Language Selection

English French German Italian Portuguese Spanish

When Open Source Is Not Enough

Filed under
Interviews
OSS

As LinuxCon moves closer, we've been talking to the keynote speakers for the event, to get a sense of what their message to attendees will be and to give attendees a better sense of where the message is coming from. Next up in our series of interviews is Bdale Garbee, Chief Technologist for Open Source and Linux at Hewlett-Packard. Garbee is a steady fixture in the Linux community, known for his work at HP as well as Debian Project Leader. His keynote "The Freedom to Collaborate," will delve into innovation from open source and how to keep that innovation alive.

Linux.com: Can you give us the quick run down on your job with HP and some of your community responsibilities?

Bdale Garbee: I serve as Chief Technologist for Open Source and Linux at HP. What that means is that since 2001 I've helped to establish HP's technology and business strategies around Linux, advocated for greater engagement in open source across all of HP's many business units, mentored internal teams on how to participate as good citizens in open source development communities, and helping to establish and maintain HP's open source governance processes. Today I serve as one of the most visible points of interconnection between HP and various open source communities. I also represent HP on the boards of both the Linux Foundation and the Consumer Electronics Linux Forum.

But many in the Linux world may recognize me better as one of the longest-serving contributors to the Debian project. I've done a lot of things for Debian over the years, including serving for a year as the elected Debian Project Leader. I currently chair the Debian Technical Committee, and continue to personally maintain a number of packages that are essential to the system.

I am also President of Software in the Public Interest, which is the non-profit umbrella organization started many years ago to give Debian a legal and financial existence in the United States, which now also provides such services to a number of interesting projects like PostgreSQL, freedesktop.org, Gallery, and the Open Voting Foundation.

rest here




More in Tux Machines

KDE on Android: CI, CD & SDK

I guess we all agree that one of the biggest stoppers to get a contribution out is the ability to get the system ready to start working on the contribution. Today I want to talk a bit about generating Android binaries from our machine. In the KDE Edu sprint we had the blatant realisation that it’s very frustrating to keep pushing the project while not being swift at delivering fresh packages of our applications in different systems. We looked into windows, flatpak, snap and, personally, I looked into Android once again. Nowadays, KDE developers develop the applications on their systems and then create the binaries on their systems as well. Usually it’s a team effort where possibly just one person in the team will be familiar with Android and have the development combo in place: Android SDK, Android NDK, Qt binaries and often several KDE Frameworks precompiled. Not fun and a fairly complex premise. Read more Also:

today's howtos

Linux Kernel and Security: LVM2, Containers, AMD

  • LVM2 Begins Work On Major Changes To Logical Volume Management
    LVM2 as the user-space tools for Logical Volume Management (LVM) on Linux is in the process of going through a big re-work.
  • Containers and Cloud Security
    The idea behind this blog post is to take a new look at how cloud security is measured and what its impact is on the various actors in the cloud ecosystem. From the measurement point of view, we look at the vertical stack: all code that is traversed to provide a service all the way from input web request to database update to output response potentially contains bugs; the bug density is variable for the different components but the more code you traverse the higher your chance of exposure to exploitable vulnerabilities. We’ll call this the Vertical Attack Profile (VAP) of the stack. However, even this axis is too narrow because the primary actors are the cloud tenant and the cloud service provider (CSP). In an IaaS cloud, part of the vertical profile belongs to the tenant (The guest kernel, guest OS and application) and part (the hypervisor and host OS) belong to the CSP. However, the CSP vertical has the additional problem that any exploit in this piece of the stack can be used to jump into either the host itself or any of the other tenant virtual machines running on the host. We’ll call this exploit causing a failure of containment the Horizontal Attack Profile (HAP). We should also note that any Horizontal Security failure is a potentially business destroying event for the CSP, so they care deeply about preventing them. Conversely any exploit occurring in the VAP owned by the Tenant can be seen by the CSP as a tenant only problem and one which the Tenant is responsible for locating and fixing. We correlate size of profile with attack risk, so the large the profile the greater the probability of being exploited.
  • Canonical Releases AMD Microcode Updates for All Ubuntu Users to Fix Spectre V2
    Canonical released a microcode update for all Ubuntu users with AMD processors to address the well-known Spectre security vulnerability. The Spectre microprocessor side-channel vulnerabilities were publicly disclosed earlier this year and discovered to affect billions of devices made in the past two decades. Unearthed by Jann Horn of Google Project Zero, the second variant (CVE-2017-5715) of the Spectre vulnerability is described as a branch target injection attack.

Programming: 5 Pillars of Learning Programming, New Releases of Rust and Git

  • 5 Pillars of Learning Programming
    Learning how to program is hard. I often find that university courses and boot camps miss important aspects of programming and take poor approaches to teaching rookies. I want to share the 5 basic pillars I believe a successful programming course should build upon. As always, I am addressing the context of mainstream web applications. A rookie’s goal is to master the fundamentals of programming and to understand the importance of libraries and frameworks. Advanced topics such as the cloud, operations in general, or build tools should not be part of the curriculum. I am also skeptical when it comes to Design Patterns. They presume experience that beginners never have.
  • The Rust Programming Language Blog: Announcing Rust 1.27
    The Rust team is happy to announce a new version of Rust, 1.27.0. Rust is a systems programming language focused on safety, speed, and concurrency.
  • Rust 1.27 Released With SIMD Improvements
    Most notable to Rust 1.27 is SIMD support via the std::arch module to make use of SIMD (Single Instruction, Multiple Data) instructions directly. Up to now Rust could already make use of LLVM's auto-vectorization support, but this lets Rust developers write SIMD instructions on their own and to allow for the proper Rust code to be executed based upon the CPU at run-time.
  • Git 2.18 Released With Initial Version Of Its New Wire Protocol
    Version 2.18 of the Git distributed revision control system is now available. Arguably most notable about Git 2.18 is the introduction of its new wire protocol "protocol_v2" that is designed to offer much greater performance. This new protocol is designed to be much faster and is already being used at Google and elsewhere due to the significant performance benefits.
  • Git v2.18.0
    The latest feature release Git v2.18.0 is now available at the usual places. It is comprised of 903 non-merge commits since v2.17.0, contributed by 80 people, 24 of which are new faces.