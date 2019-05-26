OSS Leftovers
-
One update explained that NetBank had started to make use of Google Safetynet, a service billed as “a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.”
“The Google Safetynet feature does not involve CommBank sharing data with Google, but rather, the Android device shares some data with Google in order to provide an assessment of the device security, which we then use to detect certain types of fraud and cybercrime," a CBA spokesperson told iTnews.
The second update to NetBank added open source licences, which the bank's spokesperson said was “a decision to acknowledge the use of third party components within our apps, where appropriate”.
The spokesperson added that “this transparency, if anything, benefits security.”
“We take security seriously,” the spokesperson added.
“Every version of the CommBank app, including the open source components, is rigorously scrutinised and scanned by our engineering and cyber security teams for any potential vulnerabilities, and to ensure it is safe to use."
-
Machine learning algorithms are extremely computationally intensive and time consuming when they must be trained on large amounts of data. Typical processors are not optimized for machine learning applications and therefore offer limited performance. Therefore, both academia an industry is focused on the development of specialized architectures for the efficient acceleration of machine learning applications.
-
In this publication, legacy is not a dirty word or even remotely pejorative. Rather, “legacy” is just a shorthand way of delineating between applications that encapsulate decades of the evolution of a business and the transactions it processes, and all of the other new stuff that this business is also doing and perhaps coding with newer tools and programming languages.
A new company, called Eradani, has been founded by some experts in both the IBM i world and the open source world with the express purpose of building a technical bridge so these two different cultures can see a unified, hybrid system without knowing all of the details of both sides of that system. This is a lot easier than having heated arguments about how things should be done or whose software stack is better or worse.
Eradani, which is named after the sun around which the planet Vulcan orbits in the Star Trek science fiction series and which is actually a constellation in the southern hemisphere with several stars bearing that name (but spelled Eridani), was founded by Dan Magid, who was most recently in charge of the modernization labs and sales specialists teams at Rocket Software. Magid came to Rocket Software back in 2011, when that software conglomerate acquired software change management tool maker Aldon Software, where Magid was its long-time chief executive officer. Aldon was co-founded by Albert Magid, his father, and Don Parr back in 1979 in the wake of the System/38 launch, so the Magid family has deep, deep roots in the IBM i world. (Aldon had previously sold itself to private equity firm in 2007.)
-
pen source is playing an increasingly important role in the race to develop fully-functional, totally driverless cars capable of handling all traffic conditions – and investors are lining up to support these efforts.
Last week, Japan-based open source company Tier IV announced it had raised a further $100 million to facilitate commercialisation of self-driving technology for what it called `private, depopulated and urban’ areas. This brings the amount of money investors have pumped into the company to around $230million.
However, Tier IV, which was spun out of Japan’s Nagoya University by Shinpei Kato and which counts Yamaha Motor Corporation among its backers, is not the only open source company in the self-driving vehicle starting line-up.
-
The company also maintains Baidu Apollo, an open-source software platform launched in 2017 that allows software developers, researchers, and the company’s 130 enterprise partners, including Nvidia (NASDAQ: NVDA), Ford (NYSE: F), Velodyne Lidar, and Toyota (NYSE: TM), to build their own AV systems. The Apollo technology stack has more than 12,000 GitHub developers, and earlier this month, Baidu released Apollo 5.0, the latest version. Other mobility players maintain open-source development platforms—Nvidia, for example—but they aren’t as comprehensive as Apollo.
-
In this video from ISC 2019, Dr. Erich Focht from NEC Deutschland GmbH describes how the company is embracing open source frameworks for the SX-Aurora TSUBASA Vector Supercomputer.
NEC recently opened the Vector Engine Data Acceleration Center (VEDAC) at its Silicon Valley facility. VEDAC is focused on fostering big data innovations using NEC’s emerging technologies while tapping into Silicon Valley’s rich ecosystem.
-
Despite widespread adoption around the globe, open source technology continues to generate questions about its security and performance.
Detractors question whether it’s a suitable basis for enterprise projects and platforms; their scepticism due, in no small part, to a series of myths and misconceptions which surround the technology.
In an era in which cyber-crime and hacking attacks are so frequent, they’ve ceased to be newsworthy, some of these concerns spring from a genuine fear that open source means open to all comers.
Others have their roots in inertia and the deep comfort of the familiar. Many IT managers would prefer to stick with the tried and true – proprietary technologies whose performance is known and for which they’re happy to be accountable, rather than the unknown quantity which is open source.
-
Google has made available an open-source cryptographic tool called Private Join and Compute. The tool uses secure multi-party computation (MPC) to augment the core PSI protocol.
The product combines two cryptographic techniques - private set intersection and homomorphic encryption. Private set intersection is a technique that finds common identifiers in two sets of data without either data owner needing to show the other owner the underlying data. Google uses an oblivious variant which only marks encrypted identifiers without learning any of the identifiers.
-
We are now in beta phase, and besides the usual bugfixes, it's time to start investigating performance bottlenecks in Haiku. Waddlesplash has been hard at work in that area this month, starting with tuning of the newly integrated rpmalloc allocator.
He also started benchmarking the uses of the allocator and found various opportunities to save memory, and use dedicated object caches instead of the generic malloc allocator, helping reduce memory fragmentation. The first patches have just started to land (in packagefs), there will likely be more. Ideally beta2 will be able to boot and install with 256MB of RAM or maybe even less thanks to this work.
Meanwhile, waddlesplash is also auditing the code and starting to work towards making APIs more restricted (allowing some things only for the root user, for example), in order to provide some more privilege separation. Haiku has so far been largely a single user system, and did not worry too much about the usual attack vectors for an UNIX system. But modern computers are often online and we should try to keep our user's data reasonably safe. We have a long way to go, but we have to start with something.
-
One thing I end up embarassing myself about sometimes in the Ubuntu Podcast telegram chatter is that I end up buying and selling tiny amounts of shares on the US stock markets. All I can say is that I got spooked by the 35 day "government shutdown" at the start of the calendar year when I was stuck working without pay as a federal civil servant. Granted I did get back pay but the Human Capital Office at work is still fiddling with things even now in terms of getting payroll records and other matters fixed. I generally buy shares in companies that pay dividends and then I take the dividends as cash. At work we refer to that as "unearned income" especially as it is taxed at a rate different from the one applied to my wages.
My portfolio is somewhat weird. I am rather heavily invested in shipping whether it happens to be oil tankers or dry bulk cargo ships. In contrast I have almost nothing invested in technology companies. There aren't many "open source" companies available on the open stock market and the ones out there either I can't afford to buy a single share of or they violate my portfolio rule that stocks held must pay a divided of some sort. Too many companies in the computer tech world appear to make money but don't send any profits back to shareholders as their dividends are stuck at USD$0.00.
-
I've written for websites that depended on every single impression and click generated by viewers. Some viewers complained about ads and some stayed silent. However, the owner of the site knew that without those advertisements the site would go dark.
And so, I go about my daily life without the help of ad blockers—assuming that, at some point in time, someone would come up with a way to make both sides of the coin happy.
That time has finally come. And it should be of no surprise that those behind the solution are from within the open source community—specifically, Mozilla (which may or may not be in conjunction with a new venture, namely Scroll).
How are they solving this little conundrum (that has perplexed the masses for years)? With a new service they're calling Ad-free Internet. Just what is this new service? It's as equally brilliant as it is simple (and surprising that no one else has realized this solution already).
-
The main advantage of attending a prestigious name-brand data science certification program is the reputation of that esteemed organization that it carries with it. Other than providing tech students and rookies with better opportunities to find an entry-level job at that company (such as Microsoft), it’s a great badge for the more experienced professionals as well.
However, there are several high-level courses available, such as the ones through edX at IBM, Microsoft, MIT, UC San Diego and Harvard. Each one is different, and tailored to fit the needs of a variety of different professionals at many levels. In this article, we will take a look at these different programs, summarize their most important characteristics, the skills you’re going to acquire (as well as those you need before taking the course), and why you should choose one of them over another.
Android Leftovers
Programming: C++, Python, Rust and DocKnot
-
Photon Micro is an open-source, lightweight and modular GUI, which comprises of fine-grained and flyweight ‘elements’. It uses a declarative C++ code with a heavy emphasis on reuse, to form deep element hierarchies.
Photon has its own HTML5 inspired canvas drawing engine and uses Cairo as a 2D graphics library. Cairo supports the X Window System, Quartz, Win32, image buffers, PostScript, PDF, and SVG file output.
Joel de Guzman, the creator of Photon Micro GUI, and the main author of the Boost.Spirit Parser library, the Boost.Fusion library and the Boost.Phoenix library says, “One of the main projects I got involved with when I was working in Japan in the 90s, was a lightweight GUI library named Pica. So I went ahead, dusted off the old code and rewrote it from the ground up using modern C++.”
-
A common source of all kinds of bugs is using variables without properly initializing them. Out of all security problems this one is the simplest to fix, just convert all declarations of type int x; to int x=0;. The main reason for not doing that is laziness, manually going through existing code bases and adding initialization statements is boring and nobody wants to do that.
Fortunately nowadays we don't have to. Clang-tidy provides a nice toolkit for writing source code refactoring tools for C and C++. As an exercise I wrote a checker to do this. It is submitted upstream and is undergoing code review. Implementing it was fairly straightforward. There were only two major problems. The first one was that existing documentation consists mostly of reference manuals. There is no easy to follow tutorials, only Doxygen pages. But if you dig around on the net and work on it a bit, you can get it working.
The second, and bigger, obstacle is that doing anything in the LLVM code base is sloooow. Everything in LLVM and Clang is linked to single, huge, monolithic libraries which take forever to link. Because of reasons I started doing this work on my secondary machine, which is a 4 core i5 with 16 gigs of RAM. I had to limit simultaneous linker jobs to 2 because otherwise it would just crash spectacularly to an out of memory error. Presumably it is impossible to compile the code base on a machine that has only 8 gigs of RAM. It seems that if you want to do any real development on LLVM you need a spare data center to run the compilations, which is unfortunate.
-
What happened lately: the lid hinges of my laptop broke for the second time, so I decided to buy a new (used) laptop. As always I didn’t back up my files properly (installed new OS on same disk), so had some transition issues.
Apparently I hadn’t saved my username+password for the Wekan board, so I’ve created a new one...
-
My work with Rustup continues, though in the past month or so I've been pretty lax because I've had to travel a lot for work. I continue to be as heavily involved in Rust as I can be -- I've stepped up to the plate to lead the Rustup team, and that puts me into the Rust developer tools team proper. I attended a conference, in part to represent the Rust developer community, and I have some followup work on that which I still need to complete.
I still hang around on the #wg-rustup Discord channel and other channels on that server, helping where I can, and I've been trying to teach my colleagues about Rust so that they might also contribute to the community.
Previously I gave myself an 'A' but thought I could manage an 'A+' if I tried harder. Since I've been a little lax recently I'm dropping myself to an 'A-'.
-
The last release of DocKnot failed a whole bunch of CPAN tests that didn't fail locally or on Travis-CI, so this release cleans that up and adds a few minor things to the dist command (following my conventions to run cppcheck and Valgrind tests). The test failures are moderately interesting corners of Perl module development that I hadn't thought about, so seem worth blogging about.
First, the more prosaic one: as part of the tests of docknot dist, the test suite creates a new Git repository because the release process involves git archive and needs a repository to work from. I forgot to use git config to set user.email and user.name, so that broke on systems without Git global configuration. (This would have been caught by the Debian package testing, but sadly I forgot to add git to the build dependencies, so that test was being skipped.) I always get bitten by this each time I write a test suite that uses Git; someday I'll remember the first time.
What is POSIX? Richard Stallman explains
What is POSIX, and why does it matter? It's a term you've likely seen in technical writing, but it often gets lost in a sea of techno-initialisms and jargon-that-ends-in-X. I emailed Dr. Richard Stallman (better known in hacker circles as RMS) to find out more about the term's origin and the concept behind it.
Richard Stallman says "open" and "closed" are the wrong way to classify software. Stallman classifies programs as freedom-respecting ("free" or "libre") and freedom-trampling ("non-free" or "proprietary"). Open source discourse typically encourages certain practices for the sake of practical advantages, not as a moral imperative.
The free software movement, which Stallman launched in 1984, says more than advantages are at stake. Users of computers deserve control of their computing, so programs denying users control are an injustice to be rejected and eliminated. For users to have control, the program must give them the four essential freedoms...
Recent comments
5 hours 30 min ago
6 hours 10 min ago
18 hours 2 min ago
18 hours 7 min ago
1 day 35 min ago
1 day 4 hours ago
1 day 5 hours ago
1 day 13 hours ago
1 day 14 hours ago
1 day 14 hours ago