Open Source Governance provides a framework of policies, processes, and tools to help organizations effectively manage interactions with open source software. This reduces risks and ensures optimal open source use. HP implements best practices like an Open Source Program Office and Review Board to govern open source use internally. Their processes and tools like PTS and Fossology help control what open source is used, contributed to, and shipped in products. This governance aims to maximize benefits and compliance of open source.
Presented by Mark Radcliffe on October 12, 2016
This webinar examined the implications of recent developments in open source compliance and litigation. It touched on a series of Linux-related cases and stepped up compliance activity in Germany, in addition to current patent suits against Apache projects. The new litigation was discussed in the context of prior similar cases such as the Versata-Ameriprise case. Additionally, the webinar provided an overview of compliance best practices and how to reduce the risk of open source compliance and litigation.
El documento describe las ventajas y desventajas de usar Ubuntu, incluyendo que es fácil de instalar, gratis, tiene variedad de programas y comunidad de usuarios, pero no es bueno para juegos o programas de Windows y requiere acceso a Internet. También cubre las características de Ubuntu como su traducción a más de 130 idiomas, soporte para diferentes procesadores, colección de aplicaciones, seguridad, organización de paquetes, versiones con soporte a largo plazo, y requisitos técnicos mínimos.
Este documento presenta una introducción a Docker. Explica conceptos clave como contenedores, imágenes y registros. Detalla los comandos básicos de Docker como docker run, docker build y docker pull. También cubre temas como la creación de imágenes, el uso de volúmenes, la vinculación de contenedores y la orquestación con Kubernetes. Finalmente, explora cómo Docker puede usarse para implementar microservicios y facilitar la integración continua.
Linux es un sistema operativo de código abierto que puede instalarse gratuitamente. Fue desarrollado originalmente por Linus Torvalds y ha sido modificado por miles de programadores. Existen varias distribuciones de Linux como Ubuntu, Fedora y Debian, cada una con características y entornos de escritorio propios.
source : http://www.opennaru.com/open-source/containers-metaphor-for-what-docker-is/
컨테이너가 구축하는 애플리케이션에 대한 표준화된 컨테이너는 화물 운송 분야의 컨테이너는 대한 은유입니다.
컨테이너가 Tantlinger 에 의해 기술적인 표준화가 되기 전부터 오랫동안 구축된 개념입니다. HP, 오라클, IBM 과 같은 대형 벤더들은 수년간 켄테이너 기술을 사용해 왔으며, 특히 구글은 내부 프로젝트에서 매우 유사한 구현 방식을 사용하였습니다.
도커는 오픈소스와 커뮤니티를 중심으로 기술의 표준화와 발전을 이끌고 있습니다.
화물 컨테이너의 내부 화물은 운송에 중요하진 않습니다. 세계의 모든 선박과 트럭 그리고 크레인은 컨테이너 규격에 적합해야 합니다. 마찬가지로 도커 컨테이너도 어떤 애플리케이션( 관련 파일, 프레임워크, 의존성 등)이 내부에 있는지 중요하지 않습니다.
컨테이너는 모든 리눅스 배포판에서 실행되며, AMAZON AWS, Micrsoft Azue, Google Cloud Platform, Rackplace 등 모든 퍼블릭 클라우드 환경에서 운영됩니다.
해외로 이사를 간다고 가정을 하면 사실상 컨테이너에 이사짐을 넣은 후 트럭으로 이동하여, 크레인으로 배에 옮겨져 다른 나라로 운송합니다. 마찬가지로 컨테이너를 이용하면 개발자가 로컬 시스템에서 애플리케이션을 빌드하고 테스트 할 수 있으며
애플리케이션을 서버에 Push할 수 있습니다. 개발자는 컨테이너로 배포하게 되면 개발환경이나 운영환경이나 동일하게 동작할 것이라는 것을 알수 있습니다.
This document provides information and advice for beginners interested in bug bounty hunting. It recommends studying basics like networking, Linux, and a programming language. It suggests choosing an area to specialize in like web, mobile, or desktop application pentesting. Resources like books, YouTube channels, blogs, and practice labs are recommended. Finally, it advises starting with a bug bounty platform like HackerOne or BugCrowd, choosing targets wisely, doing in-depth research, writing thorough reports, and having patience as it takes years to master.
Presented by Mark Radcliffe on October 12, 2016
This webinar examined the implications of recent developments in open source compliance and litigation. It touched on a series of Linux-related cases and stepped up compliance activity in Germany, in addition to current patent suits against Apache projects. The new litigation was discussed in the context of prior similar cases such as the Versata-Ameriprise case. Additionally, the webinar provided an overview of compliance best practices and how to reduce the risk of open source compliance and litigation.
El documento describe las ventajas y desventajas de usar Ubuntu, incluyendo que es fácil de instalar, gratis, tiene variedad de programas y comunidad de usuarios, pero no es bueno para juegos o programas de Windows y requiere acceso a Internet. También cubre las características de Ubuntu como su traducción a más de 130 idiomas, soporte para diferentes procesadores, colección de aplicaciones, seguridad, organización de paquetes, versiones con soporte a largo plazo, y requisitos técnicos mínimos.
Este documento presenta una introducción a Docker. Explica conceptos clave como contenedores, imágenes y registros. Detalla los comandos básicos de Docker como docker run, docker build y docker pull. También cubre temas como la creación de imágenes, el uso de volúmenes, la vinculación de contenedores y la orquestación con Kubernetes. Finalmente, explora cómo Docker puede usarse para implementar microservicios y facilitar la integración continua.
Linux es un sistema operativo de código abierto que puede instalarse gratuitamente. Fue desarrollado originalmente por Linus Torvalds y ha sido modificado por miles de programadores. Existen varias distribuciones de Linux como Ubuntu, Fedora y Debian, cada una con características y entornos de escritorio propios.
source : http://www.opennaru.com/open-source/containers-metaphor-for-what-docker-is/
컨테이너가 구축하는 애플리케이션에 대한 표준화된 컨테이너는 화물 운송 분야의 컨테이너는 대한 은유입니다.
컨테이너가 Tantlinger 에 의해 기술적인 표준화가 되기 전부터 오랫동안 구축된 개념입니다. HP, 오라클, IBM 과 같은 대형 벤더들은 수년간 켄테이너 기술을 사용해 왔으며, 특히 구글은 내부 프로젝트에서 매우 유사한 구현 방식을 사용하였습니다.
도커는 오픈소스와 커뮤니티를 중심으로 기술의 표준화와 발전을 이끌고 있습니다.
화물 컨테이너의 내부 화물은 운송에 중요하진 않습니다. 세계의 모든 선박과 트럭 그리고 크레인은 컨테이너 규격에 적합해야 합니다. 마찬가지로 도커 컨테이너도 어떤 애플리케이션( 관련 파일, 프레임워크, 의존성 등)이 내부에 있는지 중요하지 않습니다.
컨테이너는 모든 리눅스 배포판에서 실행되며, AMAZON AWS, Micrsoft Azue, Google Cloud Platform, Rackplace 등 모든 퍼블릭 클라우드 환경에서 운영됩니다.
해외로 이사를 간다고 가정을 하면 사실상 컨테이너에 이사짐을 넣은 후 트럭으로 이동하여, 크레인으로 배에 옮겨져 다른 나라로 운송합니다. 마찬가지로 컨테이너를 이용하면 개발자가 로컬 시스템에서 애플리케이션을 빌드하고 테스트 할 수 있으며
애플리케이션을 서버에 Push할 수 있습니다. 개발자는 컨테이너로 배포하게 되면 개발환경이나 운영환경이나 동일하게 동작할 것이라는 것을 알수 있습니다.
This document provides information and advice for beginners interested in bug bounty hunting. It recommends studying basics like networking, Linux, and a programming language. It suggests choosing an area to specialize in like web, mobile, or desktop application pentesting. Resources like books, YouTube channels, blogs, and practice labs are recommended. Finally, it advises starting with a bug bounty platform like HackerOne or BugCrowd, choosing targets wisely, doing in-depth research, writing thorough reports, and having patience as it takes years to master.
Este documento describe la historia y características del sistema operativo Android. Resume que Android fue desarrollado inicialmente por Android Inc. en 2003 y luego adquirida por Google en 2005, lanzándose la primera versión de Android en 2008. Explica que Android está basado en el kernel de Linux y tiene una arquitectura de cuatro capas que incluyen el kernel, bibliotecas, marco de aplicaciones y aplicaciones.
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...Codemotion
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free and open source security tools. This talk by the ZAP project lead will focus on embedding ZAP in continuous integration / delivery pipelines in order to automate security tests. Simon will cover the range of integration options available and explain how ZAP is being integrated into the Mozilla Cloud Services CD pipeline. He will also explain and demonstrate how to drive the ZAP API, which gives complete control over the ZAP daemon.
Universal Flash Storage (UFS) is a NAND flash storage specification developed by JEDEC that improves on eMMC. UFS uses a serial interface for faster read/write speeds compared to eMMC's parallel interface. It has a layered architecture including a device manager layer, UFS command set layer, UFS transport protocol layer, and UFS interconnect layer. The document discusses these layers and covers UFS features like logical units, command formats like UPIU, and SCSI commands supported in UFS including MODE SELECT, MODE SENSE, and READ/WRITE commands.
Kali Linux is an operating system based on Debian Linux designed for digital forensics and penetration testing. It contains over 600 security and forensics tools, runs on both 32-bit and 64-bit architectures, and is free and open source. Kali Linux is commonly used by ethical hackers, penetration testers, and digital forensics investigators. It contains more security tools than other Linux distributions and is optimized for tasks such as vulnerability assessment, security auditing, and penetration testing.
Este documento explica los protocolos TCP/IP. Brevemente describe la historia de TCP/IP desde su creación en 1969 como ARPANET hasta su adopción como estándar en 1983. Explica que TCP/IP sigue un modelo de 4 capas y compara este modelo con el modelo OSI de 7 capas. Finalmente, describe las capas de transporte UDP y TCP, señalando que TCP es orientado a conexión y confiable mientras que UDP proporciona un acceso directo pero sin confiabilidad.
This document describes OWASP Dependency-Track, a tool for continuous component analysis to reduce open source risk. It integrates with vulnerability databases and monitors applications to identify vulnerabilities. Dependency-Track is designed for automated DevOps environments to accelerate development while monitoring component usage and risk. It supports ingesting software bills of materials during CI/CD to analyze components continuously and provide notifications.
This document provides an introduction to Linux fundamentals. It covers Linux history and distributions, software licensing, installing Linux distributions like Debian and CentOS, navigating and managing files and directories from the command line, shell expansion and scripting. The document is intended to be used for instructor-led Linux training and includes exercises and solutions.
Se presentan las principales características que identifican a Linux y que han conseguido su popularidad sobre otras alternativas. La modularidad, el compartir las librerías y las ejecución, el emplear el espacio swap y la capacidad de manejar diversos sistemas de archivos, son algunas de las características mencionadas.
The document traces the origins and evolution of UNIX and Linux operating systems, culminating in the development of the Kali Linux operating system. It discusses how UNIX was developed at Bell Labs in the 1960s, and how Linux was later created by Linus Torvalds in the 1990s. It then focuses on the development of Kali Linux, which originated from the BackTrack Linux security and penetration testing distribution, and has become the premier operating system for penetration testing and security auditing.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
This document provides an overview of the steps to build and install the Android Open Source Project (AOSP) from source. It discusses initializing a build environment, downloading the AOSP source tree and device drivers, building and installing the AOSP build on a Nexus 5 device. The build process involves initializing a repo client, syncing the source code, choosing a target, and running make. The installed AOSP build can then be used to power an unlocked Nexus 5 device.
Implementación de NAT/PAT en routers CiscoPaulo Colomés
Cómo configurar los 4 tipos de NAT en routers Cisco:
- Dynamic NAT
- Static NAT
- PAT (NAT overload)
- PAT con múltiples IP (Dynamic NAT con overload)
Al final de la diapositiva sale un video de cómo configurar esto.
El documento resume la evolución de Linux desde su creación en 1991 por Linus Torvalds hasta 2007. Algunos hitos clave incluyen el lanzamiento de la versión 1.0 en 1994, el crecimiento de la comunidad de desarrolladores, el soporte de empresas importantes como IBM en 1998, y Dell comenzando a vender computadoras con Ubuntu preinstalado en 2007.
Yocto Project : Custom Embedded Linux Distributionemertxemarketing
The document outlines a 3-day training course on using the Yocto Project to build custom embedded Linux distributions. Day 1 covers downloading Yocto Project sources, building an image, and flashing a development board. Day 2 focuses on recipes, layers, adding packages and creating new layers. Day 3 discusses extending recipes, writing machine configurations, custom images, and using the SDK. The document provides information on the Yocto Project build system including the BitBake build engine, OpenEmbedded core components, the Poky reference system, and configuring the build environment.
Linux es un sistema operativo libre basado en Unix desarrollado por colaboradores de todo el mundo y licenciado bajo la GPL v2. Fue concebido por Linus Torvalds en 1991 y ha recibido contribuciones de miles de programadores, adoptando códigos de otros proyectos de software libre. Actualmente es un núcleo monolítico híbrido cuyo código fuente está disponible en kernel.org.
Linux Kernel and Driver Development TrainingStephan Cadene
This document provides information about a Linux Kernel and Driver Development training from Free Electrons. It begins with an overview of the course and hardware that will be used. It then discusses Free Electrons as a company and their online resources. The document also provides generic course information and guidelines for participation and the practical labs.
[오픈소스컨설팅] Red Hat ReaR (relax and-recover) Quick GuideJi-Woong Choi
본 문서는 RHEL에 내장된 재해복구솔루션 ReaR (Relax and Recover)를 이용하여 OS 영역의 데이터를 백업하고 복구하는 방법을 다루고 있습니다. ReaR는 iso를 비롯한 다양한 백업 데이터 포맷을 지원하나, 이 문서에서는 CD/DVD 미디어 반입/보관이 보안상 대부분 허용되지 않는 기업 환경에서도 원활히 사용할 수 있는 PXE boot를 지원하는 포맷으로 ReaR 백업 데이터를 생성하고 복구하는 방법만을 자세히 설명합니다.
Redfish is an IPMI replacement standardized by the DMTF. It provides a RESTful API for server out of band management and a lightweight data model specification that is scalable, discoverable and extensible. (Cf: http://www.dmtf.org/standards/redfish). This presentation will start by detailing its role and the features it provides with examples. It will demonstrate the benefits it provides to system administrator by providing a standardized open interface for multiple servers, and also storage systems.
We will then cover various tools such as the DMTF ones and the python-redfish library (Cf: https://github.com/openstack/python-redfish) offering Redfish abstractions.
Open Source Governance for your OrganizationRobert Sutor
Some guidelines on how to incorporate governance of open source software into your business or organization. Presented at the 2011 NASA Open Source Summit. http://www.nasa.gov/open/source/
Attendees discovered how to set up Open Source Governance using nexB's DejaCode, including:
- How to implement effective policies for OSS license and component usage,
- How to set up efficient approval workflows for OSS license and component usage, and
- How to automate OSS Attribution Notice generation.
Este documento describe la historia y características del sistema operativo Android. Resume que Android fue desarrollado inicialmente por Android Inc. en 2003 y luego adquirida por Google en 2005, lanzándose la primera versión de Android en 2008. Explica que Android está basado en el kernel de Linux y tiene una arquitectura de cuatro capas que incluyen el kernel, bibliotecas, marco de aplicaciones y aplicaciones.
Security Testing with OWASP ZAP in CI/CD - Simon Bennetts - Codemotion Amster...Codemotion
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free and open source security tools. This talk by the ZAP project lead will focus on embedding ZAP in continuous integration / delivery pipelines in order to automate security tests. Simon will cover the range of integration options available and explain how ZAP is being integrated into the Mozilla Cloud Services CD pipeline. He will also explain and demonstrate how to drive the ZAP API, which gives complete control over the ZAP daemon.
Universal Flash Storage (UFS) is a NAND flash storage specification developed by JEDEC that improves on eMMC. UFS uses a serial interface for faster read/write speeds compared to eMMC's parallel interface. It has a layered architecture including a device manager layer, UFS command set layer, UFS transport protocol layer, and UFS interconnect layer. The document discusses these layers and covers UFS features like logical units, command formats like UPIU, and SCSI commands supported in UFS including MODE SELECT, MODE SENSE, and READ/WRITE commands.
Kali Linux is an operating system based on Debian Linux designed for digital forensics and penetration testing. It contains over 600 security and forensics tools, runs on both 32-bit and 64-bit architectures, and is free and open source. Kali Linux is commonly used by ethical hackers, penetration testers, and digital forensics investigators. It contains more security tools than other Linux distributions and is optimized for tasks such as vulnerability assessment, security auditing, and penetration testing.
Este documento explica los protocolos TCP/IP. Brevemente describe la historia de TCP/IP desde su creación en 1969 como ARPANET hasta su adopción como estándar en 1983. Explica que TCP/IP sigue un modelo de 4 capas y compara este modelo con el modelo OSI de 7 capas. Finalmente, describe las capas de transporte UDP y TCP, señalando que TCP es orientado a conexión y confiable mientras que UDP proporciona un acceso directo pero sin confiabilidad.
This document describes OWASP Dependency-Track, a tool for continuous component analysis to reduce open source risk. It integrates with vulnerability databases and monitors applications to identify vulnerabilities. Dependency-Track is designed for automated DevOps environments to accelerate development while monitoring component usage and risk. It supports ingesting software bills of materials during CI/CD to analyze components continuously and provide notifications.
This document provides an introduction to Linux fundamentals. It covers Linux history and distributions, software licensing, installing Linux distributions like Debian and CentOS, navigating and managing files and directories from the command line, shell expansion and scripting. The document is intended to be used for instructor-led Linux training and includes exercises and solutions.
Se presentan las principales características que identifican a Linux y que han conseguido su popularidad sobre otras alternativas. La modularidad, el compartir las librerías y las ejecución, el emplear el espacio swap y la capacidad de manejar diversos sistemas de archivos, son algunas de las características mencionadas.
The document traces the origins and evolution of UNIX and Linux operating systems, culminating in the development of the Kali Linux operating system. It discusses how UNIX was developed at Bell Labs in the 1960s, and how Linux was later created by Linus Torvalds in the 1990s. It then focuses on the development of Kali Linux, which originated from the BackTrack Linux security and penetration testing distribution, and has become the premier operating system for penetration testing and security auditing.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
Deploy Failover/High Availability in ASA FirewallKHNOG
This document provides an overview of high availability network design using failover. It discusses failover concepts and terminology, deployment, configuration, and behaviors. The key aspects covered include active/standby configuration and operation, failover requirements, and trigger conditions for failover.
This document provides an overview of the steps to build and install the Android Open Source Project (AOSP) from source. It discusses initializing a build environment, downloading the AOSP source tree and device drivers, building and installing the AOSP build on a Nexus 5 device. The build process involves initializing a repo client, syncing the source code, choosing a target, and running make. The installed AOSP build can then be used to power an unlocked Nexus 5 device.
Implementación de NAT/PAT en routers CiscoPaulo Colomés
Cómo configurar los 4 tipos de NAT en routers Cisco:
- Dynamic NAT
- Static NAT
- PAT (NAT overload)
- PAT con múltiples IP (Dynamic NAT con overload)
Al final de la diapositiva sale un video de cómo configurar esto.
El documento resume la evolución de Linux desde su creación en 1991 por Linus Torvalds hasta 2007. Algunos hitos clave incluyen el lanzamiento de la versión 1.0 en 1994, el crecimiento de la comunidad de desarrolladores, el soporte de empresas importantes como IBM en 1998, y Dell comenzando a vender computadoras con Ubuntu preinstalado en 2007.
Yocto Project : Custom Embedded Linux Distributionemertxemarketing
The document outlines a 3-day training course on using the Yocto Project to build custom embedded Linux distributions. Day 1 covers downloading Yocto Project sources, building an image, and flashing a development board. Day 2 focuses on recipes, layers, adding packages and creating new layers. Day 3 discusses extending recipes, writing machine configurations, custom images, and using the SDK. The document provides information on the Yocto Project build system including the BitBake build engine, OpenEmbedded core components, the Poky reference system, and configuring the build environment.
Linux es un sistema operativo libre basado en Unix desarrollado por colaboradores de todo el mundo y licenciado bajo la GPL v2. Fue concebido por Linus Torvalds en 1991 y ha recibido contribuciones de miles de programadores, adoptando códigos de otros proyectos de software libre. Actualmente es un núcleo monolítico híbrido cuyo código fuente está disponible en kernel.org.
Linux Kernel and Driver Development TrainingStephan Cadene
This document provides information about a Linux Kernel and Driver Development training from Free Electrons. It begins with an overview of the course and hardware that will be used. It then discusses Free Electrons as a company and their online resources. The document also provides generic course information and guidelines for participation and the practical labs.
[오픈소스컨설팅] Red Hat ReaR (relax and-recover) Quick GuideJi-Woong Choi
본 문서는 RHEL에 내장된 재해복구솔루션 ReaR (Relax and Recover)를 이용하여 OS 영역의 데이터를 백업하고 복구하는 방법을 다루고 있습니다. ReaR는 iso를 비롯한 다양한 백업 데이터 포맷을 지원하나, 이 문서에서는 CD/DVD 미디어 반입/보관이 보안상 대부분 허용되지 않는 기업 환경에서도 원활히 사용할 수 있는 PXE boot를 지원하는 포맷으로 ReaR 백업 데이터를 생성하고 복구하는 방법만을 자세히 설명합니다.
Redfish is an IPMI replacement standardized by the DMTF. It provides a RESTful API for server out of band management and a lightweight data model specification that is scalable, discoverable and extensible. (Cf: http://www.dmtf.org/standards/redfish). This presentation will start by detailing its role and the features it provides with examples. It will demonstrate the benefits it provides to system administrator by providing a standardized open interface for multiple servers, and also storage systems.
We will then cover various tools such as the DMTF ones and the python-redfish library (Cf: https://github.com/openstack/python-redfish) offering Redfish abstractions.
Open Source Governance for your OrganizationRobert Sutor
Some guidelines on how to incorporate governance of open source software into your business or organization. Presented at the 2011 NASA Open Source Summit. http://www.nasa.gov/open/source/
Attendees discovered how to set up Open Source Governance using nexB's DejaCode, including:
- How to implement effective policies for OSS license and component usage,
- How to set up efficient approval workflows for OSS license and component usage, and
- How to automate OSS Attribution Notice generation.
This document provides an overview of software-defined networking (SDN) and the HPE VAN SDN Controller. It defines SDN and describes its key concepts including the separation of the control plane and data plane. The benefits of SDN like centralization, dynamism, and optimization are outlined. The architecture of the HPE SDN Controller is presented along with the core applications it provides for network discovery, path selection, topology management and more. In conclusion, SDN is positioned to transform static networks into scalable, programmable platforms.
Inner Source Webinar Series: Open Source Community Development MethodsBlack Duck by Synopsys
In this webinar series, Guy Martin from Red Hat and Andrew Aitken from Black Duck Consulting cover the inner source concept of using open source community-style development methods and best practices in internal IT development organizations.
Selecting the right automation framework is hard. It might be a critical decision in implementing your continuous testing agenda. Today, there are so many possibilities. From open source solutions (Selenium Appium, etc.), to HPE developed commercial tools (QTP, UFT, Mobile Center).
What was the process that we did in order to select the right automation framework. Our approach was to 1st define our needs from such a framework and we ended up with a list of 10 must have requirements for such a framework and then went on to pick the right tool. We ended up with different frameworks for different projects with a wide combinations of open source to our own tools (UFT, LeanFT, etc.)
HPE Agile Manager and Project and Portfolio Management PPM overview Jeffrey Nunn
HPE Agile Manager is a cloud-based agile project management tool that provides:
- Agile project management capabilities like release management, user story and defect tracking, and team management.
- Integrations with development tools and testing tools like QC/ALM for quality management and continuous testing.
- Visibility into projects across distributed teams through a unified real-time dashboard.
The document discusses challenges with project and portfolio management. It notes that 62% of projects fail to meet goals, with nearly half overrunning budgets and more than 40% failing to provide expected returns. Reasons for failure include misaligned investments, unclear project scopes, and manual processes. It advocates removing barriers between business units and automating processes to increase speed while maintaining quality. A consolidated view of projects and standardized processes across teams could help address common challenges like changing priorities and inefficient resource allocation faced by project management offices.
The Infrastructure backbone is the core to any successful business. Customers planning their move to SAP S/4 HANA rely on Capgemini and HPE to modernize that core. Complexities can arise that delay companies from moving to SAP S/4 HANA. However, many customers are realizing near-term business value by modernizing now. Together we deliver a HANA ready environment today and a clear path to SAP S/4 HANA tomorrow.
Join us to learn how HPE and Capgemini jointly deliver modernization assessments that will help you define your organization's transformation.
Presented at HPE Discover Las Vegas 2016.
The document discusses how digital transformation is changing businesses and requiring new hybrid IT operating models. It notes that the explosion of connected things and cloud technology is disrupting existing business models. Customers are looking to move 10,000 applications to a modern hybrid infrastructure that combines private clouds, managed clouds, and public clouds. IT will need to become more agile and create value while integrating innovation from both traditional and new technologies. The partnership between HPE and Capgemini aims to help customers with this digital transformation through HPE's multi-cloud strategy and hybrid management capabilities.
After an overview presentation, we will demonstrate live how HPE's multi-vendor Intelligent Management Center (IMC) software can be used to manage day to day operations for the datacenter. Introduction to HPE IMC focused on management for data center switching. Topics include REST API, virtualization integration and data center fabric management.
The document outlines two project governance models for a project between a vendor and customer. Model I describes the vendor taking primary responsibility for overall governance, requirements gathering, status reporting, and delivery management. Model II describes the customer taking primary responsibility for governance, receiving requirements and schedules from the vendor, coordinating status calls, and overseeing delivery management. Both models specify the responsibilities of the vendor and customer project teams.
Benefits of Transforming to a Hybrid Infrastructure - HPEMarcoTechnologies
This document discusses the benefits of transforming to a hybrid infrastructure. It argues that IT must become value creators by both containing costs and creating new services. It states that organizations should define their "right mix" of traditional IT, private cloud, and public cloud to accelerate app and service delivery. It outlines how Hewlett Packard Enterprise can help organizations define, power, and optimize their hybrid infrastructure through advisory services, application transformation, private and public cloud offerings, automation solutions, and managed services. The goal is to become a broker of services to enable continuous value creation.
Cwin16 tls-partner-mark logic-an innovation journey in manufacturingCapgemini
This document discusses how MarkLogic enterprise NoSQL can help with an innovation journey in manufacturing. It notes that product lifecycle management (PLM) data is often stored in disconnected silos across different parts of an organization. MarkLogic can integrate this PLM data and make it accessible and searchable at scale. It allows loading both structured and unstructured data flexibly. MarkLogic also provides semantics, full-text search capabilities, and can manage applicability of data at scale through reverse queries. Case studies are presented of companies that improved efficiency, scalability, and streamlined digital delivery using MarkLogic.
The document outlines a plan to establish a program governance structure for an organization. It recommends forming a Program Steering Committee and Program Management Office (PMO) to provide oversight of projects. The PMO would define roles and processes, manage project data and communications, and ensure alignment with business strategy. Key elements of the governance model include a communications plan, integrated schedule, quality plan, and risk management plan to facilitate coordination across projects.
The document discusses project governance and defines what it entails. It recommends defining governance levels by identifying who the project reports to and who needs to deliver work for the project. It also recommends defining governance forums like daily scrums, weekly project review board meetings, and monthly executive board meetings. The document advises defining the reporting tools needed to track deliverables, assumptions, risks, issues, changes, milestones, and budget. It stresses the importance of communicating the governance structure to ensure everyone understands their roles and responsibilities.
Open source governance provides a framework of policies, processes, and tools to help organizations effectively manage interactions with open source software. This reduces risks and enables optimal use. Best practices include training, clear policies, review processes, and automated tools to track software and ensure compliance. HP's open source governance includes a program office, review board, legal expertise, tools like Fossology, and processes to evaluate open source usage, licensing, and contributions.
The document discusses open source governance at HP. It provides an introduction to open source licenses and communities, and defines open source governance as a framework to help organizations effectively manage interactions with open source software. It outlines HP's interactions with open source and describes some of HP's best practices, including an open source program office, review board, tools like Fossology and PTS, and policies and processes to guide open source use.
This document discusses open source software, including its definitions, benefits, and state in Malaysia. Open source software provides freedom to users and prevents vendor lock-in. It benefits developing countries by providing affordable access. However, some fears about open source include lack of accountability, support, and security. In Malaysia, open source is commonly used for servers but less so in corporations, schools, and for development. Moving forward, the document proposes government initiatives like an open source policy and deployment in the public sector to further adoption.
Identifying and managing the risks of open source software for PHP developersRogue Wave Software
Do you really need to worry about using open source software in developing commercial applications? This presentation looks at the key risk areas, how to identify and quantify the risk, and what steps if any are needed to deal with the risks.
Open source presentation to lgma workshop april 2010OpenSourceLGMA
The document discusses the use of open source software in local governments. It notes that many local authorities are replacing proprietary software like Microsoft Office with open source alternatives to save costs. It provides examples of open source applications being used for content management, document management, GIS, back office systems, and desktop applications. The document advocates adopting a dual open source approach and emphasizes understanding open source licensing and communities to ensure successful integration of open source into an organization's IT strategy.
KB Seminars: Working with Technology - Platforms; 10/13MDIF
This document provides an overview and agenda for a technology seminar discussing technology platforms and decision criteria. It will cover the purpose of platforms, the planning and decision making process, and do a comparison of major open source platforms. The document defines technology platforms and outlines various decision criteria to consider, including technical requirements, business factors like costs, and open source versus proprietary software pros and cons. Useful links are also provided.
This document introduces Bruno Cornec and provides information about his background working with open source software since 1988. It then summarizes the FOSSology project, which is a framework for analyzing open source software to understand licenses and reduce uncertainty about using open source. Key aspects of FOSSology discussed include its license detection capabilities, architecture, requirements, and timeline of new features. Potential other uses for FOSSology are also listed.
1) The document discusses how open source software has affected traditional software markets by entering established markets like compilers, toolchains, development environments, and enterprise/embedded operating systems and weakening established strongholds.
2) It outlines HP's interactions with open source software through internal usage, incorporating it into their software and hardware products, and being active participants and maintainers in open source communities.
3) The challenges customers face with open source are addressed, like determining where software comes from, its maturity, license obligations, support, security, and stability. Tools and governance are needed to help with these challenges.
Open source presentation enterprise ireland 2010Tim Willoughby
This document discusses open source software use in local government. It notes that many local authorities are ending agreements with Microsoft and exploring open source alternatives. It identifies potential areas to replace proprietary software, such as desktop applications, operating systems, servers, and data services. It provides examples of commonly used open source software and adoption rates. It argues that open source can provide quality applications at low or no cost, while allowing for customization and faster development. The document advocates adopting open standards and considering both open source and commercial options to balance costs and meet needs.
SIM RTP Meeting - So Who's Using Open Source Anyway?Alex Meadows
Open Source has been around for several decades now, but there is still a bit of mystery around what makes open source work and concern about using it in the enterprise. Open Source technologies are being widely used in many industries, including analytics, software development, social media, data center management, and more.
The discussion will be moderated by Julie Batchelor and panelists include:
* Todd Lewis, Open Source evangelist
* Jason Hibbets, Open Source Community Manager
* Jim Salter, Co-Owner and Chief Technology Officer at Openoid, LLC
* Alex Meadows, data scientist
LAMP is a shorthand term for a web application platform consisting of Linux, Apache, MySQL and one of Perl or PHP or Python. Together, these open-source tools provide a world-class platform for deploying web applications. LAMP has been touted as "the killer app" of the open-source world.
The document provides an overview of open source software, its history and uses in libraries. It discusses evaluating open source solutions and factors to consider such as community support, total cost of ownership, and technical requirements. Resources for finding and evaluating open source software are also listed.
Open Source Content Management Systems for Small and Medium Businesses, Chari...Will Hall
How can open source CMS's meet the particular challenges that running SME's, NGO's or charities involve? Whether you run a small business, non-governmental organisation or charity, the potential for spending hundreds of thousands of pound on software to assist with the running of your business is untenable, however, how far can open-source software (and particularly content management systems) enable your business to evolve, thrive and even surpass your expectations. In my presentation I intend to discuss; what your content is and how to use it to your advantage when running a complex operation with limited resources. The advantages and disadvantages of utilising open source software and how you can leverage the community to gain support and expertise. What the future for open source projects are and how you can ensure your business/organisation/charity can continue its work into Web 3.0
Fundamentals of Free and Open Source SoftwareRoss Gardler
Introduction to the OSS Watch Business
and Sustainability Models Around Free and Open Source Software. this presentation doesn't deal with the business models, it introduces FOSS and the key licence types.
This document provides an overview of open source software including its definition, history, freedoms, development model, licenses, security considerations, and advantages/disadvantages. Open source software gives users the freedom to use, modify, and share the software. It originated in the 1980s with Richard Stallman's GNU project. There are various business models for open source including support/services. Popular licenses include the GPL, MPL, Apache, and BSD licenses which have different terms regarding modifications and redistribution. While open source is not inherently more secure, its transparency and community review can improve security.
A short introduction to benefits and issues about the use of Free/Libre and Open Source software in small and medium enterprises (published in the Tri-ICT project: www.tri-ict.eu).
Single-Vendor Open Source at the CrossroadsDirk Riehle
Most venture capital funding in open source flows to single-vendor open source firms. With the struggles over licensing in the cloud, these companies find themselves at the crossroads: Stay true to open source or move to proprietary licenses, abandoning the goodwill and opportunities that come with open source. In this talk I will review how this business model works, discuss the challenges posed to vendors by large cloud providers, and review the current options on the table.
The document provides an overview of the Docker ecosystem, including its definition, architecture, and status. It describes how Docker allows for applications to be bundled and run in a portable way across various environments using containers. The key components of Docker like images, containers, registries, and Dockerfiles are explained. The document also discusses the container ecosystem and adoption of Docker by various companies and projects. It outlines the security features and best practices for containers. Finally, it provides a brief history of resource management capabilities in Linux that enabled and influenced the development of containers.
Diaporama réalisé pour les Concerts 2022 de l'ensemble vocal Variations pour le 501è anniversaire de la mort de Josquin Desprez.
Pièces chantées:
O salutaris hostia
Tu solus
Stabat Mater dolorosa
Scaramella
Ballade des pendus
Miserere mei Deus
Cœurs désolés
Sanctus de la messe L’Homme Armé
Christus mortuus est
Laudate pueri Dominum
El grillo
Proch Dolor
Mille regretz
Tulerunt Dominum meum
Document issu d'un groupe de travail du Syntec auquel j'ai participé et qui n'est plus accessible via les sites originaux donc je mets une copie ici.
Il s'agit d'un document partageant des bonnes pratiques autour de la gouvernance et du pilotage de projets Open Source dans des organismes.
Using containers and Continuous Packaging to Build native FOSSology packagesBruno Cornec
During last LinuxCon, Bruno presented the continuous packaging approach used with a tool like project-builder.org to package upstream projects for hundreds of Linux distributions tuples in an automatic manner. Discussions happened there with the FOSSology project which wanted to benefit from this approach to produce Linux packages for their users. Both projects have since that worked jointly to make it a reality, and want to share their return of experience on this journey, benefits obtained, issues encountered and how they were fixed.
After a reminder of the basics on continuous packing, the presentation will give a concrete example of what was setup using the infrastructure of the LinuxFoudation to enable the automatic creation of rpm and deb packages for FOSSology, launched during the continuous integration process already in place. A demo of the build process will also be made.
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
2. Agenda
●
Introduction
●
Open Source & Licenses
●
What is Open Source Governance ?
–
–
●
Concepts
Best practices
Which Open Source Governance at HP ?
2
05/09/13
2
3. Introducing Myself
Software engineering and Unices since 1988
●
–
Mostly Configuration Management Systems (CMS), Build systems, quality tools, on
multiple commercial Unix systems
–
Discover Open Source & Linux (OSL) & first contributions in 1993
–
Full time on OSL since 1995, first as HP reseller then @HP
Currently:
– Master Technology Architect on OSL for the HP/Intel Solution Center, Grenoble
●
–
–
3
OSL HP Advocate
EMEA OSL HP Profession Lead
–
Solutions Linux Conference and OWF board member. Conferences at WW level in
LinuxCon, Linux.conf.au
–
MondoRescue, Dploy.org, Project-Builder.org Project Lead
–
LinuxCOE, mrepo, tellico, rinse, fossology, collectl contributor
–
FOSSBazaar and OSL Governance enthusiast
–
Mandriva, Mageia, Fedora packager
4. “Open Source” is three things
Community
Licenses
4
Almost 60 licenses today
Some require that code
changes be returned to the
community at large
These are called copyleft or
reciprocal
They are not viral
This requirement is what
makes the methodology work
Other licenses are similar to
the public domain and have
few requirements
Copyrights are still a core
foundational element of all
open source licenses
Any collection of developers
with a common interest
Historically made up of free
agents
Increasingly funded by large
companies sharing development
costs
Governments and academia also
contributing at an increasing
pace
Methodology
Communal, shared
development
Various projects each with
their own subculture
Governance models vary
widely, some autocratic,
others consensus based
Very few roadmaps, but some
projects are starting to
publish them
Influence and control is
achieved by being integrated
& involved
Individuals are largely in
control, not companies
•You can use all three as a competitive advantage
•The business model shifts to subscriptions and support
•The more you get involved, the more you can influence/control
05/09/13
4
5. Free & Open Source Software (FOSS) Licenses
no-charge
software
source code
available
binary-only
source with
limitations
Adobe
Reader
5
many
java
libraries
freeware
shareware
05/09/13
FOSS
Sun
SCSL
no impact on
other code
copyleft
Microsoft
shared source
GNU GPL
GNU LGPL
IBM
W3C
BSD
Mozilla
Reference URL: http://www.gnu.org/licenses/licenses.en.html
Apache
5
MIT
6. Free & Open Source Licenses Key Points
Redistribution is permitted without a need to
pay fees for distributed copies.
Source code is available and may be modified.
Modified versions may be distributed with
permission for others to do all the above.
FOSS goals are:
6
Knowledge sharing
Modification to adapt
Learn by looking inside
05/09/13
A FOSS is like a car whose hood is open
6
8. What is IT Governance?
Specifying the decision rights and accountability framework to encourage
desirable behavior in the use of IT. (Weill & Ross, “IT Governance”)
IT Governance is the organizational capacity exercised by the board, executive
management and IT management to control the formulation and
implementation of IT strategy and in this way ensure the fusion of business and
IT. (Van Grembergen, 2002)
8
IT Governance is the effective management of all IT assets, functions &
processes in support of the enterprise’s business objectives.
05/09/13
8
HP Proprietary
8
9. Scope of IT Governance
•
IT operating principles
•
− Changes brought by extensive FOSS usage on
operational principles (buy, build, reuse, ...)
IT project portfolio
• Enterprise Architecture
•
•
IT application portfolio
− Impact of mixing stacks using FOSS, evaluation of
the technical fit first.
•
IT finance
•
IT infrastructure / operations
9
Project/Program methodology
− FOSS program office addition impact, FOSS review in the
development process
•
Human capital
− Employee participation, performance plan impact,
employment contract impact
•
Software Development Life Cycle
− Interaction with FOSS communities, its viability
IT procurement
• IT sourcing
•
− Impact of FOSS on In/Out sourcing
− FOSS deployment and management impacts
CRM / SRM
Open Source will effect many areas within an organization’s IT governance
structure depending upon the organization’s business model
•
05/09/13
9
10. Open Source Governance: Why now?
●
●
●
●
10
Compelling FOSS value proposition leading to increased
pervasiveness.
FOSS usage & contributions often unclear, under the
radar. 80% of IT environments WW (Gartner) include or
will include open source SW, but less than 10% are
conscious of the risks incurred.
Increasing worldwide requirements for compliance –
Distribution & acquisitions issues.
Current IT policies and processes not always designed
for open source:
–
Usage must be reviewed in context.
–
Legal exposure from ~60 OSI “approved” licenses (HP
tracks 400+).
License violations can have different consequences
than traditional software.
Best practices and streamlined processes required to reap benefits and mitigate risks =>
Eliminate (perceived) risk of using Open Source.
–
05/09/13
10
11. Why FOSS is any different than Commercial Software?
To use commercial software in your development process,
you must go through….
11
Procurement!
05/09/13
11
12. Accepting and Managing Open Source
●
The question is not if an enterprise should use FOSS, but rather when, how, where, and with
whom.
●
FOSS is unavoidable, it's even already there.
●
Questions that need to be answered:
–
–
Where does it come from?
–
How and where is it used?
–
How is it supported?
–
12
How is FOSS chosen and acquired?
What version should I be running?
–
Is it LSB compliant?
–
What are the license obligations?
–
How is it deployed, managed, updated and secured?
–
How is it tracked (how is the project tracked)?
05/09/13
12
13. What is Open Source Governance?
Image source: http://www.niehs.nih.gov/kids/illusion/illusions7.htm
13
Open source governance is a framework of policies, processes and
tools that helps an organization effectively manage all of its
interactions with open source software resulting in optimal use and
reduced risk.
05/09/13
13
14. Depends on who you ask ...
What OSS is contained in this product I just purchased from my ISV
partner? (Procurement)
• What are the license obligations for using this OSS in our company's
products? (Legal)
• Which of these open source LDAP servers will best suit my IT
infrastructure? (IT Department)
• Is this open source xml parser really going to save me 20% of my
engineer's time? (Engineering manager)
• So, you work on our flagship management software product, but you also
want to contribute to nagios? (IP Department)
• Will statically linking this OSS library to my application cause me any
problems? (S/W developer)
•
14
05/09/13
14
16. HP’s interaction with FOSS
●
Internal Usage
–
●
Incorporated in our Software Products
–
●
Red Hat, Suse, Debian, Ubuntu etc…
Embedded in our hardware products
16
–
●
OpenView, Insight Manager, SSSTK, PSP, WebOS, CloudOS… many software products
including kernel modules
Ship Open Source Distributions
–
●
OpenLDAP, Jabber (XMPP), bind (DNS), postfix (SMTP), sympa, mediawiki, etc…
Printers, televisions, storage devices, etc…
Active participants in the communities
–
Contributors in dozens of projects (including Linux, OpenLDAP, Samba, bind, sympa, ...)
–
Maintainers in several projects (including Debian, OpenStack, LinuxCOE, MondoRescue,
cciss, ...)
05/09/13
http://opensource.hp.com/opensource_projects.html
16
17. Open Source Governance Maturity Model
Level
HP today
5
Open source librarian and quality assurance
4
“Golden” repository of software and metadata
3
17
2
1
05/09/13
Automated tools and workflow
Policy and processes
Training and awareness
Most customers
17
18. HP Open Source Governance IP
Best Practices (HP internally-developed):
• Defined and communicated corporate-wide
policies, with upper management support
•
Open Source Program Office
Central place where all open source activities are
understood for consistent communication inside/outside
the company. Reponsible of http://opensource.hp.com
and HP's promotion.
•
18
•
Open Source Review Board
Core Governance process evolving throughout years,
controlled by a virtual team of Open Source experts.
Control FOSS used, delivered, shipped, new FOSS
products, employee contributions, ...
Tools
Fossology
PTS
Internal mailing list
Docs
Open Source Policy Manual
Training material / Webinars
Knowledge base / Web portal
Legal and IP FOSS expertise
05/09/13
18
19. HP Open Source Program Office
Fast track
OSRB
Proposals:
(New &
Resubmit)
Submitter
19
Attorney
Review
OSRB
check
for Add’l info
Go
OSRB
PreReview
Go
OSRB
IP
Review
Go
OSRB
Final
Review
Approved.
Reject
On-hold
Request for
Add’l info
Feedback: Go/No Go, Add’l Info
Automated Communications
05/09/13
Manual Activities
19
20. PTS: Proposal Tracking System
- Internal tool (2nd generation) to help manage Open Source usage in HP
- HP contributions requests
- Personal contributions requests
- Software components reuse
- Interface with library DB to ease declaration
- Workflow to support previous OSRB review
- Online help
- Champions community per BU
- Fast track possibility for obvious case
- Support up to the most complex cases (GPLv3 proposals, license
modification, mixed contributions)
- History of modifications to proposals
20
05/09/13
20
21. HP FOSS Governance Initiative
Major HP's intellectual property contribution:
• An international open source community program
launched focussed on FOSS governance including
− FOSSBazaar: a Web based community to develop, share and
provide information and industry best practices to take advantage
of FOSS benefits, Founded by HP along with partners: Coverity,
Google, Linux Foundation, Novell, Olliance Group, OpenLogic and
SourceForge
− FOSSology: a Web based community to develop an architectural SIs/VARs
framework and tools to analyze FOSS, founded by HP.
− SPDX: a Linux Foundation standard for license identification in
Academia
upstream software
− An ecosystem
21
• Centered on FOSSBazaar
• Partners/Corp and academia developers, best practices and
tools
• HP C&I and Partners Services
− Bridging
• The FOSS and the Business Communities
05/09/13
21
7 mars 2008
IT Mgmt
Gov/Pub
Sector
Service
Providers
ISVs &
IHVs
Corp
Developers
Developing and supporting the
utilization of open standards
21
22. License Discovery and Analysis (1)
License claims cannot be trusted
•
Example open source project - OpenOffice
− Claimed license is LGPL (http://www.openoffice.org/license.html)
• Is this for the entire package?
• Has this been verified?
• Does it include other components that are under a different license?
− Discovered license(s)
•
•
•
•
•
•
22
05/09/13
From openoffice.org2_1.9.129-0.1ubuntu4.dsc (breezy)
2706 LGPL
421 OpenGroup-style
327 BSD-style
103 MIT-style
48 GPL
22
23. License Discovery and Analysis (2)
Licenses change, all the time
•
Example open source project - elfutils
− Core component of RedHat Linux distributions
− elfutils-0.89-1 in RHEL-3 was licensed under the OSL (v1.0)
− elfutils-0.91-3 in RHEL-3.1 was licensed under GPL (v2.0)
•
HP did not ship RHEL-3 to customers due to elfutils' license
•
With HP's help, license was changed to GPL for next revision of
package
•
Typical Linux distributions contain 1000's of packages
23
05/09/13
23
24. Key Paradigm
Tools are NOT a replacement
for Open Source governance processes
but will improve the processes by providing:
• Enablement (manual process not viable)
• Efficiencies (improved TCO)
• Agility (improved time-to-market)
24
• Reliability (license detection)
• Scalability (single package as well as complete
distribution)
• Traceability (record proposals and history)
05/09/13
24
25. Open Source Governance Workshop
Workshop designed to guide through the top issues around management of Open Source in the enterprise.
Targeted at a cross-organizational audience, including auditing, legal, procurement, operational risk management,
technology strategy, and line-of-business departments
•
Open Source Baseline
•
− Business Drivers
− Various open source touch points in your company
− Awareness, responsibilities , risks, processes
•
•
Legal Aspects of Open Source Governance
− Assessment of Free and Open source software
phenomenon
− Detailed discussion of Open Source Licenses
− Bridging the legal and technical communities
− Other considerations: WEB-based services,
mergers and acquisitions, other
25
Open Source Policy Best Practices
Automating Open Source Compliance
− Open Source discovery
− License detection and analysis
05/09/13
•
Use of open source – when appropriate, when not
appropriate for your business
Review of licenses, product distribution
considerations
Considerations for employee contribution to open
source community
Company relationship with community
Open Source Governance Processes
Best practices for open source tracking, review and
management
Open Source Compliance Lifecycle, workflow
Building Internal Open Source Communities
25
26. Company FOSS Policies and Guidelines Considerations
Recommend joint development by all involved company departments:
Legal (requires FOSS legal expertise, local or outsourced), IP (patents portfolio
management), IT (in charge of tooling), Development (developers trained),
Business management (Risk management)
Grouped in an Open Source Review Board to define the FOSS Governance:
• Company use of Open Source: Define Policies & Processes
•Business Drivers
•Infrastructure, required tools to perform mandatory analyzes
•Development Projects responsabilities
•FOSS Usage models
•Technical contributions, FOSS usage, shipments/distribution, ...
26
•
•
•
•
•
Employee Open Source Contributions
Relationships with Open Source Community
Awareness, Docs, Communication and Compliance
Licensing, Copyrights and Patent Guidelines
Employee and Manager Responsibilities
05/09/13
26
28. Contact - Thanks
Bruno.Cornec@hp.com
(Open Source and Linux Technology
Architect at the HP/Intel Solution Center)
http://www.hp.com/linux
http://opensource.hp.com
Thanks goes to:
28
Linus Torvalds, Richard Stallman, Eric
Raymond, Nat Makarevitch, René
Cougnenc, Eric Dumas, Rémy Card,
Bdale Garbee, Bryan Gartner, Craig
Lamparter, Lee Mayes, Gallig Renaud,
Andree Leidenfrost, Phil Robb, Bob
Gobeille, Martin Michlmayr among
others, for their work and devotion to
the Open Source Software cause... and
my family for their patience :-)
« Changes are never easy to make.
There is comfort and safety in
tradition, but change must come,
no matter how painful or expensive
it may be. »
Bill Hewlett