Meet the newest Collaborans!

What better way to start the new year than by highlighting the newest members of our engineering and administrative teams who joined in Q4 2019! Based in Italy, Portugal, the United Kingdom and Greece, these newest Collaborans join our worldwide team of highly skilled engineers, developers and managers who all share a common passion for technology and Open Source.

MariaDB X4 brings smart transactions to open source database

MariaDB has come a long way from its MySQL database roots. The open source database vendor released its new MariaDB X4 platform, providing users with "smart transactions" technology to enable both analytical and transactional databases. MariaDB, based in Redwood City, Calif., was founded in 2009 by the original creator of MySQL, Monty Widenius, as a drop-in replacement for MySQL, after Widenius grew disillusioned with the direction that Oracle was taking the open source database. Oracle acquired MySQL via its acquisition of Sun Microsystems in 2008. Now, in 2020, MariaDB still uses the core MySQL database protocol, but the MariaDB database has diverged significantly in other ways that are manifest in the X4 platform update. The MariaDB X4 release, unveiled Jan. 14, puts the technology squarely in the cloud-native discussion, notably because MariaDB is allowing for specific workloads to be paired with specific storage types at the cloud level, said James Curtis, senior analyst of data, AI and analytics at 451 Research.

SecureMyEmail makes really private email surprisingly simple

The service also allows seamless, key-free transmission to other SecureMyEmail subscribers and to others who use PGP software such as the PGP-compatible free-software GNU Privacy Guard.

Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools. Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions. Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.

Announcing Better Support for Fuzzing with Structured Inputs in Rust

Today, on behalf of the Rust Fuzzing Authority, I’d like to announce new releases of the arbitrary, libfuzzer-sys, and cargo fuzz crates. Collectively, these releases better support writing fuzz targets that take well-formed instances of custom input types. This enables us to combine powerful, coverage-guided fuzzers with smart test case generation. Install or upgrade cargo fuzz with: cargo install --force cargo-fuzz To upgrade your fuzz targets, bump your libfuzzer-sys dependency to 0.2.0 on crates.io. That should be all that’s needed for most cases. However, if you were already using Arbitrary inputs for your fuzz target, some changes will be required. See the upgrading fuzz targets section below for more details.

C vs. Rust: Which to choose for programming hardware abstractions

Rust is an increasingly popular programming language positioned to be the best choice for hardware interfaces. It's often compared to C for its level of abstraction. This article explains how Rust can handle bitwise operations in a number of ways and offers a solution that provides both safety and ease of use.

Leysin Winter sprint 2020: Feb 28 - March 7th

The next PyPy sprint will be in Leysin, Switzerland, for the fourteenth time. This is a fully public sprint: newcomers and topics other than those proposed below are welcome.

Use this Python script to find bugs in your Overcloud

OpenStack stores and manages a bunch of log files on its Overcloud nodes and Undercloud host. Therefore, it's not easy to use OSP log files to investigate a problem you're having, especially when you don't even know what could have caused the problem. If that's your situation, LogTool makes your life much easier! It saves you the time and work it would otherwise take to investigate the root cause manually. Based on a fuzzy string matching algorithm, LogTool provides all the unique error and warning messages that have occurred in the past. You can export these messages for a particular time period, such as 10 minutes ago, an hour ago, a day ago, and so on, based on timestamp in the log.

Apple may have to abandon Lightning connector cable

The cable is used to charge and sync many Apple devices, such as the iPhone.

But members of the European Parliament urged the European Commission on Monday to force tech giants to adopt a single universal charging method.

Confidential computing promises secure cloud apps

Enterprises, governments and other organizations all sit on vast troves of data that cannot be processed due to security and privacy concerns. To address this limitation, researchers and vendors have developed various confidential computing techniques to safely process sensitive data. Confidential computing is particularly important for organizations in heavily regulated industries or sectors where opportunities for running workloads on the public cloud are severely limited, such as government, telecommunications, healthcare and banking. Confidential computing protects data at rest, which enables organizations to deploy sensitive workloads off premises and provides further protection to sensitive workloads on premises. [..]. "If projects and products can show regulators and legislators that the levels of security are sufficient to meet their requirements, then deployment to public clouds becomes plausible for a great many more applications and use cases," said Mike Bursell, chief security architect at Red Hat.

Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases

LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”). Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases. Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times. “The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”

Microsoft: Application Inspector is now open source, so use it to test code security

Study Shows The Internet Is Hugely Vulnerable To SIM Hijacking Attacks

U.S. Wireless carriers are coming under heavy fire for failing to protect their users from the practice of SIM hijacking. The practice usually involves conning or bribing a wireless employee to port a victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Carriers are facing numerous lawsuits from victims who say attackers used the trick to first steal their identity, then millions in cryptocurrency, or even popular social media accounts.

Restoring DNS Privacy

Stefan and I have been taking last week to add DNS over TLS into IPFire - another step to make DNS more private. Here is what we have done. Cleaning up some mess IPFire has multiple places where DNS servers could be configured. If you were using PPP for your Internet connection, you would have set this up with your dialup settings. If you were using a static IP address, then you would have set up the DNS servers with it in the setup. If you were using DHCP, you had a page on the web user interface to go to. This is not only confusing for the user, but also there were the places in the code where those settings were applied. Now, we have created an entire new page which combines all of it together! You will have a list where you can set all DNS servers and set new settings. [...] This will be release with Core Update 140. Amongst the many new features, we have removed a lot of code that has caused us a lot of trouble in the past and rewritten many things entirely from scratch.

Security updates for Friday

Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).