“20 years in the making. Ubuntu 24.04 LTS brings together the latest advancements from the Linux ecosystem into a release that is built to empower open source developers and deliver innovation for the next 12 years,” Oliver Smith, senior product manager for Ubuntu at Canonical, wrote in a blog post. 

This release makes installing Ubuntu easier by unifying the desktop installer to utilize the same backend as the server, adding a new front end built in Flutter that improves user experience and accessibility, and offering autoinstall support in the graphical installer. 

Canonical also used Flutter to redesign the App Center, which now categorizes apps in clearer buckets and introduces new ways to manage applications. 

Ubuntu 24.04 also ships with GNOME 46, which includes new features like file manager search improvements, expandable notifications, and consolidated settings options. 

The programming languages that it adds support for include Python 3.12, Ruby 3.2, PHP 8.3, Go 1.22, and .NET 8. “Microsoft and Canonical have a close engineering relationship spanning everything from update infrastructure in Azure to developer tooling, notably .NET 8 which is part of the Noble Numbat release from day one,” said Jeremy Winter, corporate vice president of Azure Cloud Native. “We look forward to continuing our strong collaboration with Canonical to enhance developer productivity and provide a robust experience for Ubuntu on Azure.”

This release adds support for Netplan 1.0, which has been the default tool for configuring networking since Ubuntu 23.10. The 1.0 release adds new features related to wireless compatibility and usability. 

Ubuntu 24.04 also includes a number of security enhancements, including a change to how Personal Package Archives (PPAs) are distributed, restrictions on unprivileged user namespaces, and a lower default apt priority for proposed updates in the proposed pocket area. 

“Combined with the enhanced security coverage provided by Ubuntu Pro and Legacy Support, Ubuntu 24.04 LTS provides a secure foundation on which to develop and deploy your applications and services in an increasingly risky environments,” Alex Murray, tech lead for Ubuntu Security at Canonical, wrote in a blog post. 

A full list of what’s new in Ubuntu 24.04 LTS can be found in Canonical’s release blog. 

The post Ubuntu 24.04 LTS improves installation process, overall developer experience appeared first on SD Times.

A couple of weeks later, the open-source software company SUSE said it would create a fork of RHEL and maintain a distribution for it. 

Now SUSE is announcing it has joined forces with CIQ and Oracle to form the Open Enterprise Linux Association (OpenELA). This new group will help “encourage the development of distributions compatible with Red Hat Enterprise Linux (RHEL) by providing open and free Enterprise Linux (EL) source code.”

OpenELA will provide all the sources that are needed for RHEL downstreams to exist. Their initial focus will be on RHEL EL8 and EL9, and they are also considering EL7. 

Their core tenets include full compliance with the existing standard, timely updates and fixes, transparency, community, and ensuring that RHEL remains free and redistributable. 

“Many large organizations reached out to us to express the importance of community-driven source code for EL that can act as a starting point for compatible distributions,” said Wim Coekaerts, head of Oracle Linux development at Oracle. “OpenELA is our response to this need, and it represents a commitment to helping the open-source community continue to develop compatible EL distributions.”

The post Suse, CIQ, and Oracle form Open Enterprise Linux Association appeared first on SD Times.

The new service goes beyond detection and also provides information on the availability of remediation solutions for each CVE, including relevant fixes and patches offered by Wind River. 

With this new service, Wind River aims to support organizations in enhancing the security of their Linux-based systems while catering to the unique requirements of embedded Linux development.

“In a highly connected and complex computing landscape where security exploitations are becoming more prevalent, the effective and proactive monitoring and management of CVEs is a top priority. In the rush to add new features, get to market faster, and achieve platform stability, CVEs often go inadequately addressed in the maintenance lifecycle,” said Amit Ronen, chief customer officer of Wind River. “Leveraging our many years of Linux experience and expertise, Studio Linux Security Scanning Service helps developers quickly identify high-risk vulnerabilities, prioritize remediation efforts, and enhance the security of their Linux-based devices and systems.”

The Wind River Studio Linux Security Scanning Service operates by analyzing SBOMs or manifests provided by developers. It examines various layers of the platform, such as the kernel, user space, libraries, and system components. By comparing this information against a comprehensive knowledge base, the scanner accurately identifies critical vulnerabilities. 

Additionally, the scanner can display the licenses used in the platform’s packages, aiding in artifact generation and compliance requirements. The identified vulnerabilities are then ranked based on the Common Vulnerability Scoring System (CVSS v3). The service relies on a knowledge base built from a curated collection of data sources, including the Yocto Project, NIST, and Wind River’s own CVE database.

The post Wind River Studio Linux Security Scanning Service provides remediation solutions for CVEs appeared first on SD Times.

Here are highlights of the event so far: 

AWS open sources Cedar policy language and SDK  

The Cedar language enables you to set permissions in your applications using easy-to-understand policies. By making use of Cedar, application teams can decouple access control from application logic. 

It supports role-based access control and attribute-based access control, and was developed using verification-guided development, which ensures Cedar is correct and secure. 

The language’s SDKs are also being made available, which include libraries for creating and evaluating policies. 

AWS hopes that by open sourcing the language, they can foster more innovation in the industry around fine-grained access management and make access control more accessible to all. 

AWS also announces new open-source fuzzing framework

According to AWS, current fuzzing practices require large codebases to be refactored in order to work properly. The new framework, Snapchange, allows targets to undergo fuzz testing with minimal modifications.

Built in Rust, Snapchange enables developers to build fuzzers that replay snapshots of physical memory in a KVM virtual machine.

SPDX Release Candidate 3.0 now available

Software Package Data Exchange (SPDX) is an open source standard for communicating the information in a bill of materials. It is currently hosted by the Linux Foundation. 

In RC 3.0, there are now six unique profiles that are designed for popular use cases, with the goal being that SPDX better meets the needs of the industry. The profiles were created based on community input and include specifications for security, licensing, AI, datasets, and software packaging build processes. 

According to the Linux Foundation, the United States’ executive order on cybersecurity and Europe’s Cyber Resiliency Act served as inspiration for the need to have an international standard for supply chain security, which SPDX hopes to be. 

OpenSSF gets major funding from Google and Microsoft, new members

Through its Alpha-Omega Project, OpenSSF has recently received $2.5 million from Google and $2.5 million from Microsoft. 

OpenSSF also announced that Hitachi, Lockheed Martin, Salesforce, and SAP have become general members.

The foundation also announced that Omkhar Arasaratnam will be its new general manager and Brian Behlendorf will be chief technology officer. 

Meta joins the OpenJS Foundation

The OpenJS Foundation provides support for the open source JavaScript community. With Meta joining the foundation as a Gold Member, they will be able to contribute and advocate in the community further.

Meta had already been highly involved with the open source JavaScript community, through its projects React, Jest, and Flow. Jest is an open source testing framework, which Meta contributed to the OpenJS Foundation last year. 

“The broader JavaScript ecosystem benefits from Meta becoming an OpenJS Foundation member. In fact, we’ve already been working together in multiple different ways, and this makes official what has already been a great relationship,” said Shayne Boyer, OpenJS Foundation Board Director. “

The post Open Source Summit: AWS open sources Cedar, SPDX Release Candidate 3.0, and OpenSSF updates appeared first on SD Times.

Rust has been growing steadily in popularity through the years, and though according to the 2022 Stack Overflow Developer Survey 9 percent of developers use it, it has spent seven years in the top spot for “most loved” language. In this year’s survey almost 87% of developers said they love Rust, which is about 10 percentage points higher than the second-most loved language, Elixir. 

According to Joel Marcey, director of advocacy and operations for the Rust Foundation, one of the benefits of Rust over C is that it provides security without sacrificing the performance and speed that C provides, the current language for the Linux kernel. One of the key points of the language that people love is that it is memory safe.  

“With Rust, you don’t have to concern yourself with explicit and precise memory management, right? So you don’t have to worry about, you know, allocating and de-allocating pointers, and those sorts of things, which can actually be really big causes of things like buffer overflows, and other really big security vulnerabilities,” said Marcey. 

In the release notes, Linus Torvalds described what is in 6.1 as “initial Rust scaffolding,” as no Rust code is actually present yet. 

“What they’re doing is actually providing the metal so that you can actually write Rust in the future,” Marcey explained. “So they’re providing the infrastructure so that you can compile Rust code. That’s what’s going to be needed initially in order to do any future work with Rust in the Linux kernel … You need to get all those things that can make sure that Rust can compile and, and you can do the debugging and all these things, and make sure that the memory safety is there and all that sort of stuff. And that has to happen first before you can actually write any real code in Rust for the Linux kernel itself.”

Marcey explained that Linux is going to be doing this inclusion very piecemeal, with lots of little integrations here and there over time so they can see how it is working.  

“I would imagine that over the next year, you’re going to see more small incremental changes to the kernel with Rust, but as people are seeing that it’s actually kind of working out, you’ll be able to maybe, for example, write Linux drivers or whatever with Rust,” said Marcey. 

In fact, work has already been done since the 6.1 release to add more infrastructure for Rust in the kernel, though still none of the code interacts with any C code. This patch series is part of the dedicated effort to continue adding Rust support. 

According to Rebecca Rumbul, executive director of the Rust Foundation, Rust being added to the kernel is an “enormous vote of confidence in the Rust programming language.” She explained that in the past other languages have been planned to make it into the kernel and ended up not getting put in. 

“I think having someone with the kind of intellectual gravity of Linus Torvalds saying ‘No, it’s going in there,’ that kind of says an awful lot about how reliable Rust already is and how much potential there is for the future as well,” she said. 

She believes that there will be an increased interest in the language, which is still relatively new (It first made its debut in 2010) compared to some of the other languages out there to choose from. 

“I suspect that because Rust is now in the kernel, and it’s just being talked about much … more widely, that it will seem like an attractive prospect to a lot of people that are looking to develop their skills and their knowledge,” she said.

She hopes people will also be inspired to participate in the language as contributors and maintainers, because those are some of the less popular roles within open source, but are extremely critical to the health of a language, she explained. 

Rumbul noted that the Rust community is a diverse and welcoming one as well. 

“Don’t think for a second, ‘oh, I’m not good enough.’ Or don’t be dazzled by people that you’ve seen in the project doing things publicly or doing things on GitHub. As I said, the community is incredibly welcoming. And we get an awful lot of imposter syndrome, I think, where people think they’re not quite good enough to take part or it looks like it’s working from the outside, therefore, we don’t need any help. I know the project teams are all incredibly enthusiastic about bringing new people in,” said Rumbul.

In addition to the Linux news, the Rust Foundation also made headlines recently for forming a new security program so they can explore how to solve global security issues with Rust. 

The program received significant funding from the OpenSSF’s Alpha-Omega initiative and is also being supported by DevOps company JFrog, which is a platinum member of the Rust Foundation. 

The first goal of the program is to “undertake a security audit and threat modeling exercises to identify how security can be economically maintained going forward,” a blog post from the Rust Foundation states. 

“We want to basically shore up to ensure that Rust itself is actually as secure as we always say it is,” said Marcey. 

Complaints over pull requests

There was also some controversy in this latest Linux release, as Torvalds expressed frustration at the number of pull requests coming in at the end of the merge window. 

“Yes, the merge window is two weeks, but that’s very much to allow me time to look things over, not ‘two weeks to hurriedly put together a branch that you send Linus on Friday of the second week.’ The whole ‘do an all-nighter to get the paper in the day before the deadline’ is something that should have gone out the window after high school. Not for kernel development,” he wrote. 

He clarified that pull requests should be sent before the merge window starts, not during it.

The post Rust’s addition to the Linux kernel seen as “enormous vote of confidence” in the language appeared first on SD Times.

As a training architect at A Cloud Guru (ACG), I teach courses about all things Linux and specialize in hands-on, lab-based learning. Before joining ACG, I worked as a Unix systems engineer at GE and IBM as well as Technical Account Manager and customer advocate for Red Hat. I’m hugely passionate about Linux because of its importance to my career, just like to the careers of so many other engineers and Linux enthusiasts.

In its 30 years of existence, the Linux kernel has had a massive impact on the modern computing landscape — revolutionizing what’s possible for operating systems and allowing countless tinkerers to get their hands dirty in the process. Linux has also become the foundation of paradigm shifting innovations over the years due to its ever-evolving nature. 

To commemorate 30 years of Linux, I’m sharing some of the key reasons why the kernel is so valuable and why it will continue to be a major player in the computing landscape for years to come. 

My Linux journey

My first exposure to Linux was in college in 1999. I took an introductory Unix Shell Scripting class and Fedora was installed on the lab servers because it was free and easily scalable. I view Linux as my entry-point into customizable operating systems. After learning basic Unix commands on Linux, I ultimately went on to pursue a career supporting multiple commercial Unix vendors. 

As Linux made its way into larger Enterprise level companies, I quickly returned to working with Linux distributions. Something I’ve always loved about Linux is the capacity to fine tune your system to support the applications and distros that work best for your projects. Linux improves the functionality of whatever applications you’re running. The Linux kernel has literally changed how the world processes information, which is why I’m so invested in the software. 

Now, it’s my job to share my knowledge and passion about Linux to other technologists. At ACG, I develop courses to help aspiring Linux experts learn how to optimize their systems. Additionally, I contribute to “Linux this Month,” an ACG-hosted web series that provides monthly updates from the global Linux community. 

The fact that I am able to build a career around teaching Linux and staying up to date with Linux news shows the vast uses and applications of the kernel. What makes Linux so unique and evergreen is its open-source nature – Linux innovations are only limited by the creativity of the technologists who use and adapt it. 

The open-source effect

When Linux first arrived, it was mostly a hobby for enthusiastic engineers and Computer Science students who could contribute by developing code. The steep learning curve associated with fitting Linux to your machine was a barrier for more novice programmers. 

Over time, this has changed considerably. Online forums, workshops, and classes have made Linux more accessible to the average internet user. The free sharing of ideas has come to epitomize the open-source community, and for software engineers, Linux is at the heart of this community. This democratization of Linux has had incredibly positive impacts on the computing world. 

Now, Linux is everywhere. Enterprise level companies use Linux distributions to process the biggest production workloads in the world. It has replaced proprietary commercial Unix operating systems in very large companies with better stability and less down time. Because Linux systems can be as small or as large as you want, it’s also now being used in our homes for smart and mobile devices as well.

The open-source nature of Linux is incredibly beneficial for these enterprise level companies. Linux distributors leverage the contributions of the entire open-source community. This wide range of contributors produces a more stable product with more features, but also ensures that the OS keeps growing and solving real world problems that are beneficial to a wide range of users. 

Linux runs the cloud 

Potentially the most impactful outcome of the kernel is the infrastructure of modern cloud computing. Linux’s scalability has paved the way for supercomputers and server farms to function efficiently while requiring relatively light-weight computing resources. In fact, Linux supports about 90% of the public cloud workload.  

Without Linux, the cloud as we know it would not exist. This is, in part, because Linux has become so ubiquitous – it’s use cases are nearly limitless. Because it has been time-tested, many engineers and IT professionals have a strong grasp on Linux fundamentals, making it an attractive choice for enterprise companies dealing in the cloud. 

Cloud-based softwares and products are increasingly becoming the norm in the engineering world. Unsurprisingly, major cloud providers such as AWS, Azure, and Google Cloud are all supported by Linux as well. Linux is unique because it is a shape-shifter that can conform to the needs of any given engineering environment, and it’s incredibly stable because of the army of contributors that fortify weak points in the software. 

Linux forever

The Linux “concept” is just as important as the Linux product. The concept allows a free and open source operating system to be refined, reinforced, and replicated across an endless web of contributors. Thirty years is a long time for a software to be relevant, especially with the ever-shortening tech product cycles. Because it was designed with the intention to be changed and updated by an open-source community, Linux has no foreseeable expiration date. 

Had Linux not achieved the prominence it has today, we would see more commercial Unix vendors attempting to solve some of the problems that Linux addresses, but none would address them all. Additionally, customers would have to choose which OS to invest in based on which addresses some of their use cases, but none would be as beneficial as the Linux OS. 

Linux is always growing and will become even more popular within the next few years. As more people become familiar with Linux and learn to use it, I see major potential for growth in the mobile computing space, within personal computers, and across small and large companies. In fact, we are already seeing it filter into home gaming systems and Raspberry Pi projects. With Linux, the sky’s the limit!

The post A Linux expert tells why she thinks the kernel is so important appeared first on SD Times.

The courses can be taken individually or combined to earn a Professional Certificate in Open Source Software Development, Linux and Git.

Open Source Software Development: Linux for Developers (LFD107x) covers concepts that are crucial in developing open-source software, as well as how to work productively in a Linux environment. Students will learn about Linux systems, including key concepts like installation, desktop environments, text editors, important commands and utilities, command shells and scripts, filesystems, and compiling software.

The second course, Linux Tools for Software Development (LFD108x) goes over the tools that one would use on everyday work in Linux development. It is intended for developers that are experienced with working on any operating system that want to learn the basics of open-source development. 

The final course, Git for Distributed Software Development (LFD109x), offers an introduction to Git and it will prepare participants to use Git to create new repositories or to clone existing ones, commit new changes, review revision histories, and more. 

To earn the professional certificate, participants must enroll in the program, complete all three courses, and pay a verified certificate fee of $149 per course. 

The post Linux Foundation announces new certification and courses in open source development appeared first on SD Times.

eBPF provides Linux kernels the extensibility to enable developers to program the Linux kernel to quickly build intelligent or feature-rich functions based on their business needs.

BumbleBee brings a Docker-like experience for eBPF, and through simple bee CLI commands, users can easily build, run, and distribute their eBPF programs as OCI (Open Container Initiative) images and plug the images to their existing OCI image workflows.

BumbleBee is built using libbpf and allows you to focus on writing your eBPF code while taking care of the user space components automatically. 

BumbleBee automatically detects and displays maps in your program that allow the user space and kernel space programs to share data. This is accomplished through the use of special BPF conventions and keywords.

“Through these simple bee init, build, run, list, and push commands, we are excited to bring the Docker-like experience to eBPF so that developers can not only easily build eBPF programs but also collaborate and share their eBPF programs with others through their favorite OCI image repositories,” Lin Sun, the director of open-source at Solo.io wrote in a blog post. 

The post SD Times Open-Source Project of the Week: BumbleBee appeared first on SD Times.

The guide offers an overview of the concept or use case, an explanation of a traditional solution to achieve it, key open-source projects, and a highlight of how major cloud providers are using open source to address the use case.

“Because every major cloud platform uses open-source software in their infrastructure, developing skills related to open technology makes developers more desirable to potential employers and helps developers compete in hybrid environments; that is, those that provide the ability and flexibility of running parts or all of your cloud solution and services on premises and/or on a public cloud, and/or in multiple clouds,” Todd Moore, VP of open technology at IBM, and Christopher Ferris, IBM Fellow and IBM’s CTO of open technology wrote in a blog post. 

A recent O’Reilly survey that IBM commissioned in late 2020 found that the most desired of the open-source skills are around Linux (containers), artificial intelligence and machine learning, and data storage, each of which IBM now has guides for. 

The guide aims to answer questions on how these skills translate to developing for hybrid cloud environments inclusive of the major cloud providers. 

The post IBM launches guide for contributing to open source cloud projects appeared first on SD Times.

With control flow analysis of aliased conditions enabled, developers don’t have to convince TypeScript of a variable’s type whenever it is used because the type-checker leverages something called control flow analysis to deduce the type within every language construct.

TypeScript also now lets users describe objects where every property has to have a certain type using index signatures to form dictionary-like types, where string keys can be used to index into them with square brackets.

Additional details on all of the highlights in the new version are available here. 

Rust support improvements in Linux kernel 

The Linux kernel received several major improvements to overall Rust support including removed panicking allocations, added support for the beta compiler as well as testing.

The goal with the improvements is to have everything the kernel needs in the upstream ‘alloc’ and to drop it from the kernel tree. ‘Alloc’ is now compiled with panicking allocation methods disabled, so that they cannot be used within the kernel by mistake.

As for compiler support, Linux is now using the 1.54-beta1 version as its reference compiler. At the end of this month, `rustc` 1.54 will be released, and the kernel will move to that version as the new reference. 

Additional details on all of the support improvements are available here.

Sauce Labs acquires Backtrace

Sauce Labs announced that it has acquired Backtrace, a provider of error monitoring solutions for software teams. 

 “Combined with our recent acquisitions of API Fortress, AutonomIQ, and TestFairy, the addition of Backtrace extends Sauce Labs solutions to meet every stage of the development journey. We’re thrilled to welcome the talented people and products of Backtrace and look forward to supporting their high-quality innovation as part of the Sauce Labs team,” said Aled Miles, president and CEO of Sauce Labs.

Backtrace offers a cross-platform error monitoring solution for desktop, mobile, devices, game consoles, and server platforms that helps organizations reduce debugging time and improve software quality.

Apache weekly update

Last week at the Apache Software Foundation (ASF) saw the release of Apache Camel 3.11, which includes a new ‘camel-kamelet-main’ component intended for developers to try out or develop custom Kamelets, a ‘getSourceTimestamp’ API on ‘Message’ and more.

Apache MetaModel, which was a common interface for discovery, exploration of metadata and querying of different types of data sources has been retired. 

Also, Apache Druid was found to have a vulnerability that authenticated users to read data from other sources than intended.

Other new releases last week included Apache Geode 1.13.3 and 1.12.3. Additional details on all news from the ASF are available here.  

The post SD Times news digest: TypeScript 4.4 beta, Rust support improvements in Linux kernel, Sauce Labs acquires Backtrace appeared first on SD Times.