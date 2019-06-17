Openwashing and FUD: A Roundup
-
ACEINNA Launches OpenIMU300RI – Rugged Open-Source Inertial Measurement Unit Sensor [Ed: Here's “open-source” with a dash; new example of openwashing. I’m all for "open source" if and when it’s just a synonym of/for free/libre software. Sadly, however, nowadays “opensource” or “open-source” with a dash has nothing to do with freedom and it’s mostly marketing by openwashing.]
-
Unifying open source and proprietary software [Ed: SAS explains how to push proprietary software while making it seem and feel "open". Stallman was right about "open source" being BS all along or becoming marketing BS or BS agenda that's mostly a distraction from free software and freedom.]
-
...free, open source extension to PostgreSQL that enables better scaling and performance for analytics (OLAP) applications. The elastic, parallel scaling extension runs on standard server hardware or servers that are accelerated by FPGA boards.
-
Few business executives have had as big of an impact on open source as Mårten Mickos, former CEO of MySQL and Eucalyptus and current CEO of HackerOne. While HackerOne might not look much like an open source company, that's kind of the point behind why Mickos wanted to join. No, not to escape open source, but rather to apply some of the lessons learned from his time in open source while learning some new lessons along the way. As he said in an interview, "HackerOne is doing to cybersecurity what Red Hat and MySQL did to software. It is about bringing the power of a vast community in a neatly packaged way to the tech companies and enterprises of the world."
-
Swimlane open-sources graphish to help SecOps Teams [Ed: Exchange is proprietary software, so this cannot be real FOSS but more like openwashing with Microsoft added for 'good measure'. There also back doors.]
While having a conversation on Twitter about Microsoft Graph API I was convinced that the traditional Exchange eDiscovery features were not available in the Microsoft Graph API. Boy was I wrong.
-
The newly acquired system by the U.S. government to send unblockable messages to U.S. citizens in times of an emergency from the President can be hacked by hackers using off-the-rack hardware and open-source software, a study revealed.
According to researchers from the University of Colorado Boulder in a study published this week, hackers can use the vulnerabilities in the LTE network in order to send bogus presidential alerts to Americans within the range of an entire 50,000-seat football stadium with little effort in order to incite panic and chaos among those who receive the fake message.
-
Open Source Clones Unofficially Sold on the Microsoft Store [Ed: Microsoft keeps allowing these things again and again. If it harms FOSS and tarnishes its name, then Microsoft is OK with it.]
Developers are taking free open source programs, repackaging them as Windows 10 UWP apps under different names, and then offering them on the Microsoft Store. In some cases, the developers are offering these programs as paid apps or with in-app purchases.
This is not the first time third-party developers have brought open source software to the Microsoft Store and charged for it. Last year a third-party published LibreOffice to the Microsoft Store and was charging $2.99 for it while implying the money went to supporting the Document Foundation developers, which was not the case.
-
The Microsoft Store, formerly known as Windows Store, has had its fair share of application related issues in the past that ranged from copycat applications, deceiving apps and deceptive apps being published to the Store, to publishers gaming the Store system to improve sales or visibility.
I noticed for a while that third-party developers would publish open source applications on the Microsoft Store. A prime example of this is the release of Mozilla Thunderbird which is offered by a third-party developer for free.
Publication is not illegal necessarily as it depends on the license of the Open Source application. A thread on the Portable Freeware Collection forum highlights a growing issue related to open source software on the Microsoft Store.
-
GitHub Releases New Tools to Report Vulnerabilities [Ed: Microsoft giving itself the authority to change other people's code on GitHub in the name of "security"; Microsoft is also the NSA's foremost back doors partner. It's even worse because not only can the NSA alter code in GitHub but it also gets a list of holes before they get patched.]
-
Google Turns to Retro Cryptography to Keep Datasets Private [Ed: No, Google does not keep data private. It asks everyone to give it data and then shares that with the US military/government. This is misleading a narrative, albeit a very common one.]
-
Google open-sources cryptographic tool to keep data sets private [Ed: Perhaps partly a publicity stunt to help Google win contracts where it gets to suck up lots of data, such as medical files around the world]
-
As part of its efforts to support user privacy and security, Google on Wednesday announced the open-source release of Private Join and Compute, a multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
-
Google Releases Open Source Cryptographic Tool [Ed: Google which sends all your data to the NSA through back doors wants you to use its encryption and reckons openwashing can help adoption.]
Google has released an open source cryptographic tool called Private Join and Compute that allows for different datasets to calculate a result, while not revealing sensitive or private information about certain parts of the equation, according to a report by Wired.
The report used the example of the relationship between school lunch and student health. In order to figure out how the two variables affect each other, the equation would need healthcare data, which is private, to be crossed with school data. Google’s service would let all of the parties compare info without the exposing of any private data.
“The net result is that we can perform this computation without exposing any individual data and only getting the aggregate result,” said Amanda Walker, director of privacy tools and infrastructure engineering at the tech giant. “The naïve way to do this would be to take two sensitive data sets, dump them into a single database and do the join and the sum, but then you’ve got everything together and at risk of a data breach.”
-
Podcast: Development Agility and Open-Source Vulnerability Prioritization [Ed: Giving a platform to Microsoft partners whose business model is selling proprietary software by attacking and smearing FOSS, just like Black Duck -- they hijack FOSS voice]
On this week’s episode of the SecurityIntelligence podcast, WhiteSource Senior Director of Product Management Rami Elron joins the dynamic duo of David Moulton and Pam Cobb to crack the case of open-source vulnerabilities. With security risks on the rise, how can organizations effectively prioritize top threats and control cybersecurity complexity?
-
Conceptually, caches and in-memory data grids are very close anyway: it's all about using fast memory to speed up access to data residing in slow(er) storage systems. Doing caching efficiently is a hard problem, and Luck is among the leading experts in the field. About a year ago, however, Luck stepped down from his role as Hazelcast CEO and took over the CTO role, while Kelly Herrell became CEO.
-
Argo AI is releasing curated data along with high-definition maps to researchers for free, the latest company in the autonomous vehicle industry to open-source some of the information it has captured while developing and testing self-driving cars.
-
WATCH: The Advantages of Not Being Open Source (Part II) [Ed: In 2019 I think that openwashing volume outweighs and headlines outnumber those of real FOSS. RIP, "open source" (1998-2018). You had a good run before becoming marketing strategy for proprietary software.]
Hashgraph is an algorithm, correct. The IP for Hashgraph is privately owned. But it’s … we’re using the patent in order to solve a fundamental problem with existing networks. And the entire community of public distributed ledger technology platforms are all open source, they’re not proprietary, everything is open source. While that’s been good for innovation, it’s also created chaos in a certain way that has prevented mainstream adoption by big enterprise or even medium-sized businesses.
And it’s because everyone knows that these networks like Bitcoin are going to ultimately split into competing networks with competing cryptocurrencies and that represents risk to any business manager considering building an application on one of these public networks. So we’re using the IP of Hashgraph to bring stability to a platform that no other open source platform can achieve.
Linux Foundation Leftovers
-
In an announcement release, Brian Behlendorf, Hyperledger’s Executive Director gave a warm welcome to the latest members who are eight in total.
-
It is an important announcement as it demonstrates the growing snowball effect from enterprises and their interest in blockchain. Hyperledger is an open source collaborative project created to advance cross-industry blockchain technologies. It is boosting not only its members but improving the technology too.
Programming/Development Leftovers
-
WhiteSource recently put out a report, taking a deeper dive into the security of the most popular programming languages.
-
The mobile framework NativeScript team is releasing a new open-source project this week designed to help developers style their applications. The team calls the Plum UI Kit a “kitchen sink native app” meant to provide common app scenarios with copy-and-paste abilities.
-
A new open source development workflow framework for creating machine learning code has been released. Kedro has PySpark integration and an SDK for working with datasets.
Kedro has been developed by QuantumBlack, an analytics firm acquired by McKinsey's in 2015, and the name Kedro derives from the Greek word meaning center or core. Kedro helps structure your data pipeline using software engineering principles. It also provides a standardized approach to collaboration for teams.
-
According to public records obtained by the Salem Reporter, the Oregon Department of Corrections has banned dozens of books related to programming and technology as they come through the mail room, ensuring that they don’t get to the hands of prisoners.
-
Chan said he understands security concerns for books related to hacking, but they often see introductory or basic books disallowed.
Security Leftovers
-
Luckily, not only did Coinbase and an outside researcher notice the bugs, but Coinbase picked up on the attack before any money could be stolen or the network could be infiltrated.
-
Four hospitals in Romania have been affected by the BadRabbit 4 ransomware, the Romanian Intelligence Service (SRI) announced. One of the hospitals is the Victor Babeş Infectious Diseases Hospital in Bucharest. The other hospitals are located in Huşi, Dorohoi and Cărbuneşti.
-
The specialists with the Cyberint National Centre with the Romanian Intelligence Service (SRI) suspect that the recent attacks on hospitals in Romania come from China, service representatives say, quoted by digi24.ro.
“Regarding the cyber-attacks on hospitals, the Cyberint National Centre suspect the attackers are of Chinese origin. The time interval was considered, when the Chinese hackers are active and the clues left along with the ransom requests,” SRI says in a release.
-
Five hospitals in the Romanian capital Bucharest are the target of a cyber attack. Various Romanian media report this. Opposite the news platform Stiri Lazi, the Romanian Minister of Health has announced that patients will be affected by the attack.
-
The cyber-attack disabled computer systems controlling rocket and missile launchers, the Washington Post said.
-
Even as Homeland Security officials have attempted to downplay the impact of a security intrusion that reached deep into the network of a federal surveillance contractor, secret documents, handbooks, and slides concerning surveillance technology deployed along U.S. borders are being widely and openly shared online.
A terabyte of torrents seeded by Distributed Denial of Secrets (DDOS)—journalists dispersing records that governments and corporations would rather nobody read—are as of writing being downloaded daily. As of this week, that includes more than 400 GB of data stolen by an unknown actor from Perceptics, a discreet contractor based in Knoxville, Tennessee, that works for Customs and Border Protection (CBP) and is, regardless of whatever U.S. officials say, right now the epicenter of a major U.S. government data breach.
