Capital One: Open Source in a Regulated Environment



  • Capital One Open Source

    Lessons Learned on Our Open Source Journey at Capital One.

    Most people know Capital One as one of the largest credit card companies in the U.S. Some also know that we’re one of the nation’s largest banks — number 8 in the U.S. by assets. But Capital One is also a technology-focused digital bank that is proud to be disrupting the financial services industrythrough our commitment to cutting edge technologies and innovative digital products. Like all U.S. banks, Capital One operates in a highly regulated environment that prioritizes the protection of our consumers and their financial data. This sets us apart from many companies who don’t operate under the same level of oversight and responsibility.

    Our goal to reimagine banking is attracting amazing engineers that want to be part of the movement to reinvent the financial technology industry. During interviews, they are often surprised to find we want them to use open source project and contribute back to the open source community. Even more are blown away that we sponsor open source projects built by our engineers.

    People expect that kind of behavior at a start-up, not a top bank. There is nothing traditional about Capital One and our approach to technology.

    When we see opportunities, especially in technology, we deliberately pursue them. Our approach to managing technology, guided by general industry regulations and company-specific policies, provide the guardrails for using, contributing to, and launching open source software projects. The Open Source Office adopted a comprehensive risk management approach wherein we have identified clear risk ownership around when to use, contribute to, and launch open source projects.

    Our journey to managing open source risk and implementing this strategic approach followed this trajectory:

    • Engineers wanted to use and contribute to open source projects.
    • Risks were identified, analyzed, and a path to managing them was mapped out with the Open Source Office, Legal, and Security teams.
    • Focus on education, with external partnerships providing guidance (Linux, TODO, etc.).
    • Momentum increased as we matured our internal partnerships with Engineering, Legal, Security, and Audit Teams.
    • Explaining and demonstrating our risk management approach to leaders secured sponsorship and resources.

    Organizing Into an Office

    With strong leadership support, in 2015 we formalized oversight and governance through the creation of Capital One’s Open Source Office (OSO). With strong partnerships in Legal and Security, resources accountable for advising and overseeing open source activities were established within the OSO.

    Through these partnerships, the OSO team manages the company’s open source contributions, including these three crucial pillars:

    • Manage direction — Policy, guidance, and education.
    • Manage connections — Internal and external, as well as partnerships with Legal, Security, and other stakeholders.
    • Manage technologies — Support open source processes and community needs.

    As a horizontal function, OSO manages the direction and risk-based approach Capital One takes with open source. We collaborated to define a corporate level policy for Open Source Software and developed educational materials and videos to guide teams and individual developers on how to manage defined risks. On a daily basis, OSO team members, along with our partners in Legal and Security, work with engineers and data scientists to understand use cases and provide guidance on how to appropriately manage risk.

    In addition to OSO managing internal connections with various teams in Capital One (Engineering, Legal, Trademarks, Security, Brand, Corporate Communications, Risk Management, Audit etc.), we actively manage our relationships with external communities such as the Linux and ApacheFoundations. We are also active members in the Open API Initiative, Cloud Native Computing Foundation (CNCF) and the TODO Group. We are also actively interacting with members of our own open source project communities (e.g. Hygieia and Cloud Custodian).

    Formalizing Guardrails Through a Corporate Policy and Standard

    In 2016, the OSO defined a corporate level Open Source Software Policy and Open Source Software Standard based upon an example from the Linux Foundation. The policy addresses three use cases and calls out the requirements to manage risk when:

    1. Using open source software projects.
    2. Contributing to open source projects.
    3. Sponsoring open source projects

    The policy also formalizes accountabilities for the three main open source stakeholders at Capital One, including:

    1. The developer/engineering community.
    2. Establishes a new strategic partnership between from diverse groups called the Open Source Steering Committee.
    3. Defines the tactical partnership between OSO, Legal, and Security within an Open Source Review Board.

    image alt text

    As we developed this policy and formalized accountabilities, we established the tactical partnership between OSO, Legal, and Security as the OSRB. This tactical team works to guide open source activities with the development community. We also established a strategic leadership committee named the OSS Steering Committee, a group comprised of a dozen leaders who provide strategic direction for the development community.

    Taking it to the Next Level

    As we look ahead in our open source journey, we plan to focus on:

    • Continue to educate our growing technology organization.
    • Strike a balance between managing risks and minimizing development bottlenecks.
    • Further automate license and security scanning and integrate it into our build process.
    • Establish and grow a robust governance function.

    Specifically, in 2018 we’re focusing on education, strengthening awareness in the development community, and establishing our role as an advisor.

    image alt text

    Collaboration among the multiple stakeholders has been key to navigating our open source journey. Capital One is a technology driven company and we are unified across our organization on taking our open source activities to the next level in 2018.

    At the end of the day, we strongly believe in the benefits of involvement in open source projects. By managing the associated risks through policies, standards, and cross-departmental collaboration, the OSO allows Capital One to fully leverage our involvement in this community.

    Acknowledgments

    Thank you to Nadine Hoffman and the Capital One OSPO for contributing this guide based on this original article.

    This article originally appeared on GitHub as part of the TODO Group’s open source program case studies.

    The post Capital One: Open Source in a Regulated Environment appeared first on The Linux Foundation.

    https://www.linuxfoundation.org/blog/capital-one-open-source-in-a-regulated-environment/





Tmux Commands

screen and tmux

A comparison of the features (or more-so just a table of notes for accessing some of those features) for GNU screen and BSD-licensed tmux.

The formatting here is simple enough to understand (I would hope). ^ means ctrl+, so ^x is ctrl+x. M- means meta (generally left-alt or escape)+, so M-x is left-alt+x

It should be noted that this is no where near a full feature-set of either group. This - being a cheat-sheet - is just to point out the most very basic features to get you on the road.

Trust the developers and manpage writers more than me. This document is originally from 2009 when tmux was still new - since then both of these programs have had many updates and features added (not all of which have been dutifully noted here).

Action tmux screen
start a new session tmux OR
tmux new OR
tmux new-session
screen
re-attach a detached session tmux attach OR
tmux attach-session
screen-r
re-attach an attached session (detaching it from elsewhere) tmux attach -d OR
tmux attach-session -d
screen -dr
re-attach an attached session (keeping it attached elsewhere) tmux attach OR
tmux attach-session
screen -x
detach from currently attached session ^b d OR
^b :detach
^a ^d OR
^a :detach
rename-window to newname ^b , <newname> OR
^b :rename-window <newn>
^a A <newname>
list windows ^b w ^a w
list windows in chooseable menu ^a "
go to window # ^b # ^a #
go to last-active window ^b l ^a ^a
go to next window ^b n ^a n
go to previous window ^b p ^a p
see keybindings ^b ? ^a ?
list sessions ^b s OR
tmux ls OR
tmux list-sessions
screen -ls
toggle visual bell ^a ^g
create another window ^b c ^a c
exit current shell/window ^d ^d
split window/pane horizontally ^b " ^a S
split window/pane vertically ^b % ^a |
switch to other pane ^b o ^a <tab>
kill the current pane ^b x OR (logout/^D)
collapse the current pane/split (but leave processes running) ^a X
cycle location of panes ^b ^o
swap current pane with previous ^b {
swap current pane with next ^b }
show time ^b t
show numeric values of panes ^b q
toggle zoom-state of current pane (maximize/return current pane) ^b z
break the current pane out of its window (to form new window) ^b !
re-arrange current panels within same window (different layouts) ^b [space]
Kill the current window (and all panes within) ^b killw [target-window]
  • Open Source Summit

    Join us in Edinburgh! Submit a proposal to speak by July 1 for Open Source Summit & ELC + OpenIoT Summit Europe.

    Submit a proposal to speak at Open Source Summit Europe & ELC + OpenIoT Summit Europe, taking place October 22-24, 2018, in Edinburgh, UK, and share your knowledge and expertise with 2,000+ open source technologists and community leaders. Proposals are being accepted through 11:59pm PDT, Sunday, July 1.

    This year’s tracks and content will cover the following areas at Open Source Summit Europe:

    Cloud Native Apps/Serverless/Microservices Infrastructure & Automation (Cloud/Cloud Native/DevOps) Linux Systems Artificial Intelligence & Data Analytics Emerging Technologies & Wildcard (Networking, Edge, IoT, Hardware, Blockchain) Community, Compliance, Governance, Culture, Open Source Program Management (Open Collaboration Conference track) Diversity & Inclusion (Diversity Empowerment Summit) Innovation at Apache/Apache Projects TODO / Open Source Program Management

    View the full list of suggested topics for Open Source Summit Europe.

    Suggested Embedded Linux Conference (ELC) Topics:

    Audio, Video, Streaming Media and Graphics Security System Size, Boot Speed Real-Time Linux – Performance, Tuning and Mainlining SDKs for Embedded Products Flash Memory Devices and Filesystems Build Systems, Embedded Distributions and Development Tools Linux in Devices such as Mobile Phones, DVRs, TVs, Cameras, etc Use of Linux in Automotive Drones and Robots Linux in the Internet of Things Practical Experiences and War Stories Standards Public Infrastructure Industrial Automation

    This year’s tracks and content will cover the following areas at ELC:

    Suggested OpenIoT Summit Topics:

    Real-Time OS (Zephyr, RIOT, MyNewt, FreeRTOS, NuttX, mbed and Others) Outside World Meets IoT (Sensor Interaction, Low Footprint, Connected Sensors, EMF/RFI Impact) Bootloaders, Firmware & Updates Containers Distributed Edge Application Technologies On-device Analytics Blockchain for Constrained Devices Device Management Power Management Configuration Management Developing for Security Safety Considerations Certifications – Lessons Learned Taking Devices to Product

    View the full list of suggested topics for ELC + OpenIoT Summit Europe.

    SUBMIT FOR OPEN SOURCE SUMMIT EUROPE »SUBMIT FOR ELC + OPENIOT SUMMIT EUROPE »

    Sign up to receive updates on Open Source Summit Europe and ELC + OpenIoT Summit Europe:

    Register & Save

    Not submitting, but plan to attend? Register before August 18 and save $300 with early bird pricing. One registration gets you access to both Open Source Summit Europe & ELC + OpenIoT Summit Europe.

    Interested in Sponsoring?

    Showcase your thought leadership among a vibrant open source community and connect with top influencers driving today’s technology purchasing decisions. Learn how to become a sponsor of Open Source Summit Europe or ELC + OpenIoT Summit Europe.

    The post Last Chance to Speak at Open Source Summit and ELC + OpenIoT Summit Europe – Submit by July 1 appeared first on The Linux Foundation.

    https://www.linuxfoundation.org/blog/last-chance-to-speak-at-open-source-summit-and-elc-openiot-summit-europe-submit-by-july-1/

    read more
  • Open Source Guides

    The Open Source Guides for the Enterprise are now available in Chinese.

    The popular Open Source Guides for the Enterprise, developed by The Linux Foundation in collaboration with the TODO Group, are now available in Chinese. This set of guides provides industry-proven best practices to help organizations successfully leverage open source.

    “Making these resources available to Chinese audiences in their native language will encourage even greater adoption of and participation with open source projects,” said Chris Aniszczyk, CTO of Cloud Native Computing Foundation and co-founder of the TODO Group. The guides span various stages of the open source project lifecycle, from initial planning and formation to winding down a project.

    The 10 guides now available in Mandarin include topics such as:

    Creating an Open Source Program by Chris Aniszczyk, Cloud Native Computing Foundation; Jeff McAffer, Microsoft; Will Norris, Google; and Andrew Spyker, Netflix Using Open Source Code by Ibrahim Haddad, Samsung Research America Participating in Open Source Communities by Stormy Peters, Red Hat; and Nithya Ruff, Comcast Recruiting Open Source Developers by Guy Martin, Autodesk; Jeff Osier-Mixon, Intel Corporation; Nithya Ruff; and Gil Yehuda, Oath Measuring Your Open Source Program’s Success by Christine Abernathy, Facebook; Chris Aniszczyk; Joe Beda, Heptio; Sarah Novotny, Google; and Gil Yehuda

    The translated guides were launched at the LinuxCon + ContainerCon + CloudOpen China conference in Beijing, where The Linux Foundation also welcomed Chinese Internet giant Tencent as a Platinum Member.

    The post Open Source Guides for the Enterprise Now Available in Chinese appeared first on The Linux Foundation.

    https://www.linuxfoundation.org/blog/open-source-guides-for-the-enterprise-now-available-in-chinese/

    read more
});