Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • The IT Pro Podcast: Does open source have a place in public sector IT?

    While there are some unique problems facing public sector IT, many of them are universal. From mitigating the tech skills gap and dealing with legacy kit and contracts, to allocating budget effectively and choosing a cloud strategy, the sheer vastness of government means there are many lessons to learn – including whether moving to open source can be the answer to many of the headaches facing IT leaders today.

    In the latest episode of the IT Pro Podcast, Jane and Adam are joined by Adrian Keward, chief technologist, public sector at Red Hat to discuss the challenges facing public sector today, and some of the solutions that are being found.

  • Boost Note: Open-Source Note Taking App's New Version Is Out Now

    Programmers are known for taking lots of notes, which come from all sorts of ideas. To ensure that they are able to save the notes in an organized and structured manner, a solution specifically designed for the developers is available with Boost Note, an intuitive and stylish markdown editor for the developers. Developed by a company called 'BoostIO', Boost Note is available as a fully open-source desktop app for Mac, Windows and Linux.

  • 10 Best Open Source Accounting software in 2020

    Open Source Accounting software that available online are only a handful with good capabilities, however, enough to start and perform day to day accounting stuff. You can use them to manage invoices, billing, transaction records, a note of incoming and outgoing funds to manage your personal or enterprise finances. Well, also take one thing into cognizance that few opensource accounting solutions are only available of Linux users.

    Thus, if you are planning to download and start using one then no need to surf dozens of online pages, here is the list of best open source accounting software to manage your financials.

  • How the open-source movement in India has progressed | The Hindu Parley podcast

    Open Source has been part and parcel of software programming in India for a while now. Free sharing has been an ideal for long. But have Big Tech proprietary firms co-opted the open-source platforms along the way?

  • What is the state of ‘open source’ in India today?

    Venkatesh Hariharan: When we started the campaign for more OS in 2000, we had political, cultural and economic reasons to believe it was important. Politically, we wanted to ensure more diversity in the kind of players that existed in the market with twin objectives: that we were independent from a technology standpoint and that software was localised to Indian languages. From a cost perspective, if we were dependent on multinational companies for core technology like operating systems, that would have been a drain on the exchequer. So that was the logic. Today, some of the largest e-governance projects and start-ups in India are running on OS. The early days when we had to campaign for people to use OS is over; now we are in a new era where OS is the new normal.

    [...]

    VH: We’re living in an era where data is abundant and I look at the commonality between code and data. The ideals of the OS movement were about collaboration and the shared ownership of knowledge. And within that context, the proliferation of data and the fact that it’s only a few players who are able to monetise that data means that we now need to move to an era where it’s not just a few platforms that benefit from our data, but that individuals are able to leverage and are empowered with their own data. So, in a sense, I see a commonality with the OS movement in that even a college student sitting in Sweden or any other part of the world should be able to write an operating system that can be used in any part of the world. Now, we should be able to build systems where individuals can take control of their data and be in control of how other people monetise it and leverage it for loans, etc.

  • commercetools: how GraphQL works for front-end developers

    GraphQL is a layer that sits on top of REST APIs, any application or data store — and it makes the process of data retrieval and extraction across multiple APIs easy.

    Say you’re a developer for a retailer tasked with rendering a page for a product. You’ve already built a catalogue of 300 REST APIs and now need your product detail page to access data including product description, price and similar item information.

  • Open source community lagging in diversity

    Tech companies that build diverse and inclusive workforces are more successful than companies that don’t, according to a recently released report from the United Nations Technology Innovation Labs (UNTIL) in Finland.

    The report, “Inclusion and Diversity: Tech It or Leave IT”, found that companies which invest in and recruit women and minority staff at every level of their organisation function better, produce products that are appealing to more people and earn higher revenues.

  • SD Times Open-Source Project of the Week: ALBERT

    Google is open-sourcing a “lite” version of their BERT natural language processing (NLP) pre-training technique. ALBERT is an updated version of BERT that improves 12 NLP tasks, including the Stanford Question Answering Dataset (SQuAD v2.0) and the SAT reading comprehension RACE benchmark.

    BERT was first open sourced by Google at the end of 2018, and since then, natural language research has reached a new paradigm of leveraging large volumes of existing text to pretrain model parameters, the company explained.

  • Google Open-Sources ALBERT Natural Language Model

    Google AI has open-sourced A Lite Bert (ALBERT), a deep-learning natural language processing (NLP) model, which uses 89% fewer parameters than the state-of-the-art BERT model, with little loss of accuracy. The model can also be scaled-up to achieve new state-of-the-art performance on NLP benchmarks.

  • [Older] Is the open-source technology Zeek, one of the most trusted but underappreciated tools in security?

    Think back to the mid-1990s. If you’re old enough, you remember the emergence of Mosaic, the first web browser, which was released in 1993 and precipitated the explosion that came to be known as the “dot com” boom. Internet traffic grew exponentially as it was transformed from a DARPA-funded defence and academic network used by few businesses into the platform that drove e-commerce, global communication and the disruption of many industries.

  • The Talospace Project: Firefox 72 on POWER

    Firefox 72 builds out of the box and uneventfully on OpenPOWER. The marquee feature this time around is picture-in-picture, which is now supported in Linux and works just fine for playing Trooper Clerks ("salsa shark! we're gonna need a bigger boat!"). The blocking of fingerprinting scripts should also be very helpful since it will reduce the amount of useless snitchy JavaScript that gets executed. The irony of that statement on a Blogger site is not lost on me, by the way.

    The bug that mashed Firefox 71 (ultimately fallout from bug 1601707 and its many dupes) did not get fixed in time for Firefox 72 and turned out to be a compiler issue. The lifetime change that the code in question relies upon is in Clang 7 and up, but unless you are using a pre-release build this fix is not (yet) in any official release of gcc 9 or 10. As Clang is currently unable to completely build the browser on ppc64le, if your extensions are affected (mine aren't) you may want to add this patch which was also landed on the beta release channel for Firefox 73.

  • Curl Boosted By Donation

    Curl, an open source project that is widely used to transfer data, has been given a donation of $10K by indeed.com, the self-proclaimed #1 job site. The donation was made through Open Collective and is the largest single donation the project has ever received.

    [...]

    Open Collective brings transparency to giving and receiving funds for Open Source and enable us to see that this is the fourth donation of 10K USD made by indeed.com - the others being to webpack, pytest and ESLint.

    Stenberg's blog post acknowledges curl's other sponsors. They fall into two categories - financial backers and those who provide time and effort - notable here is wolfSSL which employs Daniel and allows him to spend paid work hours on curl.

    [...]

    So the good news is that curl has not only gained valuable funding but may also in future benefit from membership of the Linux Foundation.

  • OSI co-founder leaves initiative over new license

    “Legally, our license can only protect the code that WE wrote. Our software is being licensed by a DEVELOPER to run their app (the currency, chat, or social network they just built) on top of Holochain. We are trying to say: The only valid way to use our code is if that developer’s END-USERS are the sole authors and controllers of their own private crypto keys,” Brock wrote.

    Perens has expressed concerns on how the license will actually be used and how it will impact users and software freedoms in practice. Now that it looks like the OSI might approve the practice, he is looking to make an exit.

    In an email thread about the Cryptographic Autonomy License, he wrote:

    “Well, it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn’t freedom respecting. Fine, do it without me, please. I asked Patrick to cancel my membership, and I would have unsubscribed from OSI lists, including this one, if your server was working. I own an interest in 10 Open Source companies and manage a 50 Million dollar portfolio investing in them. That will keep me involved enough.”

    In an interview with The Register, Perens expressed more concerns with how the license is used and written. He believes the license requires users to have access to a lawyer in order to understand it, which is not the way he believes licenses should be developed for open source.

    “Most people who develop open source don’t have access to lawyers,” he told the Register. “One of the goals for open source was you could use it without having to hire a lawyer. You could put [open source software] on your computer and run it and if you don’t redistribute or modify it, you don’t really have to read the license.”

More in Tux Machines

Android Leftovers

Security, Fear, Uncertainty, and Doubt

  • Security updates for Thursday

    Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).

  • 30 The Most Common Hacking Techniques and How to Deal with Them [Ed: Cracking, not hacking. Not the same thing.]
  • A guide to developing a holistic IT security strategy

    In assessing how prevalent cyberattacks are for companies, 18 percent of respondents rated the security risk as very high. Half (50 percent) even stated that their company had suffered financial losses due to security incidents. Opinions differed as to whether the incidents were handled optimally: Almost half (49 percent) say that everything worked well, while the other half (49 percent) believe there is a lot of potential for improvement.

  • Linux and malware: Should you worry? [Ed: All those headlines with question marks mean that the answer is "No."]

    Gone are the days when the idea of viruses or other malware hitting Linux was almost universally greeted with quizzical glances, if not outright rejection. Long thought of as the perfect marriage of open-source goodness and strong, Unix-like security, Linux-based operating systems are now increasingly seen as another valuable – and viable – target. This shift in thinking is partly the result of a growing realization among both Linux hobbyists and system administrators that a compromised Linux system such as a web server provides attackers an excellent ‘return on investment’. Just as importantly, malware research in recent years has brought better visibility into threats facing Linux systems.

Devices: Raspberry Pi, Industrial/Panel PCs and RISC-V

         
  • How to play sound and make noise with your Raspberry Pi
           
             

    If your amazing project is a little too quiet, add high-fidelity sound with Raspberry Pi and the help of this handy guide from HackSpace magazine, written by PJ Evans.

  •       
  • Raspberry Pi 4 UEFI+ACPI Firmware Aims to Make the Board SBBR-Compliant

    As Arm wanted to enter the server market, they realized they had to provide systems that could boot standard operating system images without modifications or hacks – just as they do on x86 server -, so in 2014 the company introduced the Server Base System Architecture Specification (SBSA) so that all a single OS image can run on all ARMv8-A servers.

  • Linux-ready Apollo Lake panel PC has IP65 protection

    WinSystems’ IP65-protected, 12-inch “PPC12-427” capacitive panel PC runs on an Apollo Lake SoC with up to 8GB DDR3L ECC RAM, 2x GbE, 2x 4K DP, 4x USB, and -30 to 85°C support. Grand Prairie, Texas based WinSystems has announced a fanless, 12.1-inch, panel PC designed for signage, kiosk, food service, and industrial IoT HMI applications.

  • Modular Coffee Lake system has SUMIT and optional PCIe expansion

    Ibase’s “MAF800” industrial AI PC runs Ubuntu or Win 10 on an 8th Gen Coffee Lake CPU with 3x GbE, 2x SATA, 6x USB 3.0, and 2x SUMIT slots for an optional 4x PoE module. Other models offer PCIe x16, x8, and x4 slots. Last week, Taiwan-based Ibase announced it was pulling out of next week’s Embedded World show in Nuremberg due to concerns about the coronavirus. Other announced no-shows include Arm, Bridgetek, Digi-Key, FTDI, Kontron, and Rohm. Yet, Ibase and others appear to be pushing forward with their usual late February embedded product announcements.

  • Antmicro GEM ASIC Leverages zGlue Technology to Quickly Bring Custom Arm/RISC-V SoC’s to Market

    Introduced in 2018, ZiP (zGlue Integration Platform) chip-stacking technology aims to produce chips similar to Systems-in-Package (SiP) but at much lower costs and lead times.

  • Aldec and Codasip at Embedded World: Showcasing an Integrated UVM Simulation Environment for Verifying Custom Instructions with RISC-V Cores

    “Variability of the RISC-V ISA-based processor family brings new challenges to design flow. In particular, IP and SoC verification needs productivity boost tools and seamless integration into our design environment,” said Karel Masařík, CEO of Codasip. “Our generic UVM methodology combined with Aldec's simulation and code coverage efficiency analysis helps us add the desired RISC-V core extensions and provide core customization faster than our competition.”

Malicious Proprietary Software

  • Discord Is Not An Acceptable Choice For Free Software Projects

    Discord’s communication is not end to end (e2e) encrypted. It is encrypted only between the individual user and the servers operated by Discord Inc. Their spying extends to every single message sent and received by anyone, including direct messages betweeen users. The service can and does log every message sent, both in-channel and DMs. It is impossible to have a private conversation on Discord, as there will always be an unencrypted log of it stored by Discord. Discord can, at their option, provide those stored messages to any third party they wish, including cops or government snoops, for any reason, even without a legal order, without any obligation to tell you that they have done so.

  • [Attackers] Were Inside Citrix for Five Months

    Networking software giant Citrix Systems says malicious [attackers] were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

  • [Vulnerable] firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

    “Firmware is meant to be invisible to the user, and so it’s not surprising that most people don’t pay attention to it,” said Eclypsium CEO Yuriy Bulgin. “However, these components make up the foundation upon which every device, operating system, and application depends.”

    Researchers used unsigned firmware to show how an attacker could compromise an operating system remotely in order to steal network data. The highlighted flaws could also enable “direct-memory access” attacks which exploit a computer’s core operating system.

  • Aera Launches Cognitive ‘Business Brain’ Operating System [Ed: This is NOT an 'operating system". Terms misused these days.]

    Infor labels one of its core brands Infor OS and quite unashamedly uses the term operating system to explain the function of its industry-specific Enterprise Resource Planning (ERP) and Supply Chain Management (SCM) cloud software. Mountain View headquartered Aera Technology has used a similar naming convention within its branding and called its automation-centric cloud platform the Aera Cognitive Operating System.

  • Microsoft Defender ATP for Linux Now In Public Preview

    Microsoft Defender ATP for Linux is now available in a public preview that allows administrators and security professionals to test the product in six different Linux distributions.

  • Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA [Ed: “Microsoft talks insider risk”; but Microsoft is the risk]

    As well as widening the preview of Microsoft Threat Protection, a system aimed at a more automated response to threats, the gang has also extended the cross-platform support for Microsoft Defender Advanced Threat Protection (ATP) to include a whole bunch of Linux distributions.

  • Microsoft plans to add Linux support for Chromium-based Edge

    Microsoft fought long and hard to maintain and push its own proprietary browser, even launching Edge, hoping to get away from the stigma against Internet Explorer. However, the dominating market share of Chromium-based browsers finally got to Microsoft, and the company announced it would rebuild Edge with the Chromium source code. Last month, we reported that Microsoft’s Chromium-based Edge was out of development and ready for public deployment.