Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • Google open sources ClusterFuzz

    The fuzzing software is designed to automatically feed unexpected inputs to an application in order to unearth bugs.

    Google originally wrote ClusterFuzz to test for bugs in its Chrome web browser, throwing 25,000 cores at the task. In 2012, Google said that ClusterFuzz was running around 50 million test cases a day on Chrome. So far it’s helped find some 16,000 bugs in the web browser.

    [...]

    ClusterFuzz has been released under version 2.0 of the Apache License.

  • Google open-sources ClusterFuzz, a tool that has uncovered 16,000 bugs in Chrome

    Ever heard of “fuzzing”? It’s not what you think — in software engineering, the term refers to a bug-detecting technique that involves feeding “unexpected” or out-of-bounds inputs to target programs. It’s especially good at uncovering memory corruption bugs and code assertions, which normally take keen eyes and a lot of manpower — not to mention endless rounds of code review.

    Google’s solution? Pass the fuzzing work off to software. Enter ClusterFuzz, a cheekily named infrastructure running on over 25,000 cores that continuously (and autonomously) probes Chrome’s codebase for bugs. Two years ago, the Mountain View company began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz, and today, it’s open-sourcing it on GitHub.

  • Last week of early birds!

    We do have some parts of the schedule fixed: the trainings and some initial speakers.

    The trainings are open enrollment courses at a bargain price, where parts of the dividends goes to financing the conference. This year we have two great trainers: Michael Kerrisk of manpage and The Linux Programming Interface fame, and Chris Simmonds, the man behind the Mastering Embedded Linux Programming book and a trainer since more than 15 years. The trainings held are: Building and Using Shared Libraries on Linux and Fast Track to Embedded Linux. These are both one day courses held in a workshop format.

  • Closing AGPL cloud services loop-hole: a MongoDB approach

    The problem comes with software-as-a-service. Large cloud or hosted services providers have found ways to commercialise popular open source projects without giving anything back, thus limiting software freedom intended by the licensors. The business model primarily focuses on offering managed services, e.g. customisation, integration, service levels and others, to a freely available open source component and charging a fee for this. Open source projects do not usually have the scale to effectively withstand such competition by providing similar offerings. To say the least, this pattern incentivises the writing of the software in closed source code.

    AGPL is not enough to capture such a services scenario. Commercial entities rarely modify open source components and, if they do, releasing corresponding source code to such modifications does not affect their proprietary interests or revenue flow.

More in Tux Machines

Variscite unveils two i.MX8 QuadMax modules

Variscite announced Linux-powered “VAR-SOM-MX8” and “SPEAR-MX8” modules with an up to an i.MX8 QuadMax SoC plus up to 8GB LPDDR4 and 64GB eMMC. It also previewed a VAR-SOM-6UL COM. At Embedded World next week in Nuremberg, Germany, Variscite will showcase its Linux and Android driven i.MX8-family computer-on-modules, including new VAR-SOM-MX8 and SPEAR-MX8 modules that feature NXP’s highest-end i.MX8 SoC up to a QuadMax model (see farther below). We have already covered most of the other showcased products, including the 14nm fabricated, quad -A53 i.MX8M Mini based DART-MX8M-Mini. When we covered the DART-MX8M-Mini in September, Variscite didn’t have an image or product page, but both are now available here Read more

Android Leftovers

Programming: Developer Happiness, Rblpapi 0.3.8 and Python

  • Developer happiness: What you need to know
    A person needs the right tools for the job. There's nothing as frustrating as getting halfway through a car repair, for instance, only to discover you don't have the specialized tool you need to complete the job. The same concept applies to developers: you need the tools to do what you are best at, without disrupting your workflow with compliance and security needs, so you can produce code faster. Over half—51%, to be specific—of developers spend only one to four hours each day programming, according to ActiveState's recent Developer Survey 2018: Open Source Runtime Pains. In other words, the majority of developers spend less than half of their time coding. According to the survey, 50% of developers say security is one of their biggest concerns, but 67% of developers choose not to add a new language when coding because of the difficulties related to corporate policies.
  • Rblpapi 0.3.8: Keeping CRAN happy
    A minimal maintenance release of Rblpapi, now at version 0.3.9, arrived on CRAN earlier today. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg (but note that a valid Bloomberg license and installation is required). This is the ninth release since the package first appeared on CRAN in 2016. It accomodates a request by CRAN / R Core to cope with staged installs which will be a new feature of R 3.6.0. No other changes were made (besides updating a now-stale URL at Bloomberg in a few spots and other miniscule maintenance). However, a few other changes have been piling up at the GitHub repo so feel free to try that version too.
  • Episode #200: Escaping Excel Hell with Python and Pandas
  • Testing native ES modules using Mocha and esm.

Games: Steam, Devil Engine, City Game Studio and More