AT&T licensed Unix to outside parties from the late 1970s, leading to a variety of variants. Unix is a family of multitasking, multiuser computer operating systems. Get help and post new advice here.
DPDK is a set of libraries and drivers for fast packet processing. It is designed to run on any processors. The first supported CPU was Intel x86 and it is now extended to IBM POWER and ARM. It runs mostly in Linux userland. A FreeBSD port is available for a subset of DPDK features. DPDK is an Open Source BSD licensed project. The most recent patches and enhancements, provided by the community, are available in master branch.
November 13, 2018
Sheraton Vancouver Wall Centre
Vancouver, BC V6Z 2R9
Canada
The Linux Plumbers Conference is the premier event for developers working at all levels of the plumbing layer and beyond. LPC 2018 will be held November 13-15 in Vancouver, BC, Canada. We are looking forward to seeing you there!
At the center of the intersection between globalization, world economic activity, and human and environmental health, are the world’s power systems. LF Energy, a new initiative of The Linux Foundation, provides a neutral, collaborative environment for open source innovation to enable the “electrification of everything to scale.” Our mission is to accelerate and transform the world’s relationship with energy.
This inaugural event will focus on creating a shared vision for LF Energy. By including the perspectives of power systems engineers and executives, and open source developers, we will identify the best path to building a vibrant ecosystem with specific and practical outcomes for next steps and technical groups that companies and individuals can contribute to.
If you’re the type of person who uses the word “vuln” as a shorthand for code vulnerabilities, you should check out the presentation from the recent Linux Security Summit called “Security in Zephyr and Fuchsia.” In the talk, two researchers from the National Security Agency discuss their contributions to the nascent security stacks of two open source OS projects: Zephyr and Fuchsia.
If you’re worried about the fact that Edward Snowden’s old employer is helping to write next generation OSes that could run our lives in 10 years, consider the upsides. First, since these are open source projects, any nefarious backdoors would be clearly visible. Second, the NSA knows a thing or two about security. Stephen Smalley and James Carter, who discussed security in Zephyr and Fuchsia, respectively, are computer security researchers at the NSA’s Information Assurance Research group, which developed and maintains the security-enhanced SELinux and SE Android distributions. Smalley leads the NSA’s Security Enhancements (SE) for the Internet of Things project and is a kernel and userspace maintainer for SELinux.
The Linux Foundation hosted Zephyr Project, which is creating the IoT-oriented Zephyr RTOS, is the more mature of the two projects. Google’s Fuchsia OS has a longer way to go — especially if you believe that Fuchsia will replace Android and Chrome OS over the next decade.
The developers of Zephyr and Fuchsia have a rare opportunity to develop novel, up-to-date security stacks from scratch. One of the main reasons Google chose to build Fuchsia from a new microkernel was that it could avoid the hodgepodge of legacy code layered on top of Linux, thereby improving security. Attempts to boost security in Linux are always going to be like patching holes in a boat. Zephyr and Fuchsia aim to be the OS equivalents of hovercraft.
Zephyr and Fuchsia are very different OSes, and they implement security in different ways. Zephyr is designed for constrained devices running on microcontrollers, such as Cortex-M4 chips, whereas Fuchsia will target phones and desktops running on applications processors, such as Cortex-A53 and Intel Core.
“Zephyr and Fuchsia were both open sourced in 2016, but they have been developed for very different use cases,” said Smalley. “Their architectures are very different, and each is also very different from Linux.”
Like Linux and Fuchsia, Zephyr has RO/NX memory protection, stack depth overflow prevention, and stack buffer overflow detection. However, there’s still no kernel or user space ASLR (address space layout randomization), which “will likely move to a build time randomization and a small boot time relocation,” said Smalley.
Among other architectural differences with Linux, “There’s no process isolation in Zephyr, only a userspace thread model,” explained Smalley. “The process abstraction model has yet to be implemented, and the kernel/user boundary is still being fleshed out.”
In Zephyr, “you’re generally working with a single application, and security is highly dependent on particular SoCs and kernel configurations,” said Smalley. By comparison, “In Linux, there are a number of core OS security features that are neutral and independent.”
The original Zephyr release had a single executable with a single address space with all threads in supervisor mode and no memory protection or virtual memory, said Smalley. “As Zephyr added OS protections, it sought to minimize changes to kernel APIs in order to be backward compatible,” he added. “A key Zephyr design philosophy is to do as much as possible at build time, and then as much as possible at last view time, thereby minimizing runtime overheads and ensuring bounded latency for real-time.”
Zephyr security is complicated by the fact that some of the MCUs it targets include memory protection units (MPUs) while others do not. Beginning in releases 1.8 and 1.9, Zephyr began to provide memory protections, with allowances for both types of MCUs.
The NSA team developed a set of kernel memory protection tests modeled on lkdtm tests from the Kernel Self Protection Project (KSPP) for Linux. “The tests were helpful in catching bugs in Zephyr MPU drivers, and they are now used for regression testing,” said Smalley.
Zephyr added userspace support in versions 1.10 and 1.11 that provided basic support for user mode threads with isolated memory. Smalley’s team developed a set of userspace tests “that sought to validate the security properties for user mode threads were being enforced.” Zephyr’s userspace memory model is still limited to a single executable and address space, and there’s no virtual memory. “It can support user mode threads but not full processes,” explained Smalley.
Sign up to receive updates on Open Source Summit and ELC+OpenIoT Europe:
Zephyr security features include an object permissions model in which user threads must first be granted permissions to an object to enable access. “A kernel mode thread can grant access to a user mode thread, and an inheritance mechanism allows those permissions to be propagated down,” explained Smalley. “It’s an all or nothing model — all user threads can access all app global variables.”
This all-or-nothing approach “poses a high burden on the application developer, who has to manually organize the application global variable memory layout to meet MPU restrictions,” said Smalley. To help compensate, the NSA team developed a feature due in release 1.13 that “supports a slightly more developer friendly way of grouping application globals based on desired protections. It’s a small step forward, not a panacea.”
Future Zephyr security work includes adding MPU virtualization, which “would allow us to support a larger number of regions instead of just eight that can be swapped in and out of the MPU on demand,” said Smalley. “We also hope to provide full support for multiple applications and program loading.”
In Zephyr, kernel code is fully trusted. “We would like to see Linux-like mitigations for kernel vulns using KSPP kernel self-protection features while minimizing runtime overheads,” said Smalley. Other wish-list items include leveraging armv8-m for Cortex-M MCUs, thereby enabling TrustZone security. There’s also a long-term plan to “develop a MAC suited to RTOSes that’s more oriented to build-time app partitioning.”
Fuchsia differs from Linux and Zephyr in that it’s a microkernel OS with security based on object capability. Like Linux it offers process isolation. In addition, “The plumbing for kernel or user space ASLR is there,” said the NSA’s James Carter.
Compared to the “large and monolithic” Linux, Fuchsia has a small, decomposed TCB (trusted computing base),” said Carter. “It also uses object capabilities instead of DAC and MAC.”
Fuchsia is based on the Zircon Microkernel, which is derived from the little kernel (lk), “an RTOS used in the Android bootloader,” explained Carter. Fuchsia extends lk to support 64-bit, user mode, processes, IPC, and other advanced features. “The lk is the only thing that runs in supervisor mode. Drivers, filesystem, and network all run in user mode.”
Fuchsia security mechanisms include regular handles and resource handles using Zircon object capabilities. “Regular handles are usually the only way that userspace can access kernel objects,” said Carter. “Fuchsia differs from most OSes in that it uses a push model in which a client creates the handle and pushes it to a server. Handles are per-process and unforgeable, and they identify both the object and a set of access rights to the object. Access rights include duplicating them with equal or lesser rights or passing them across IPC or using them to obtain handles to child objects with equal or lesser writes.”
Fuchsia handles “are good because they separate rights for propagation vs. use and separate rights for different operations,” said Carter. “You can also reduce rights through handle duplication.”
Handles still pose some problems, however. For example, “with object_get_child(), if you have a handle to a job, you can acquire a handle to anything in that job or any child jobs,” said Carter. “Also, a leak of root job handle is fatal to security. We’d like to see more work on making everything able to be least privilege, and more control over handle propagation and revocation. Not all operations currently check access rights and some rights are unimplemented.”
Resource handles, which are the type of handle used for platform resources like memory mapped I/O, I/O ports, and IRQs, let developers specify the type of resource and optional range. On the plus side, they offer “fine-grained, hierarchical resource restrictions,” said Carter. “However, right now the root resource check isn’t very granular, and as with regular handles, leaks can be fatal. We need to work on propagation, revocation, and refining to least privilege.”
Zircon security primitives include job policy and vDSO enforcement. “In Fuchsia everything is part of a job,” said Carter. “Processes don’t have child processes – jobs have child jobs. Jobs can be nested, containing jobs and other processes, and job policy is applied to all processes within the job. Policies are inherited from the parent and can only be made more restrictive.”
On the pro side, you can create fine-grained object creation policies, as well as hierarchical job policies that are mixed,” explained Carter. “However, the W^X policy is not yet implemented, and when it is it will cause problems with strict hierarchical policies because if a child needs to map something W^X, then all ancestors would need to beta map it W^X as well.”
In Fuchsia, the vDSO (virtual dynamic shared object) primitive “is only meant to invoke system calls,” said Carter. “It’s fully read-only and is mapping constrained by the kernel.”
Fuchsia’s vDSO makes the OS more secure by “limiting the kernel attack surface, enforcing the use of the public API, and supporting per process system call restrictions,” said Carter. “It’s also good that vDSO is not trusted by the kernel so its system call arguments are fully validated.” On the other hand, the current version offers the potential for tampering with or bypassing vDSO, added Carter.
Carter went on to explain Fuchsia namespaces and sandboxes. Advantages of the namespaces implementation include “the lack of a global namespace and the fact that object reachability is determined by initial namespace,” said Carter. “But we’d like to see more granularity.” For sandboxes, which are used for isolating applications, “We’d like to see an expansion to system services. There’s also no independent validation of the sandbox configuration.”
As with Zephyr, the NSA team recommends that Fuchsia eventually add a MAC framework, which would help to “control propagation, support revocation, and apply least privilege,” said Carter. “A MAC could support finer grained check and generalize job policy, as well as validate namespaces and sandboxes. It could also provide a unified framework for defining, enforcing, and validating security goals.”
Options for integrating a MAC with Fuchsia start with building it entirely in user space with no microkernel support, said Carter. Alternatively, you could “extend the existing mechanism” by building it “mostly in user space with limited microkernel support.” A third choice would be to “create security policy logic in user space with full microkernel enforcement for its objects, as we did with DTMach in SELinux.”
In conclusion, Carter emphasized that Fuchsia’s security stack is a work in progress. “We’re just trying to evaluate the thing.” You can watch the entire video below.
[embedded content]
Deepin Linux. You may not have heard much about this distribution, and the fact that it’s often left out of the conversation is a shame. Why? Because Deepin Linux is as beautiful as it is user-friendly. This distribution has plenty of “wow” factor and very little disappointment.
For the longest time, Deepin Linux was based on Ubuntu. But with the release of 15.7, that all changed. Now, Deepin’s foundation is Debian, but the desktop is still that beautiful Deepin Desktop. And when I say it’s beautiful, it truly is one of the most gorgeous desktop environments you’ll find on any operating system. That desktop uses a custom-built QT5 toolkit, which runs as smoothly and with as much polish as any I’ve ever used. Along with that desktop, comes a few task-specific apps, built with the same toolkit, so the experience is consistent and integrated.
What makes the 15.7 release special is that it comes just two short months after the 15.6 release and is focused primarily on performance. Not only is the ISO download size smaller, many core components have been optimized with laptop battery performance in mind. To that end, the developers have gained up to 20 percent better battery life and a much-improved memory usage. Other additions to Deepin Linux are:
NVIDIA Prime support (for laptops with hybrid graphics).
On-screen notifications (for the likes of turning on or off the microphone and/or Wi-Fi).
New drag and drop animation.
Added power saving mode and auto-mode switching for laptops.
Application categories in mini mode.
Full disk installation.
For a full list of improvements and additions, check out the 15.7 Release notes.
Let’s install Deepin Linux and see just what makes this distribution so special.
In similar fashion to the desktop, the Deepin Linux installer is one of the most beautiful OS installers you will find (Figure 1). Not only is the installer a work of art, it’s incredibly simple. As with most modern Linux distributions, installing Deepin is only a matter of answering a few questions and clicking Next a few times.
Installation shouldn’t take more than 10 minutes tops. In fact, based on the download experience I had with the main download mirror, the installation will go faster than the ISO download. To that end, you might went to pick one of the following mirrors to snag a copy of Deepin Linux:
Once you’ve installed Deepin Linux, you can then log onto your new desktop.
Upon first login, you’ll be greeted by a setup wizard that walks you through the configuration of the desktop (Figure 2).
In this wizard, you will be asked to configure the following:
Once you’ve select those options, you’ll find yourself on the Deepin Desktop (Figure 3).
The application list might surprise some users, especially those who have grown accustomed to certain applications being installed by default. What you’ll find on Deepin Linux is a list of applications that includes:
WPS Office
Google Chrome
Spotify
Deepin Store
Deepin Music
Deepin Movie
Steam
Deepin Screenshot
Foxit Reader
Thunderbird Mail
Deepin Screen Recorder
Deepin Voice Recorder
Deepin Cloud Print
Deepin Cloud Scan
Deepin Font Installer
ChmSee
Gparted
What the developers have done is to ensure users have as complete a desktop experience as possible, out of the box. In other words, most every average user wouldn’t have to bother installing any extra software for some time. And for those who question the choice of WPS Office, I’ve used it on plenty of occasions and it is quite adept at not only creating stand-alone documents, but collaborating with those who work with other office suites. The one caveat to that is WPS Office isn’t open source. However, Deepin Linux doesn’t promote itself as a fully open desktop, so having closed-source applications (such as the Spotify client and WPS Office) should surprise no one.
Deepin takes a slightly different approach to the Control Center. Instead of it being a stand-alone, windowed application, the Control Center serves as a sidebar (Figure 4), where you can configure users, display, default applications, personalization, network, sound, time/date, power, mouse, keyboard, updates, and more.
Click on any one of the Control Center categories and you can see how well the developers have thought out this new means of configuring the desktop (Figure 5).
The Deepin Desktop also has a nifty hot corners feature on the desktop. With this feature, you can set each corner to a specific action, such that when you hover your mouse over a particular corner, the configured action will occur. Available actions are:
Launcher
Fast Screen Off
Control Center
All Windows
Desktop
None
To set the hot corners, right-click on the desktop and select Corner Settings from the pop-up menu. You can then hover your cursor over one of the four corners and select the action you want associated with that corner (Figure 6).
If you’re looking for your next Linux desktop distribution, you’d be remiss if you didn’t give Deepin Linux 15.7 a try. Yes, it is beautiful, but it’s also very efficient, very user-friendly, and sits on top of a rock solid Debian foundation. It’s a serious win-win for everyone. In fact, Deepin 15.7 is the first distribution to come along in a while to make me wonder if there might finally be a contender to drag me away from my long-time favorite distro… Elementary OS.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
You have TWO days left to save $150 on your ticket to Open Source Summit Europe & ELC + OpenIoT Summit Europe.
Grab your ticket and build your schedule today! Choose from 300+ sessions, deep-dive labs, and tutorials; discover new projects & technologies in the Technical Showcase, and make new connections at the Attendee Reception, and in the Speed Networking & Mentoring Event, Developer Lounges, and Hallway Tracks.
Register now, and join 2,000+ open source professionals to collaborate, share information, and learn about cutting-edge open source technologies.
The discount ends Saturday, September 22.
Sign up to receive updates on Open Source Summit Europe:
Registration includes access to Open Source Summit Europe and ELC + OpenIoT Summit Europe!
This article originally appeared at The Linux Foundation
At Node+JS Interactive, attendees collaborate face to face, network, and learn how to improve their skills with JS in serverless, IoT, and more. Stephanie Evans, Content Manager for Back-end Web Development at LinkedIn Learning, will be speaking at the upcoming conference about building a secure ecosystem for Node.js. Here she answers a few questions about teaching and learning basic security practices.
Linux.com: Your background is in tech education, can you provide more details on how you would define this and how you got into this area of expertise?
Stephanie Evans: It sounds cliché, but I’ve always been passionate about education and helping others. After college, I started out as an instructor of a thoroughly analog skill: reading. I worked my way up to hiring and training reading teachers and discovered my passion for helping people share their knowledge and refine their teaching craft. Later, I went to work for McGraw Hill Education, publishing self-study certification books on popular IT certs like CompTIA’s Network+ and Security+, ISAAP’s CISSP, etc. My job was to figure out who the biggest audiences in IT were; what they needed to know to succeed professionally; hire the right book author; and help develop the manuscript with them.
I moved into online learning/e-learning 4 years ago and shifted to video training courses geared towards developers. I enjoy working with people who spend their time building and solving complex problems. I now manage the video training library for back-end web developers at LinkedIn Learning/Lynda.com and figure out what developers need to know; hire instructors to create that content; and work together to figure out how best to teach it to them. And, then update those courses when they inevitably become out of date.
Linux.com: What initially drove you to use your skill set in education to help with security practices?
Evans: I attend a lot of conferences, watch a lot of talks, and chat to a lot of developers as part of my job. I distinctly remember attending a security best practices talk at a very large, enterprise-tech focused conference and was surprised by the rudimentary content being covered. Poor guy, I’d thought…he’s going to get panned by this audience. But then I looked around and most everyone was engaged. They were learning something new and compelling. And it hit me: I had been in a security echo chamber of my own making. Just like the mainstream developer isn’t working with the cutting-edge technology people are raving about on Twitter, they aren’t necessarily as fluent in basic security practices as I’d assumed. A mix of unawareness, intense time pressure, and perhaps some misplaced trust can lead to a “security later” mentality. But with the global cost of cybercrime up to 600 billion a year from 500 billion in 2014 as well as the exploding amount of data on the web. We can’t afford to be working around security or assuming everyone knows the basics.
Linux.com: What do you think are some common misconceptions about security with Node.js and in general with developers?
Evans: I think one of the biggest misconceptions is that security awareness and practices should come “later” in a developer’s career (and later in the development cycle). Yes, your first priority is to learn that Java and JavaScript are not the same thing—that’s obviously most important. And you do have to understand how to create a form before you can understand how to prevent cross-site -scripting attacks. But helping developers understand—at all stages of their career and learning journey—what the potential vulnerabilities are and how they can be exploited needs to be a much higher priority and come earlier than we may intuitively think.
I joke with my instructors that we have to sneak in the ‘eat your vegetables’ content to our courses. Security is an exciting, complex and challenging topic, but it can feel like you’re having to eat your vegetables as a developer when you dig into it. Often ‘security’ is a separate department (that can be perceived as ‘slowing things down’ or getting in the way of deploying code) and it can further distance developers from their role in securing their applications.
I also think that those who truly understand security can feel that it’s overwhelmingly complex to teach—but we have to start somewhere. I attended an introductory npm talk last year that talked about how to work with dependencies and packages…but never once mentioned the possibility of malicious code making it into your application through these packages. I’m all about teaching just enough at the right time and not throwing the kitchen sink of knowledge at new developers. We should stop thinking of security—or even just security awareness—as an intermediate or advanced skill and start bringing it up early and often.
Linux.com: How can we infuse tech education into our security practices? Where does this begin?
Evans: It definitely goes both ways. Clear documentation and practical resources right alongside security recommendations go a long way towards ensuring understanding and adoption. You have to make things as easy as possible if you want people to actually do it. And you have to make those best practices accessible enough to understand.
The 2018 Node User Survey Report from the Node.js Foundation showed that while learning resources around Node.js and JavaScript development improved, the availability and quality of learning resources for Node.js Security received the lowest scores across the board.
After documentation and Stack Overflow, many developers rely on online videos and tutorials—we need to push security education to the forefront, rather than expecting developers to seek it out. OWASP, the nodegoat project, and the Node.js Security Working Group are doing great work here to move the needle. I think tech education can do even more to bring security in earlier in the learning journey and create awareness about common exploits and important resources.
Learn more at Node+JS Interactive, coming up October 10-12, 2018 in Vancouver, Canada.
At the recent Open Source Summit in Vancouver, I participated in a panel discussion called How Writing can Change Your Career for the Better (Even if You don’t Identify as a Writer. The panel was moderated by Rikki Endsley, Community Manager and Editor for Opensource.com, and it included VM (Vicky) Brasseur, Open Source Strategy Consultant; Alex Williams, Founder, Editor in Chief, The New Stack; and Dawn Foster, Consultant, The Scale Factory.
The talk was inspired by this article, in which Rikki examined some ways that writing can “spark joy” and improve your career in unexpected ways. Full disclosure: I have known Rikki for a long time. We worked at the same company for many years, raised our children together, and remain close friends.
As Rikki noted in the talk description, “even if you don’t consider yourself to be ‘a writer,’ you should consider writing about your open source contributions, project, or community.” Writing can be a great way to share knowledge and engage others in your work, but it has personal benefits as well. It can help you meet new people, learn new skills, and improve your communication style.
I find that writing often clarifies for me what I don’t know about a particular topic. The process highlights gaps in my understanding and motivates me to fill in those gaps through further research, reading, and asking questions.
“Writing about what you don’t know can be much harder and more time consuming, but also much more fulfilling and help your career. I’ve found that writing about what I don’t know helps me learn, because I have to research it and understand it well enough to explain it,” Rikki said.
Writing about what you’ve just learned can be valuable to other learners as well. In her blog, Julia Evans often writes about learning new technical skills. She has a friendly, approachable style along with the ability to break down topics into bite-sized pieces. In her posts, Evans takes readers through her learning process, identifying what was and was not helpful to her along the way, essentially clearing a path for her readers and removing obstacles for those new to the topic.
Writing can help you practice thinking and speaking more precisely, especially if you’re writing (or speaking) for an international audience. In this article, for example, Isabel Drost-Fromm provides tips for removing ambiguity for non-native English speakers. Writing can also help you organize your thoughts before a presentation, whether you’re speaking at a conference or to your team.
“The process of writing the articles helps me organize my talks and slides, and it was a great way to provide ‘notes’ for conference attendees, while sharing the topic with a larger international audience that wasn’t at the event in person,” Rikki stated.
If you’re interested in writing, I encourage you to do it. I highly recommend the articles mentioned here as a way to get started thinking about the story you have to tell. Unfortunately, our discussion at Open Source Summit was not recorded, but I hope we can do another talk in the future and share more ideas.
Check out the schedule of talks for Open Source Summit Europe and sign up to receive updates:
At major business schools ranging from Berkeley to Wharton, students are flocking to classes on blockchain and cryptocurrency. As CNBC recently reported: “According to a new survey of 675 U.S. undergraduate students by cryptocurrency exchange Coinbase and Qriously, 9 percent of students have already taken a class related to blockchain or cryptocurrency and 26 percent want to take one.”
College course offerings include “Blockchain, Cryptocurrency, and Distributed Ledger Technology” taught by Kevin Werbach and engineering professor David Crosbie at the University of Pennsylvania; and “Blockchain and CryptoEconomics,” taught by computer science professor Dawn Song at the University of California at Berkeley.
Meanwhile, job postings related to blockchain and Hyperledger are taking off, and knowledge in these areas is translating into opportunity. Careers website Glassdoor lists thousands of job posts related to blockchain.
Effectively, blockchain is becoming part of the required lingua franca for those entering the world of business as well as others. Outside of the big business schools, there are many learning resources worth knowing about, including these courses offered by The Linux Foundation:
Hyperledger Fabric Fundamentals (LFD271)
Teaches the fundamental concepts of blockchain and distributed ledger technologies.
Blockchain for Business – An Introduction to Hyperledger Technologies (LFS171)
A primer to blockchain and distributed ledger technologies. Learn how to start building blockchain applications with Hyperledger frameworks.
“In the span of only a year or two, blockchain has gone from something seen only as related to cryptocurrencies to a necessity for businesses across a wide variety of industries,” said The Linux Foundation’s Clyde Seepersad, General Manager, Training & Certification, in introducing the course Blockchain: Understanding its Uses and Implications. “Providing a free introductory course designed not only for technical staff but business professionals will help improve understanding of this important technology, while offering a certificate program through edX will enable professionals from all over the world to clearly demonstrate their expertise.”Aside from full courses, webinars focusing on blockchain technology offer chances to see how individual technologies work, and how industry segments are being influenced by blockchain. On Wednesday, September 26, at 9 a.m. Pacific, you can tune into “A Hitchhiker’s Guide to Deploying Hyperledger Fabric on Kubernetes,” a free webinar presented by Alejandro (Sasha) Vicente Grabovetsky and Nicola Paoli of AID:Tech. It’s ideal for DevOps workers and others interested in the increasingly popular Hyperledger Fabric platform.
Conferences also provide good learning opportunities. The Open FinTech Forum in New York City, coming up October 10 and 11, will provide a great opportunity to hear about the latest distributed ledger deployments, use cases, trends, and predictions of blockchain adoption. Panel discussions are scheduled to cover:
Distributed Ledger Technology Deployments & Use Cases in Financial Services
Enterprise Blockchain Adoption – Trends and Predictions
Blockchain Based Compliance Management Systems
Taking advantage of these opportunities to learn about blockchain makes more sense than ever.
Dr. Angel Diaz is the face of open source at IBM as Vice President of Developer Technology, Open Source & Advocacy. At the recent Open Source Summit in Vancouver, we spoke with Diaz to talk about the importance of open source at IBM and how it’s changing the world around us.
LF: What’s the importance of open source in modern economy?
Angel Diaz: We are living in a technology-fueled business renaissance — cloud, data, artificial intelligence, and the redefinition of the transaction. There is constant democratization of technology. This democratization allows us as computer scientists to innovate higher orders of the stack. You don’t have to worry about compute, storage and network; you get that in the cloud for example, but what has been driving that democratization? Open source.
Open source has been the fuel, the innovation engine, the skills engine, the level playing field that allows us as a society to build more, to build faster and move forward and the rate and pace of that is increasing.
What’s really nice about that is we are doing it in a controlled way with open governance and leveraging the all the work that we do in consortia such as the Linux Foundation.
Read more at The Linux Foundation
