CIP is target to establish an open source base layer of industrial grade software to enable the use and implementation of software. This slide will introduce the current status and road map in CIP
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with GitLab CI and Open Policy Agent.
Philippe and Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join our session to learn how to improve compliance, from gating your dependencies to controlling your infrastructure.
Solo Prize Winner - 6WIND Speed Matters: The Challenge Contest
Ostinato is a network packet and traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. It is useful for both functional and performance testing. (GPL, Linux/BSD/OSX/Win32)
Accompanying code: https://github.com/pstavirs/dpdk-ostinato
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDNico Meisenzahl
Whether you want to get started with Governance or improve your current process, this talk will show you how to improve your compliance by implementing policy-based CI/CD (Continuous Integration / Continuous Delivery) with GitLab CI and Open Policy Agent.
Philippe and Nico will tell you all the details about Open Policy Agent and how you can easily integrate it into your existing CI/CD pipelines. Join our session to learn how to improve compliance, from gating your dependencies to controlling your infrastructure.
Solo Prize Winner - 6WIND Speed Matters: The Challenge Contest
Ostinato is a network packet and traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. It is useful for both functional and performance testing. (GPL, Linux/BSD/OSX/Win32)
Accompanying code: https://github.com/pstavirs/dpdk-ostinato
SLTS kernel and base-layer development in the Civil Infrastructure PlatformYoshitake Kobayashi
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects. And finally, we'll discuss the future roadmap.
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development
status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects.
SLTS kernel and base-layer development in the Civil Infrastructure PlatformYoshitake Kobayashi
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects. And finally, we'll discuss the future roadmap.
The Civil Infrastructure Platform (CIP) is creating a super long-term supported (SLTS) open source "base layer" for industrial grade software. We have been working on security fixes and some backported features since the moment we decided that Linux kernel v4.4 would be the first SLTS version. In this talk, we will describe the current development
status of the SLTS kernel and testing environment. First, we'll explain our kernel development policy. Then, we'll describe the functionality that has been backported. Second, we'll talk about testing before using our base-layer on real products. We have been developing a test framework to collect and share test results. To build it, we don't want to duplicate existing work such as KernelCI, Fuego and others. For that reason, we are trying to collaborate and contribute to such projects.
(LinuxCon Japan 2016)
Linux has become one of the most important software to run the Civil Infrastructure Systems such as power plants, water distribution, traffic control and healthcare. However, existing software platforms are not yet industrial grade (in addressing safety, reliability and other requirements for infrastructure). At the same time, rapid advances in machine-to-machine connectivity are driving change in industrial system architectures.
The Linux Foundation establishes "Civil Infrastructure Platform(CIP)" as a new collaborative project. CIP aims to develop a super long-term supported open source "base layer" of industrial grade software. This base layer enables the use of software building blocks that meet requirements of industrial and civil infrastructure projects. In this talk, we will explain the technical details and focuses of this project.
Manage kernel vulnerabilities in the software development lifecycleSZ Lin
This slide deck aims to introduce the methodology in managing the Linux kernel vulnerabilities in the software development lifecycle (SLDC) to reduce the maintenance effort.
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
You may not think of "GitOps" and "service mesh" together – but maybe you should! These two wildly different technologies are each enormously capable independently, and combined they deliver far more than the sum of their parts: a single Git commit can control workflows customized for your exact situation by taking advantage of the service mesh's ability to measure and manipulate traffic anywhere in your application's call graph, and you can rest easy knowing that Git is preserving the complete configuration for your entire application every step of the way.
See how these technologies can work together to tackle complex problems in cloud-native applications.
What you’ll get out of this:
* Understand what GitOps and service meshes can - and can't - do for you.
* Understand basic operations with GitOps and Linkerd.
* Understand the basics of continuous deployment with Weave GitOps and Linkerd.
In Need For A Linux Kernel Maintained For A Very Long Time? CIP Linux Kernel ...Agustin Benito Bethencourt
Problem statement that led CIP to go for the LTS model and process and overview of the CIP kernel maintenance process followed by the CIP kernel maintainers.
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsSonja Schweigert
One of the biggest advantages Kubernetes has to offer is that it is agnostic to infrastructure and capable of managing diverse workloads running on different compute resources. This allows organizations to manage multiple developer platforms, who can operate across many environments such as on premise, hybrid and multiple clouds.
Streamlined processes and automation is pivotal for operations when managing clusters at scale and maintaining security and policy checks. Paul Curtis, Principal Solutions Architect will demonstrate GitOps and Weave Kubernetes Platform in a hybrid and multi-cloud setup.
Learn how to:
Use model-driven automation to increases reliability and stability across environments
Simplify multi-cluster management with GitOps
Enable developers to push code to production daily (self-service)
Improve utilization and capacity management through Kubernetes platforms on cloud and on-premise infrastructure
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsWeaveworks
One of the biggest advantages Kubernetes has to offer is that it is agnostic to infrastructure and capable of managing diverse workloads running on different compute resources. This allows organizations to manage multiple developer platforms, who can operate across many environments such as on premise, hybrid and multiple clouds.
Streamlined processes and automation is pivotal for operations when managing clusters at scale and maintaining security and policy checks. Paul Curtis, Principal Solutions Architect will demonstrate GitOps and Weave Kubernetes Platform in a hybrid and multi-cloud setup.
Learn how to:
Use model-driven automation to increases reliability and stability across environments
Simplify multi-cluster management with GitOps
Enable developers to push code to production daily (self-service)
Improve utilization and capacity management through Kubernetes platforms on cloud and on-premise infrastructure
An Introduction to eBPF (and cBPF). Topics covered include history, implementation, program types & maps. Also gives a brief introduction to XDP and DPDK
LAS16-400K2: TianoCore – Open Source UEFI Community UpdateLinaro
LAS16-400K2: TianoCore – Open Source UEFI Community Update
Speakers: Brian Richardson
Date: September 29, 2016
★ Session Description ★
Title: TianoCore – Open Source UEFI Community Update
The TianoCore project hosts EDK II, an open source implementation of the Unified Extensible Firmware Interface (UEFI). EDK II has become the defacto UEFI implementation for ARM and Intel platforms, expanding standards based firmware across multiple architectures. This keynote will provide an update on the current status of the TianoCore project, plans for future improvements, and a discussion of why firmware is critical in today’s digital ecosystem.
Bio
Brian Richardson is an Intel technical evangelist who has spent most of his career as a “BIOS guy” working on the firmware that quietly boots billions of computers. Brian has focused on the industry transition to the Unified Extensible Firmware Interface (UEFI), demystifying how firmware works and simplifying firmware development tools. Brian has presented at LinuxCon, UEFI Plugfests, and Intel Developer Forum. He is a blogger for the Intel Software Evangelists project, former writer forlinux.com, and (apropos of nothing) executive producer for DragonConTV.
★ Resources ★
Watch the video: https://www.youtube.com/watch?v=kQ5X8vqdSu0
Etherpad: pad.linaro.org/p/las16-400k2
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-400k2/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Journey Through Four Stages of Kubernetes Deployment MaturityAltoros
In this webinar we will discuss a crawl, walk, run approach to continuous delivery (CD) for applications, point by point:
Where to start, how to advance, and how to reach the level of maximum automation.
How to orchestrate CI/CD processes along with routing and business continuity.
When the automation level is sufficient.
GitOps principles and their benefits.
What tools should be used to automate CI, CD, GitOps, Container Registry, Secrets management, etc
★ Session Summary ★
This session will be working through the planned open source contributions from Linaro, ARM, and other members who want to share their open source contribution plans for the next year. Projects to be included are: gcc, llvm, glibc, gold, gdb, binutils.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137749
Google Event: https://plus.google.com/u/0/events/c3knobs1t2fd2vi9f9mhejehts0
Video: https://www.youtube.com/watch?v=b-mtKxOm0m8&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-303
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Similar to Introduction to Civil Infrastructure Platform (20)
Industry Insights Common Pitfalls and Key Considerations in Using Software Bi...SZ Lin
Modern regulations and cybersecurity standards globally now require a Software Bill of Materials (SBOM) with specific details. As a result, many companies are adopting SBOMs. Yet, compliance isn't merely technical. It involves process, inter-departmental, and supply chain communication challenges. This session explores these SBOM challenges and provides insights for effective use. Many perceive the SBOM simply as an inventory, neglecting its significance in software management, component tracking, vulnerability assessments, and compliance assurance. While automation streamlines processes, an over-reliance can miss software intricacies; thus, manual reviews remain indispensable. Assuming an SBOM alone ensures a secure software supply chain is a misconception. Though pivotal in risk identification, SBOMs form just a facet of an overarching security strategy, demanding consistent updates to counteract emerging threats. By sidestepping common missteps and adopting best practices, SBOMs can evolve from simple documentation to indispensable tools for software governance and safeguarding.
OpenChain, the ISO standard, defines effective open source compliance. This slide deck aims to let people get familiar with OpenChain specification from scratch.
OpenChain - The Industry Standard for Open Source ComplianceSZ Lin
OpenChain is a legal compliance process and standard for the implementation of open source software in the enterprise supply chain. It enables the upstream and downstream of the software supply to follow and share the open source compliance obligations accordingly; moreover, it can also help the enterprises to collaborate with the open source communities positively.
Design, Build,and Maintain the Embedded Linux PlatformSZ Lin
Using open source software to build an embedded Linux platform from scratch.
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Using open source software to build an industrial grade embedded linux platfo...SZ Lin
Building an embedded Linux platform is like a puzzle; placing the suitable software components in the right positions will constitute an optimal platform. However, selecting suitable components is difficult since it depends on different application scenarios. The essential components of an embedded Linux platform include the bootloader, Linux kernel, toolchain, root filesystem; it also needs the tools for image generation, upgrades, and testing. There are abundant resources in the Linux ecosystem with these components and tools; however, selecting the suitable modules and tools is still a key challenge for system designers.
Take a step forward from user to maintainer or developer in open source secur...SZ Lin
There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
It's a pivotal challenge to update the software in embedded systems due to many restrictions such as unreliable network and power supply, limited bandwidth, harsh environment, etc. This slide aims to provide the background knowledge and the open source tool to achieve the software update in embedded systems.
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
Building, deploying and testing an industrial linux platform @ Open source su...SZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge. Therefore, running with the industrial-grade Linux distribution to fulfill the requirements mentioned above is imperative. The Linux distribution includes the Linux kernel and user space. Based on this testing design, the distribution will be built, deployed and tested in the device under automatic test by using continuous integration development practice to withstand the harsh industrial environments. In this presentation, SZ Lin will introduce how the industrial-grade Linux distribution is built, deployed and tested without human intervention, and review the test scope in both Linux kernel and user space. In addition, he will also address the design architecture of 24/7 long-term automated testing in all device under test with each release of new update.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
4. There are issues to be solved…
https://www.airpano.com/360Degree-VirtualTour.php?3D=San-Francisco-USA
COSCUP 2018
4
5. Power Plant Control Example
3 – 5 years development time
0.5 – 4 years customer specific extensions
6 – 8 years supply time
15+ years hardware maintenance after latest shipment
20 – 60 years product lifetime
Image: http://zdnet1.cbsistatic.com/hub/i/r/2016/02/29/10863f77-89b2-40c0-9d8c-dbaa5feb65be/resize/770xauto/490141cef9bddc0db66b492698b53a50/powerplant.jpgCOSCUP 2018 5
6. City Surveillance System Example
Wireless communication
Cyber security
Realtime function
15+ years hardware maintenance after latest shipment
20 – 60 years product lifetime
Image: https://commons.wikimedia.org/wiki/File:Surveillance_under_Surveillance_-_Greater_New_Haven_0026.jpg COSCUP 2018 6
7. COSCUP 2018 7
Longevity, secure, robust and reliable
Long Term
Maintenance
Industrial-Grade
•Secure
•Robustness
•Reliable
Collaborative
Development
8. Establishing an Open Source Base Layer of
industrial-grade software to enable the use
and implementation of software building
blocks for Civil Infrastructure Systems
CIP is our solution…
https://www.cip-project.org/
since April 2016
COSCUP 2018 8
9. What is “Open Source Base Layer (OSBL)”?
UserspaceHardwareKernel
• Open source based
reference
implementation
• Start from a minimal set
for controllers in
industrial grade systems
Open
Source
Base Layer
• OSBL is a set of industrial grade core
open source software components,
tools and methods
CIP Reference Hardware
CIP Reference
Filesystem image with SDK
(CIP Core packages)
CIP SLTS Kernel
Non-CIP packages
Linux distribution (e.g. Debian) may
extend/include CIP packages.
COSCUP 2018 9
10. The backbone of CIP are the member companies
Open source projects (Upstream work)
Developers,
maintainers
Member companies
CIP
source code
repositories
Contribution & usage / integration
Optional: funding of
selected projects
CIP Super Long
Term Support
Project
€
¥
$
£
Budget
COSCUP 2018 10
12. Scope of activities
UserspaceKernelspace
Linux Kernel
App container
infrastructure (mid-term)
App Framework
(optionally, mid-term)
Middleware/Libraries
Safe & Secure
Update
Monitoring
Domain Specific communication
(e.g. OPC UA)
Shared config.
& logging
Real-time support
Real-time /
safe virtualization
Tools Concepts
Build environment
(e.g. bitbake, dpkg)
Test automation
Tracing & reporting
tools
Configuration
management
Device management
(update, download)
Functional safety
architecture/strategy,
including compliance
w/ standards (e.g., NERC
CIP, IEC61508)
Long-term support
Strategy:
security patch
management
Standardization
collaborative effort with
others
License clearing
Export Control
Classification
On-device software stack
Product development
and maintenance
Application life-
cycle management
Security
Multimedia
Super Long Term Supported Kernel (STLS)1
3
2
CIP Core Packages4 4
1
4
COSCUP 2018 12
13. CIP Activities
Kernel maintenance
• The first action taken by the CIP project is to select and maintain Linux kernels for very
long time. To achieve goal a group of experts has been assigned.
• PREEMPT_RT patches are added to the CIP kernel
Testing
• Civil infrastructure industry has high stability, reliability and security standards in order to
ensure continuity of safety critical systems. The CIP Testing project has been formed to
address this reality. So far the efforts are focused on testing the CIP kernel. In the future
they will be extended to the complete CIP platform.
CIP Core
• This project focus to create reference minimal file system images that allow testing the
CIP Core packages: a set of industrial-grade components that require super long-term
maintenance.
1
2
3
4
COSCUP 2018 13
15. CIP SLTS (linux-4.4.y-cip), Maintenance period 10 years and more
• Official CIP SLTS kernel tree based on linux-stable.git
• https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-cip.git/
• Maintainer: Ben Hutchings, from Codethink
CIP SLTS Kernel development
Mainline
Stable (linux-stable)
4.4 4.18
CIP SLTS (linux-4.4.y-cip)
Feature backports
Focus to security fixes
Backported
patches
Maintaining by Ben Hutchings
1
COSCUP 2018 15
Upstream first
16. Next SLTS kernel version
Mainline
Stable (linux-stable)
4.4
CIP SLTS (linux-4.4.y-cip)
NEXT CIP SLTS ( ? )
Feature backports
Backported
patches
Maintained by Ben Hutchings
Approx. 2-3 years
Stop backporting.
Focus to security fix only
Stable (linux-stable-x.y)
Next CIP SLTS kernel
1
CIP will pick up next
version
COSCUP 2018 16
17. CIP launch a CIP kernel team
• CIP kernel team structure
• Maintainer / Mentor
• Developers
• Roll of CIP kernel team
• Review patches for stable kernel
• Test
• Feedback to upstream
• Upstream first
1
Mainline / Stable
Maintainer / Mentor
Developers
CIP kernel team
COSCUP 2018 17
18. CIP next SLTS kernel version
• CIP plans to pickup next SLTS kernel version in 2018 or early next year
• If everything goes fine, 4.20 (or 5.0) will become next CIP SLTS kernel
(still tentative)
• Kernel version alignment with other project is a key
• LTS / LTSI / AGL / Debian
1
“Using Linux for Long Term - Community Status and the Way We Go,”
Tsugikazu Shibata, NEC, Open Source Summit Japan 2018COSCUP 2018 18
19. CIP SLTS real-time support
• CIP is a Gold Member of the
Real Time Linux Project
• Work together with the RTL Project
• Daniel Wagner from Siemens is working
to become the maintainer of 4.4.y-stable-rt,
the base version of the CIP Kernel.
• More information
• https://wiki.linuxfoundation.org/realtime/rtl/start
2
COSCUP 2018 19
20. CIP SLTS real-time support
Stable-rt
CIP SLTS-rt
Follow the CIP SLTS with
PREEMPT_RT patch
Validate by CIP members
Take over from
maintainer
CIP SLTS Real time kernel is available
• CIP kernel tree based on linux-stable-rt and patches from CIP SLTS
• https://git.kernel.org/pub/scm/linux/kernel/git/wagi/linux-cip-rt.git
• Maintainer: Daniel Wagner, from Siemens AG
• Validated by CIP
2
COSCUP 2018 20
21. Contact Information and Resources
To get the latest information, please contact:
• CIP Mailing list: cip-dev@lists.cip-project.org
CIP-dev IRC weekly meeting
• Thursday, 16:00 PM (UTC+8)
• irc:chat.freenode.net:6667/cip
Other resources
• CIP kernel maintenance:
• https://wiki.linuxfoundation.org/civilinfrastructureplatform/cipkernelmaint
enance
• CIP source code
• CIP kernel: git://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-cip.git
COSCUP 2018 21
22. CIP testing
Milestones of CIP testing and current status
1. Board at desk - single dev
• A setup that allows a developer to test the CIP kernel on selected CIP hardware platforms
connected locally to her development machine using kernelCI tools.
2. CIP kernel testing
• Test the CIP kernel on a regular basis and share the results with other CIP community members.
3. Define kernel testing as a service within CIP
• Define the testing environment within CIP assuming that, in some cases, some members may
share the tests, test results or laboratories while others may not.
4. From kernel testing to system testing
• Once the testing environment is ready and works for the kernel, explore how to extend it to the
entire CIP platform.
https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting
3
COSCUP 2018 22
23. CIP testing
CIP Testing project
(https://wiki.linuxfoundation.org/civilinfrastructureplatform/ciptesting)
• B@D designed to:
• Test Linux kernels and base systems locally.
• On hardware connected to your dev machine.
• B@D features
• Based on kernelci.org
• Linux and Windows 10 as Host OS supported.
• Shipped as VM and Vagrant based environments.
• Results and logs sharing capabilities.
• Check the source code involved
• https://gitlab.com/cip-project/cip-testing/board-at-desk-single-dev/tree/master
3
COSCUP 2018 23
24. The latest status for CIP testing
1. Updated to include the latest kernelCI
2. Supporting Renesas iw20gm
3. Shared testing results
• https://lists.cip-project.org/pipermail/cip-testing-results/
• Next steps
• Deployment through containers
• Building a centralized service to collect results
• https://kernelci.ciplatform.org/
• https://lava.ciplatform.org/
• Collaboration with other testing effort
• Increasing the test coverage
3
2017/1 2018/110741074 4 7
COSCUP 2018 24
25. CIP Core Packages
Current status of the Base layer development
1. Define an initial component set
2. Define component version
3. Contribute to upstream projects
4. Start maintenance for SLTS
4
COSCUP 2018 25
26. CIP Core Packages
• What does the primary distribution means?
• CIP will select CIP Core package from Debian packages
• CIP would like to work with Debian community
• Status
• Supporting to solving security related issues
• Adding support for staging repositories to security-master
• https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817286
• Status: Paperwork is ongoing
• CIP joined Debian-LTS as Platinum level
4
Debian as a CIP primary reference distribution
2017/1 2018/110741074 4 7
COSCUP 2018 26
27. Initial focus for CIP Core Packages
• Flex
• Bison
• autoconf
• automake
• bc
• bison
• Bzip2
• Curl
• Db
• Dbus
• Expat
• Flex
• gawk
• Gdb
An example of minimal package set for CIP base layer
NOTE: The maintenance effort varies considerably for different packages.
CIP Core
Packages
CIP
Kernel
Dev
packages
• Kernel
• Linux kernel + backported patches
• PREEMPT_RT patch
• Bootloader
• U-boot
• Shells / Utilities
• Busybox
• Base libraries
• Glibc
• Tool Chain
• Binutils
• GCC
• Security
• OpenSSL
• Git
• Glib
• Gmp
• Gzip
• gettext
• Kbd
• Libibverbs
• Libtool
• Libxml2
• Mpclib
• Mpfr4
• Ncurses
• Make
• M4
• pax-utils
• Pciutils
• Perl
• pkg-config
• Popt
• Procps
• Quilt
• Readline
• sysfsutils
• Tar
• Unifdef
• Zlib
Keep these packages for Reproducible buildCandidates for initial component set
4
COSCUP 2018 27
28. CIP Core Packages
CIP Core
• CIP Core is a CIP official project
• CIP Core aims to provide a way to create and test installable
images
• Goal
• Input: Debian sources/binaries and cip kernel
• Build mechanism: Bitbake and/or Debian build system
• Output: Minimum deployable base system image for testing
• Current status
• Minimal rootfs can be built for the following hardware
• Renesas RZ/G1M (iwg20m)
• BeagleBone Black
• Cyclone-V
• QEMUx86
Debian
(Pre-build
packages)
Debian
Source code
Minimum base
system
+
Source Code
(CIP kernel)
Source code: https://gitlab.com/cip-project/cip-core
4
COSCUP 2018 28
29. Potential build tools for CIP Core (Comparison Elbe, Isar and Deby)4
Elbe Isar Deby
Base system
Debian binary packages (no rebuilding)
Binary packages cross-built from
Debian source packages
Build system Custom Bitbake
Host tools Debian: debootstrap, qemu, elbe-
pbuilder
Debian: multistrap, dpkg-
buildpackage, qemu
Poky
Metadata ELBE-XML for project description Recipes for building product
packages
Recipes for image generation
Common function to unpack
Debian source packages
Full recipes for cross-building
every Debian source package
Compilation Native Cross
Benefits Re-use Debian binaries and QA
Fast (re-use, parallel builds)
Lower development costs
Affinity with Poky recipes
Fully customizable
No need to keep binary pkgs
Common features Based on Debian packages (stability, long-term maintenance)
Generate images by installing binary packages
Manage multiple products using custom configuration
Currently they are working as a joint effort outside the CIP
COSCUP 2018 29
30. Gaps and Common Goals between Debian and CIP
Debian
Support
Term: 3+2 years by Debian-LTS
Num of source pkgs: over 25000
(67776 binary pkgs)
Build
Should support native build
Working on cross build packaging
(Debian-cross)
Reproducible build
OSS license compliance
DEP-5 adoption is ongoing
Testing
Packages has to be tested
autopkgtest
Longer term maintenance for limited
number of packages
(CIP joined Debian-LTS)
Contributing to Debian-cross
(RFC posted to Debian-cross)
Exchange and share the license review
results
Contributing test cases to upstream
Chance to collaborate with Debian
Support
Term: 10+ years
Num of pkgs: 10+ (minimum)
Build
Need to have both native and
cross build
Binary / Source code should be
managed and reproducible
OSS license compliance
Generate reports automatically
Easy to redistribute
Testing
All packages should be tested in
timely manner
CIP requires
4
COSCUP 2018 30
32. Cybersecurity Standard for Industry (IEC62443)
• ISA/IEC-62443
• Specifications to develop secure Industrial Automation and Control Systems
• http://www.isasecure.org/en-US/Certification
• Certification requirements include
• Development procedure
• Tests
• Certification scheme
• How CIP is involved
• Developing the following items which may heIp to get a certification with Linux
based system (also CIP based system)
• Documents for recommended settings and configuration for open source packages
• Test cases and tools
COSCUP 2018 32
33. Q: 20 years from now?
60 years product life time
2 years +20 years
Jan 19th, 2038
• Y2038 is a blocking issue for 20 year commitments
• CIP members had a meeting during ELC-EU with key developers
COSCUP 2018 33
35. Use case
Relationship between CIP base layer and open source projects
CIP Reference Hardware
CIP Reference
Filesystem image with SDK
(CIP Core packages)
CIP SLTS Kernel
Non-CIP packages
Linux distribution (e.g. Debian) may
extend/include CIP packages.
CIP kernel
CIP-RT kernel
B@D
CIP Core
COSCUP 2018 35
36. Summary
• CIP today focuses on
• Kernel maintenance: maintaining Linux kernels for very long time including real-
time support
• Testing: providing a test infrastructure and evolve tests
• CIP Core packages: a set of industrial-grade components that require super long-
term maintenance including the required build tool chains
• Security: Improving to have security features and to follow Cyber Security
Standard
• Collaboration: Linux stable, Debian/Debian-LTS, Real Time Linux, EdgeX Foundry
• More activities under discussion
COSCUP 2018 36