Language Selection

English French German Italian Portuguese Spanish

Security

Security: Huawei, Singapore, and Voting Machines With Back Doors

Filed under
Security

Security: Updates, Ubuntu EoL, Passwords and More

Filed under
Security
  • Security updates for Friday
  • Ubuntu 17.10 (Artful Aardvark) End of Life reached on July 19 2018
  • Hacked Passwords Being Used In Blackmail Attempt -- Expect More Of This

    This was immediately obvious as a scam from a hacked database of passwords. Besides the fact that I haven't used that particular password in ages (and even when I did, it was the password I used for "unimportant" sites), there are a whole bunch of other reasons why it was obvious that the email was fake and it would be literally impossible for the person to have whatever it was they claimed to have on me. I found it funny enough that I reached out to some other folks to see if this was getting around, and a few people told me they'd seen similar ones, noting that the final note about sending it to "9 friends" appeared to be an increase from the usual of "5" that they had seen before.

    Indeed, Brian Krebs, who is always on top of these things, wrote a story about how a bunch of people got these emails last week. That one only asked for $1400, and also promised to send it to 5 friends. It has a few other slight differences to the one I received, but is pretty clearly sent by the same person/team of people with just a few modifications. Like the ones that Krebs reported on, mine appeared to come from an outlook.com email address. As Krebs notes, he expects that this particular scam is about to get a lot more popular, and will probably use a lot more recent set of passwords:

  • Hacker Summer Camp 2018: Cyberwar?

    I actually thought I was done with the pre-con portion of my Hacker Summer Camp blog post series, but it turns out that people wanted to know more about “the most dangerous network in the world”. Specifically, I got questions about how to protect yourself in this hostile environment, like whether people should bring a burner device, how to avoid getting hacked, what to do after the con, etc.

    [...]

    There’s never a guarantee of security, but with updated devices & good security hygiene, you can survive the DEF CON networks.

  • Amazon, Reddit And Others Fail To Warn Us About Dumb Passwords

    Believe it or not, there is still a large number of people who use passwords such as “password,” “password123”, “[dog’s name]1” and others along the same lines. And in the era of sophisticated hacking, these passwords are not exactly “safe.”

  • Decade of research shows little improvement in password guidance

Security: Updates, First PGPainless Release, and 'The Cloud'

Filed under
Security
  • Security updates for Thursday
  • First PGPainless Release!

    PGPainless 0.0.1-alpha1 is the first non-snapshot release and is available from maven central. It was an interesting experience to go through the process of creating a release and I’m looking forward to have many more releases in the future Smile

    The current release contains a workaround for the bug I described in an earlier blog post. The issue was, that bouncycastle wouldn’t mark the public sub keys of a secret key ring as sub keys, which results in loss of keys if the user tries to create a public key ring from the exported public keys. My workaround fixes the issue by iterating through all sub keys of an existing key ring and converting the key packages of subkeys to subkey packages. The code is also available as a gist.

  • Thousands of US voters' data exposed by robocall firm

    A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password. 

    The bucket contained close to 2,600 files, including spreadsheets and audio recordings, for several US political campaigns.

    Kromtech Security's Bob Diachenko, who discovered the exposed data and blogged his findings, shared prior to publication several screenshots of data, packed with voters' full names, home addresses, and political affiliations.

  • Another Day, Another Pile Of Voter Data Left Laying Around On A Public Server

    Leaving private voter or customer data easily accessible on a public-facing server is the hot new fashion trend. You'll recall that it's a problem that has plagued the Defense Department, GOP data firm Deep Root Analytics (198 million voter records exposed), Verizon's marketing partners (6 million users impacted), Time Warner Cable (4 million users impacted), and countless other companies or partners that failed to implement even basic security practices. And it's a trend that shows no sign of slowing down despite repeated, similar stories (much of it thanks to analysis by security researcher Chris Vickery).

    This week yet another pile of private voter data was left publicly accessible for anybody to peruse. According to analysis by Kromtech Security’s Bob Dianchenko, a Virginia-based political consulting and robocalling company by the name of Robocent publicly exposed 2,600 files, including voter file spreadsheets (including voter phone numbers, names, addresses, political affiliations, gender, voting districts and more) and audio recordings for a number of political campaigns.

Security: Spectre V1, Gentoo, Google’s Servers and Denuvo DRM

Filed under
Security
  • Spectre V1 defense in GCC
  • Signing and distributing Gentoo

    The compromise of the Gentoo's GitHub mirror was certainly embarrassing, but its overall impact on Gentoo users was likely fairly limited. Gentoo and GitHub responded quickly and forcefully to the breach, which greatly limited the damage that could be done; the fact that it was a mirror and not the master copy of Gentoo's repositories made it relatively straightforward to recover from. But the black eye that it gave the project has led some to consider ways to make it even harder for an attacker to add malicious content to Gentoo—even if the distribution's own infrastructure were to be compromised.

    Unlike other distributions, Gentoo is focused on each user building the software packages they want using the Portage software-management tool. This is done by using the emerge tool, which is the usual interface to Portage. Software "packages" are stored as ebuilds, which are sets of files that contain the information and code needed by Portage to build the software. The GitHub compromise altered the ebuilds for three packages to add malicious content so that users who pulled from those repositories would get it.

    Ebuilds are stored in the /usr/portage directory on each system. That local repository is updated using emerge --sync (which uses rsync under the hood), either from Gentoo's infrastructure or one of its mirrors. Alternatively, users can use emerge-webrsync to get snapshots of the Gentoo repository, which are updated daily. Snapshots are individually signed by the Gentoo infrastructure OpenPGP keys, while the /usr/portage tree is signed by way of Manifest files that list the hash of each file in a directory. The top-level Manifest is signed by the infrastructure team, so following and verifying the chain of hashes down to a particular file (while also making sure there are no unlisted files) ensures that the right files are present in the tree.

  • Here’s How Hackers Are Using Google’s Servers To Host Malware For Free
  • Pirates Punish Denuvo-Protected Games With Poor Ratings

    Denuvo's anti-piracy technology is a thorn in the side of game pirates. While it has been defeated on several occasions recently, the strict anti-piracy measures have not been without consequence. According to new research, Denuvo has frustrated pirates to a point where they sabotage reviews on Metacritic, leading to significantly lower ratings for protected games.

Security: SSL, Microsoft Windows TCO, Security Breach Detection and SIM Hijackers

Filed under
Security
  • Why Does Google Chrome Say Websites Are “Not Secure”?

    Starting with Chrome 68, Google Chrome labels all non-HTTPS websites as “Not Secure.” Nothing else has changed—HTTP websites are just as secure as they’ve always been—but Google is giving the entire web a shove towards secure, encrypted connections.

  • Biggest Voting Machine Maker Admits -- Ooops -- That It Installed Remote Access Software After First Denying It [Ed: Microsoft Windows TCO]

    We've been covering the mess that is electronic voting machines for nearly two decades on Techdirt, and the one thing that still flummoxes me is how are they so bad at this after all these years? And I don't mean "bad at security" -- though, that's part of it -- but I really mean "bad at understanding how insecure their machines really are." For a while everyone focused on Diebold, but Election Systems and Software (ES&S) has long been a bigger player in the space, and had just as many issues. It just got less attention. There was even a brief period of time where ES&S bought what remained of Diebold's flailing e-voting business before having to sell off the assets to deal with an antitrust lawsuit by the DOJ.

    What's incredible, though, is that every credible computer security person has said that it is literally impossible to build a secure fully electronic voting system -- and if you must have one at all, it must have a printed paper audit trail and not be accessible from the internet. Now, as Kim Zetter at Motherboard has reported, ES&S -- under questioning from Senator Ron Wyden -- has now admitted that it installed remote access software on its voting machines, something the company had vehemently denied to the same reporter just a few months ago.

  • Bringing cybersecurity to the DNC [Ed: Microsoft Windows TCO. Microsoft Exchange was used.]

    When Raffi Krikorian joined the Democratic National Committee (DNC) as chief technology officer, the party was still reeling from its devastating loss in 2016 — and the stunning cyberattacks that resulted in high-level officials’ emails being embarrassingly leaked online.

  • Getting Started with Successful Security Breach Detection

    Organizations historically believed that security software and tools were effective at protecting them from hackers. Today, this is no longer the case, as modern businesses are now connected in a digital global supply ecosystem with a web of connections to customers and suppliers. Often, organizations are attacked as part of a larger attack on one of their customers or suppliers. They represent low hanging fruit for hackers, as many organizations have not invested in operationalizing security breach detection.

    As this new reality takes hold in the marketplace, many will be tempted to invest in new technology tools to plug the perceived security hole and move on with their current activities. However, this approach is doomed to fail. Security is not a "set it and forget it" type of thing. Defending an organization from a breach requires a careful balance of tools and operational practices -- operational practices being the more important element.

  • The SIM Hijackers

    By hijacking Rachel’s phone number, the hackers were able to seize not only Rachel’s Instagram, but her Amazon, Ebay, Paypal, Netflix, and Hulu accounts too. None of the security measures Rachel took to secure some of those accounts, including two-factor authentication, mattered once the hackers took control of her phone number.

At Rest Encryption

Filed under
Security

There are many steps you can take to harden a computer, and a common recommendation you'll see in hardening guides is to enable disk encryption. Disk encryption also often is referred to as "at rest encryption", especially in security compliance guides, and many compliance regimes, such as PCI, mandate the use of at rest encryption. This term refers to the fact that data is encrypted "at rest" or when the disk is unmounted and not in use. At rest encryption can be an important part of system-hardening, yet many administrators who enable it, whether on workstations or servers, may end up with a false sense of security if they don't understand not only what disk encryption protects you from, but also, and more important, what it doesn't.

Read more

Linux Security

Filed under
Linux
Security
  • Security updates for Wednesday
  • PTI Support To Address Meltdown Nearing The Finish Line For x86 32-bit Linux

    While Page Table Isolation (PTI/KPTI) has been available since the Meltdown CPU vulnerability was disclosed at the start of the year, that's been for x86_64 Linux while the x86 32-bit support has remained a work-in-progress and only relatively recently has come together.

    Joerg Roedel sent out the eighth version of the x86-32 PTI patches today, which address feedback following a good round of review. This latest page table isolation work for x86 32-bit address more developer feedback and tidies up some of the code.

  • Linux To Better Protect Entropy Sent In From User-Space

    Fedora has begun utilizing a user-space jitter entropy daemon for feeding entropy to the kernel at boot time in case not enough is available for the kernel's random needs. But with that approach not being from a true hardware random number generator, a patch worked out by veteran Linux kernel developer Ted Ts'o will mix in RdRand entropy.

    Fedora has resorted to a user-space jitter entropy daemon to workaround slow boot times on a sub-set of systems/VMs when using recent kernels. A change was made to the kernel earlier this year for addressing CVE-2018-1108, which is about a weakness in the kernel's random seed data whereby early processes in the boot sequence could not have random enough data. But the fix dramatically slows down systems booting by waiting until sufficient entropy is available. This is problematic particularly for VMs where virtio-rng is not present. For some users, they can't get the system(s) booted on affected kernels unless tapping on keyboard keys enough times for generating sufficient entropy.

  • Linux 4.17.8

    I'm announcing the release of the 4.17.8 kernel.

    This is to fix the i386 issue that was in the 4.17.7 release.  All should be fine now.

  • SPECTRE Variant 1 scanning tool
  • When your software is used way after you EOL it.

    One of my first jobs was working on a satellite project called ALEXIS at Los Alamos National Laboratory and had been part of a Congressional plan to explore making space missions faster and cheaper. This meant the project was a mix-mash of whatever computer systems were available at the time. Satellite tracking was planned on I think a Macintosh SE, the main uploads and capture were a combination of off the shelf hardware and a Sparc 10. Other analysis was done on spare Digital and SGI Irix systems. It was here I really learned a lot about system administration as each of those systems had their own 'quirks' and ways of doing things.

    I worked on this for about a year as a Graduate Research Assistant, and learned a lot about how many projects in science and industrial controls get 'frozen' in place way longer than anyone writing the software expects. This is because at a certain point the device becomes cheaper to keep running than replace or even updating. So when I was watching this USGS video this morning,

Red Hat and CentOS Fix Kernel Bug in Latest OS Versions, Urge Users to Update

Filed under
OS
Red Hat
Security

It would appear the there was a bug in the previous Linux kernel update for the Red Hat Enterprise Linux 7.5 and CentOS Linux 7.5 releases, which was released to address the Spectre V4 security vulnerability, making connection tracking information to not function correctly, which could lead to connectivity loss and leaking of configuration properties related to the respective connection tracking into other namespaces.

"Previously, the connection tracking information was not cleared properly for packets forwarded to another network namespace," said Red Hat in an advisory. "Packets that were marked with the "NOTRACK" target in one namespace were excluded from connection tracking even in the new namespace. Consequently, a loss of connectivity occasionally occurred, depending on the packet filtering ruleset of the other network namespaces."

Read more

Also: Red Hat Open-Sources Scanner That Checks Linux Binaries For Spectre V1 Potential

Red Hat Continues Driving Wonderful Innovations In Fedora Workstation

Security: Back Doors in Voting Machines, Two-Factor Authentication, Introduction to Cybersecurity, and Reproducible Builds

Filed under
Security
  • Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

    The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

    In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

    The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

  • PSA: Make Sure You Have a Backup for Two-Factor Authentication
  • An Introduction to Cybersecurity: The First Five Steps

    You read all these headlines about the latest data breaches, and you worry your organization could be next.

    After all, if TalkTalk, Target, and Equifax can’t keep their data safe, what chance do you have?

    Well, thankfully, most organizations aren’t quite as high profile as those household names, and probably don’t receive quite so much attention from cybercriminals. At the same time, though, no organization is so small or insignificant that it can afford to neglect to take sensible security measures.

    If you’re just starting to take cybersecurity seriously, here are five steps you can take to secure your organization more effectively than 99 percent of your competitors.

  • Reproducible Builds: Weekly report #168

Security Leftovers

Filed under
Security
Syndicate content

More in Tux Machines

Load balancing with HAProxy, Nginx and Keepalived in Linux

Configure your server to handle high traffic by using a load balancer and high availability. This tutorial shows you how to achieve a working load balancer configuration withHAProxy as a load balancer, Keepalived as a High Availability and Nginx for web servers. Read more

today's leftovers

  • Chromebook Users Will Soon Be Able to Install Debian Packages via the Files App
    Google continues to work on the Linux app support implementation for its Linux-based Chrome OS operating system for Chromebooks by adding initial support for installing Debian packages via the Files app. Linux app support in Chrome OS is here, but it's currently in beta testing as Google wants to make it ready for the masses in an upcoming stable Chrome OS release. Meanwhile, Google's Chrome OS team details in a recent Chromium Gerrit commit initial support for installing Linux packages in the .deb file format used by Debian-based operating systems directly from the Files app.
  • Phoronix Test Suite 8.2 Milestone 1 Released For Open-Source Benchmarking
    The first development snapshot of Phoronix Test Suite 8.2 is now available as what will be the next quarterly feature update to our open-source Linux / BSD / macOS / Windows automated benchmarking software and framework.
  • How To Install Plex Media Server on CentOS 7
  • How to Recover Files from Corrupted or Damaged ReiserFS File Systems? DiskInternals Has the Answer
  • DXVK 0.63 Released With Support For NVIDIA's Latest Driver
    For those planning to enjoy their favorite Direct3D 11 games under Wine this weekend and utilizing the DXVK D3D11-over-Vulkan layer for greater performance, DXVK 0.63 is now available. First up with DXVK 0.63 is compatibility with the newly-released NVIDIA 396.45 stable driver release due to Vulkan driver changes.
  • Northgard introduces the Clan of the Snake in a new DLC
    Thriving in the harsh northern lands in Northgard isn’t particularly easy and the new Snake Clan faction adds a few twists to the enjoyable Viking experience. An update that released alongside the DLC also adds several bells and whistles to all players for free.
  • Meg Ford: GUADEC 2018
    I was particularly interested in and disappointed by Michael Catanzaro's talk "Migrating from JHBuild to BuildStream". I appreciate all the time and effort the Release Team has put into maintaining and developing the build systems, so I'm including my experience here as an example, not as a criticism. Over time I've gotten used to JHBuild and become adept at searching for and fixing its sometimes bizarre error messages. A few months ago, after running into some modules that failed on JHBuild, I read the announcement about GNOME's modulesets moving to BuildStream. I spent a couple days removing JHBuild and rebuilding everything in BuildStream. Except I ran out of disk space. So I removed as much as I could and started over. Except then PulseAudio wouldn't work. Luckily I'd occasionally run into the same errors caused by an unavailable PulseAudio daemon when I was using JHBuild. I tried restarting the daemon, etc, and looked for info on the subject. In the end it turned out that PulseAudio wasn't available within the sandbox, so I scrapped BuildStream and went back to JHBuild. Going forward, I'm planning to move from JHBuild to using FlatPak, Builder, and GNOME's nightly runtime build. I'm happy that the community is providing solutions, and, while things are still in a confusing state, at least they are moving quickly in interesting and promising directions.
  • On Flatpak Nightlies
    As far as I know, it was not possible to run any nightly applications during this two week period, except developer applications like Builder that depend on org.gnome.Sdk instead of the normal org.gnome.Platform. If you used Epiphany Technology Preview and wanted a functioning web browser, you had to run arcane commands to revert to the last good runtime version. This multi-week response time is fairly typical for us. We need to improve our workflow somehow. It would be nice to be able to immediately revert to the last good build once a problem has been identified, for instance. Meanwhile, even when the runtime is working fine, some apps have been broken for months without anyone noticing or caring. Perhaps it’s time for a rethink on how we handle nightly apps. It seems likely that only a few apps, like Builder and Epiphany, are actually being regularly used. The release team has some hazy future plans to take over responsibility for the nightly apps (but we have to take over the runtimes first, since those are more important), and we’ll need to somehow avoid these issues when we do so. Having some form of notifications for failed builds would be a good first step.
  • TLS 1.3 Via GnuTLS Is Planned For Fedora 29
    The feature list for Fedora 29 continues growing and the latest is about shipping GnuTLS with TLS 1.3 support enabled. TLS 1.3 was approved by the Internet Engineering Task Force earlier this year as the newest version of this protocol for making secure web connections that is key to HTTPS. TLS 1.3 offers various security and performance improvements over TLS 1.2 as well as lower-latency, better handling of long-running sessions, etc.
  • Xubuntu 17.10 EOL
    On Thursday 19th July 2018, Xubuntu 17.10 goes End of Life (EOL). For more information please see the Ubuntu 17.10 EOL Notice.
  • Linux Mint developers planning big Cinnamon 4.0 improvements
    Linux Mint is one of the most popular Linux-based desktop operating systems for a reason -- it’s really good. By leveraging the excellent Ubuntu for its base, and offering a top-notch user experience, success is pretty much a guarantee. While the distribution primarily focuses on two desktop environments -- Mate and Cinnamon -- the latter is really the star of the show. Cinnamon is great because it uses a classic WIMP interface that users love, while also feeling modern. With Cinnamon 3.8, the Linux Mint Team focused on improving the DE's performance, and today, the team shares that it is continuing that mission with the upcoming 4.0. In particular, the team is focusing on Vsync.

OSS and Sharing Leftovers

  • Crowdfunding for extension management in GIMP (and other improvements)
    Well that’s the big question! Let’s be clear: currently security of plug-ins in GIMP sucks. So the first thing is that our upload website should make basic file type checks and compare them with the metadata listing. If your metadata announces you ship brushes, and we find executables in there, we would block it. Also all executables (i.e. plug-ins or scripts) would be held for manual review. That also means we’ll need to find people in the community to do the review. I predict that it will require some time for things to set up smoothly and the road may be bumpy at first. Finally we won’t accept built-files immediately. If code is being compiled, we would need to compile it ourselves on our servers. This is obviously a whole new layer of complexity (even more because GIMP can run on Linux, Windows, macOS, BSDs…). So at first, we will probably not allow C and C++ extensions on our repository. But WAIT! I know that some very famous and well-maintained extensions exist and are compiled. We all think of G’Mic of course! We may make exceptions for trustworthy plug-in creators (with a well-known track record), to allow them to upload their compiled plug-ins as extensions. But these will be really exceptional. Obviously this will be a difficult path. We all know how security is a big deal, and GIMP is not so good here. At some point, we should even run every extension in a sandbox for instance. Well some say: the trip is long, but the way is clear.
  • Python's founder steps down, India's new net neutrality regulations, and more open source news
    The head of one of the most popular free software/open source software projects is stepping down. Guido van Rossum announced that he's giving up leadership of the project he founded, effective immediately. van Rossum, affectionately known as Python's "benevolent dictator for life," made the move after the bruising process of approving a recent enhancement proposal to the scripting language. He also cited some undisclosed medical problems as another factor in his resignation. van Rossum stated that he "doesn't want to think as hard about his creation and is switching to being an 'ordinary core developer'," according to The Inquirer. van Rossum, who "has confirmed he won't be involved in appointing his replacement. In fact, it sounds very much like he doesn't think there should be one," believes that Python's group of committers can do his job.
  • FLIR Creates Open-Source Dataset for Driving Assistance
    Sensor systems developer FLIR Systems Inc. has announced an open-source machine learning thermal dataset designed for advanced driver assistance systems (ADAS) and self-driving vehicle researchers, developers, and auto manufacturers, featuring a compilation of more than 10,000 annotated thermal images of day and nighttime scenarios. The first of its kind to include annotations for cars, other vehicles, people, bicycles, and dogs, the starter thermal dataset enables developers to begin testing and evolving convolutional neural networks with the FLIR Automotive Development Kit (ADKTM). The dataset empowers the automotive community to quickly evaluate thermal sensors on next-generation algorithms. When combined with visible light cameras, lidar, and radar, thermal sensor data paired with machine learning helps create a more comprehensive and redundant system for identifying and classifying roadway objects, especially pedestrians and other living things.
  • Open-source map of accessible restaurants in Calgary growing into something beautiful
    A call on Twitter for a list of accessible restaurants has led to an online mapping movement to plot out user-friendly restaurants around the city. On Monday, Calgary-based tech entrepreneur Travis Martin saw a tweet from Natasha Gibson (@ktash) asking Councillor Druh Farrell if she knew of some accessible restaurants for her senior parents.
  • Universities in Germany and Sweden Lose Access to Elsevier Journals [iophk: "sci-hub to the rescue"]

    This month, approximately 300 academic institutions in Germany and Sweden lost access to new papers published in Elsevier’s journals due to a standstill in negotiations for nationwide subscription contracts. While Elsevier’s papers remain inaccessible, academics are turning to alternative means of obtaining them, such as using inter-library loan services, emailing authors, finding earlier versions on preprint servers, or buying individual papers.

  • Open Source Laboratory Rocker is Super Smooth
    Lab equipment is often expensive, but budgets can be tight and not always up to getting small labs or researchers what they need. That’s why [akshay_d21] designed an Open Source Lab Rocker with a modular tray that uses commonly available hardware and 3D printed parts. The device generates precisely controlled, smooth motion to perform automated mild to moderately aggressive mixing of samples by tilting the attached tray in a see-saw motion. It can accommodate either a beaker or test tubes, but since the tray is modular, different trays can be designed to fit specific needs.
  • Update on our planned move from Azure to Google Cloud Platform
    Improving the performance and reliability of GitLab.com has been a top priority for us. On this front we've made some incremental gains while we've been planning for a large change with the potential to net significant results: running GitLab as a cloud native application on Kubernetes. The next incremental step on our cloud native journey is a big one: migrating from Azure to Google Cloud Platform (GCP). While Azure has been a great provider for us, GCP has the best Kubernetes support and we believe will the best provider for our long-term plans. In the short term, our users will see some immediate benefits once we cut over from Azure to GCP including encrypted data at rest on by default and faster caching due to GCP's tight integration with our existing CDN.

Openwashing Examples

  • Ripple’s Evan Schwartz says Codius might pave the way for open-source services
    The Creator of Codius, Evan Schwartz, spoke about the technology recently at CSAIL Initiative Launch. Codius is a smart contract and distributed applications hosting platform developed jointly by Stefan Thomas, the Founder of Coil, and Evan Schwartz. Schwartz started off by saying that Codius is much more flexible in hosting decentralized applications when compared to the blockchain. The reason for many developers to choose the blockchain is mainly security and redundancy.
  • Nish Tech Simplifies eCommerce Integrations With the Launch of Open-Source Framework for Sitecore Commerce
    Nish Tech, a leader in Sitecore and eCommerce implementations, released a framework to the user community to accelerate and simplify development and integration for ecommerce sites. Nish Tech, a Gold Sitecore Implementation Partner with a specialization in eCommerce, initially unveiled a preview at the European Sitecore User Group summit in Berlin, Germany earlier this year. Today marks the official launch of this framework. In most online ecommerce implementations, integration with backend systems like ERP (Enterprise Resource Planning) and PIM (Product Information Management) play an important role. Most companies spend significant time/effort building connections to these systems. Customers using a modern ecommerce platform, like Sitecore Experience Commerce in the digital commerce space need a communication link to the backend systems to complete ecommerce transactions.
  • Appareo offers open source on fourth-generation Stratus receiver
    Appareo released a new addition to its Stratus family of pilot-friendly affordable avionics this week. Stratus 3 is the latest model in the line of industry-leading ADS-B receivers first introduced in 2012. The company will exhibit Stratus 3 as part of its full line of Stratus products next week at the annual EAA AirVenture Oshkosh 2018 fly-in and expo.