FOCP test - FinOps Certified Practitioner Updated: 2024

The Linux Foundation has created a new way for open source communities to create Open Standards. Through its new initiative, Community Specification, communities will be able to create standards using tools and approaches that are inspired by open source developers. 

Community Specification lets contributors more easily start the specification process, and also reduces administrative overhead. “The Community Specification can dramatically reduce the time developers spend on building and meeting spec requirements and ensure important work is not lost and time is not wasted. By democratizing the specification build process, developers have more time to innovate and build the technologies that differentiate their work from others,” the Linux Foundation wrote in a post. 

According to the Linux Foundation, Open Standards are “specifications made available to the public, developed, and maintained via an inclusive, collaborative, transparent, and consensus-driven process.” These standards allow for interoperability and data exchange among different products or services. 

The Linux Foundation believes it’s important to have a standards project because items like due process, balance, inclusiveness, and intellectual property clarity are important for developing open-source projects, and a standards project ensures there aren’t any surprises regarding intellectual property down the line. 

“The Community Specification builds on these best practices and brings them to the Git repository development environments that developers are already using. And it makes it easy to get started. You can start using the Community Specification by bringing its terms into your repository and getting to work — just like starting an open source project,” the Linux Foundation wrote.

The Linux Foundation is addressing structural and security complexities in today’s modern software supply chains with the release of the ‘Vulnerabilities in the Core,’ a preliminary report and census II of open-source software. 

The report was put together by the Linux Foundation’s Core Infrastructure Initiative and the Laboratory for Innovation Science at Harvard (LISH). 

RELATED CONTENT: 
Report: The benefits of open-source software go beyond cost
The realities of running an open-source community

“The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to deliver us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

Based on the foundation and lab’s analysis, the team found the following ten packages as the most used free and open-source software packages. 

1. Async: A utility module which provides straight-forward, powerful functions for working with asynchronous JavaScript. Although originally designed for use with Node.js and installable via npm install async, it can also be used directly in the browser.
2. Inherits: A browser-friendly inheritance fully compatible with standard node.js inherits. 
3. Isarray: Array#isArray for older browsers and deprecated Node.js versions. 
4. Kind-of: Get the native JavaScript type of a value.  
5. Lodash: A modern JavaScript utility library delivering modularity, performance & extras. 
6. Minimist: Parse argument options. This module is the guts of optimist’s argument parser without all the fanciful decoration. 
7. Natives: Do stuff with Node.js’s native JavaScript modules. 
8. Qs: A querystring parsing and stringifying library with some added security. 
9. Readable-stream: Node.js core streams for userland. 
10. String_decoder: Node-core string_decoder for userland. 

The report also details the most commonly used non-JavaScript packages, which includes:

1. com.fasterxml.jackson.core:jackson-core: A core part of Jackson that defines Streaming API as well as basic shared abstractions.
2. com.fasterxml.jackson.core:jackson-databind: General data-binding package for Jackson (2.x): works on streaming API (core) implementation(s). 
3. com.google.guava:guava: Google core libraries for Java.
4. commons-codec: Apache Commons Codec software provides implementations of common encoders and decoders such as Base64, Hex, Phonetic and URLs
5. commons-io: Commons IO is a library of utilities to assist with developing IO functionality.
6. httpcomponents-client: The Apache HttpComponents™ project is responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols. 
7. httpcomponents-core: The Apache HttpComponents™ project is responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols.
8. logback-core: The reliable, generic, fast and flexible logging framework for Java. 
9. org.apache.commons:commons-lang3: A package of Java utility classes for the classes that are in java.lang’s hierarchy, or are considered to be so standard as to justify existence in java.lang.
10. Slf4j:slf4j: Simple Logging Facade for Java.

Based on these packages, the researchers were able to determine some common problems. For instance, they found the naming schema for software components were unique, individual and inconsistent. “The effort required to untangle and merge these datasets slowed progress on the current project significantly. Despite the considerable effort that went into creating the framework to produce these initial results for Census II, the challenge of applying it to other data sets with even more varied formats and naming standards still remains,” the report stated.

“Open source is an undeniable and critical part of today’s economy, providing the underpinnings for most of our global commerce. Hundreds of thousands of open source software packages are in production applications throughout the supply chain, so understanding what we need to be assessing for vulnerabilities is the first step for ensuring long-term security and sustainability of open source software,” said Zemlin.

Additionally, there is an increasing importance of individual developer account security. A majority of top packages were found to be hosted under individual accounts, which can mean they are more vulnerable to attack.  

Lastly, the researchers found the persistence of legacy software in the open source space. According to them, this can lead to compatibility problems, and financial and time-related costs. 

“FOSS was long seen as the domain of hobbyists and tinkerers. However, it has now become an integral component of the modern economy and is a fundamental building block of everyday technologies like smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure,” said Frank Nagle, a professor at Harvard Business School and co-director of the Census II project. “Understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy.”

In order to determine the top packages and projects, the foundation worked with software composition analysis and app security companies like Snyk and Synopsys.

“Considering the ubiquity of open source software and the essential role it plays in the technology powering our world, it is more important than ever that we take a collaborative approach to maintain the long term health of the most foundational open source components,” said Tim Mackey, principal security strategist for the Synopsys Cybersecurity Research Center. “Identifying the most pervasive FOSS components in commercial software ecosystems, combined with a clear understanding of both their security posture and the communities who maintain them, is a critical first step. Beyond that, commercial organizations can do their part by conducting internal reviews of their open source usage and actively engaging with the appropriate open source communities to ensure the security and longevity of the components they depend on.”

Last week, Microsoft and the Linux Foundation sent a joint open letter to the American Law Institute to protest the group's draft Principles of the Law of Software Contracts. The ALI, a nonprofit group whose stated purpose is "to promote the clarification and simplification of the law and its better adaptation to social needs," published the draft last August as part of an effort to deliver judges clearer guidelines for interpreting software licensing agreements.

The ALI is proposing that two new "non-disclaimable" warranties be added to best practice guidelines for software licensing. One warranty would make software developers liable for infringing on patents and copyrights, while the other would make contributors to open-source software liable for material defects in the software. The law currently allows contributors and licensors of open source to avoid liability by offering their wares on an "as-is" basis.

The GPL and many other free software licenses expressly state that the authors have no liability pertaining to the functioning--or non-functioning--of the software, said John Locke, principal consultant at Freelock Computing, a Seattle-based open-source consultancy.

"Legislation that imposes a burden of providing a warranty against defects would seem to go against the GPL, which would mean people couldn't use GPL software wherever this ALI principle was applied," Locke said.

The ALI's proposal would also take away commercial software vendors' ability to draw up End User License Agreements (EULAs) that distance themselves from any kind of warranty that their software is bug-free, Locke added.

In a Sunday post to the Microsoft On The Issues blog, Horacio Gutierrez, corporate vice president and deputy general counsel of Intellectual Property and Licensing, said certain provisions of the ALI's proposal "do not reflect existing law and could disrupt the well-functioning software market for businesses and consumers, as well as create uncertainty for software developers."

Jim Zemlin, executive director of the Linux Foundation, noted that the issue is one area in which the open-source community and Microsoft see eye to eye.

"The principles outlined by the ALI interfere with the natural operation of open-source licenses and commercial licenses as well by creating implied warranties that could result in a tremendous amount of unnecessary litigation, which would undermine the sharing of technology," Zemlin said in a Monday blog post.

The Linux Foundation's Greg Kroah-Hartman delivered a comprehensive talk this week on the current state and future challenges of Linux kernel security. Speaking at the Open Source Summit (OSS) Japan 2023, Kroah-Hartman -- Linux stable kernel maintainer and a prominent member of the Linux kernel security team -- shed light on the evolving landscape of open-source software security, regulatory challenges, and the Linux kernel's response to these issues.

Hardly a day goes by without a software security issue popping up, and governments are now trying to direct how companies and organizations should mitigate security issues. There's just one problem: Governments barely understand how to use software, much less how open-source developers create software.

Also: Linux might be your best bet for heightening your desktop computer security

For example, the European Union's proposed Cyber Resilience Act (CRA) is full of good intentions, but it's a bad fit for anyone who builds open-source software. While the most recent version is much better, as Kroah-Hartman pointed out, it still means that since "all the world sells their devices and products into the EU, this is going to define their security requirements."

Are we ready to deal with this new wave of regulation? No, we aren't. 

As for the Linux community, Kroah-Hartman has said that the Linux kernel security team is fundamentally reactive, contrary to other security teams that adopt a proactive stance. Since its formal inception in 2005, the team has operated informally, without corporate affiliations or contracts. This allows for neutrality and flexibility in addressing security issues. This approach has fostered trust among companies and effectively managed and triaged security problems.

"There are other groups, kernel security teams, and other projects," he added,  "that are proactive. But that's not what we do. We just react to problems."

And there are plenty of problems to go around. For instance, Kroah-Hartman highlighted the ongoing challenges with hardware security, particularly in the wake of vulnerabilities like Spectre and Meltdown. Indeed, as he pointed out, it's been more than three years since those serious CPU bugs appeared, and while "they keep trying to fix them in hardware, another one just got announced a few hours ago. So there's no end to this anytime soon." 

This underscores the complexities of dealing with hardware embargoes and the longer development cycles of hardware compared to software. Ideally, Kroah-Hartman wants the hardware companies to "get on the ball faster," a sentiment echoed by governments and regulatory bodies.

Kroah-Hartman also pointed out that, "a lot of people [today] don't realize that while the Linux commercial distribution model is not dead, it's not the majority anymore by far. 80% of the world's servers and systems run free and open source projects based on Debian, Fedora, or openSUSE" -- not Red Hat Enterprise Linux (RHEL) or SUSE Linux Enterprise Server (SLES). 

Also: Want a simple, stable, and secure Linux distribution? Then SpiralLinux is for you

That reality has complicated security challenges because, Korah-Hartman explained, "the communities that work with these open-source projects can't sign a non-disclosure agreement (NDA) because their community members live in other countries or work for different companies." 

Instead, the Linux kernel developers' security team is an "ad hoc informal group" without a  contract. Kroah-Hartman continued, "And that was the best thing that could ever happen to set the stage for us doing this in a company- and government-neutral way. It's saved us so many problems."

How it works: People send security reports to the group's members. There's not even an email list. There's just a small group, which doesn't represent any companies. Kroah-Hartman added, "It's all kept quiet, and since 2005, we've never had any leaks."

What they do, Kroah-Hartman continued, "is triage the reports, figure out what's wrong, and drag in the proper developers, if they're not on the list already, to create the fix as soon as possible. This patch is then included in the stable branch of Linux. That's it."

When they say "as soon as possible", they mean it. "Once we have a fix, the most we'll hold on to is seven days. This is," Kroah-Hartman continued, "after we have a fix. When we get a report, we start working on it as soon as possible. We have had some fixes to take over a year. We've had some networking issues. I think we went on 18 months before we fixed it properly. But once we fixed it, the fix goes in." 

Also: Ubuntu Linux 23.10 is adding an important new security feature

The group also does not make announcements of security fixes. " We don't announce anything. We don't say anything special. We just push it in so that it looks like a normal bug fix."

Yes, that does make people angry. But, Kroah-Hartman explained, "to people on the security team, a bug is a bug is a bug. There's nothing special about security fixes. And if we call out security fixes as being special, that implies that other fixes are not special."

That's a mistake because, according to Kroah-Hartman, "any bug has the potential of being a security issue at the kernel level." A small bug fix he'd made years ago to TTY, a minor subsystem in Linux today, turned out to have a killer security hole. It enabled anyone to get root on RHEL systems.  You never know where or when a security problem will crop up.

Kroah-Hartman also observed that while the "Linux kernel has about 30 million lines of code, you only use about two million lines in your server, 4 million in your phone, and one and a half million in your TV. But we don't know what you're using. Linux is everywhere, in your cars, in satellites, and it's in cow-milking machines. We don't know your use case. We don't know how you're using Linux. We don't know what the security model is." Therefore, everything and anything must be considered essential.  

Also: 7 things even new Linux users can do to better secure the OS

So, what can you do about it to protect yourself? Kroah-Hatman stressed that you should always use the latest long-term stable (LTS) kernel. 

Unfortunately, very few Linux distributions do that. He criticized companies that fail to update their kernels regularly. Outdated systems, from where he sits, are inherently insecure. 

This isn't his opinion alone. After years of study, Kroah-Hartman cited the Google Android security team, which found that stable Linux kernels had fixed every known recent security problem before they were reported. They have documented proof that taking stable kernels always works and that your systems will be secure. As a Google Linux kernel engineer, Kees Cook said, "So what is a vendor to do? The answer is simple, if painful: continuously update to the latest kernel release, either major or stable."

While shopping online presents great convenience and the possibility to save money, looking for the best deals and The Linux Foundation coupon codes can become a difficult task. News.com.au Coupons has got everything set up for you, not only with more options on discount codes to choose from that are available on The Linux Foundation, but also ensuring they’re Verified to work. Get the items you’ve been searching for from The Linux Foundation and save more, or choose to buy even more products from the money you can save! Start saving today with The Linux Foundation discount codes, promo codes, coupons, or offers from News.com.au Coupons, and make sure you never miss out on any of these amazing offers, simply by signing up and getting these The Linux Foundation discount codes sent directly to your inbox.

Discount Codes You Cannot Miss!

Using coupons from News.com.au Coupons helps you save more when you buy more. Be sure to know that you will be saving a great deal each time you shop with your favourite brands. Maximise your spending with the best promo codes and discount codes from Australia. Look around and keep visiting our site News.com.au Coupons to see more of the amazing discount codes you might just want to use. Here at News.com.au Coupons, your shopping experience matters, so we will keep giving you coupon codes that you can use to shop from your favourite brands.

In the world of generative AI, the role of open-source technologies is becoming increasingly important.

At Linux Foundation‘s AI dot dev event this week, the non-profit organization that is home to a vast array of open-source efforts across the technology landscape attempted to stake its claim for relevancy in the generative AI era. The Linux Foundation is an umbrella group for several open-source efforts including the Cloud Native Computing Foundation (CNCF), the PyTorch Foundation and the LF AI and Data project. 

Among the latest efforts is the Generative AI Commons, which was quietly launched in September and has progressed steadily in the months since then, adding new members and detailing its direction at the AI dot dev event.

In the opening keynote for the event, Jim Zemlin, executive director of the Linux Foundation emphasized the critical role of open source for technology innovation.

“Open innovation isn’t just a way to create interesting technology,” Zemlin said. “We believe it is a basic freedom of expression.”

Survey says: open is the way to go

To help better understand the AI landscape, the Linux Foundation’s research group surveyed enterprise views on generative AI.

“The world is rapidly adopting generative AI tooling, half of the organizations we talked to are already implementing these tools,” Zemlin said.  “In fact, the only thing holding people back right now are security and data privacy concerns as it relates to generative AI projects in their organizations.”

Not surprisingly, given the survey was conducted by the Linux Foundation, the majority of organizations want to use open-source generative AI technology as opposed to proprietary solutions.  Zemlin noted that being open to AI can help with understanding how models work and make decisions.

“We want to make sure that everybody understands, whether it’s regulators or industry, that openness will allow for transparency, trust attribution, will allow for competition and innovation,” Zemlin said.

What the Linux Foundation’s Generative AI Commons is all about

As part of the LF AI and Data Foundation at the Linux Foundation, the new Generative AI Commons is a growing effort.

In a keynote, Matt White, director of the Generative AI Commons, detailed the objectives, progress and future plans for the nascent effort. The group now has more than 100 active members and has a stated mission of helping to foster the advancement of ethical Generative AI open-source innovations. White said that what all the members have in common is they want to advance open-source generative AI and see open science embraced in AI research and development.

“In essence, the Generative AI Commons is where openness means action,” White said. “It is where we come together to ensure that the benefits of AI are shared, the knowledge is spread and the future of AI remains firmly in the hands of the many and not just a few.”

The Generative AI Commons is organized into four primary work streams: model and data, frameworks, applications, and education. One of the initial deliverables that the group is now working on is the model openness framework, which evaluates generative AI projects against the criteria of open science and open source.

“We will be growing the number of hosted generative AI projects whether they be models, datasets, or applications to grow a rich ecosystem of open source generative AI projects that are guided by a strong community with neutral governance that embraces the principles of responsible AI,” White said.

Linux Foundation community to discuss impact of open source in a live stream presentation at COP28, Dubai.

SAN FRANCISCO , Nov. 28, 2023 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, is excited to announce a one-hour live-stream presentation at COP28, Dubai that will explore the transformative power of open source and how it is being used to advance the United Nations Sustainable Development Goals (SDGs). Featuring speakers from Linux Foundation Research, Linux Foundation Europe, OS-Climate, Hyperledger Foundation, AgStack Foundation, Fintech in Open Source Foundation (FINOS), Sustainable & Scalable Infrastructure Alliance, and the ELISA and Zephyr projects, the presentation will take place on December 6th from 15:00 - 16:00 GST in the COP28 Blue Zone.

The Linux Foundation, home to more than 1,000 open source projects, aims to significantly scale up global, community-based open collaboration around solutions for climate change, sustainability, and environmental social governance (ESG). Presentation participants will call for the international community to broaden and deepen their open source efforts, with the aim to drive more resources toward developing the open source solutions needed to close the $5 trillion yearly gap in investment required for greenhouse gas mitigation, resilience, and adaptation.

The one-hour presentation on December 6th will include a series of talks about how Linux Foundation projects and communities are advancing the 17 UN SDGs. Sharing insights from the Linux Foundation's latest research, and important community projects and initiatives, speakers will highlight use cases and documented efforts that help drive sustainability, identifying where resources can be directed to broaden and deepen these efforts.

"I am thrilled to share new research at COP28 that illustrates the myriad Linux Foundation projects as transformative, digital public goods vital to the acceleration of the UN Sustainable Development Goals." - Hilary Carter, SVP Research & Communications, Linux Foundation Research

Story continues

"OS-Climate has led the awakening of the sustainable finance and business community to the power of open source, and the public utility approach for data it debuted at COP26 is now being adopted across multiple initiatives including the NZDPU, the recently announced Monetary Authority of Singapore facility, and the utility for biodiversity envisioned by the Task Force for Nature-Related Financial Disclosures (TNFD). There is much greater potential to tap open source in accelerating climate impact. Most players in the climate community have yet to embrace true community-based development, where peers and even competitors work jointly to build the pre-competitive layers of data and tools in full transparency, which can be used in widely adopted commercial solutions and advisory services."  – Truman Semans, Executive Director of OS-Climate

"Climate Accounting is a global, decentralized problem that we all share. This is why the Hyperledger Climate Action and Accounting Special Interest Group is working hard to explore how to deliver open source, decentralized ledger solutions to provide a shared account of our global carbon emissions. Our work is a critical component of the development underway across the Hyperledger community to address climate challenges." – Sherwood Moore, Chair, Hyperledger Climate Action and Accounting Special Interest Group, Hyperledger Foundation

"More than 1/2 of the world's labor force is engaged in Agriculture. More than 70% of all freshwater is used in Agriculture. Our ways of producing, supplying/processing and consuming our food are simply not sustainable today and as a result 1/3rd of the total food produced is wasted and 1/3rd of the people on the planet are hungry - while 1/3rd of all GHG emissions on the planet come from agriculture. But agriculture can also be the solution - aided in part by the digital economy. With the help of its passionate community of public- and private-sector actors, AgStack is building an open-science, open-data and open-source data infrastructure - that enables digital content creation and consumption - at scale. For both industrialized farms in the global north and smallholder farms in the global south, AgStack offers a permissively licensed set of sub-projects that enable the reusable, inclusive and non-vendor-locked infrastructure (the digital "road") for digital applications (or "vehicles") to unleash the power of data to benefit food ecosystems stakeholders worldwide." – Sumer Johal, Executive Director, AgStack Foundation

"Not only does open collaboration deliver incredible efficiency in mutualizing resources needed to build the high quality and longevity software, hardware and standards our digital infrastructure runs on, but in turn enables these to be made available as digital public goods for the entire world to leverage. And when you pair this positive-sum game, in which individuals can collaborate on a level playing field with private and public sector actors, with worthy causes like the UN SDGs, the impact we can have is simply exponential and gives us a vital chance to address pressing issues that frankly no single entity can solve in isolation." – Gabriele Columbro, ED Fintech in Open Source Foundation, GM Linux Foundation Europe.

"The population is growing but our resources aren't. We need to be more efficient with what we have, which means we need to focus on advancing the UN Sustainable Development Goals, and open source is one of the best ways of collaborating on the infrastructure products are based on for dependability on a global scale. Zephyr is working towards efficient power management in resource-constrained applications, bringing AI to the edge, as well as being able to be secure and efficient when there are safety considerations. ELISA is working to enable Linux in similar embedded applications where there are safety considerations for market segments like automotive, medical, industrial, and aerospace." – Kate Stewart, VP Dependable Embedded Systems, Linux Foundation

"Digital infrastructure powers our communities and must also positively contribute to them. The scale at which this will expand requires those that are developing this infrastructure do so in a way that is not only profitable but sustainable, equitable and beneficial to the world. This philosophy is core to the Linux Foundation's Sustainable and Scalable Infrastructure Alliance. Our open community has developed specifications to address the very physical aspects of our digital infrastructure. The Open19 V2 specification addresses the emerging power and cooling requirements of next-generation workloads in a consistent, reusable form. We're excited to build on this momentum and work with the community on renewable energy (use, storage, and re-use), expand reuse of existing infrastructure, and create novel approaches to sustainability challenges in digital infrastructure." – My Truong, Chair, Sustainable & Scalable Infrastructure Alliance

The presentation will be hosted on December 6th in the COP28 Blue Zone from 15:00 - 16:00 GST. Participate in the free live-stream here. For more information about the Linux Foundation's sustainability efforts, visit LF Sustainability, and read the Open Source for Sustainability report.

About The Linux Foundation

The Linux Foundation is the world's leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Noah Lehman
Manager
The Linux Foundation
nlehman@linuxfoundation.org

View original content to obtain multimedia:https://www.prnewswire.com/news-releases/linux-foundation-projects-unite-at-cop28-to-showcase-open-source-action-on-un-sustainable-development-goals-301999311.html

SOURCE The Linux Foundation