OSS Leftovers
-
What better way to start the new year than by highlighting the newest members of our engineering and administrative teams who joined in Q4 2019!
Based in Italy, Portugal, the United Kingdom and Greece, these newest Collaborans join our worldwide team of highly skilled engineers, developers and managers who all share a common passion for technology and Open Source.
-
MariaDB has come a long way from its MySQL database roots. The open source database vendor released its new MariaDB X4 platform, providing users with "smart transactions" technology to enable both analytical and transactional databases.
MariaDB, based in Redwood City, Calif., was founded in 2009 by the original creator of MySQL, Monty Widenius, as a drop-in replacement for MySQL, after Widenius grew disillusioned with the direction that Oracle was taking the open source database.
Oracle acquired MySQL via its acquisition of Sun Microsystems in 2008. Now, in 2020, MariaDB still uses the core MySQL database protocol, but the MariaDB database has diverged significantly in other ways that are manifest in the X4 platform update.
The MariaDB X4 release, unveiled Jan. 14, puts the technology squarely in the cloud-native discussion, notably because MariaDB is allowing for specific workloads to be paired with specific storage types at the cloud level, said James Curtis, senior analyst of data, AI and analytics at 451 Research.
-
The service also allows seamless, key-free transmission to other SecureMyEmail subscribers and to others who use PGP software such as the PGP-compatible free-software GNU Privacy Guard.
-
Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools.
Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions.
Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.
| Programming: Rust, C and Python
-
Today, on behalf of the Rust Fuzzing Authority, I’d like to announce new releases of the arbitrary, libfuzzer-sys, and cargo fuzz crates. Collectively, these releases better support writing fuzz targets that take well-formed instances of custom input types. This enables us to combine powerful, coverage-guided fuzzers with smart test case generation.
Install or upgrade cargo fuzz with:
cargo install --force cargo-fuzz
To upgrade your fuzz targets, bump your libfuzzer-sys dependency to 0.2.0 on crates.io. That should be all that’s needed for most cases. However, if you were already using Arbitrary inputs for your fuzz target, some changes will be required. See the upgrading fuzz targets section below for more details.
-
Rust is an increasingly popular programming language positioned to be the best choice for hardware interfaces. It's often compared to C for its level of abstraction. This article explains how Rust can handle bitwise operations in a number of ways and offers a solution that provides both safety and ease of use.
-
The next PyPy sprint will be in Leysin, Switzerland, for the fourteenth time. This is a fully public sprint: newcomers and topics other than those proposed below are welcome.
-
OpenStack stores and manages a bunch of log files on its Overcloud nodes and Undercloud host. Therefore, it's not easy to use OSP log files to investigate a problem you're having, especially when you don't even know what could have caused the problem.
If that's your situation, LogTool makes your life much easier! It saves you the time and work it would otherwise take to investigate the root cause manually. Based on a fuzzy string matching algorithm, LogTool provides all the unique error and warning messages that have occurred in the past. You can export these messages for a particular time period, such as 10 minutes ago, an hour ago, a day ago, and so on, based on timestamp in the log.
|
Proprietary Stuff and Openwashing
-
The cable is used to charge and sync many Apple devices, such as the iPhone.
But members of the European Parliament urged the European Commission on Monday to force tech giants to adopt a single universal charging method.
-
Enterprises, governments and other organizations all sit on vast troves of data that cannot be processed due to security and privacy concerns. To address this limitation, researchers and vendors have developed various confidential computing techniques to safely process sensitive data.
Confidential computing is particularly important for organizations in heavily regulated industries or sectors where opportunities for running workloads on the public cloud are severely limited, such as government, telecommunications, healthcare and banking. Confidential computing protects data at rest, which enables organizations to deploy sensitive workloads off premises and provides further protection to sensitive workloads on premises.
[..].
"If projects and products can show regulators and legislators that the levels of security are sufficient to meet their requirements, then deployment to public clouds becomes plausible for a great many more applications and use cases," said Mike Bursell, chief security architect at Red Hat.
-
LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”). Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases.
Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times.
“The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”
| Security Leftovers
-
U.S. Wireless carriers are coming under heavy fire for failing to protect their users from the practice of SIM hijacking. The practice usually involves conning or bribing a wireless employee to port a victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Carriers are facing numerous lawsuits from victims who say attackers used the trick to first steal their identity, then millions in cryptocurrency, or even popular social media accounts.
-
Stefan and I have been taking last week to add DNS over TLS into IPFire - another step to make DNS more private. Here is what we have done.
Cleaning up some mess
IPFire has multiple places where DNS servers could be configured. If you were using PPP for your Internet connection, you would have set this up with your dialup settings. If you were using a static IP address, then you would have set up the DNS servers with it in the setup. If you were using DHCP, you had a page on the web user interface to go to. This is not only confusing for the user, but also there were the places in the code where those settings were applied.
Now, we have created an entire new page which combines all of it together! You will have a list where you can set all DNS servers and set new settings.
[...]
This will be release with Core Update 140. Amongst the many new features, we have removed a lot of code that has caused us a lot of trouble in the past and rewritten many things entirely from scratch.
-
Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).
|
Printer-friendly version
PDF version
.svg_.png)
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
6 hours 3 min ago
6 hours 9 min ago
15 hours 11 min ago
15 hours 14 min ago
15 hours 27 min ago
15 hours 32 min ago
18 hours 12 min ago
18 hours 14 min ago
18 hours 24 min ago
1 day 2 hours ago