Why I Joined the LPI Board of Directors – Ted Matsumura

My name is Ted Matsumura, and I am currently serving on the Board of Directors for the Linux Professional Institute (LPI). In this article I’ll explain why I joined the Board and what my experience there has been like.

I have worked in the tech industry since the mid 1980s, and with free and open source software (FOSS), especially Linux, since the mid 1990s. As a product manager for Adaptec NICs for the US and Japan, my role involved supporting and promoting Linux device driver development and FOSS at Adaptec, and later at Intel, Packet Engines, and Penguin Computing. Later, I became an adjunct professor for computer science courses, including teaching classes with Linux, and I am currently working at a multinational firm on secure cloud environments, GitOps, and DevSecOps.

Having gotten certified by LPI myself, and having taught courses about the LPI exams as a college adjunct professor 20 years earlier, I came to the Board appreciating the great work that LPI had done so far. I hoped to help availability and proliferation continue to evolve.

My first desire in joining the Board was to use the business and technical skills I had honed during the past 30 years to bring others up to speed more quickly on the importance of Linux and open source software projects. I also felt that being involved with the teaching and certification process helped me keep aware of the latest technologies, which I use in my job as an R&D engineer.

Second, I wanted to help modernize the training curriculum and certification process to match what enterprise clients are looking for. One important step was to bring the materials and processes more closely in line with an actual work environment and to utilize newer testing technologies, including high-quality lab simulation environments. Another step in this process was to provide the best in class education materials. Testing technologies also needed to exceed the capabilities of strictly multiple choice certifications, and to provide interactive environments that match real-world scenarios to demonstrate knowledge and problem solving capabilities.

Third, I wanted the educational programs and testing to be more widely available to all users, especially those who normally could not afford the time, the resources, or the costs to achieve certification.

Since joining the Board almost a year ago, I have found the virtual meetings with the other Board members enjoyable and productive. Many of the Board members are in different countries and time zones. The global reach of LPI is impressive and constantly growing. Diversity among the board and membership is a good thing, and something I am proud to be promoting within the organization.

Source: lpi.org

Continue reading

Transforming Corporate Culture Through FOSS

Exploring the transformative impact of open source on corporate culture, this article by Ricardo Prudenciato delves into how embracing open-source methodologies not only revolutionizes software development but also fosters a collaborative, innovative work environment. That environment is covered by the new Linux Professional Institute (LPI) Open Source Essentials certificate. Through examples and insights, Ricardo highlights the benefits of open source beyond technology: promoting transparency, knowledge sharing, and a more inclusive, creative corporate culture.

Open source has definitively established itself in recent years as a leading model for software solution development worldwide, across various fields of activity. In the tech world, open source refers to software whose source code is publicly available, allowing anyone to use, study, modify, and distribute it. This free and collaborative approach promotes transparency, innovation, and knowledge sharing. By adopting this methodology, a company and its team benefit in many aspects beyond just technical matters.

Collaborative Learning and Innovation Environment

The open source model is built on collaboration among developers, users, and software communities. By embracing this philosophy, companies foster a strong internal collaboration culture, encouraging employees to share knowledge, work together, and contribute to collective projects. This promotes a more inclusive work environment, valuing diverse ideas and perspectives to drive innovation. It also encourages knowledge and experience sharing through daily interactions, workshops, internal talks, and platforms for collaborative learning and information sharing. Encouraging internal open source projects or contributions to external open source initiatives enhances team skills, enables active participation, and increases team engagement. Participation in open source communities connects professionals with similar interests, promoting teamwork, networking, and practical problem-solving.

Exploring New Possibilities

Adopting open source also encourages the team to have a more diverse vision when looking for solutions to the needs of the company and its clients.

This is because there is such a wide variety of software options and technologies that can be used for the most varied purposes. An open source approach encourages the team to explore different alternatives, compare solutions, and choose those that best suit the specific requirements of the project or client.

By its mode of organization, open source offers much greater flexibility and capacity for customization than proprietary solutions. This allows the team to adapt and adjust the software as necessary to meet the specific demands of the company, encouraging the search for tailor-made solutions that meet the unique needs of each project.

Another very beneficial factor is the reduction in dependence on specific software suppliers, the so-called “lock-in.” By avoiding lock-in, the organization enjoys greater freedom of choice and control over the technologies used. This allows the team to explore a wider variety of supplier and solution options, encouraging the search for alternatives that can offer better quality, performance, or cost effectiveness for each need.

In the End, Everyone Wins!

The adoption of open source has not only revolutionized the way software is developed and used, but also transformed the way companies and their teams operate and innovate. By establishing itself as one of the main models for developing software solutions, open source has brought with it a series of tangible and intangible benefits for organizations.

Firstly, the collaborative learning and innovation environment fostered by open source is an inexhaustible source of growth and development for teams. By encouraging internal and external collaboration, knowledge sharing, and active participation in open source projects, companies create a space where creativity flourishes, skills are honed, and the most innovative ideas come to life.

In addition, the diversity of options and flexibility offered by open source encourages the team to explore new possibilities and solutions for the company’s needs. By preserving access to a wide range of technologies and suppliers, the team can choose the most suitable tools for each project, adapting them as necessary and reducing dependence on specific suppliers.

When adopting open source, organizations are encouraged to constantly strive for the highest standards of performance, efficiency, and quality in all aspects of their operations.

Adopting open source not only drives technical innovation, but also promotes a culture of collaboration, continuous learning, and the pursuit of excellence within organizations. By incorporating open source principles into their operations, companies are prepared to face the challenges of today’s market and build a more sustainable and innovative future for themselves, their professionals and their customers.

Source: lpi.org

Continue reading

From passion to profession: Morrolinux’s Journey in FOSS

Is turning your passion into a profession possible? According to my experience, the answer is: YES.

Does turning your passion into a profession mean you are just taking a shortcut around the tedious life journey of going to school and “working your way up” through low-level jobs? According to my experience, the answer is: NO.

Does turning your passion into a profession probably mean you are going to have a sort of life-changing experience? According to my experience, the answer is: Yes.

I am Moreno Razzoli. Maybe you know me better as Morrolinux. This is the story of how I turned my passion into a profession. And, yes: my passion was, and is, and I am quite sure will be for a while longer, Linux.

Since I started my journey with Linux in 2008, it has been a path of constant learning and exploration. As a self-taught enthusiast initially, I grappled with the complexities of Linux, driven by a deep curiosity and a passion for technology. Every problem I encountered became a lesson, shaping my understanding of the operating system. This phase of self-learning was critical, as it laid the groundwork for my later professional endeavors.

Building up from an Academic, No, Technical Education

Post-graduation, as I stepped into the role of a system administrator, I was handling mixed environments of Windows and Linux systems. This was a practical application of my skills, blending my Linux expertise with real-world scenarios. It was during this time that I realized the importance of structured learning. Deciding to formalize my knowledge, I pursued and achieved LPIC-1 certification through the Linux Professional Institute

This certificaitonwas more than just an academic milestone. The LPIC-1 certification marked a significant turning point, taking me beyond just practical applications to a deeper understanding of Linux. It was not merely about enhancing technical proficiency; it was about gaining a comprehensive insight into the workings of an open source operating system. This understanding is pivotal in the open source world, because it directly influences the way software is utilized, integrated, and shared across diverse platforms and environments.

My university education in Computer Science, after my first experiences with Linux and FOSS, was another significant chapter in my journey. Here, I delved into fundamental computing concepts such as software architecture, client-server models, and cloud computing. This phase was complementary to what the Open Source Essentials program offers, which is a broad understanding of the non-technical aspects of open-source software, crucial for any professional in the field.

Today: Freelancing in FOSS

Transitioning to teaching and content creation, I embraced the role of an educator and advocate for open source. My work as an LPI Training Partner and on my Morrolinux YouTube channel reflects the ethos of the Open Source Essentials – emphasizing community contribution, knowledge sharing, and open-source advocacy. It’s a testament to the community-driven nature of open source, where sharing knowledge and experiences enriches the entire ecosystem.

In my freelance career, I tried to embrace the essence of open source not only as a tech enthusiast but as a strategic business decision. This journey has been about more than just adopting Linux; it’s about deeply understanding the goals and principles behind open licensing.

I’ve explored various business models that thrive in the open source ecosystem, examining how they generate revenue while contributing valuable software and content. My experience has shown the significant role open source plays in larger tech products and services. These explorations have brought me to recognize the nuanced impact of licenses on software development and business strategies.

By focusing on what clients seek in open source, I’ve navigated the cost structures and investments necessary for developing in this space. It has been a practical application of the principles I’ve learned — a testament to the sustainable and versatile nature of open source as a business model.

To summarize my whole public activities in a few words: The challenge was to find the right voice for being entertaining while keeping professionalism and consistency. I wanted to share my passion, not to make statements or boring lessons (and, by the way: Video tutorials do not work!). The other double-edged thing is about being a one-man band: It offers a lot of freedom, but a lot of responsibility and pressure as well.

In refining my approach to open source, I’ve naturally aligned with the ethos at the core of the evolving open source landscape. This journey goes beyond mere adoption; it’s an immersion into a culture where sharing, collaboration, and community drive technological and ethical progress. Through this lens, I’ve navigated the complexities of open source licensing and business models, embodying the principles that foster a more innovative, inclusive, and sustainable tech ecosystem.

Today and Tomorrow

Reflecting on my experiences, I see how they resonate with the essence of the open source movement. My journey, a path determined by technical prowess and a commitment to community engagement, exemplifies the dynamic and highly influential nature of open source software. This path isn’t just about professional advancement; it’s a continual process of learning, sharing, and shaping the future of open source technology. Every step I take contributes to the broader community, paving the way for new enthusiasts and professionals to explore the limitless possibilities of open source.

Embarking on this journey with open source isn’t just about acquiring technical skills; it’s about embracing a philosophy that nurtures innovation and collaboration. The Linux Essentials and Open Source Essentials programs offer gateways into this vibrant world, providing the foundational understanding needed to appreciate its spirit and contribute meaningfully. These programs are not merely educational milestones but stepping stones toward becoming an integral part of a community that’s shaping the future of technology.

Source: lpi.org

Continue reading

A Crash Course in Cryptography

There are many fascinating topics in the universe of Information Security, but if I had to place one above all others (this being a purely personal opinion), Cryptography would occupy the highest level.

This topic has its deepest roots in pure mathematics, but now touches many areas of technology in the daily lives of thousands of people… so much so that in many cases its presence is taken for granted. It is present on multiple levels and is the key that guards our electronic secrets.

But…What is cryptography?

Symmetric and Asymmetric Cryptography

Cryptography is a method to encode content in a format that is impossible to read for those who are not authorized to do so. It is composed of a series of technologies that, together, keep data safe. The term encryption is roughly synonymous with cryptography.

The original text, which is readable by anyone, is called clear text or plain text. Encryption produces encrypted text.

When using unprotected connections, without a proper encryption protocol, it is relatively easy for a snooper to steal personal information by seeing data in transit in the clear. For instance, if you sit in a café and send email over a connection that is not protected by cryptography, the person on a computer at another table could pick up your traffic and ready your email.

We can categorize the various types of cryptography as either symmetric or asymmetric.

Symmetric cryptography uses the same, single secret key to encrypt the clear information and to decrypt it. If the text is being transmitted between people both the sender and the receiver use the same key.

In practice, the sender encrypts the message with a secret key, then transmits the message through a communication channel. The recipient receives the message and decrypts it with the secret key. The recipient normally receives the key from the sender through a predefined, safe transmission channel–not the same channel used for the message, because by definition that channel is assumed to be viewable by attackers.

The keys represent a shared secret between the parties, which can be used to maintain a private link of information.

Symmetric cryptography is relatively simple (although the mathematics used to create the key is very sophisticated), easy to implement, and has good overall performance.

Among the algorithms that support symmetric cryptography we find:

◉ DES

◉ 3DES

◉ AES

Among these, AES is currently the most modern and robust, and is commonly used for very sensitive information, even by government bodies.

Asymmetric cryptography, also known as public key cryptography, encrypts and decrypts data using two distinct keys. These two keys are named the “public key” and the “private key.” The public key can be distributed wherever the sender wants a message to be readable, whereas the private key must be kept, of course, secret.

If either of the two keys encrypts the message, it can be decrypted only with the other key.

Asymmetric cryptography is significantly slower than its symmetric counterpart, because the keys are longer and the related calculations to be performed are much more complex.

The exceptionally long length of the keys in use makes it practically impossible to derive private keys from the associated public keys, even though they are mathematically linked by the calculation that produced them both.

Because the public key can be safely transmitted over a channel where attackers can grab it, asymmetric cryptography is often used to exchange the secret key used later for symmetric cryptography.

Some of the algorithms that support asymmetric cryptography are:

◉ El Gamal

◉ Diffie Hellman

◉ RSA

RSA, given its ease of use and its intrinsic robustness, which stems from computational entropy, is the preferred algorithm for encrypting and signing messages.

Public Key Infrastructure (PKI)

Asymmetric keys introduce another fundamental infrastructural concept in the matter of encryption: Public Key Infrastructure (PKI).

PKI is a sequence of processes and tools that allow authoritative third parties “in trust” to determine the identity of a user and to verify that a public key legitimately belongs to that user.

The impetus behind PKI is that, when users make initial contact online—such as by logging into a retail web site—they don’t know whether they are reaching the real person or company they want. A malicious “man in the middle” attacker could claim to be a major retail site, and an encryption key by itself cannot guarantee that the legitimate site is the one sending the key.

To provide the trust necessary for Internet communication among parties who don’t previously know each other, PKI registers identity of at least one party.

Identities are defined in a digital public key certificate with a standard called X.509.

A site called a Certification Authority (CA), which is recognized and trusted by both side, creates digital certificates that securely tie sites to their public keys. Web users generally trust CAs because the CAs’ identities are hardcoded into the user’s browser.

The implementation of PKI can be found, for example, in contexts such as:

◉ Certificates for websites

◉ Private networks and VPNs

◉ Cloud applications and services

◉ Email security

◉ User and device authentication

◉ Signing of documents and messages

Uses for Cryptography

You should now have a rough idea of cryptography and its value. Here we’ll look at different contexts for using cryptography:

◉ Email

◉ Web browsing

◉ Data storage

Email

The main email encryption protocols are S/MIME and PGP/MIME.

S/MIME, which stands for Secure/Multipurpose Internet Mail Extensions, is integrated into most devices and uses a centralized CA to determine the encryption algorithm and keys to be used. S/MIME is primarily used in large Web-based email platforms.

PGP/MIME, which stands for Pretty Good Privacy/Multipurpose Internet Mail Extensions uses a decentralized authority model. In contrast to S/MIME, key management is not governed by a CA, but is more the responsibility of the user. Users rely on a “web of trust” to establish the authenticity of the user on the other side of the communication.This protocol depends on of third-party encryption software.

PGP/MIME is proprietary. A free re-implementation, GnuPG (also called GPG), performs the same task without major differences.

Web browsing

A user establishes an encrypted connection to a website by entering or clicking on a URL starting with HTTPS instead of HTTP. HTTPS is a hypertext transmission protocol that additionally is secure because all traffic sent over the Internet is encrypted. Therefore, when a connection is based on HTTPS, privacy and integrity of data are guaranteed.

HTTPS is the successor to HTTP, which transmits date in plain text and has been gradually deprecated (except for a few rare use cases).

The HTTPS protocol integrates HTTP with the TLS cryptographic protocol (a successor to another protocol for web encryption, SSL), adding a valid digital certificate. SSL and TLS are essentially the same protocol that has evolved over time, with TLS being the most modern format and now in version 1.3.

Browsers that send and receive data over secure HTTPS often display a green lock.

Data storage

Data can be encrypted at multiple levels: not just in transmission when email or the Web are used, but also locally on storage devices such as hard drives, USB drives,and tape drives.

The use of storage-side or file-side encryption greatly offsets the risk of data loss. Like encryption used on the network, storage-side encryption is a very powerful tool that protects all data on every device, regardless of the type of physical media, interface, or data privacy class.

Storage-side encryption is a great way to ensure data security, especially if the device is stolen.

Linux users can keep data safe through Linux Unified Key Setup (LUKS). It employs a brute force encryption algorithm and totally secures data if a strong password is used. LUKS is currently in version 2.

Newer Linux distributions also offer full disk encryption (FDE) at the end of operating system installation, setting a strong password to control access to the contents of the disk. But be careful and don’t forget your password: When data is encrypted on the disk using full disk encryption, if the password is lost the data inside will be very difficult to recover.

Absolute security is a pipe dream, but to paraphrase J. W. von Goethe, “He who wants to take sure steps must walk slowly.”

Source: lpi.org

Continue reading

2024 Open Source Professionals Job Survey Report Available Now

Toronto, 04-23-2024 — Linux Professional Institute (LPI), in conjunction with Open Source JobHub, released today the 2024 Open Source Professionals Job Survey Report, which summarizes the results of a job survey among open source professionals. Based on the responses from administrators, developers, and non-technical professionals, the report highlights the concerns of employees in the world of free and open source software (FOSS).

Respondents care most about work-life balance and remote work options when considering a new role. A stated policy for using and contributing to open source software and opportunities for training and certification were also important to respondents.

This report details findings from the survey and provides insight both for job seekers and for hiring managers aiming to attract and retain open source professionals. The full report can be downloaded under https://www.lpi.org/2024-open-source-professionals-job-survey-report/

“Our mission is to promote the use of open source by supporting the people who work with it. This includes helping employers understand what our community members want from their jobs and work environments. Our aim was to collect relevant data that we felt was not sufficiently covered in other reports.”—G. Matthew Rice, Executive Director of LPI

“It is beneficial for both sides, employees and employers, to know each other’s expectations. Employers say in job advertisements what they expect and what they offer. But what do the people who are asked to apply expect? We wanted to show what potential is available in the workforce and what offers and values are relevant to leverage that potential.”—Brian Osborn, Founder of Open Source JobHub, CEO & Publisher at Linux New Media

Linux Professional Institute (LPI) is the global certification standard and career support organization for open source professionals. It’s the world’s first and largest vendor-neutral Linux and open source certification body. LPI has certified professionals in over 180 countries, delivers exams in multiple languages, and has hundreds of training partners. Our mission is to promote the use of open source by supporting the people who work with it.

Open Source JobHub aims to help everyone find a place in the open source ecosystem by connecting job seekers with employers looking for top talent. Let us help you turn down the noise and find the perfect job fit.

Source: lpi.org

Continue reading