Microsoft to grant Azure credits to open source projects
Microsoft has announced a programme that will grant Azure credits to open source projects for a year. According to company officials, any project in any technology with an Open Source Initiative (OSI) approved licence may apply.
Developers will be able to use these credits for testing, storage, builds, and other development work.
“Open source software is an integral part of development at Microsoft, aligned with our goal to empower all developers to be successful in building any application, using any language, on any platform. We are committed to building open, flexible technology and working with the open source community to grow together as an industry. We are giving back to the open source ecosystem we participate in and depend on,” wrote Carol Smith, senior program manager, Microsoft Open Source Programs Office in a blog post.
Microsoft has already extended these credit grants to some projects in the open source ecosystem including FreeBSD, Alma Linux, Haskell, Snakemate workflow management and Promitor.
Those interested can apply through the Azure Credits website. Each grant will be for one year. Applicants will need to re-apply each year if they would like credits again.
Red Hat announces Red Hat Ansible Automation Platform 2
Red Hat, Inc. has announced Red Hat Ansible Automation Platform 2 as the company’s new standard for hybrid cloud automation. The latest version of the platform adds self-contained automation capabilities while shifting automation more deeply into the application development life cycle.
The company said, “As hybrid and multi-cloud computing become critical IT components, IT organisations need automation platforms that can bridge traditional systems with these modern services, stretching from the enterprise data centre to remote network edges. Ansible Automation Platform 2 is now fully restructured for a hybrid cloud-native world, making it easier for IT teams to address automation needs at scale across varied environments and systems in a standardised way. With the automation controller (formerly Ansible Tower), users can more reliably and consistently scale automation on demand, taking a systematic approach to standardising automation practices while helping to reduce automation irregularities across the enterprise.”
The capability connects disparate automation components together and provides status checks on automation environments across the IT estate. The automation mesh is designed to connect across diverse environments with dispersed networks for more flexibility and resiliency without sacrificing security features, so enterprises can better adopt and scale automation.
Ansible Automation Platform 2 introduces the concept of automation execution environments (taking the place of Ansible Engine), which deliver selfcontained automation spaces that can be easily replicated and repeated across an organisation. Automation content navigator helps teams quickly validate that automation content is working as it should across even the largest environments. This helps automators, from developers to sysadmins, maintain operational consistency across their systems.
AlmaLinux OS Foundation membership open to the public
The AlmaLinux Foundation has announced membership options for all project contributors and community members.
This foundation is the entity behind AlmaLinux OS, the forever-free enterprise-grade Linux distribution. A member will have a voice in the direction of the project, and can vote for and be voted into the board of directors by other members. “There are several pathways available for becoming a member, including project contributors, mirror maintainers and service providers to the community, as well as official sponsors for the project,” said an official release.
The AlmaLinux Foundation is set up as a 501(c)(6) non-profit, the same model used by the Linux Foundation. There are currently three membership options available – contributor membership, mirror membership and sponsor membership
Those individuals or entities who wish to financially support the foundation may do so by applying for a sponsor membership. There are several possible tiers reflecting the different levels of contributions. This is the only membership type that includes a monetary contribution.
“It is vitally important that free and open source software foundations be supported to maintain their independence and allow them to serve the community as intended, and that is what the AlmaLinux community is doing,” said Daniel Pearson, COO of KnownHost, LLC.
“All membership applications are considered and accepted based on the merit of the application and the contribution record of the applicant,” read a press note.
Google invests US$ 1 million to reward developers for OSS security
Google has announced sponsorship for the Secure Open Source (SOS) pilot programme, run by the Linux Foundation. The company has planned to start with a US$ 1 million investment to financially reward developers for enhancing the security of critical open source projects. This follows Google’s earlier US$ 10 billion commitment to open source security.
The evaluation will be based on the guidelines established by the US based National Institute of Standards and Technology’s definition in response to the recent executive order on cybersecurity. Other factors include whether the project is included in the Harvard 2 Census Study of most-used packages, and whether the issue being resolved has a score of 0.6 or above in the OpenSSF Criticality Score project.
Specifically, the programme is focused on rewarding the software supply chain security improvements, including hardening CI/CD pipelines and distribution infrastructure, adoption of software artifact signing and verification, and project improvements that produce higher OpenSSF scorecard results.
Rewards will be determined on the complexity and impact of work, ranging from US$ 10,000 or more for complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities, to US$ 505 for small improvements that have merit from a security standpoint.
Upfront funding is available on a limited basis for impactful improvements of moderate to high complexity over a longer time span. Those requests should be provided with a detailed plan of how the improvements will be delivered.
Only work completed after October 1, 2021, qualifies for the SOS rewards.
CodeSee releases OSS Port
CodeSee, a developer platform that helps to understand codebase, has released OSS Port — a platform connecting OSS projects to people, with tools to help developers overcome the barriers to taking on codebases.
The company has also raised US$ 3 million in seed funding, co-led by Boldstart Ventures and Uncork Capital, with participation from Precursor Ventures, DCVC, and Salesforce Ventures, along with several angel investors.
“Contributing to and maintaining open source projects is hard, no matter
one’s level of dev expertise. OSS Port connects projects to people and eases codebase onboarding with CodeSee Maps. Maps will be forever-free to the OSS community—a commitment made by CodeSee leaders in support of open source innovation,” read a company blog.
Maintainers can tag their projects to topics like ‘education’ and ‘social good’, so that contributors can search, select, and quickly onboard to the projects that matter most to them.
OSS Port allows maintainers to provide contribution best practices, support guidance, and interactive visual walkthroughs of their codebase using CodeSee Maps. It allows users to visualise how proposed changes will impact the larger codebase, with features highlighting dependencies and insights to guide your decisions.
Dell targets market for 5G networks built on open source hardware
Dell Technologies chief Michael Dell recently said that he sees an opportunity to play a key role in the global rollout of 5G networks with new technology that makes specialised equipment unnecessary.
The shift towards Open Radio Access Network (O-RAN) lets telecommunications carriers use software to run network functions on standardised computing hardware.
The technology has drawn interest from the US government because it will allow networks to be made with offerings from American firms such as Dell and Microsoft, rather than solely from industry-specific providers such as Nokia or China’s Huawei Technologies Co Ltd.
In an interview, Dell said interest from the administration of former President Donald Trump in positioning the technology as a Western-led counterweight to Huawei has “fully carried over” to President Joe Biden’s administration.
Dell makes the computing hardware that goes into the new style of networks and has already secured deals to help DISH Network Corp in the US, and Vodafone and Orange in Europe build 5G networks with the technology. Dell Technologies has announced software to help carriers manage the computers used in the new networks, targeting release in November.
But most of the new O-RAN networks in Europe remain testbeds, and DISH is a 5G upstart building a network from scratch rather than an established player. Some telecommunications analysts believe the new open technology will not be dominant for at least another generation of networks. Dell wants to speed up the shift by testing and hardening much of the new technology for broader use.
Falco adds AWS cloud security monitoring
Sysdig has announced the addition of cloud security monitoring functionality to the Falco open source software project. The new Amazon Web Services (AWS) CloudTrail plugin provides real-time detection of unexpected behaviour and configuration changes, intrusions, and data theft in AWS cloud services using Falco rules.
The Falco community developed this extension with Sysdig based on a new plugin framework that allows anyone to extend Falco to capture data from additional sources beyond Linux system calls and Kubernetes audit logs. As organisations manage critical data across multiple clouds, they need consistent threat detection across their distributed environments. Additional plugins will allow organisations to use a consistent threat detection language and close security gaps by using consistent policies for workloads and infrastructure. In addition, more than 20 new out-of-thebox policies supporting compliance frameworks were released, the company said.
Today, security teams are forced to export AWS CloudTrail logs into a data lake or security information and event management (SIEM) for processing, and then search for threats and changes to configurations that can indicate a risk. This approach adds delay in identifying risks, as well as cost and complexity.
Falco inspects cloud logs using a streaming approach, applying the rules to the logs in real-time and immediately alerting on issues, without the need to make an additional copy of the data. This approach complements static cloud security posture management by continually checking for unexpected changes to configurations and permissions that can increase risk. In addition, it acts as a modern intrusion detection system (IDS), detecting threats based on unusual behaviour that can indicate a threat.
Deepfence announces open source availability of ‘ThreatMapper’
Deepfence, a security observability provider, has announced open source availability of ThreatMapper, an offering that automatically scans, maps and ranks application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments.
ThreatMapper is an open source platform for scanning runtime environments for software supply chain vulnerabilities and contextualising threats to help organisations determine which to address and when. The comprehensive suite of its capabilities and features is available on GitHub. ThreatMapper complements an organisation’s existing initiatives to “shift left” by scanning applications and infrastructure post-deployment, catching emerging threats and scanning both firstparty and third-party applications and components.
For enterprises looking for a deeper runtime detection and protection, Deepfence offers a commercial solution named ThreatStryker. ThreatStryker builds on the attack surface measured by ThreatMapper, and gathers rich runtime signals using cloud native deep packet inspection (DPI) to give visibility at runtime. ThreatStryker then correlates these runtime signals with measured attack surface and deploys fine-grained, targeted remediation to prevent the spread of threats and stop attackers in their tracks, all this without proxies, intrusive agents or any inline components.
Linux Foundation raises US$ 10 million to support OpenSSF
The Linux Foundation has raised US$ 10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together multiple open source software initiatives under one umbrella to identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices and vulnerability disclosure practices. Open source luminary Brian Behlendorf will serve the OpenSSF community as general manager.
Financial commitments from premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk and VMware. Additional commitments come from general members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift and Wind River.
“This pan-industry commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” said Jim Zemlin, executive director at the Linux Foundation.
According to industry reports (‘2021 State of the Software Supply Chain’, by Sonatype), software supply chain attacks have increased 650 per cent and are having a severe impact on business operations.
Rafay Systems to open source its zero-trust access and GitOps services
Rafay Systems, a platform provider for Kubernetes operations, has announced its plans to open source its zero-trust access and GitOps services.
Developers will be able to take advantage of, and contribute to, these battletested services that significantly reduce the complexities associated with securing access to and automating the ongoing operations of Kubernetes infrastructure and modern applications. The company said that these two services are the first of many that Rafay intends to open source over time.
As Kubernetes has become a priority for enterprises, access to modern infrastructure and configuration management has proven to be a major challenge, particularly when leveraging multiple clouds or operating multiple virtual private clouds (VPCs) in the same cloud environment. Enterprises are also finding it difficult to enforce repeatable workflows for managing the ongoing operations of Kubernetes infrastructure and modern applications.
With the zero-trust access and GitOps services available as open source projects, developers can address the multi-tenant access and automation requirements that these services were built to address. Developers can also collaborate with project contributors to further advance on-premises, hybrid, multi-cloud and edge use cases.
Haseeb Budhani, CEO of Rafay Systems, said, “By open sourcing zero-trust access and GitOps services, we are doing our part in furthering the community’s goals of making cloud-native computing ubiquitous. We look forward to the community embracing these projects, and are eager to engage with developers and DevOps professionals who are open to partnering with the current cadre of contributors focused on accelerating Kubernetes adoption in enterprises.”
Cube Dev announces availability of Cube Cloud
Cube Dev, the open source company behind Cube.js, has announced the general availability of Cube Cloud, a hosted version of the company’s popular open source Cube.js analytics API.
With Cube Cloud, companies can build data applications like metrics dashboards and analytics features that consume data from their cloud data warehouse—without building or hosting any of the complex technologies required to make this possible.
Cube Cloud connects to a company’s SQL data sources and builds an API backend to serve this data to an application. This makes it easy for developers to build applications with the visualisation libraries and front-end code tools of their choice. The service leverages all of the features of the open source Cube offering including SQL modelling, data schema, access control, a querying API, and caching and acceleration.
Prior to Cube Cloud, developers used Cube technology by provisioning their own computing resources and using either npm or Docker to install the open source Cube.js software platform. In that case, a business would be responsible for monitoring server performance and provisioning additional cluster servers as their consumption increased.
With Cube Cloud, developers simply select the Google Cloud Platform or Amazon Web Services region where they want to deploy Cube Cloud and connect it to their data sources. As more data is consumed or an application attracts more concurrent users, Cube Cloud can automatically scale to provide additional computing resources.
OpenStack Xena is live with improved integrations and new features
The OpenStack community has released Xena, the 24th version of open source cloud infrastructure software. Highlights of the Xena release include support for new hardware features, improved integration among components, and reduction of technical debt to maintain OpenStack’s stable and reliable core.
OpenStack is one of the most active open source projects in the world, supported by a vibrant and engaged community of developers globally. Over the span of just 25 weeks, almost 15,000 changes authored by over 680 contributors from over 125 different organisations were included in the Xena release.
This release comes at a time when the OpenStack project is deployed in production more widely than ever. Over 100 new OpenStack clouds have been built in the past 18 months, growing the total number of cores under OpenStack management to more than 25,000,000. Organisations with deployments ranging from hundreds of cores to six million cores have logged significant growth, according to the 2021 OpenStack User Survey.
Xena includes enhancements to features and integrations for open source applications on which the OpenStack clouds function.
OpsCruise announces ‘free forever’ plan to support use of open source telemetry
OpsCruise, the cloud application observability company, has announced a new ‘free forever’ plan to support further adoption and use of popular open source telemetry such as Kubernetes, eBPF, Prometheus, Loki, Jaeger and Istio.
Cloud native enterprises are often caught between two less than ideal choices: pick and choose amongst a multitude of free, open source tools but where a heavy lift is required around deployment, configuration, training and maintenance later, OR choose a commercial cloud based solution that’s easier but is expensive and locks you into a proprietary architecture.
OpsCruise said it offers the best by supporting and embedding popular open source monitoring tools into a smart-layer that auto-discovers and maintains all dependencies, predicts performance degradations, troubleshoots in context and automates causal analysis and more.
Julius Volz, ex-Google and the creator of one of the most popular open source monitoring tools, Prometheus, noted, “OpsCruise is a promising and novel approach for integrating information from both Prometheus and Kubernetes to help visualise the environment and automate production troubleshooting.”
Perforce announces OpenLogic Download Hub for Enterprise Linux
Perforce Software, a provider of solutions to enterprise teams, has announced its new OpenLogic Download Hub for Enterprise Linux.
The Download Hub — which gives users on-demand access to updates and patches that address critical security vulnerabilities within CentOS 6, 7, and 8 — bolsters OpenLogic’s popular Enterprise Linux Support offering.
Tim Russell, chief product officer at Perforce Software, said, “The new Enterprise Linux Download Hub is a prime example of our work in continuously improving this offering, and helping our customers to reduce downtime and improve security.”
This announcement comes on the heels of major shifts within the Enterprise Linux landscape, including an abbreviated CentOS 8 life cycle and a discontinuation of CentOS Linux in favour of the rolling-release CentOS Stream.
“Organisations that went through major efforts to update their environments from versions 6 and 7 to CentOS 8 are now challenged to migrate to another Linux distribution,” said Javier Perez, OSS chief evangelist at Perforce Software. “For those who need additional time to plan these migrations, OpenLogic Technical Support for Enterprise Linux, and the accompanying Download Hub, extends the enterprise viability of these distributions by 5 years — and gives impacted enterprises some much needed peace of mind.”