Sunday 24th of May 2020
Server
Openwashing and Openness Fluff

  • Alliance Bank goes open-source to enhance in-branch CX

    Alliance Bank Malaysia turned to open-source solutions to deliver its first fully-digital in-branch experience

  • Coyne PR Rolls 'Open Source' Website [Ed: The PR 'industry' clearly does not understand what "open source" means (or just lies about it)]

    Coyne PR has unveiled a new website that takes an open source approach to sharing key learnings, best practices and practical tips and advice related to COVID-19 and beyond.

  • Facebook Makes Its React Native Open-Source Framework Fully Accessible [Ed: Adweek helps mass surveillance company paint itself as friend of disabled people, plus the openwashing angle]
  • Accenture and Fujitsu Announce Launch of HyperLedger Cactus, an Open-Source Blockchain Integration Framework
  • F1 News: F1 set for vote on aero handicap and open source ideas

    Radical rules including an aero development handicap system and the use of open source parts in Formula 1 could be approved later on Friday. [...] Beyond the budget caps, team are also set to vote on a range of other rules tweaks to reduce costs - including potential for tokens on chassis developments. Longer term, there is also a proposal for a radical aero development handicap system, where the worst performing teams are allowed more windtunnel and CFD development time compared to the more successful outfits. While F1 has previously steered clear of more obvious handicap systems such as success ballast, it is understood that the aerodynamic development plan has gathered support as it is felt to be much less artificial. The hope is that it will help close up the grid.

  • Bitcoin wallet makers SatoshiLabs now building open-source chips

    New Tropic Square company, founded by SatoshiLabs, seeks to produce truly open-source crypto wallets and more via fully-auditable custom chips.

  • SpaceChain Foundation Invests in Core Semiconductor to Produce Open Hardware Platform for Direct Satellite-to-Devices Communication

    SpaceChain Foundation today announced it has contracted and invested in Core Semiconductor, an innovator in provably secure computing platforms for all connected devices, to produce the world's first open-source hardware platform capable of providing a downlink to mobile phones and small devices directly from satellites in orbit, without the use of a satellite dish on Earth or a third-party network. With security inherently built-in, the technology is designed with the blockchain industry in mind and to bring blockchain applications to a global user base. Core Semiconductor has designed the platform to be small enough to fit inside any handheld device. With a commodity price point, the platform is affordable and is easy to deploy, making it perfect for any company or hobbyist to incorporate. The technology is designed for low bitrate applications of around 1250 bytes per minute, making it ideal for verifying blockchain hashes and encrypted signatures.

  • design your own bee house with IKEA's bee home open-source project

    may 20, 2020 marks world bee day and to celebrate it, SPACE10 — IKEA’s external innovation hub — is launching bee home, their latest open-source design project in collaboration with bakken & bæck and designer tanita klein. bees are vital for life on planet earth; in fact a third of what we eat depends on these busy, buzzing insects and other pollinators. but due to human impact, these hard-working insects are in danger of going extinct as we have unwittingly destroyed their homes and natural habitats when building our own homes, cities and landscaped our gardens.

Security Leftovers

  • Zeus’s legacy lives on as crooks target banking customers in the US and Europe [iophk: Windows TCO]

    Since the beginning of the year, various criminal [criminal] groups have been using a descendant of Zeus in more than 100 phishing campaigns and some 700,000 emails against people in Australia, Canada, Germany, Poland, and the U.S., email security company Proofpoint said this week. Like countless other [attackers] around the world, they are trying to capitalize on fears around the coronavirus to slip their code onto victim computers.

  • [Attackers] Attempted to Deploy Ransomware in Attacks Targeting Sophos Firewalls

    The script would perform various tasks, including parsing the contents of the firewall’s ARP cache, where the (internal) IP and MAC addresses of host on the local network are stored. Next, it would use the list to scan for port 445/tcp on the hosts and determine if they were reachable Windows systems.

    Furthermore, a file deceptively named “hotfix” would determine whether the machines were running 32-bit or 64-bit Windows, and then attempt to leverage an EternalBlue exploit and DoublePulsar shellcode to deliver and execute a DLL directly into memory (targeting explorer.exe).

    The DLL would then attempt to fetch an executable payload from 9sg[.]me over HTTP port 81/tcp. The IP address hosting the domain and serving the hotfix payload was involved in attacks going back to 2018, and is associated with a threat actor known as NOTROBIN.

  • Developers find new flaws in source code of NHS contract-tracing app [Ed: outsourced to Microsoft]

    New shortcomings in the NHSX contact racing app could further limit effectiveness and scare away users. E&T investigated concerns raised by computer engineers about timestamp and Google Analytics tracking.

  • Mercedes-Benz onboard logic unit (OLU) source code leaks online

    The researcher says he downloaded more than 580 Git repositories from the company's server, which he made publicly available over the weekend, uploading the files in several locations such as file-hosting service MEGA, the Internet Archive, and on his own GitLab server.

  • #ERNW says source code for for #HUAWEI #5G core network UDG is “Good Quality”

    ERNW, an independent IT security service provider in Germany, has conducted a technical review of the source code for Huawei’s unified distributed gateway (UDG) on 5G core networks. ERNW senior auditors reviewed the source code by using leading tools and methods as well as the industry’s best practices, and released a review report. The report showed that the source code quality is a good indicator that Huawei has established a mature and appropriate software engineering process for UDG.

FOSS Funding/Fund-raising

Ardour 6.0 is released

Ardour 6.0 is now released. Sorry for the wait! You can download it from http://ardour.org/download See what’s new at http://ardour.org/whatsnew.html We hope to return to bi-monthly releases going forward, and there’s a lot of stuff to do! Read more Also: Ardour 6.0 Digital Audio Workstation Released

