amazon and chair, Linux Foundation Board of Directors, “Game On! How to Be a Good Open Source Citizen” 
  • Omar Zohdi, technical ecosystem manager, Imagination Technologies, “O3DE and the Future of Mobile Graphics Development”
  • Royal O’Brien, executive director, Open 3D Foundation and general manager of Digital Media & Games, Linux Foundation, “State of the Open 3D Foundation”
  • Sheri Graner Ray, CEO and founder, Zombie Cat Studios, “How Big Is Your Dream? Rethinking the Role of Passion in Development”
  • Stephen Jacobs, director of Open@RIT and professor at the School of Interactive Games and Media, Rochester Institute of Technology, “Open in Academia, Science and Why O3DE Should Be Part of It All”

Early Bird Registration Ends September 16
Register today at https://events.linuxfoundation.org/o3dcon/register/. Organizations interested in sponsorships can contact sponsorships@linuxfoundation.org.

“After celebrating our first year in July and recognizing the immense growth of our community, we’re excited to connect with them at this year’s O3DCon,” said Royal O’Brien, executive director of O3DF. “Since O3DF’s inception, we’ve grown to 25 member companies, including Epic Games, LightSpeed Studios and Microsoft, and we’ve announced a new O3DE release. This year’s O3DCon will feature a diversity of use cases that go way beyond gaming, including metaverse, cloud, open source licensing, digital twin in healthcare and lots more. If your organization is building 3D stacks for a new generation of applications, O3DCon is an event designed to help you get there.”

The three-day O3DCon conference schedule will also include sessions, lightning talks, panel discussions and exhibits exploring innovations and best practices in open 3D development, open source licensing, interoperability across 3D engines and the benefits of using O3DE to revolutionize real-time 3D development. Sessions of note include:

Attendees can also participate in a slate of hands-on workshops and training sessions on the first day of the conference, October 17.

About the Open 3D Engine (O3DE) Project
O3DE is the flagship project managed by the O3DF. The open source project is a modular, cross-platform 3D engine built to power anything from AAA games to cinema-quality 3D worlds to high-fidelity simulations. The code is hosted on GitHub under the Apache 2.0 license. The O3D Engine community is very active, averaging up to 2 million line changes and 350-450 commits monthly from 60-100 authors across 41 repos. To learn more, please visit o3de.org and get involved and connect with the community on Discord.com/invite/o3de and GitHub.com/o3de.

About the Open 3D Foundation (O3DF)
Established in July 2021, the mission of the O3DF is to make an open source, fully-featured, high-fidelity, real-time 3D engine for building games and simulations, available to every industry. The O3DF is home to the O3DE project. To learn more, please visit o3d.foundation.

About the Linux Foundation
Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. 

For more information, please visit us at linuxfoundation.org

Media Inquiries:

pr@o3d.foundation

# # #

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post Open 3D Foundation (O3DF) Announces Keynote Lineup for O3DCon—Online and In-Person in Austin, October 17-19 appeared first on Linux Foundation.

  •  
  • ↗️
❌