Language Selection

English French German Italian Portuguese Spanish

Syndicate content
News For Open Source Professionals
Updated: 1 hour 27 min ago

Why CII best practices gold badges are important

Wednesday 17th of June 2020 03:54:28 PM

On the Linux Foundation blog, David A. Wheeler, Director of Open Source Supply Chain Security writes about CII Gold Badges:

“…a CII Best Practices badge, especially a gold badge, shows that an OSS project has implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found. Projects take many such steps to earn a gold badge, and it’s a good thing to see.”

Read more at the Linux Foundation

The post Why CII best practices gold badges are important appeared first on

Building a sustainable open source community: training and certifications

Tuesday 16th of June 2020 04:21:40 PM

The Linux Foundation has a new blog post about why training and professional certifications are important for open source communities:

“The open source community works more organically and cyclically, which necessitates that a cadre of expertise is built for it not just to be deployed (as the commercial training and ecosystem have worked historically over the past 40 years) but also as part of its continuing development and for it and all of its participants to thrive. 

An open source software community develops software, and it gets deployed by professionals. Those professionals often eventually move on to different organizations and implement the same software. Those organizations will ultimately need more people to support deployments and write applications to extend and customize the software. These organizations also need system administration professionals and cloud providers to support solutions based on these open source software systems.”

Read more at the Linux Foundation blog.

The post Building a sustainable open source community: training and certifications appeared first on

Linux Kernel Training Helps in a Kernel Security Research Career

Tuesday 16th of June 2020 04:00:06 PM
In 2016, Alexander Popov was a Linux kernel developer who had contributed 14 patches into the mainline kernel.

Alexander wanted to become a more effective open source contributor in the future, so he applied for and was awarded a Linux Foundation Training (LiFT) Scholarship in the Kernel Guru category.

Learn more at Linux Foundation Training

The post Linux Kernel Training Helps in a Kernel Security Research Career appeared first on

Meet Donut, An Open Source Social Networking Software

Monday 15th of June 2020 10:00:50 AM

Donut is an open-source social networking project created by Codeuino, a volunteer-driven, open-source, social networking software development organization that wants to change the way communities and individuals use and create open-source social-environment tools.

Swapnil Bhartiya interviews Jaskirat Singh, Founder, Codeuino on behalf of the Linux Foundation. Here is the transcript of the interview:

Swapnil Bhartiya: Hi, this is Swapnil Bhartiya and today we have with us a special guest from India, Jaskirat Singh, founder of Codeuino, an open-source project or a community, that’s building amazing software for social networking. Jaskirat, first of all, welcome to the show. Now, tell us a bit about the project itself.

Jaskirat Singh: Codeuino is basically a social networking community that takes into the account of only social environment projects, like the Donut project, the Codebadge project, and the Spenceberry project.

Swapnil Bhartiya: So, basically it’s like an open-source community that is creating software targeted at social networking solutions.

Jaskirat Singh: Well, we just build the software side. So we have projects which any other external communities, any other projects, can use in their own way. We just provide a set of projects to make it available for the other external projects, other communities too. And those things can be used in their customization since it’s open-source and it’s free.

Swapnil Bhartiya: Now, you’ve mentioned three projects. One of the projects that I am personally interested in is project Donut. Tell us a bit more about the Donut project.

Jaskirat Singh: Donut is basically an open-source, feature-rich, and highly privacy-friendly social media platform. It is not a replication of Facebook. It’s a platform that has been built for community-oriented collaborations, in a customized way. It’s built on the Node.js framework that helps other communities to set-up their own platform.

This will act as the bridge between their projects and their users of the community. So this is basically a social media platform. And this comes with an expansive set of a library of modules, where you can even customize with some external as we have mentioned. We have an appropriate mechanism inside this Donut platform where you can organize, you can create more features inside the Donut platform itself with one click. So this is something which even helps you to create your own features, functionalities inside the Donut platform.

Swapnil Bhartiya: Now, if you look at history, there have been many efforts to create open-source solutions for social networking. I mean, Mastodon is a very good example, which did not get the kind of traction we expected it to get. So how different is Donut from these open-source efforts?

Jaskirat Singh: The world we currently live in is full of jarring technologies. And with each passing day, new software or gadget is brought into the market which tends to improve our lives in one or the other way. Communication technology has enabled new approaches to the external communities project and end-users in which stakeholders across various sectors are engaged in consensus building, and basically in the implementation process. So basically this Donut project allows the users to have one-on-one interaction with their own community.

So this is basically a platform that would help bridge the gap between the communities, their own workings, their own working ethics, and the targeted users, which gets involved with the communities because for every open-source community or every open-source project the most prioritized thing is their users. And every community, usually within the open-source, basically depends on the contribution they receive from the external users. So I think, this is something which would help engage the external users with their projects and they would be able to organize their own stuff on this particular self-hosted version of their own Donut on their server. So, this is something that will act as two sides of the Facebook network, which is a social media platform.

Swapnil Bhartiya: If I’m not wrong, you’re not building the next Mastodon, you’re not building the next Facebook or Twitter, you’re actually building an open-source social media solution or software that others can leverage to build a social network for their own needs. Is that correct?

Jaskirat Singh: Yes. We are building software.

Swapnil Bhartiya: Who is the target audience of Donut? If I’m not wrong, you seem to be looking at business-to-business or B-to-B space and not at business-to-consumer or B-to-C space. Is that correct?

Jaskirat Singh: Okay. Basically, if I talk about the targeted audience, so targeted audience in the sense, this is available to the communities. Suppose if I talk about a Linux Foundation community, it has got quite a lot of users, right? So, to sustain those users with their own communities, and to keep them updated about the stuff, and engage them with the external stuff like their media or even the projects, events and other things. So this is something that would help engage both the external communities as well as the targeted users for those particular communities.

Swapnil Bhartiya: And you have also been accepted into Google Summer of Code. What has been that experience so far?

Jaskirat Singh: We are involved in many major development programs like Google Summer of Code, Google Code-in, Google Season of Docs. We are currently in the phase of Google Summer of Code 2020. So, I think participation through these programs has enabled us to grow our community of various developers and other activists. And I think being a social networking community it fulfills a social need to interact with various other activists, researchers, designers, and developers across the globe.

Swapnil Bhartiya: I also want to know a bit about how widespread is the community. I do understand that it originated from India, but tell us a bit about where its developers are, is it specific to a region or it’s a global phenomenon?

Jaskirat Singh: Oh. Well, this is something not really restricted to our country. So this is something globally present. So, anyone can join our community.

Swapnil Bhartiya: Now, I want to take a step back. I understand a lot about the project. I want to know the story, why and when you got the idea to create this project? What problem did you see in this market that you wanted to solve with it?

Jaskirat Singh: Oh. Well, I just want you to know, when I started with this project, I was around 14 years old, and the major problem for me was to seek some contribution, like how to basically set up the foundation for this particular project. Because, I actually got to know about the open-source stuff from one of the contest by Google, which is named as Google Code-in. And after that, it really made me research how social media platforms are made. So I was wondering, how about if every community and every project have their own Facebook? So this is something that helped me and motivated me to research these topics. I started brainstorming around why there is a need for social environments, why there is a need for a community bridge between the users, why there’s a need for sustainability within any community or any project.

This motivated and encouraged me to start with this particular project, and with this growing project, we had a chance to integrate other projects like discussion forums with this social media platform and the project, which measures the health of the user. So it’s all about getting all in one place. Even more importantly, this type of project doesn’t exist for now. We would be the first one to do it.

Swapnil Bhartiya: Now, one of the critical pieces of any project especially open-source projects is funding. So how are you funding or sponsoring the project?

Jaskirat Singh: Well, for now, we don’t have enough funding. We don’t receive enough funding for now, but whatever the funding we receive, is basically from the development programs, and anyone like I just had Google Summer of Code, and those are the things, they usually pay, they support some open-source communities who do participate. So this basically, we are even looking forward to having financial support from the communities, some large base communities, and where we could help grow our market, we could have grown our development phase, so this is something. Even now if I talk about, I would really like to thank Linux Foundation, because the Linux Foundation recently is supporting us, and even we got approved for a Linux Foundation’s new CommunityBridge Mentorship program, where Codeuino is participating with the two mentees. So I think this is something we are really excited about.

Swapnil Bhartiya: Right. If you look at open-source, the commercialization of open-source is critical to the health of the project, and its ecosystem. It ensures that the project has some longevity. Do you have any plans to commercialize Donut?

Jaskirat Singh: Now, basically yes, because currently, we have a lot of goals. We are currently in a phase of making this reach to some external markets as well, making it a more viable product at a production level. And we are heavily working on this Donut platform, and other interlinked projects to have security and vulnerabilities related stuff, because if any community use this platform for their own, like for on their self… So the very first priority would be to have that security, right? So security and privacy play the most important part of any community. So this is something we are really trying to build on, and really trying to make it more secure, so that this could be reached to the major production level, and this could be used by many other communities and projects.

Swapnil Bhartiya: Can you talk about what does your roadmap for the year look like?

Jaskirat Singh: Basically, the very first priority for us would be to seek some funding from the communities and from the projects, because funding plays a vital role for us because we have to… Because basically, for any open-source community or project, they usually depend upon the contributions they receive from the external users. So this is something which would help us to enable and get into the markets, and organize some meetups, organize some of the development sprints, online hackathons, where we could introduce the project, and we could have the better improvements inside the platforms we are working on.

I think, adding AI to projects would even enable us to seek some more growth. So this is something we really plan to do this in particular, this year.

Swapnil Bhartiya: That was great. Thank you, Jaskirat Singh, for taking time out and talking to me today. Good luck with your project, and I look forward to talking to you again, once you hit some of those milestones on your roadmap. Thank you.

Jaskirat Singh: Sure. Thank you. Thanks a lot.


The post Meet Donut, An Open Source Social Networking Software appeared first on

Best Linux Foundation classes: Introduction to Linux, Cloud Engineer Bootcamp, and more (ZDNet)

Wednesday 10th of June 2020 07:17:19 PM

Steven J. Vaughn Nichols writes:

“The Linux Foundation is an IT certification pioneer, offering its first certification exams back in 2014 in a remote format. Before this, it was virtually unheard of to take an IT certification exam outside of a testing center. The Linux Foundation established verifiable, secure remote proctoring processes, which remain in place. This makes it much easier, especially in the days of the coronavirus pandemic for qualified individuals to obtain certifications without traveling.

Here are some of the best of the best of their class programs. I’ve focused on the ones leading to certifications because having a certification can always help. Many techies don’t respect certifications, but to get a job in IT, you must first get by the human resources gatekeepers. And, if they don’t see the certifications they’re looking for, you’ll never get a chance to show your prospective boss your technical chops.”

Read more on ZDNet

The post Best Linux Foundation classes: Introduction to Linux, Cloud Engineer Bootcamp, and more (ZDNet) appeared first on

Linux Training Helps Network Analyst Transition to Open Source Solutions

Tuesday 9th of June 2020 02:00:55 PM

Rachael Nelson has a love for sharing, freedom and technology. While her goal was to major in computer science or electrical engineering, Rachael decided to study Management Information Systems at Texas Tech as it was a less demanding major enabling her to stay home and take care of her sick mother. Over the course of her career, Rachael worked her way up from QA to network analyst. In 2018, she applied for and was awarded a Linux Foundation Training (LiFT) scholarship in the category of Developer Do-Gooders.Learn more at Linux Foundation Training

The post Linux Training Helps Network Analyst Transition to Open Source Solutions appeared first on

humanID Project: Restoring Civil Discussion Through Better Online Identity

Tuesday 9th of June 2020 01:02:00 PM

Every day, billions of people use social sign-ons, such as “Login with Facebook”, to access applications over the Internet. A major drawback of this system is the inability to distinguish a real human user from a bot.

Nonprofit organization humanID, a recipient of Harvard University’s Social Impact Fund, came up with an innovative idea: develop a one-click anonymous sign-on that serves as an alternative to social sign-on.

“With humanID, everyone can use services without giving up privacy or having their data sold. Bot networks are automatically excluded, while applications can easily block abusive users and trolls, creating more civil digital communities,” says Bastian Purrer, Co-Founder of humanID.

humanID was born during Purrer’s stint in Indonesia. He was helping out a political party’s campaign and was aghast to discover how much of the political conversation during the election was controlled by bots and trolls.

When he realized that political parties routinely deploy bots to promote propaganda and false facts, it became clear that the key to restoring civil discussion, and the vision of an internet for everyone, was better online identity.

The mission
Besides Purrer, humanID’s other co-founders are Sidiq Permana and Shuyao Kong. Together, they lead a 20-person organization, with the tech team based in Indonesia while the business team is in Boston.

“Fixing the Internet is the core mission that unites all three co-founders. Having witnessed how public opinions and sentiments are swayed by fake accounts, we believe that restoring online identity is the first step to restoring authenticity and accountability on the Internet,” says Kong. “We target consumer use cases that are currently serviced by email-and- password, or social sign-ons. This includes the majority of apps on our phones.”

Purrer says the goal of the project is to have one humanID per person.  “We want people to have control over their own identity from a privacy perspective. We want humanID to be so intuitive and prevalent that it becomes the default identity layer for applications.”

An identity is a permanent representation within a certain context. On the Internet, just like in real life, our identity differs from community to community. humanID enables this, by giving users a different, unique identity in every community.

“It is, if the user chooses so, also a different identity than their offline identity. This is where anonymity comes in. Anonymity means that your offline identity, your physical self, cannot be revealed based on your digital identity,” says Kong, who has worked previously in the blockchain and privacy space.

Permana, who’s leading humanID’s technical development, says, “We achieve this by hashing users’ phone numbers, with a unique, different hash for each user and each application — making cross-referencing between communities impossible. The irreversibility of the hashes ensures secure anonymity. The fact that we do not permanently save any unhashed information makes it impossible, not just for our partner applications but even for ourselves, to reveal a user’s offline identity in the form of his phone number.”

The humanID team believes a persistent, safe identity will be better than any of the existing online identities that are not safe from surveillance and cannot be held accountable for their online behavior.

The underlying tech
humanID reached out to the Linux Foundation because it saw “tremendous value to be part of the force that’s driving the industry standard.”

“The Internet is built on layers of open-source, free-to-use protocols. humanID is created in this tradition. The solution hashes users’ phone numbers and email addresses, securing them safely away from hackers and media giants. Each user will have a unique hash for each application he or she signs on so there’s no cross-referencing,” explains Purrer.

“Our database stores users’ country codes, but relinquishes access to the rest of the information we hash. We are using OAuth at the moment, but actively exploring tech that enhances the security of humanID. Developers can implement the social login within a few hours of work,” he says.

The use cases
One use case they are deploying for their first client GreenZone is tracking COVID without sacrificing users’ privacy. Permana explains, “GreenZone is a tracking application that doesn’t track users’ location. Instead, it shows ‘green zones’ of low-risk areas where no symptoms are reported, therefore, alleviating anxiety by showing users whether they are in a safe zone or not. All data is entirely peer-to-peer and there is no government, police or regulators involved.”

According to him, humanID’s first set of customers will be those that are privacy-conscious because their customers demand native privacy when using their product. These businesses include COVID-tracking, health and self-tracking apps, self-help forums, and VPNs.

“We also target social networks, petition sites, and any site with a forum or comment section. All of these businesses suffer heavily from spam abuse and automated accounts. With humanID, everyone can use services without giving away privacy or having their data sold. Bot networks are automatically excluded, while applications can easily block abusive users and trolls,” he says.

Purrer clarifies that humanID does not intend to replace government-issued IDs or business-internal identity management.

“We don’t intend to compete with these existing businesses or standards, but to add a new and fresh idea in the struggle to bring back privacy, safety and accountability on the web,” he says.

The project has been driven by open source and volunteer work for 1.5 years. “We’re actively seeking support and grants to accelerate our work to bring humanID to market and sign up clients. Beyond this, we aim to cover our cost from our client base and not be dependent on charitable donations beyond 2022,” Purrer adds.

Check out the demo below, if you have any questions feel free to contact the team on github.

The post humanID Project: Restoring Civil Discussion Through Better Online Identity appeared first on

New, Free Training Course Teaches Use of Jenkins for CI/CD Workflows

Monday 8th of June 2020 03:00:07 PM

The Linux Foundation and Continuous Delivery Foundation have announced the immediate availability of a new free training course on the edX platform, LFS167x – Introduction to Jenkins. Jenkins is the leading open source automation server, providing hundreds of plugins to support building, deploying and automating any project.

Learn more at Linux Foundation Training

The post New, Free Training Course Teaches Use of Jenkins for CI/CD Workflows appeared first on

Why now is the time for “Open Innovation” (Harvard Business Review)

Friday 5th of June 2020 04:10:10 PM

“Open innovation has the potential to widen the space for value creation: It allows for many more ways to create value, be it through new partners with complementary skills or by unlocking hidden potential in long-lasting relationships. In a crisis, open innovation can help organizations find new ways to solve pressing problems and at the same time build a positive reputation. Most importantly it can serve as a foundation for future collaboration — in line with sociological research demonstrating that trust develops when partners voluntarily go the extra mile, providing unexpected favors to each other.”

Read More at Harvard Business Review

The post Why now is the time for “Open Innovation” (Harvard Business Review) appeared first on

Lenovo’s Massive Ubuntu And Red Hat Announcement Levels Up Linux In 2020 (Forbes)

Thursday 4th of June 2020 03:08:24 AM

Beginning this month, Lenovo will certify its ThinkStation PCs and ThinkPad P Series laptops for both Ubuntu LTS and Red Hat Enterprise Linux. Every single model, every single configuration across the entire workstation portfolio.

And it doesn’t end there.

“Going beyond the box, this also includes full web support, dedicated Linux forums, configuration guidance and more,” says Rob Herman, General Manager, Executive Director Workstation & Client AI Group at Lenovo.

Read more at Forbes.

The post Lenovo’s Massive Ubuntu And Red Hat Announcement Levels Up Linux In 2020 (Forbes) appeared first on

CNAB: A package format for the cloud

Thursday 4th of June 2020 02:07:44 AM

By Matt Butcher, special to


Installing a new app on your phone is simple. So is installing one on your Mac, Linux box, or PC. It should be just as simple to install a distributed application into your cloud — this is the goal of the Cloud Native Application Bundles (CNAB) project. We believe we can achieve this goal without requiring another cloud service or tying the user to only one cloud provider.

Over the last few months, we have witnessed first-hand how much the cloud has to offer. As everything from our daily meetings to our kids’ classrooms has gone online, we are reminded daily of what a potent boon cloud technologies have become.

For those responsible for building and maintaining our cloud presence, we know that some formidable issues are not yet resolved. One of those is how we install, upgrade, and delete applications in the cloud. Using containers, a bit of JSON, and some best-of-breed security infrastructure, we have created a package management standard for the cloud.

A Package Format for the Cloud

While the core cloud technologies like virtual machines and object storage have been around for over a decade, and a rich tapestry of cloud infrastructure exists, managing cloud applications remains a challenge. Two years ago, my team sat down and asked a straightforward question: Why is installing, upgrading, and deleting applications from the cloud is such a challenge? True, there are specific services (like PaaS) that make this manageable for a small segment of the ecosystem. But when it comes to a high-level solution, we are still left doing the orchestration of things either by hand or with bespoke tools.

This led us to one straightforward question:

What if we could find a way to make package management work for the cloud the same way that it works for a local operating system?

This domain was not entirely new ground for us. After all, we’d built the enormously successful Helm package manager for Kubernetes. But we were well aware that Helm is inextricably bound to Kubernetes. While we believe Kubernetes has many attractive features, we do not think it will replace the rest of the cloud landscape.

Enumerating the big features, we started to list things we would want to be able to do:

    • Install virtual machines
    • Set up object storage and cloud databases databases
    • Load containerized workloads onto clusters like Kubernetes, but perhaps not only Kubernetes
    • Manage virtual networks and resources like load balancers
    • Interoperate with policy and identity control tools
    • Make it possible and even easy for developers to introduce support for new services and tools

The list went on in a similar vein for a while. And then came the two killer features:

    • Make it extremely easy to use, just like a regular package manager.
    • Make it completely cloud-agnostic. It should run just as smoothly on Azure, AKS, on-prem OpenStack, and everything else.

The feature list was looking daunting until a rather elegant solution presented itself: Today’s packages are moved around in self-contained bundles of code and supporting resources. And then the host environment executes that bundle. What if we just used a Docker container as the primary package technology? In that case, we can reuse a considerable amount of cloud infrastructure, easily moving packages around–even across air-gapped boundaries.

This was the critical insight that became Cloud Native Application Bundles (CNAB). With Docker, Datadog, and Pivotal (before their acquisition by VMware), we wrote a specification that described how to build cloud-centric packages that are captured in Docker containers.

Initially announced at DockerCon EU in December of 2018, our combined team has continued to work on the specifications, build tools, and explore better ways of delivering an easy-to-use cloud packaging experience.

Today’s Tools

Since our initial announcement of CNAB, Docker Apps has rolled CNAB into its production release. Microsoft has built Porter–an open source CNAB builder–and Datadog has led the charge on a CNAB security specification that provides not just a quick verification scheme, but deep software supply chain security.

Docker initially announced their CNAB support for Docker Apps with a great architectural introduction. At the end of last year, they explained how CNAB worked with application templates in Docker Desktop. For Docker, CNAB provides a convenient way to encapsulate applications built using core Docker technology, without requiring the user to learn yet another technology stack. And right now, the newly released Docker Compose specification is supported in Porter, providing a new avenue for integrating Docker’s excellent developer tooling with other cloud technologies.

Microsoft created the Porter project. We had already written a CNAB reference implementation (Duffle) designed to exercise the specification. But it was not necessarily designed to provide a great user experience. Porter, on the other hand, is a user-first design. Through mixins, Porter can support a vast range of cloud technologies, from Terraform to Helm to Docker Compose, making it easy to tailor a CNAB bundle to your preferred target cloud or technology stack.

Finally, thanks to the diligent work of Datadog, the CNAB group is preparing to publish a second specification: The CNAB Security 1.0 Specification. The initial security model for CNAB was designed alongside the core specification. But we wanted to make sure we did our due diligence. We have spent an extra year diving deeper into scenarios and vetting and collaborating popular security products so that it could be accomplished with existing solutions. 

Along with covering distribution security, this specification also provides a software supply chain security model. This means that from development through testing, and finally on into release, each step can be verified according to a robust security process. We believe CNAB represents a new generation of security tooling that reduces risk and increases the fidelity of cloud technologies.

Tomorrow’s Goals

CNAB is designed to operate well in enterprise environments. And the CNAB group has two more standards in flight. We are eagerly pushing these toward completion.

One of CNAB’s target environments is the “disconnected cloud.” From physically remote environments, such as research stations and oil rigs, to secure compartmentalized facilities, cloud technologies provide a robust platform even when disconnected from the internet. CNAB is intended to work well in these environments as well. And this means that CNAB must have a robust “air gap” story.

From day one, this has been a goal. Over the last two years, we have refined our model, goals, and features to meet this scenario best. The core specification is written with air-gapped environments in mind, as is the security specification. But our third specification, the CNAB Registry 1.0 Specification, is the last puzzle piece.

This specification describes how CNAB bundles (packages) are stored, discovered, downloaded, and moved. Utilizing the OCI Registry standard, this specification describes how users and tools will share packages. But it also provides details on how bundles can be moved across network boundaries in a high-fidelity manner. With this specification, CNAB becomes a compelling method for transporting sophisticated cloud-native applications from network to network–without sacrificing security or requiring copious amounts of manual labor.

Finally, we have one more specification in the works. The CNAB Claims 1.0 Specification describes how CNAB tools can share a common description of their deployed applications. For example, one tool can “claim” ownership over an application deployment, while another tool can access the shared information about that application and how it was deployed. This brings together distributed management, audit trails, and long-term tool interoperability.

Porter and Duffle already support claims, but we are excited to get a formal standard that enables information sharing across all of the tools in the CNAB ecosystem.

How to Get Involved

The CNAB specification is developed under an open source model. You can dive right in at There you will find not only the specifications, the common source libraries (like cnab-go), and our full command-line reference implementation duffle.

Porter is also open source and is a great starting point if you wish to work with a user-friendly CNAB tool immediately.

We have even experimented with a graphical CNAB installer, and have some VS Code extensions to improve the development process.


Our goal with CNAB is to provide a package management story for the cloud. Just as it is easy to run an installer on our laptops or put a new app on our phone, it should be easy to install a new cloud application. That is the vision that CNAB relentlessly pursues.

We’d love to have you join up, take it for a test drive, and explore the possibilities.

The post CNAB: A package format for the cloud appeared first on

The Linux Foundation introduces Cloud Engineer Bootcamp for cloud job seekers (ZDNet)

Thursday 4th of June 2020 01:49:01 AM

Steven J. Vaughn Nichols writes at ZDNet about the Linux Foundation’s new Cloud Engineer Bootcamp:

While there are plenty of cloud classes out there, the Linux Foundation claims it’s the “first-ever bootcamp program, designed to take individuals from newbie to certified cloud engineer in six months.”

The Bootcamp bundles self-paced eLearning courses with certification exams and dedicated instructor support for a comprehensive and well-rounded educational program. As you would imagine for a Bootcamp from the Linux Foundation it starts with Linux at the operating system layer. Since even Azure is now predominantly Linux, this actually makes good sense. From Linux, it moves up the stack, covering DevOps, cloud, containers, and Kubernetes.

Specifically, it comprises the following classes and exams:

Besides the classes, students will also have access to an online forum with other students and instructors. There will also be live virtual office hours with course instructors five days per week. If you enroll, you can expect to spend 15 hours to 20 hours per week on the materials to complete the Bootcamp in about six months. Upon completion, participants will receive LFCS and CKA certification badges and a badge for completing the entire Bootcamp. Badges can be independently verified by potential employers at any time.

Read more at ZDNet

The post The Linux Foundation introduces Cloud Engineer Bootcamp for cloud job seekers (ZDNet) appeared first on

More in Tux Machines

Security: Patches, Ease of Use and Debian Key Signing

  • Security updates for Wednesday

    Security updates have been issued by openSUSE (libetpan, libqt4, lilypond, otrs, and perl-DBI), Red Hat (kernel-rt), Slackware (seamonkey), SUSE (grafana, libmspack, openldap2, ovmf, pdns, rubygem-actionpack-5_1, and samba), and Ubuntu (debian-lan-config, ldm, libdbi-perl, and netty-3.9).

  • Balancing Linux security with usability

    Building an operating system is a difficult balance, and a Linux distribution is no different. You need to consider the out-of-the-box functionality that most people are going to want, and accessibility for a wide swath of administrators' skillsets. If you make your distro very secure, but a newbie sysadmin can't figure out how to work with it…well, they're going to find an easier distribution to go learn on, and now you've lost that admin to another distribution. So it's really no surprise that, right after install time, most Linux distributions need a little bit of tweaking to lock them down. This has gotten better over the years, as the installers themselves have gotten easier to use and more feature-rich. You can craft a pretty custom system right from the GUI installer. A base Red Hat Enterprise Linux (RHEL) system, for example, if you've chosen the base package set, is actually pretty light on unnecessary services and packages. There was a time when that was not true. Can you imagine passwords being hashed, but available in /etc/password for any user to read? Or all system management being carried out over Telnet? SSH wasn't even on, by default. Host-based firewall? Completely optional. So, 20 years ago, locking down a newly installed Linux system meant a laundry list of tasks. Luckily, as computing has matured, so has the default install of just about any operating system.

  • Key signing in the pandemic era

    The pandemic has changed many things in our communities, even though distance has always played a big role in free software development. Annual in-person gatherings for conferences and the like are generally paused at the moment, but even after travel and congregating become reasonable again, face-to-face meetings may be less frequent. There are both positives and negatives to that outcome, of course, but some rethinking will be in order if that comes to pass. The process of key signing is something that may need to change as well; the Debian project, which uses signed keys, has been discussing the subject. In early August, Enrico Zini posted a note to the debian-project mailing list about people who are trying to get involved in Debian, but who are lacking the necessary credentials in the form of an OpenPGP key signed by other Debian project members. The requirements for becoming a Debian Maintainer (DM) or Debian Developer (DD) both involve keys with signatures from existing DDs; two signatures for becoming a DD or one for becoming a DM. Those are not the only steps toward becoming formal members of Debian, but they are ones that may be hampering those who are trying to do so right now. DDs and DMs use their keys to sign packages that are being uploaded to the Debian repository, so the project needs to have some assurance that the keys are valid and are controlled by someone that is not trying to undermine the project or its users. In addition, votes in Debian (for project leaders and general resolutions) are made using the keys. They are a fundamental part of the Debian infrastructure.

KDDockWidgets 1.0 has been released

KDDockWidgets is an advanced docking system for Qt, with features that are not available in QDockWidget. See our first blog post, for a quick introduction and the motivation for a new docking framework. We’ve come a long way since the initial announcement of KDDockWidgets. The 1.0 release represents the culmination of one year of using the library in production for five different huge projects — one year of incorporating real feedback in the form of new features, bug fixes, or simply making the framework more customizable. Read more

Tumbleweed Gets New KDE Frameworks, systemd

KDE Frameworks 5.74.0 and systemd 246.4 became available in openSUSE Tumbleweed after two respective snapshots were released this week. Hypervisor Xen, libstorage-ng, which is a C++ library used by YaST, and text editor vim were also some of the packages update this week in Tumbleweed. The most recent snapshot released is 20200919. KDE Frameworks 5.74.0 was released earlier this month and its packages made it into this snapshot. KConfig introduced a method to query the KConfigSkeletonItem default value. KContacts now checks the length of the full name of an email address before trimming it with an address parser. KDE’s lightweight UI framework for mobile and convergent applications, Kirigami, made OverlaySheet of headers and footers use appropriate background colors, updated the app template and introduced a ToolBarLayout native object. Several other 5.74.0 Framework packages were update like Plasma Framework, KTestEditor and KIO. Bluetooth protocol bluez 5.55 fixed several handling issues related to the Audio/Video Remote Control Profile and the Generic Attribute Profile. A reverted Common Vulnerabilities and Exposures patch that was recommended by upstream in cpio 2.13 was once again added. GObject wrapper libgusb 0.3.5 fixed version scripts to be more portable. Documentation was fixed and translations were made for Finnish, Hindi and Russian in the 4.3.42 libstorage-ng update. YaST2 4.3.27 made a change to hide the heading of the dialog when no title is defined or the title is set to an empty string. Xen’s minor updated reverted a previous libexec change for a qemu compatibility wrapper; the path used exists in domU.xml files in the emulator field. The snapshot is trending stable at a 99 rating, according to the Tumbleweed snapshot reviewer. Read more

Games: Arch Conf 2020, Pixelorama, Hearts of Iron IV: Battle for the Bosporus and More

  • Arch Conf 2020 confirmed for October, has a talk on the SteamOS-like GamerOS

    Want to learn more about Arch Linux? In October they've confirmed Arch Conf 2020 is happening and there's going to be plenty of interesting talks. All of which will be online of course, especially with COVID19 still raging on. The dates set for it are between October 10-11 and the talks will be quite varied starting with a talk about the past, present and future of Arch Linux as the first which starts on October 10, 10:00am UTC.

  • Arch Conf 2020 schedule

    On the 10th and 11th of October there is going to be an online edition of Arch Conf. The conference is going to have presentations from the Arch team along with community submitted presentations and lightning talks. We are proud to announce the first revision of the schedule!

  • Free and open source sprite editor 'Pixelorama' gets a massive upgrade

    If you're working with sprites and pixel-art, you need to pay attention to Pixelorama as this free and open source program is coming on nicely and another massive upgrade is out now. As an editor for artists, the 0.8 release that went up on September 23 has made it that step closer to an all-in-one solution for all your sprite needs. There's now a lot of different built in tools you can use, different pixel modes, animation support and much more.

  • Hearts of Iron IV: Battle for the Bosporus announced for release in October

    Hearts of Iron IV takes aim at the Turkish Straits with the Hearts of Iron IV: Battle for the Bosporus country pack that's coming on October 15. As one of Paradox's best-selling and most loved titles, there appears to be no end in sight for continuing to expand the experience with plenty of new events and decision paths. This new DLC will let you take control of the destinies of Bulgaria, Greece or Turkey through years of uncertainty and conflict.

  • StoryArcana is an upcoming open-world wizard school RPG

    Become like the wizard you always wanted to be in StoryArcana, an upcoming wizard school RPG that looks like it could be a huge amount of fun. It's not another roguelike experience full of random generation. Instead, StoryArcana has a focus on mystery solving, exploration, puzzles and a combat system based around intricate spellcasting. Mixing together a week of learning new spells and exploring your academy to find a secret or two, with running around a big city on the weekends to pick up new quests and perhaps a fancy new broom to fly on. [...] We spoke with the developer of email recently, and they confirmed StoryArcana will be "readily available to play on Linux the same day it launches on Windows and Mac OS". They're building it with the pretty amazing Construct game engine, so everything is built with web-tech.

  • Be a ruthless 80s salesman and close those deals in Dirty Land

    Dirty Land puts you in the shoes of Frank Marsh, a newly hired salesman for Pure Sky Properties, a real estate office where coffee is for closers and the status quo is hawking swamp land to unsuspecting buyers for a tidy profit. Inspired by classic 80s and 90s sales movies like Glengarry Glen Ross. Currently in development by Canadian crew Naturally Intelligent, the same developer behind the quirky title Patchman vs. Red Circles. Dirty Land will see if you prefer to scrape by honestly, or throw ethics out the window and make some quick cash.