Will the European Union Erect Barriers to FOSS?

On September 15, 2022, the European Commission published a draft law called the Cyber Resilience Act (CRA), which aims to improve the security of hardware and software products. The proposal defines “standard metrics” for evaluating the safety of projects. It communicates the security status of each project to users in a simple way. A CRA “approval” would be the equivalent of a “CE” mark on software products.    

However, if applied as written, the bill could make authors of free and open source (FOSS) projects legally and financially responsible for how their projects are used within others’ commercial projects. This is a problem since Open Source software is, by definition, distributed “as is,” with no guarantees, thus relieving authors of any liability.

We suggest that the bill needs to distinguish between independent authors in a voluntary capacity and technology giants selling products or services. Under the currently proposed bill, if I develop a logging library and make it Open Source, Company X could use it within its product without giving me anything in return. If a vulnerability is discovered in my library, I would be legally and economically liable for the damages suffered by that company.

An innovation versus security conundrum?

More generally, the idea behind free software and open licenses is to make software accessible, freely modifiable, and redistributable. Suppose a for-profit company adopts open source software to perform its functions or services. In that case, it should be the company’s responsibility to secure that software and, depending on the license, redistribute it or not with its own improvements.

The proposed law could be a strong disincentive for both authors and contributors to open source projects. Specifically, Article 16 of the proposed law states that “one who applies substantial changes” to a project is considered equal to the author in terms of liability. However, the meaning of the phrase “substantial changes” is unclear, which makes the proposed law even more problematic.

The risk is that the proposed CRA law could block innovation in the field of open source software and damage the economy of the entire country. Therefore, it is essential to raise awareness among the public and relevant authorities about the possible adverse effects of the proposed CRA law and to try to find solutions that protect both authors and users of open source software.

The Cyber Resilience Act (CRA) today

Since September 2022 the European FOSS community has been monitoring debate around this topic, while the European Parliament and the European Commission worked on the CRA draft.

On July 19, 2023, the draft regulation presented by the European Commission was approved with amendments by the European Council (chaired by Spain) and, in parallel, by the European Parliament. The adoption of these two proposals allows the start of inter-institutional negotiations between the Council and the European Parliament (the so-called trialogue) for the adoption of the final text. The trialogue is expected to take place in September, and the regulation’s final adoption could occur shortly afterward.

LPI and the Cyber Resilience Act (CRA)

Linux Professional Institute (LPI) will host an online roundtable discussion on the Cyber Resilience Act (CRA) on October 3rd. This roundtable discussion will provide an opportunity to raise awareness of the potential risks of the CRA and to discuss possible solutions.

Source: lpi.org

Continue reading

From SEO to DevOps Via LPI: Adam Stegienko’s path

My journey with the technology world started not a long time ago but has been extremely intense. Having graduated from non-IT studies, I had my first two jobs in the Finance field. Although some of my responsibilities were close to software development or process improvement topics, I always felt I didn’t have much space to bring in a real change since I lacked technical skills other than simple macros writing in MS Excel VBA.

From SEO to Linux

Everything changed in early 2022 when I got interested in SEO practices and web positioning. I quickly realized that to excel in the SEO market, I need at least the basics of programming. I started with a standard Front-End development course, and at that moment, I felt that the “IT hemisphere” gave me more fun than SEO.

Although I could not get on with Front-End (I felt it was not for me), I continued my programming learning path with Python language. After two months of an intensive Python course, I casually looked through one of the top job boards in Poland and saw something unbelievable.

Develeap (a leading DevOps consultancy company in Israel) opened a 3-month-long DevOps boot camp in Poland to educate and hire talented people. The DevOps topic was completely new to me. Yet, the boot camp admission required only basic Python and Linux/Bash knowledge. One of these I already had, “So why wouldn’t I try?” I thought.

I finished the Python task smoothly, but when it came to the Bash scripting task, I felt that that one would be a bigger problem for me. Before, I hadn’t had any experience in Linux and Bash, so I needed to begin my adventure with Linux from the very scratch in an extreme way. I had just installed Ubuntu Linux on my machine for the first time, given an assignment to write 2 complex Bash scripts. It’s worth mentioning that I hadn’t written a single line of code in Bash back then. It took me three days to read the documentation and submit the “kind-of-working” scripts. Yet to my genuine surprise, I passed and finally got into the complete full-time DevOps Bootcamp! For the next 3 months, Linux slowly started revealing its wonderful possibilities to me…

Playing with (a lot of) tools

Those challenging 3 months taught me how to learn IT topics. I explored documentation of the tools I was trying to learn (e.g. Git, Docker, Jenkins, Terraform, or Kubernetes); I also discovered a wonderful “medium.com” specific channel and a bunch of awesome YouTube channels which focus strictly on DevOps, Linux and programming topics (e.g. “TechWorld with Nana“, “The DevOps Guy“, or “Learn Linux TV“). And last but not least, I learned how to search for answers on Stack Overflow!

I must admit that I have been using all these sources even until today. One of the most important and challenging projects I completed and am proud of was my DevOps portfolio project. It was the last project of the boot camp, required to complete and present to graduate. The project was multi-disciplinary, which is actually normal in DevOps Engineer’s everyday responsibilities. It was a multi-repo project composed of a simple web application written in Python (Flask), dockerized, connected to MS SQL Server database and put behind a reverse proxy (nginx). Moreover, I wrote the Azure Cloud infrastructure code in Terraform and created the Kubernetes configuration for all the application’s services. I put the project to life with CI/CD pipeline using GitHub Actions (for CI) and ArgoCD (for CD – GitOps).

All in all, I spent almost two weeks until I finished the portfolio. Still, it eventually worked, and my changes on the application code pushed to the remote repo got portrayed in a live, internet-exposed production environment in a matter of minutes. The portfolio taught me a lot about the software development life cycle. That experience also gave me the courage to believe I can be a good engineer and give value to my future customers. Happily, I passed with my portfolio and presentation, graduated from the boot camp and finally joined Develeap. Soon I got my first project as a DevOps Engineer.

In my new role, I realized where my low points of knowledge were, and, against most recommendations to go only for cloud certifications, I decided to build up my fundamentals, the true foundation of DevOps and system administration, which is obviously Linux. I went for Linux Professional Institute’s LPIC-1 Linux System Administrator because of its recognition on the market and reliable computer-based tests (CBT).

It took me 2 months to prepare and pass the 101-500 and 102-500 exams, but it was worth the effort! Thanks to the extensive preparation and Christine Bresnahan‘s course on Udemy, I understood the main principles of Linux OS, Filesystem Hierarchy Standard, networking, administration, scripting, and more, which I am using daily in my job right now.

LPIC-1 will definitely not be my last certification from LPI, thanks to the extensive support from Develeap, for which I am genuinely grateful. I strongly recommend LPI certifications for ambitious individuals who want to start with Linux to eventually aim for the stars!

Source: lpi.org

Continue reading

Cyber Resilience Act (CRA) Roundtable: Be there!

The Linux Professional Institute (LPI) will host an online roundtable discussion on the European Union’s Cyber Resilience Act (CRA) on October 3rd at 4PM GMT. The CRA is a proposed law that would impose new security requirements on products with digital elements, including open source software.

The roundtable will feature experts in the field of cyber resilience and open source software, as well as representatives from open source communities, industry leaders, and relevant authorities. The discussion will focus on the potential implications of the CRA for open source software, as well as possible solutions that could protect both authors and users of this type of software.

At the moment, we are designing the panel for the round table. If you would like to contribute, please contact us.

“We believe that the CRA is a critical issue for the open source community,” said G. Matthew Rice, Executive Director at Linux Professional Institute. “This roundtable discussion will provide an opportunity to raise awareness of the potential risks of the CRA for the open source ecosystem and to discuss possible solutions. We hope that this discussion will help to ensure that the CRA does not stifle innovation in the open source community.”

The roundtable will be held online and will be open to the public. Details will be released soon on this page.

About the European Cyber Resilience Act

The EU Cyber Resilience Act (CRA) is a proposed law that would impose new security requirements on products with digital elements. The CRA would require manufacturers of these products to take steps to reduce the risk of cyber attacks, such as implementing security patches and conducting security assessments. The CRA would also require manufacturers to provide users with information about the security of their products.

The CRA has been met with mixed reactions from the open source community. Some members of the community have expressed concerns that the CRA could make it more difficult to develop and use open source software. Others have argued that the CRA could actually help to improve the security of open source software.

The roundtable discussion on the CRA will provide an opportunity to discuss these concerns and to explore possible solutions. The discussion will also help to raise awareness of the CRA and its potential implications for the open source community.

Source: lpi.org

Continue reading

Will AI Replace Developers?

The technology industry has already seen more than 230,000 job cuts since the beginning of 2023. The feeling one gets from these widespread layoffs, the collapse of crypto asset prices, and the bankruptcy of Silicon Valley Bank (SVB) is that the golden balloon that is Silicon Valley has popped. On the other hand, AI-related job opportunities are increasing, and the rapid evolution of Artificial intelligence (AI) technology is bringing about major changes in a variety of industries. In these unpredictable times, we will discuss how developers should plan their career strategies and learn AI.

Layoffs and the Background of the Surge in the IT Industry

As just noted, layoffs have been increasing in the IT industry in recent years. There are several reasons for this. One is the temporary increase in demand due to the pandemic and the subsequent drop in demand. In addition to this, some developers’ work has been replaced by AI, which has automated and streamlined operations. However, we should not forget that layoffs are not only a negative phenomenon, but also an improvement in corporate structure promoting an increase in stock prices. One thing is certain: The development of AI technology brings new opportunities as well as losses, and developers need to be flexible to adapt to these changes.

Programmers need to develop appropriate strategies to protect their careers. Keeping up with new technological trends and continually learning skills is essential; given the widespread application of AI to a range of industries and customer interactions, developers need to keep up with the evolution of AI technology and acquire AI-related skills and knowledge to increase their competitiveness.

In addition to technical skills, it is also important to build a stronger career by becoming familiar with other industries, society as a whole, and the economy.

AI skills are currently experiencing a rapid increase in market value. In Japan, for example, the AI systems market is growing at well over 25% per year. With demand for AI technology growing, developers with AI skills can build promising careers.

Data shows that the average annual salary of AI professionals continued to rise during 2018-2021, even as the annual salary of IT professionals in Japan declined. This indicates that developers with AI skills are in very high demand. Therefore, acquiring AI skills is a promising option.

How will developers learn AI technology?

Learning AI technology is a matter of acquiring both basic knowledge and practical learning. First, online courses and training programs can effectively introduce AI technologies. It is also a good idea to actively participate in AI communities and share information. Additionally, it is important to develop AI skills through your own projects and practical experience. In short, developers should hone their skills while taking advantage of a wide range of learning resources.

The development skills that developers have learned so far will not be wasted. Development skills and AI skills are complementary and can create more value when applied together. As developers acquire AI skills, they will be able to streamline the development process and generate new creativity. The combination of development skills with AI skills is expected to become increasingly important, as it will enable problem solving from multiple perspectives.

Non-programmers can open the door to a career in programming and AI by learning web development. The skills needed to create a web site present an easy progression of steps to programming: from HTML and CSS through the JavaScript programming language and then more complex back-end libraries such as Node.js and Express. These technologies form the core of LPI’s Web Development Essentials certificate.

Programming for the web is a valuable skill in any field, because of the ubiquity of the web, but the discipline also gives the learner a programming mind-set (a way of thinking) that can be applied to other languages and to AI development.

Some people think that, because AI can write programs, it will soon be unnecessary for people to learn to program. But the importance of humans in programming won’t go away soon, if ever. AI can help people program at a higher level: to think of goals, architecture, user experience (UX), security, and other aspects of the program.

Summary

The evolution of AI technology is having a profound impact on developers, but it also generates new opportunities. It is important for developers to review their own career strategies and keep up with the technologies that will shape the future by learning AI skills and responding to emerging technology trends. Combining development skills with AI skills can provide broader value. Continued attention to the evolution of AI technology will lead to stronger careers as developers continue to update their own skills.

Continue reading

Software Freedom Day: Connect With New Clientele and Your Community

Software Freedom Day (SFD) is a global initiative that takes place on September 16th, with over 300 events in 100 cities worldwide. It is a key opportunity for organizations to establish their community presence, extend their reach to new potential clients or students, and make important professional connections with members of open source and IT networks.

Read More: 020-100: LPI Security Essentials

SFD aims to increase public knowledge and empowerment through free software. Events can encompass topics relevant to businesses, schools, governments, or the general public, with Linux and FOSS newcomer-friendly content that seeks to answer questions and introduce the uses and concepts of free software.

Signing up to host a SFD event can positively position your organization as one that supports its local community members, as well as the barrier-shattering principles of free software that encourage access to IT skills, knowledge, careers and innovation. This can help extend your reach and exposure through providing fun and educational content at a local event.

SFD events can take many forms, depending on the resources available to your organization. Location opportunities could include partnering with a local school, library, IT event, marketplace, Linux Users Group (LUG), hosting a family-friendly BBQ, or renting a conference room. A complete walkthrough is provided by SFD organizers, with examples from past events such as:

◉ Public presentations introducing the benefits of Linux and open source.

◉ Booths where representatives from your organization can answer questions, distribute organizational merch and information, and/or USB/DVD handouts of Linux.

◉ A friendly competition for art, videos, music, or other media created with FOSS.

◉ Linux installation workshops (potentially for old hardware to promote eco-recycling in your community.)

◉ A showcase of FOSS success stories presented in collaboration with partners, clients, and or connections to volunteers.

For those involved in the training and distribution of the Linux Professional Institute (LPI) Essentials track, or possess LPI Web Development, Linux, and Security Essentials certificates, these introductory IT topics make a great subject matter for any SFD event. Essentials certificates promote the importance and mastery of foundational skills in programming, Linux, and everyday cybersecurity protection for those new to IT and open source. With the addition of free LPI Learning Materials in multiple languages, the importance of open knowledge and universal access to Essentials skills can be introduced to a variety of audiences.

Showcase your or your organization’s interest in supporting its local community and universal access to opportunities made possible by IT Skills and open source software by signing up to host a Software Freedom Day Event. For more information, check out the SFD Wiki, join the SFD Mailing List to chat with previous participants.

In 2004 my friend Matt Qquist, a member of my Greater New Hampshire Linux User Group, started the first Software Freedom Day. It has been my pleasure to attend several of these events around the world, meeting people who are curious about Software Freedom and our movement. This year I intend on presenting at a SFD event with the University of Sao Paulo. I hope that you too can find an existing SFD or start your own.

Source: lpi.org

Continue reading