 Hi, this is Josep Lepardia and we are here at Open Source Summit in Vancouver, Canada. And today we have with us once again, Tim Servitz, director of training program at the Linux Foundation. Tim, it's great to have you back on the show. Thanks for having me here. What kind of challenges you are seeing when we look at the new cloud-centric, a lot of folks who we keep hearing about new vulnerabilities that somebody was compromised. Some of them are Linux Foundation members as well. So that means everybody needs help. Absolutely. Absolutely. Security is really everybody's job. To a large extent, the thought was there's a security team. It's somebody else's job. And we are trying to change the culture to have it, again, you don't even have to be in IT. If you have a computer, you should know some basics of what to do and how to interact on the internet. The 900 plus projects that are now part of Linux Foundation, every single bit of software has a security implication. And in the training area, we do our best to help with that, whether it is a dedicated course for that one project, as well as these more general courses. We have a new organization called the Security Knowledge Framework. And we're going to be introducing a lot of scenario-based environments so that many people can interact and get better at their application, regardless of what their application or software does. So we are trying to help not just the kernel, which we have a long history of, but application space and even end-user space. So we're making a real strong move into cybersecurity because it does help everybody to be secure. And once again, did we look at all the sister organizations? Do you also work with them to kind of gather some inputs so you can understand what are the pain points of that specific vertical industry? I do my best with so many different big projects, so much dynamic environment with people joining. It is a challenge. I'm lucky that I have an outstanding team that helps. And I try to make myself available. So when the project realizes, let's start really getting the word out to our community. I'm eager for that. And I have a team of instructional designers that are outstanding. We create the content and we help produce those courses for our partners so that they can get the word out. And we do our best with our expertise to make sure that it's heard and understood by that community and the larger environment as well. Can you talk about some of the worrying or disturbing trends that you're seeing? You know, if you just look at, you know, all these projects where you're like, hey, this is the area that they need help, or this is the area where their gaps and security. Of course, anytime a community is forming, there's going to be issues. One of the things that you see a lot is that there's a focus on advancement. We have to get something done. And this is why security, security documentation are always the last two things looked at. So now that we have a working product, we should turn back and start writing down how it works and we should start making it secure. So in general, we try to help all of our projects understand that security should start with the first idea. We're going to have a bit of software that does something. Whatever that something may be, security should be part of that very first conversation. How are we going to do it? Not just that it works, but that it's going to be secure and that the people using it will know that we've invested our time, energy and thought. Into a safe product to use. Before I move further into the cyber security, I also want to talk about some new initiative that are going on within the learnings foundation, which is focus on sustainability. Now, sustainability could mean different things to different people. What do you think how improving security can help with some of those goals? It could be, I was talking to somebody and they're like, just using a specific language like Rust or whatever it is, it consumes less computing resources, which also means you're generating less heat. You're also consuming less electricity, so which is also having indirect impact. So we have to go for the smaller smaller. Do you see security also can have an impact there? It might, as with many things, if you can have the smallest footprint possible, that is not only ecologically sound, it is also typically more secure. The everything that you install, every line of code that you have, you have to keep track of it. You have to wonder about it. So Lean is good. And from energy usage, as you mentioned, to I don't know what the code is, how do we know what we have out there? There's a lot of, I would say, ticking time bombs in a lot of enterprise environments where they don't even know what software they have and they don't even realize that they have that vulnerability. My hope is that all companies start to not just look at, let's look at that old code and let's see if it has a vulnerability, but while they're there, can we make it more efficient? Can we say, is this a function call that we do a billion times a minute that takes this many CPU cycles? Could we cut it in half? Is there something we could do it? It's similar to recycling. Small actions add up over time. So being more secure, being more efficient, we have the green foundation for this purpose to really bring awareness to just how much resources we use to not only generate the electricity, but then of course there's the cooling, there's all these resources that go into IT and I think it's a good thing to be a good shepherd of those resources. I want to go back to the point of cultural shift. Of course, you folks are doing a lot of initiative, but what organizations can do so that it creates a culture within organizations where it's a rewarding culture, not a culture of punishing somebody, hey, something went wrong so you might get fired. So talk about that aspect and how important it is and what you folks are doing in that aspect. Well, cultural change is the hardest thing to do. Change in general is very difficult. All you really can do is set a good example, lead by example and draw people. As you said, the punishment idea, forcing somebody, dictating something, typically never lasts. They'll do it until you're not paying attention again. So a lot of the initiatives that we do, how we run our own organization, how we interact with our own staff, our projects themselves, we try to live up to these examples and so that they have an example. This is the way to do it. This is the way to be as a culture. We're very important with a work-life balance at the Linux Foundation. We have Focus Fridays, where most people at Friday, but you have time to really focus on your job and not necessarily have meetings. These sorts of things where we say the person matters and take a work-life balance so that when you're at work, you're gonna work really efficiently. So just like security, just like the legacy zombie apps, we really want the best of the app or the person while they're there and not be using it, not be spinning on something when not necessary. So we're leading by example. In the Linux Foundation, typically, we don't talk about ourselves, we talk about our projects. That's why we're here. But I think as helping them excel, we try to do that through a good example. One more thing that I want to talk about is that quantum circuit course that was talking a bit about that course and let's talk security can play a role there. There's less interaction with our quantum security, sorry, our quantum circuit course and security. We have started quantum courses where this is our second and we have another quantum course that will be released very soon. Some are aimed at political leaders so they understand what quantum is and that there is this looming change to technology that will actually impact the entire world. Quantum will change the way we do everything. Now, quantum circuits is a lower level understanding of the distinction between a standard circuit, the one and a zero and understanding that in a quantum environment and I get into some of the physics of entanglement and phase state, but what really is to be understood is that this is not just a faster computer, it's a different type of computer. So quantum, a little bit of tie into security, quantum will be able to not only calculate, let's say, Schor's algorithm to decrypt something, not only be able to do that, but quantum will show you if there's a flaw in that algorithm. So what we're really talking about here is a change in nature. A common example I give is I can drive at 60 miles an hour, I can take a train, a bullet train at 300 miles an hour. What quantum is, is a space shuttle. Yes, it goes 160 million times faster or so, it also goes to outer space. It's a different type of transport. So a quantum system will be able to not just solve these problems faster, but it will look and realize the flaw in an algorithm. So for security reasons, that is a huge implication. Can I change my encryption standard easily? Those are all considerations. Quantum circuits, we need to have everybody understand quantum from kindergartners to the people who make the hardware for the next generation equipment. And that's where the quantum circuits course will really get people thinking about that this isn't just a typical gate, that it's a one and a zero, that the way that I order the spin of these qubits, quantum bits, is distinct from a traditional system. So we're talking airplane or rocket ship compared to a faster train or faster car. Any other courses that of course you folks do is launch a lot of course, any other course that you want to specifically talk about today? Absolutely, I'm very excited about a new course on Rust. We don't, in our catalog currently, we don't have a lot of programming courses, but with the change in the kernel to start accepting Rust in certain circumstances, I felt that it was important that we address that. And so we have a course that should be available in about a month and a half. It's been written. We're just putting in the process of finishing touches on it and we'll start teaching Rust to developers with the goal of modules and other kernel functions at first. But I foresee probably several different courses in this space to really help people, again, optimize security efficiency for the kernel and applications. Tim, thank you so much for taking time out today and of course give us some date on all the projects that you're working on. Thank you for sharing all those insights, especially about the basic hygiene, which is really important. Culture is as important as technology. Thanks for those insights and as well I'd love to sit down and chat with you again soon. Thank you. Thanks so much for having me. I appreciate it.