Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • Google open sources ClusterFuzz

    The fuzzing software is designed to automatically feed unexpected inputs to an application in order to unearth bugs.

    Google originally wrote ClusterFuzz to test for bugs in its Chrome web browser, throwing 25,000 cores at the task. In 2012, Google said that ClusterFuzz was running around 50 million test cases a day on Chrome. So far it’s helped find some 16,000 bugs in the web browser.

    [...]

    ClusterFuzz has been released under version 2.0 of the Apache License.

  • Google open-sources ClusterFuzz, a tool that has uncovered 16,000 bugs in Chrome

    Ever heard of “fuzzing”? It’s not what you think — in software engineering, the term refers to a bug-detecting technique that involves feeding “unexpected” or out-of-bounds inputs to target programs. It’s especially good at uncovering memory corruption bugs and code assertions, which normally take keen eyes and a lot of manpower — not to mention endless rounds of code review.

    Google’s solution? Pass the fuzzing work off to software. Enter ClusterFuzz, a cheekily named infrastructure running on over 25,000 cores that continuously (and autonomously) probes Chrome’s codebase for bugs. Two years ago, the Mountain View company began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz, and today, it’s open-sourcing it on GitHub.

  • Last week of early birds!

    We do have some parts of the schedule fixed: the trainings and some initial speakers.

    The trainings are open enrollment courses at a bargain price, where parts of the dividends goes to financing the conference. This year we have two great trainers: Michael Kerrisk of manpage and The Linux Programming Interface fame, and Chris Simmonds, the man behind the Mastering Embedded Linux Programming book and a trainer since more than 15 years. The trainings held are: Building and Using Shared Libraries on Linux and Fast Track to Embedded Linux. These are both one day courses held in a workshop format.

  • Closing AGPL cloud services loop-hole: a MongoDB approach

    The problem comes with software-as-a-service. Large cloud or hosted services providers have found ways to commercialise popular open source projects without giving anything back, thus limiting software freedom intended by the licensors. The business model primarily focuses on offering managed services, e.g. customisation, integration, service levels and others, to a freely available open source component and charging a fee for this. Open source projects do not usually have the scale to effectively withstand such competition by providing similar offerings. To say the least, this pattern incentivises the writing of the software in closed source code.

    AGPL is not enough to capture such a services scenario. Commercial entities rarely modify open source components and, if they do, releasing corresponding source code to such modifications does not affect their proprietary interests or revenue flow.

More in Tux Machines

OSS: Huawei and "GNU's Not Unix."

  • Huawei Could Rebuild Trust in Their Products Through Open Source

    Open source code for Huawei equipment would allow nations, companies, and individuals alike to verify that the code is free of malware, and that it contains no obvious security problems.

    Reproducible builds allow everyone to be reassured that the code running on the network devices matches the open source code that is reviewed by the public. This removes another layer of distrust.

    And if you want to protect against the advent of Chinese “malicious updates” you can use multi-party key signature schemes for firmware updates, to ensure that updates are approved by the government/company before they are rolled out.

  • The WIRED Guide to Open Source Software

    The open source software movement grew out of the related, but separate, "free software" movement. In 1983, Richard Stallman, at the time a programmer at the MIT Artificial Intelligence Laboratory, said he would create a free alternative to the Unix operating system, then owned by AT&T; Stallman dubbed his alternative GNU, a recursive acronym for "GNU's Not Unix."

    For Stallman, the idea of "free" software was about more than giving software away. It was about ensuring that users were free to use software as they saw fit, free to study its source code, free to modify it for their own purposes, and free to share it with others. Stallman released his code under a license known as the GNU Public License, or GPL, which guarantees users those four software freedoms. The GPL is a "viral" license, meaning that anyone who creates software based on code licensed under the GPL must also release that derivative code under a GPL license.

GNOME 3.34 Desktop Environment Development Kicks Off with First Snapshot

GNOME 3.34 will be the next major release of the popular free and open-source desktop environment for Linux-based operating systems, expected to hit the streets later this year on September 11th. During its entire development cycle, GNOME 3.34 will be developed under the GNOME 3.33.x umbrella. Work on the GNOME 3.34 desktop environment begun a few weeks ago, after the launch of the GNOME 3.32 "Taipei" desktop environment, which is already the default desktop environment of the recently released Ubuntu 19.04 (Disco Dingo) operating system and other GNU/Linux distributions. Read more

The mysterious history of the MIT License

I say "seemingly straightforward" because the MIT License is one of the most popular licenses used by open source software. The MIT License, Apache License, and BSD license are the main permissive licenses, a term that contrasts with reciprocal licenses like the GPL, which require source code to be made available when software is redistributed. Given its popularity, you'd think the license's inception would be well-documented. I found various clues that added up to a date in the late 1980s but nothing definitive. However, Keith Packard and Jim Gettys jumped on the thread to offer first-hand accounts of the license's creation. In addition to providing early examples of the license, their help also gave me the context to better understand how the license evolved over time. Read more

BSD: A Look at NomadBSD and Audiocasts About BSDs and ZFS

  • NomadBSD, a BSD for the Road
    As regular It’s FOSS readers should know, I like diving into the world of BSDs. Recently, I came across an interesting BSD that is designed to live on a thumb drive. Let’s take a look at NomadBSD. [...] This German BSD comes with an OpenBox-based desktop with the Plank application dock. NomadBSD makes use of the DSB project. DSB stands for “Desktop Suite (for) (Free)BSD” and consists of a collection of programs designed to create a simple and working environment without needing a ton of dependencies to use one tool. DSB is created by Marcel Kaiser one of the lead devs of NomadBSD. Just like the original BSD projects, you can contact the NomadBSD developers via a mailing list.
  • Fun with funlinkat() | BSD Now 295
    Introducing funlinkat(), an OpenBSD Router with AT&T U-Verse, using NetBSD on a raspberry pi, ZFS encryption is still under development, Rump kernel servers and clients tutorial, Snort on OpenBSD 6.4, and more.
  • Snapshot Sanity | TechSNAP 402
    We continue our take on ZFS as Jim and Wes dive in to snapshots, replication, and the magic on copy on write. Plus some handy tools to manage your snapshots, rsync war stories, and more!