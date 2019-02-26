Databases: CockroachDB and MariaDB Progress
Cloud native databases. Serverless databases. However you want to call them, there's a new breed of databases on the rise. One that promises automatic scalability on a global scale: No more toiling over configuration, management, replication and the like, just spin some instances in the cloud and go.
Open source database specialist MariaDB is continuing its assault on the market leader Oracle, but is also setting its sights on the increasingly powerful cloud vendors.
CEO Michael Howard - who worked at Oracle for four years between 1996-2000, before he joined MariaDB in December 2015 - sat down with Computerworld UK to talk about becoming the "heir apparent" to Oracle, developing an autonomous database and its three-year plan to go public.
At the MariaDB OpenWorks held earlier this week, MariaDB CEO Michael Howard took a stab at big proprietary cloud vendors and accused them of “strip-mining open-source technologies and companies,” and “abusing the license and privilege, not giving back to the community.”
His keynote at the event described his plans for MariaDB, the future of MariaDB, and how he plans for MariaDB on becoming an ‘heir to Oracle and much more’. Furthermore, the entire keynote saw instances of Howard targeting his rivals- namely Amazon and Oracle- and comparing MariaDB mottos to its rivals.
US pharmacy giant Walgreens is looking to move all of its relational database needs to open source MariaDB as part of a broader shift towards the cloud and open source technologies.
The Walgreens Boots Alliance signed a major partnership with Microsoft in January this year, which in part included a commitment to move the majority of its IT infrastructure to the Azure cloud. The company actually began a cloud strategy in 2017, but that naturally changed somewhat after the big deal with Microsoft was inked.
Openwashing and Other "Open" Things
Top open source contributors: Something big is missing from the list [Ed: "Companies that use open source need to start contributing more," says Mac Asay after commending companies that do the most openwashing]
Redis Labs has changed the way it licenses its Redis Modules, adding to the list of companies attempting to find ways to stop commercial organizations taking their products, rebranding them and selling them as services without contributing to the original creators.
Redis made the announcement along with details of new funding of $60 million. Redis is best known for its open source advanced key-value store where the keys can contain strings, hashes, lists, sets and sorted sets. The news of the Redis license reworking follows similar announcements by other open source companies including MongoDB and Confluent.
"Web Design Primer" is a new open-source eBook published by the Ryerson University Library by authors Richard Adams, Associate Professor in the School of Graphic Communications Management, and Ahmed Sagarwala, Manager of Industry Relations in the Digital Media Zone (DMZ). The book explains the basics of the HTML and CSS codes used to create web pages, and related technologies including JavaScript, jQuery, audio, video, and animation. The book is designed to accompany a one-semester course on web design.
In this edition of our open source news roundup, we take a look animation software going open, new open source medical tool, Nijmegen updates its open source policy, and more!
The University of California (UC) is the latest institution to cancel its subscription to leading academic publisher Elsevier. UC cites high costs and the lack of open access research among the reasons. This likely means an increase in traffic for Sci-Hub, the site that's often referred to referred to as 'The Pirate Bay for Science', which may actually play a bigger role than some suspect.
As a leader in the global movement toward open access to publicly funded research, the University of California is taking a firm stand by deciding not to renew its subscriptions with Elsevier. Despite months of contract negotiations, Elsevier was unwilling to meet UC’s key goal: securing universal open access to UC research while containing the rapidly escalating costs associated with for-profit journals.
Dr. Pearce, an open-source champion and professor of Materials Science & Engineering and the Electrical & Computer Engineering at Michigan Tech is the author of Open-Source Lab: How to Build Your Own Hardware and Reduce Research Costs and several papers on the subject. He currently teaches the MY4777 course which is “an introduction to distributed additive manufacturing using open-source 3D printing.”
Coming from a rather closed technical environment, transport ticketing is mainly based on proprietary solutions provided by specialised manufacturers. Operators, on the other hand, need to upgrade their systems regularly to offer new services to passengers and improve their financial performance. Increasingly driven by digital technologies, ticketing, which was stable for decades, now evolves at the speed of the digital age. The conjunction of solutions being closed and the increasing need for evolution lead inevitably to a deadlock.
Programming: OpenKiwi, Azul, ActiveState Survey and WSO2's Ballerina
OpenKiwi is implemented in Python using Pytorch as its deep learning framework, and has a user-friendly API which can be imported as a package in other projects, or run from the command line. With this release, teams taking part in the shared tasks of WMT19, the fourth conference on Machine Translation, can use OpenKiwi to examine automatic methods for estimating the quality of machine translation output at run-time, covering estimation at various levels and studying the performance of quality estimation approach on the output of neural machine translation systems.
Eurotech Java-based embedded devices to include Azul Zulu Embedded builds of OpenJDK for systems based on x86 and Arm processors.
Azul Systems (Azul), the award-winning leader in Java runtime solutions, today announced a high-impact series of updates to its Zulu Enterprise OpenJDK support offerings. Zulu Enterprise now features the industry’s best SLA for security vulnerability fixes, the first availability of Java Flight Recorder support in an OpenJDK 8 based build, and the first commercial support offering for the OpenJDK Mission Control project. In addition, with Zulu Enterprise Azul provides the industry’s only certification against non-contamination when running on OpenJDK-based builds, as well as broad indemnification against IP contamination issues.
Today ActiveState opened its annual developer survey for 2019.
WSO2, an enterprise open source integration company, celebrated its open-source Ballerina computer language with dozens of real ballerinas this week at the San Francisco Opera House for a performance of "Sensorium" by the San Francisco Ballet.
Security Leftovers
Lopez joined HackerOne, a popular bug bounty crowdfunding platforms, in 2015 and since then he has uncovered more than 1,670 bugs and vulnerabilities. He learned spot high-paying vulnerabilities like Insecure Direct Object Reference (IDOR) and Cross-Site Request Forgery (CSRF) by watching Youtube videos and other sources from Internet.
Normally, when we discuss graphics drivers, there are a subset of users that like to stay on old versions.
Just days after a remote code execution flaw in open-source web publishing software Drupal was made public, researchers have already spotted live exploits in the wild – reinforcing the need for admins to patch and update their sites immediately.
As The Register reported last week: "A successful exploit of the vulnerability would allow a hacker to remotely run malicious code on the targeted website's server, effectively commandeering the site."
Drupal's maintainers told us at the time they went public that "some field types do not properly sanitize data from non-form sources", which could "lead to arbitrary PHP code execution in some cases".
Kenna Security and Sonatype have announced a partnership to provide risk assessment and vulnerability intelligence for open source projects. According to Sonatype research, between 80% and 90% of enterprise applications are made of open source components, and an average enterprise uses more than 150,000 open source libraries. Understanding the vulnerabilities found in those components is critical for overall enterprise security, the companies said in announcing the partnership.
Most software developers use well-adapted third-party open source libraries/software to accelerate the application development process. Security bugs in these libraries are popping up regularly and are getting fixed quickly, but many mobile application developers fail to keep track of disclosed bugs and to implement the fixes without delay.
OSSPatcher is aimed at making their lives easier and making their applications more secure for users.
StrongKey has made it even easier for web developers to meet the FIDO2 certification standard. The digital security company has announced that it will be making its FIDO server available as a free, open-source platform in an effort to accelerate the transition to a password-free society.
“Removing passwords has become a critical necessity in today’s cyberthreat environment,” said StrongKey CTO Arshad Noor, explaining that passwords are the most common source of data breaches. “We’ve decided to contribute our FIDO server to the open-source community for the betterment of everyone. We invite developers to participate so organizations can leave passwords behind.”
Developers are open to taking increasing responsibility for open source security, according to a report from Snyk. Unfortunately, the report also shows developers are also open about their own security shortcomings.
