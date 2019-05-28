OSS Leftovers
The current age is of supercomputers in our pockets. However, despite using the best security tools, criminals keep on attacking online resources. This post is to introduce you to Incident Response (IR), explain the different stages of IR, and then lists three free open source software that helps with IR.
Top 5 Recently Open Sourced Framework For Developers [Ed: Analytics India Magazine seems to have learned that things outside Microsoft (GitHub) do exist and count]
Over the last couple of years, tech giants have been open sourcing their projects so that both the companies, as well as the developer community can benefit from the same.
According to a recent survey, nearly 53% of the companies have open source programmes or have plans to establish them within the next year. The survey also pointed out that nearly 59% of the respondents felt that open source programs are critical to the success of engineering and product teams.
Searching for ETL and data integration software can be a daunting (and expensive) process, one that requires long hours of research and deep pockets. The most popular enterprise data management tools often provide more than what’s necessary for non-enterprise organizations, with advanced functionality relevant to only the most technically savvy users. Thankfully, there are a number of free and open source ETL tools out there. Some of these solutions are offered by vendors looking to eventually sell you on their enterprise product, and others are maintained and operated by a community of developers looking to
In this article we will examine free and open source ETL tools, first by providing a brief overview of what to expect and also with short blurbs about each of the currently available options in the space. This is the most complete and up-to-date directory on the web.
Before the world became flat, the world became highly networked. Boundaries around locations and time zones blurred. The world today is highly productive and efficient but only if the network link is functioning between locations. As networks have become bigger and busier, monitoring has become complex and critical. Cloud services, web meetings, video, VoIP, BYOD — you name it — have further added stress on your network. Network monitoring in the cloud environment is particularly challenging because container environments are continually evolving and the applications built are equally dynamic and may scale or disappear entirely at any given point. Network performance monitoring can consist of monitoring performance of websites, Internet servers, the various links and, route analytics. Response time, availability, and uptime are important metrics to monitor for any network. For example, status request failures, timeouts, and connection failure to retrieve a file or message indicate network failure that triggers an action in the monitoring system for troubleshooting. Here is a list of open source networking tools for administrators to keep handy.
When I think about technology and data today, there is a seismic shift from ‘confinement’, and ‘restriction’ to ‘openness’ and ‘transparency’.
In technology, exciting breakthroughs coming to us are happening because of collective efforts and collaboration. And, most technologists and business leaders find this openness attractive—be it becoming more agile in a state of changing market dynamics, staying innovative and insight-driven, reducing operating cost, and doing more with less.
On the other hand, data liberation and data literacy are the mainstream debates. Data is increasingly being generated from different channels: it comes from inside and outside the organization in both structured and unstructured ways. It is distributed and stored across cloud, on-premises, and hybrid infrastructures. And, organizations that invest in leveraging data for data-driven decisions and improving brand trust at every level will have a competitive advantage.
The library is available to Si2 members and universities at no fee under the Apache-2.0 open source license agreement.
The “one blockchain to rule them all” sentiment has been prevalent in those who followed the battle between Ethereum and Bitcoin, yet the developers of the Cosmos SDK, an open-source framework for building blockchain applications in Go, share a different philosophy.
Many companies no doubt envy the all open-source elite — companies that chucked proprietary software in favor innovative, rapidly upgraded operating system technologies. But they don’t envy the work of the information technology personnel that must run it day-in-day-out. Combining the perfect mix of OS software for production in enterprises is still a pretty messy business.
David Schmidt was taking petition signatures to get this open source vote check bill passed before the California Assembly. It will allow voters to check their votes rather than he says corporate machines.
Adam Clater, chief architect for North America public sector at Red Hat, wrote in a GCN article published Tuesday that federal agencies should advance information technology modernization and the initial step they need to do is avoiding proprietary or vendor lock-in arrangements when it comes to cloud adoption.
“Cost-effective and long-term efficient modernization demands that agencies have the capability to build applications that can run in and across any cloud,” Clater wrote.
“Without that hybrid cloud capability, agencies may well end up in the same place they started.”
Open source technology offers agencies the freedom of choice they need to effectively innovate their way out of their current challenges...
At a time when lots of enterprise tech companies founded around open-source projects are reconsidering their approach, Puppet is doubling down on its open-core philosophy.
That’s the approach that new Puppet CEO Yvonne Wassenaar is taking with the Portland company’s product strategy as other companies consider opening or closing their software projects to different degrees. Puppet believes that a new emphasis on its open-source Bolt task-automation project, as well as a new cloud-native infrastructure management project called Lyra that will become generally available this morning, will draw users interested in applying those capabilities to small teams who will hopefully upgrade to paid products like Puppet Enterprise as their needs increase.
One of the world’s largest consultancy firms has released a new set of protocols for enabling private transactions atop the ethereum blockchain.
The project, dubbed “Nightfall,” by Ernst & Young (EY) was released on GitHub Friday.
The goal, according to the code’s description on GitHub, is to provide a means for transacting on ethereum with “complete privacy.” As it states:
There's been considerable skepticism about how much can be accomplished with blockchain, and a feeling that it may have been a passing fad. However, software developers, as a professional group, are optimistic about blockchain technologies. A majority, 55%, say there are potential applications for blockchain beyond its cryptocurrency roots.
ARK has launched ARK Deployer; a free tool that enables users to quickly and easily create their own blockchain in just a few simple steps.
ARK, a leading Blockchain technology provider with an open-source Blockchain platform, has launched the ARK Deployer; a free tool that enables users to quickly and easily create their own Blockchain in just a few simple steps.
The ARK Deployer revolutionizes a process that previously was lengthy and complex because it significantly reduces the barriers to enter Blockchain technology due to the intuitive user interface. Now anyone, regardless of their technical experience
or background, can build, customize and deploy their own Blockchain. ARK Deployer could be interesting for developers, individuals, startups, and businesses across the world who want to create and customize their own Blockchain, tailored to their individual needs.
The goal of URQL is to be easy to use yet powerful, and the developers have chosen to rearchitect the 1.0 version around a new approach of "Exchanges"...
Debian and Events: LTS, Arduino, GSoC, DebConf and Texas Linux Fest 2019
I was assigned 18 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.
I released Linux 3.16.66, and then prepared and released Linux 3.16.67 with a small number of fixes. I backported the updated Linux 4.9 packages from Debian 9.9, uploaded them and issued DLA-1771.
I had a little advance notice of the MDS speculative execution flaws, and started backporting the mitigations for these to older stable branches, starting with a version for Linux 4.14. I backported to 4.9 (Debian stretch/jessie) first, then to 4.4 (CIP) and 3.16 (Debian jessie). The charge for this time was accordingly split between CIP and Freexian.
Once the robot arrived, we needed to track down batteries and figure out how to build custom firmware for it with the appropriate wifi settings. I asked a friend if I could get two 18650 batteries from his pile of Tesla batteries (he had then from the wrack of a crashed Tesla), so now the rover is running on Tesla batteries.
Building the rover firmware proved a bit harder, as the code did not work out of the box with the Arduino IDE package in Debian Buster. I suspect this is due to a unsolved license problem with arduino blocking Debian from upgrading to the latest version. In the end we gave up debugging why the IDE failed to find the required libraries, and ended up using the Arduino Makefile from the arduino-mk Debian package instead. Unfortunately the camera library is missing from the Arduino environment in Debian, so we disabled the camera support for the first firmware build, to get something up and running. With this reduced firmware, the robot could be controlled via the controller server, driving around and measuring distance using its internal acoustic sensor.
Here’s a quick rundown on my project for this summer:
The Debian Patch Porting System aims to systematize and partially automate the security patch porting process.
The number of security vulnerability identifiers is quite large- these are relevant to specific distributions, organizations and applications. Each organization handles security vulnerabilities that are relevant to them in their own way. MITRE’s vulnerability identifier called Common Vulnerabilities and Exposures (CVE) is global, and most advisories are somehow related to a CVE.
The purpose of the system is to unify all these algorithmically for easy patch finding, management and application. The system would be able to take any vulnerability as input and extract patches w/r/t that vulnerability. Patches can be collected by employing certain patch finding methods. Some of these methods are to crawl sites, trackers, and various distributions’ respositories. Along with that, general purpose information about that vulnerability and its equivalent identifiers for other organizations could also be collected to get the vulnerability’s complete profile. This profile could then be stored in a NoSQL database.
Following this, the system would then test whether the patches are applicable for the upstream source that they are for. Patching heuristics can be employed to test the patch’s applicability in the source package. Some of these heuristics are fuzzing, patching w/r/t offsets, etc.
The nature of the system is to be generic enough so that it can fit in with Debian (maybe allow use with the Debian Security Tracker), or act independently as well.
I started contributing to open source around an year back and on 1st January 2019 to Debian, specifically (wasn’t really a new year resolution, though :P).
I’ll be honest here. The reason behind taking the “Debian road” was solely to distract myself from the mental abuse I was going through.
[...]
Since I wanted to distract myself from various stuff, I learnt things quickly and kept working, consistently.
I turned up on IRC every single day since then. Praveen became both, my guru and my package sponsorer. He kept uploading and I kept packaging. This went on for a month until my dificulty level was bumped. From basic Ruby gems and Node libraries, I was given gems and modules that had a test failures to debug and had a weirdly different build system. This made me uncomfortable. I complained. To which, Praveen said and I quote,
"If you want to keep working on a simple stuff, then it's not gonna help you move forward. And it's your loss. No one else would care. So it's your call."
There was probably no option there, was it? :P
I took it on. Struggled for a few days but it became normal and I made it through. Like they say, “It gets better :)”, it did!
I took a little more challenging stuff, understood more concepts. Fixed test failures, RC bugs and learned a lot of stuff (still a lot, lot more to learn, though) in the process, like understanding about the Debian release cycle, how the migration of package takes place, setting up your own repositories, et al.
In this process, I also met another JS guru, Xavier. He did not only corrected my mistakes and sponsored my packages, but also helped me in actually understanding a lot of things. From the mailing list, we started conversing over private mail threads and soon, in a span of 3 months, the thread stretched over to 300 mails!
In the early March, I was told that I could apply for the position of the Debian Maintainer, if only I understood the process of when to upload a package to experimental and when to unstable. I was given a few packages as a test by Praveen for the same.
And luckily, I passed. This meant that the only part remaining was to fulfil the initial keysigning requirement. For which, there was a Mini DebConf, Delhi around the corner.
As it happened, Praveen, Abhijith, and Sruthi came to the Mini DebConf from Kerala and I got my keys signed by them! :D
Soon after, I applied for becoming a DM.
[...]
Lastly, thanks to the Debian community. Debian has really been an amazing journey, an amazing place, and an amazing family. I am just hoping to make it to DebConf and meet all the people I adore \o/
-
I was in Marseille last week for the mini-DebConf the fine folks at Debian France organised and it was great! It was my first time there and I really enjoyed the city.
The venue was lovely and perfectly adapted to the size of the conference. The main auditorium was joy to work in: blinds on the windows to minimize the sun glare, a complete set of stage lighting and plenty of space to set up our gear.
If you couldn't attend the conference, you can always watch the talks on our video archive.
The highlight of my trip was the daytrip to the nearby Frioul archipelago. Although we repeatedly got attacked by angry seagulls (they were protecting their chicks), the view from the south shore of the Pomègues Island was amazing. It was also the first time I went on a daytrip during a mini-DebConf and I think it should happen more often!
Another Texas Linux Fest has come and gone! The 2019 Texas Linux Fest was held in Irving at the Irving Convention Center. It was a great venue surrounded by lots of shops and restaurants.
If you haven’t attended one of these events before, you really should! Attendees have varying levels of experience with Linux and the conference organizers (volunteers) work really hard to ensure everyone feels included.
The event usually falls on a Friday and Saturday. Fridays consist of longer, deeper dive talks on various topics – technical and non-technical. Saturdays are more of a typical conference format with a keynote in the morning and 45-minute talks through the day. Saturday nights have lightning talks as well as “Birds of a Feather” events for people with similar interests.
-
Frankenstein Linux malware and a Docker bug that’s blown out of proportion get our attention this week.
As well as the new GParted release, the Unity Editor for Linux and the Browser vendors struggle with the W3C’s latest twist.
-
Josh and Kurt talk about public disclosure of a security incident. We start out with a story about Canva, then discuss what do you do if you have a security incident? Who do you tell, what do you tell them. How do you tell your story? It's a really hard problem even if it's something you've done many times in the past.
4MLinux 29.0 STABLE released.
The status of the 4MLinux 29.0 series has been changed to STABLE. Edit your documents with LibreOffice 6.2.4.2 and GNOME Office (AbiWord 3.0.2, GIMP 2.10.10, Gnumeric 1.12.44), share your files using DropBox 73.4.118, surf the Internet with Firefox 66.0.5 and Chromium 74.0.3729.108, send emails via Thunderbird 60.7.0, enjoy your music collection with Audacious 3.10.1, watch your favorite videos with VLC 3.0.6 and mpv 0.29.1, play games powered by Mesa 18.3.1 and Wine 4.7. You can also setup the 4MLinux LAMP Server (Linux 4.19.41, Apache 2.4.39, MariaDB 10.3.14, PHP 5.6.40 and PHP 7.3.5). Perl 5.28.1, Python 2.7.15, and Python 3.7.1 are also available.
As always, the new major release has some new features: Audacious available out of the box, a new desktop sub-menu called “Office” (with AbiWord, Gnumeric, LazPaint), spellcheck functionality added to Sylpheed and HexChat, improved LibreOffice installation script, better support for MINIX file system (via util-linux and GParted), much improved 3D acceleration in Quake2. And finally, the 4MServer now includes PHP 7.3 with NaCl cryptography support.
