Language Selection

English French German Italian Portuguese Spanish

OSS

Kubernetes: KubeDR, Elastic and Bug Bounty

Filed under
Server
OSS
  • Catalogic Software Announces KubeDR – Open Source Kubernetes Disaster Recovery

    Catalogic Software, a developer of innovative data protection solutions, today announced the introduction of its Catalogic open source utility, KubeDR, built to provide backup and disaster recovery for Kubernetes cluster configuration, certificates and metadata. Kubernetes is the fastest growing and most popular platform for managing containerized workloads in hybrid cloud environments. Catalogic is also launching cLabs to support new products, open source initiatives and innovations, such as KubeDR.

    Kubernetes stores cluster data in etcd, an interface that collects configuration data for distributed systems. While there are solutions focused on protecting persistent volumes, the cluster configuration data is often forgotten in existing industry solutions. There is a market need to provide the specific requirements of backup and support for Kubernetes cluster data stored in etcd. Catalogic’s new KubeDR is a user-friendly, secure, scalable and an open source solution for backup and disaster recovery designed specifically for Kubernetes applications.

  • Elastic Brings Observability Platform to Kubernetes

    Elastic N.V. announced this week that Elastic Cloud, a subscription instance of an observability platform based on the open source Elasticsearch engine, is generally available on Kubernetes.

    Anurag Gupta, principal product manager for Elastic Cloud, deploying Elastic Cloud for Kubernetes (ECK) eliminates the need to invoke an instance of the platform running outside their Kubernetes environment.

  • Kubernetes Launches Bug Bounty

    Kubernetes, the open-source container management system, has opened up its formerly private bug bounty program and is asking hackers to look for bugs not just in the core Kubernetes code, but also in the supply chain that feeds into the project.

    The new bounty program is supported by Google, which originally wrote Kubernetes, and it’s an extension of what had until now been an invitation-only program. Google has lent financial support and security expertise to other bug bounty programs for open source projects. The range of rewards is from $100 to $10,000 and the scope of what’s considered a valid target is unusual.

  • Google Partners With CNCF, HackerOne on Kubernetes Bug Bounty
  • CNCF, Google, and HackerOne launch Kubernetes bug bounty program

    Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Originally designed by Google and now run by the CNCF, Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Given the hundreds of startups and enterprises that use Kubernetes in their tech stacks, it’s significantly cheaper to proactively plug security holes than to deal with the aftermath of breaches.

Shotcut is an open source video editor for Windows, Linux, and macOS

Filed under
OSS

Last month, we talked about SimpleVideoCutter. This time, we'll be looking at a more advanced video editor called Shotcut.

Shotcut is an open source video editor for the Windows, Linux, and macOS operating systems. The application has a ton of features, and in this review, I'm giving you an overview of the program's main functionality.

The start screen of the application looks complex, but once you get past it, the program turns out to be user-friendly. First things first: select the project folder, name and video mode (resolution) and click on the Start button. There are some panels on the left and right sides of the screen, these are the Filters, Peak Meter and the Recent panes. You can close these if you don't need them, they can be recalled from the toolbar at the top. The GUI should look simpler already.

Read more

Events: XDC2020, SUSECON and Xen Project Developer & Design Summit

Filed under
OSS
  • X.Org's XDC2020 May Abandon Poland Conference To Find More Welcoming European Location

    Hopefully you didn't yet book your tickets to XDC2020 as the annual X.Org conference as the venue -- and host country for that matter -- may change.

    The annual X.Org Developers' Conference flips each year between different venues in North American and Europe. Last year it was announced XDC2020 would be hosted in Gdansk, Poland by a local Polish crew at Intel. But now that decision is being reassessed over finding a more welcoming and inclusive country for the event.

  • Top 5 Reasons Why You CAN’T MISS SUSECON 2020

    A new year, a new decade, and a new SUSE (now fully independent), all coalesce to a new SUSECON—bigger, more inspiring, and more focused on the world we live in than ever before. Like a pot of gold, SUSECON 2020 will be full of life-enhancing moments to make your world better. Here are the top five riches you have to look forward to when the rainbow lands in Dublin, March 23 – 27, 2020.

  • Xen Project Design and Developer Summit: Registration and CFP Open Now!

    Starting today, registration and Call for Proposals officially opens for the Xen Project Developer & Design Summit. This year’s Summit, taking place from June 2nd through the 4th at the PRECIS Center in Bucharest, Romania, will bring together the Xen Project community of developers and power users to share ideas, latest developments, and experiences, as well as offer opportunities to plan and collaborate on all things Xen Project.

    If you’d like to present a talk at the Summit, the Call For Proposals is open now and will close Friday, March 6, 2020.

    The Xen Summit brings together key developers in this community and is an ideal sponsorship opportunity. If you are interested in sponsoring this year’s event, check out the Sponsorship Page. For information regarding registration, speaking opportunities and sponsorships, head over the event website and learn more!

MNT Reform 2 Open Source DIY Arm Linux Modular Laptop Coming Soon (Crowdfunding)

Filed under
Linux
OSS

We first covered MNT Reform in fall of 2017, when it was a prototype for a DIY and modular laptop powered by NXP i.MX 6QuadPlus processor, and with plans to eventually use i.MX 8 hexa-core processor.

Last year they designed several beta units of Reform to get feedback for a dozen users, and have now fully redesigned the laptop based on an NXP i.MX 8M system-on-module with the crowdfunding campaign expected to go live in February on Crowd Supply.

The goals of the project are to provide an open-source hardware laptop that avoids binary blobs as much as possible and is environmentally friendly. These goals guided many of the technical decisions.

For example, there are many NXP i.MX 8M SoM’s, but MNT selected Nitrogen8M as the schematics are available after registration on Boundary Devices website, and that means people wanting to create their own module compatible with Reform 2 could do so.

Read more

One open source chat tool to rule them all

Filed under
OSS

Last year, I brought you 19 days of new (to you) productivity tools for 2019. This year, I'm taking a different approach: building an environment that will allow you to be more productive in the new year, using tools you may or may not already be using.

Instant messaging and chat have become a staple of the online world. And if you are like me, you probably have about five or six different apps running to talk to your friends, co-workers, and others. It really is a pain to keep up with it all. Thankfully, you can use one app (OK, two apps) to consolidate a lot of those chats into a single point.

Read more

Open source: A matter of license and lock-in

Filed under
Red Hat
OSS

Recently, a few bits of newsworthy information hit the open source landscape. Separately, these pieces of news were not that glaring, but when you put them together something a bit more ominous comes into focus--something I never would have thought to be an issue within the open source community.

Before I get into this, I want to preface this by saying I am not usually one to cry foul, wolf, or squirrel! I prefer to let those pundits who make a living at gleaning the important bits out of the big bowl of alphabet soup and draw their own conclusions. But this time, I think it's important I chime in.

Yes, at this very moment I am donning my tin foil hat. Why? Because I think it's necessary. And with me sporting that shiny chapeau, understand every word you are about to read is conjecture.

Read more

Also: Why Did Red Hat Drop Its Support for Docker's Runtime Engine?

7 things I learned from starting an open source project

Filed under
OSS

I'm currently involved—heavily involved—in Enarx, an open source (of course!) project to support running sensitive workloads on untrusted hosts. I've had involvement in various open source projects over the years, but this is the first for which I'm one of the founders. We're at the stage now where we've got a fair amount of code, quite a lot of documentation, a logo, and (important!) stickers. The project will hopefully be included in a Linux Foundation group—the Confidential Computing Consortium—so things are going very well indeed.

I thought it might be useful to reflect on some of the things we did to get things going. To be clear, Enarx is a particular type of project, one that we believe has commercial and enterprise applications. It's also not mature yet, and we'll have hurdles and challenges along the way. What's more, the route we've taken won't be right for all projects, but hopefully, there's enough here to give a few pointers to other projects or people considering starting one up.

Read more

OSS Leftovers

Filed under
OSS
  • Meet the newest Collaborans!

    What better way to start the new year than by highlighting the newest members of our engineering and administrative teams who joined in Q4 2019!

    Based in Italy, Portugal, the United Kingdom and Greece, these newest Collaborans join our worldwide team of highly skilled engineers, developers and managers who all share a common passion for technology and Open Source.

  • MariaDB X4 brings smart transactions to open source database

    MariaDB has come a long way from its MySQL database roots. The open source database vendor released its new MariaDB X4 platform, providing users with "smart transactions" technology to enable both analytical and transactional databases.

    MariaDB, based in Redwood City, Calif., was founded in 2009 by the original creator of MySQL, Monty Widenius, as a drop-in replacement for MySQL, after Widenius grew disillusioned with the direction that Oracle was taking the open source database.

    Oracle acquired MySQL via its acquisition of Sun Microsystems in 2008. Now, in 2020, MariaDB still uses the core MySQL database protocol, but the MariaDB database has diverged significantly in other ways that are manifest in the X4 platform update.

    The MariaDB X4 release, unveiled Jan. 14, puts the technology squarely in the cloud-native discussion, notably because MariaDB is allowing for specific workloads to be paired with specific storage types at the cloud level, said James Curtis, senior analyst of data, AI and analytics at 451 Research.

  • SecureMyEmail makes really private email surprisingly simple

    The service also allows seamless, key-free transmission to other SecureMyEmail subscribers and to others who use PGP software such as the PGP-compatible free-software GNU Privacy Guard.

  • Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

    Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools.

    Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions.

    Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.

Proprietary Stuff and Openwashing

Filed under
OSS
  • Apple may have to abandon Lightning connector cable

    The cable is used to charge and sync many Apple devices, such as the iPhone.

    But members of the European Parliament urged the European Commission on Monday to force tech giants to adopt a single universal charging method.

  • Confidential computing promises secure cloud apps

    Enterprises, governments and other organizations all sit on vast troves of data that cannot be processed due to security and privacy concerns. To address this limitation, researchers and vendors have developed various confidential computing techniques to safely process sensitive data.

    Confidential computing is particularly important for organizations in heavily regulated industries or sectors where opportunities for running workloads on the public cloud are severely limited, such as government, telecommunications, healthcare and banking. Confidential computing protects data at rest, which enables organizations to deploy sensitive workloads off premises and provides further protection to sensitive workloads on premises.

    [..].

    "If projects and products can show regulators and legislators that the levels of security are sufficient to meet their requirements, then deployment to public clouds becomes plausible for a great many more applications and use cases," said Mike Bursell, chief security architect at Red Hat.

  • Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases

    LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”). Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases.

    Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times.

    “The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”

  • Microsoft: Application Inspector is now open source, so use it to test code security

16 Open Source Cloud Storage Software for Linux in 2020

Filed under
Server
OSS

The cloud by the name indicates something which is very huge and present over a large area. Going by the name, in a technical field, Cloud is something that is virtual and provides services to end-users in the form of storage, hosting of apps or virtualizing any physical space. Nowadays, Cloud computing is used by small as well as large organizations for data storage or providing customers with its advantages which are listed above.

Mainly, three types of Services come associated with Cloud which are: SaaS (Software as a Service) for allowing users to access other publically available clouds of large organizations for storing their data like Gmail, PaaS (Platform as a Service) for hosting of apps or software on Others public cloud ex: Google App Engine which hosts apps of users, IaaS (Infrastructure as a Service) for virtualizing any physical machine and availing it to customers to make them get feel of a real machine.

Read more

Syndicate content

More in Tux Machines

Open Hardware and OSS Leftovers

  • ESP Open Source Research Platform Enables the Design of RISC-V & Sparc SoC’s with Accelerators

    FOSDEM 2020 will take place next week, and there will be several interesting talks about open-source hardware and software development.

  • Open source power for classrooms: Arduino Uno WiFi Rev2 for CTC GO! joins Open Roberta

    Dream team for classrooms worldwide: Arduino Uno WiFi Rev2 for CTC GO! joins Open Roberta Lab, the biggest open source coding platform made in Europe. The Arduino Uno WiFi Rev2 is the fourth Arduino board to be integrated into the Open Roberta Lab, which is currently supporting a total of 13 robots and microcontrollers to enable children worldwide to adopt a playful approach to coding. By “dragging and dropping” the colorful programming blocks called “NEPO” hundreds of thousands of users worldwide from more than 100 countries per year create their own programs to make their hardware come to life.

  • Boston Dynamics Robot Dog Now Freely Available to All as Open-Source Code

    Boston Dynamics‘ robot dog Spot has gone through extensive updates in order to become the finished product it is today, and now the Softbank-owned company will make the bot’s SDK available to everyone via GitHub. The release will allow developers and robotics alike to “develop custom applications that enable Spot to do useful tasks across a wide range of industries,” according to Boston Dynamics VP Michael Perry. The access was previously only open to early adopters, but now it’s available as open-source code. However, fellow developers will have to join Boston Dynamics’ early adopter program in order to lease a robot. The company says its to “create custom methods of controlling the robot, integrate sensor information into data analysis tools and design custom payloads which expand the capabilities of the base robot platform,” according to the company.

  • The programmer behind wildly popular open source project Jenkins and Atlassian Bitbucket's former head of product raised $3.2 million to speed up software testing
  • 6 Reasons Why Network Monitoring Software Should Be Open Source

    Open-source software (OSS) is built upon code that's free and available to anyone who needs it. It adheres to the Debian (Linux) free software guidelines. The only type of certification comes from the Open Source Initiative, which makes sure that coding listed as "open source" meets their criteria by a) Being available for distribution to anyone without any restrictions, b) Making sure the source code is available, and c) Including a license that stipulates that any modifications or improvements are released with a new name or version number. Unlike closed, proprietary code, open-source requires no licensing fees or permission as long as you adhere to the terms of service outlined by the developer. Although tech support is hit-or-miss and depends on the developer, it has a large and active community of developers who are happy to help you work out any issues. You'll also find dozens of digital libraries on the internet that contain base code, modules, and fully formed apps that you can use, alter, and share. There are many reasons why working with open source code is preferable, and these are especially applicable to network monitoring apps and tools.

  • 2020: Expect more from containers, open source and cloud

    2020 is the year in which open source will become even more fundamental to the success of companies as they move to become fully-fledged, digitally-led businesses; proprietary software will lose relevance; companies will increasingly turn to the cloud to deliver value and capitalise on growth opportunities; and containers will finally become mainstream. [...] He also believes that the new decade will herald unprecedented growth when it comes to companies not only becoming container-led but also cloud-native - ready to benefit even more from a cloud-centric (and open) landscape. “South African businesses are having more serious discussions around multi-cloud and hybrid cloud implementations. Throughout this, an open approach, relying on an agile approach through containers, gives organisations the impetus they need to be digital-first,” he says.

  • Rodney Don Holder: Here’s why open source AI is important for development

    As these names suggest, open source references a mindset popular in the Silicon Valley tech industry. Artificial intelligence and machine learning operate on computer coding and incredibly refined hardware components. The open-source mindset believes that making these batches of code and hardware blueprints available to the public does more for humanity than does keeping it all close to the chest. In contrast, Rodney Don Holder explains that a closed source approach seeks to protect code and hardware from the public eye. Their concern is more proprietary than it is collaborative. One example of closed source software is Apple as they work hard to maintain control of their software.

  • What is Apache Tomcat? Introducing the Widely Used Java Servlet and JSP Container

    What is Apache Tomcat? Essentially it’s an open-source Java servlet and Java Server Page container that lets developers implement an array of enterprise Java applications. Tomcat also runs a HTTP web server environment in which Java code can run. Three years after the original release of Java in 1995, Sun Microsystems architect James Duncan Davidson developed an open-source servlet reference implementation for the first Java Servlet API. Java servlets are small Java programs that define how responses and requests are handled by the server. A developer would write their servlet or JSP and let Tomcat conduct all of the routing and backend work.

  • Teledyne Extends S-Parameter Leadership with Open Source Software: SIGNALINTEGRITY

    Teledyne LeCroy, a worldwide leader in electronic test and measurement solutions and a business unit of Teledyne Technologies Incorporated, announces today the availability of an open-source software tool, SignalIntegrity, offering free solutions to signal integrity problems for design and test engineers. In order to avoid signal integrity issues in today's world of gigabit-per-second transfer rates, engineers must have superior tools for the necessary combination of simulation, modeling and measurement. The goal of this software is to provide free tools for solving real-time signal integrity problems. More than 1,500 users have downloaded the Python-based software since it has been made available.

  • Open source all-in-one DevOps platform: OneDev’s UI is easy to use

    Variety is the spice of life, and now there is another DevOps platform to choose from. OneDev is a new, all-in-one, open source Git server with a simple to use UI, customizable issue states and fields, and auto-refreshing issue boards. Browse some of its features and see how it compares to other popular tools. Who knows, maybe OneDev is the platform that you have been searching for.

  • DFINITY Foundation Demonstrated ‘LinkedUp’ Open Source Platform

    It also empowers the next generation of developers so that they can build a new breed of tamper-proof enterprise software systems and open internet services. They aim at democratizing software development. He also added that the Bronze release of the Internet Computer would provide the developers and enterprises with infinite possibilities of building on the Internet Computer. All of this is a reflection of the strength of the Dfinity team that they have made so far. Dfinity has also said that its Internet Computer Protocol enables a new type of software that goes by the name autonomous software. This software guarantees permanent APIs which cannot be revoked. [...] Their second major milestone is of demoing a decentralized web app called LinkedUp on the Internet Computer, which can run on an independent data center in Switzerland.

  • Google Open Sources Albert NLP

    Google has made ALBERT (A Lite BERT) available in an open source version. ALBERT is a deep-learning natural language processing model that the developers say uses far fewer parameters than BERT without sacrificing accuracy. Bidirectional Encoder Representations from Transformers, or BERT, is the self-supervised method released by Google in 2018. It has become known for the impressive results the technique has achieved on a range of NLP tasks while relying on un-annotated text drawn from the web. Most similar NLP systems are based on text that has been labeled specifically for a given task.

  • Scientists working with Google just published the most detailed brain scans ever created

    Google and its partners at the Janelia Research Campus today released the largest, most detailed set of brain scans ever published. The project encompasses nearly one-third of the brain of a fruit fly and includes detailed mappings for more than 25 thousand neurons featuring more than 20 million synapses. The best part: it’s all been released open-source to the public. This is a great day for science. [...] Luckily for organizations and individuals who can’t afford the resources it would take to build this particular project, Google and the scientists at the Janelia Research Campus have published the entire project open-source. Even better, the team painstakingly formatted the data, images, videos, and other information in a way that makes it easily accessible to everyday people and usable by world-class researchers.

  • People of WordPress: Robert Cheleuka

    You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. [...] Robert first came into contact with WordPress in 2014 when he and a friend started a local tech blog. Before that, all he knew was basic, outdated HTML from high school and some knowledge of Adobe Dreamweaver. They decided to use WordPress, and their new blog looked like it came from the future. They used a theme from the repo and got such positive feedback from the blog they decided to open a content and media publishing agency. While they got a few web redesign jobs thanks to the exposure the blog brought, they lacked the administrative and business skills needed and ended up going their separate ways. Then in his first real job after college Robert finally took it upon himself to learn the ins and outs of WordPress. He learned how to install WordPress on a server and did some research on customizing themes. With that knowledge alone he got his first web design clients and started earning nearly as much as he did at his job. Robert soon realized that free WordPress themes would only take him so far, especially with his limited code skills. Because in Malawi only people who travel abroad have access to credit cards, paying for premium themes was impossible. Like many WordPress designers in developing countries, Robert turned to using pirated themes instead. He knew that was both unsafe and unethical, and decided to learn how to code. Knowing how to build themes from scratch would surely help him rise above the competition.

  • Elastic: Big Data Needs Effective Search To Drive Value

    Elastic N.V. (ESTC) is a provider of opensource software which is used in applications like real time search and analytics. Elastic’s rapid growth is being driven by a rapid growth in the volume of data being generated globally and the need for improved search tools. Elastic potentially has a bright future even as cloud computing vendors introduce the same technology, provided the company continues to offer customers a compelling value proposition.

  • MariaDB Announces Cloud Native Open Source DB

    There's a new version of MariaDB that is designed to make it easier to develop apps using smart transactions and cloud-native data storage. MariaDB began life as an alternative to MySQL when Oracle took over the original MySQL. The new release, MariaDB X4, was announced by MariaDB Corp, which develops and sells an enterprise version of the open source MariaDB database management system. MariaDB has a SQL interface for accessing data, alongside GIS and JSON features.

Security Leftovers

  • Does Your Domain Have a Registry Lock?

    Dijkxhoorn said one security precaution his company had not taken with their domain prior to the fraudulent transfer was a “registry lock,” a more stringent, manual (and sometimes offline) process that effectively neutralizes any attempts by fraudsters to social engineer your domain registrar.

    With a registry lock in place, your registrar cannot move your domain to another registrar on its own. Doing so requires manual contact verification by the appropriate domain registry, such as Verisign — which is the authoritative registry for all domains ending in .com, .net, .name, .cc, .tv, .edu, .gov and .jobs. Other registries handle locks for specific top-level or country-code domains, including Nominet (for .co.uk or .uk domains), EURID (for .eu domains), CNNIC for (for .cn) domains, and so on.

  • Cisco Warns of Critical Network Security Tool Flaw

    The flaw exists in the web-based management interface of the Cisco Firepower Management Center (FMC), which is its platform for managing Cisco network security solutions, like firewalls or its advanced malware protection service. Cisco has released patches for the vulnerability (CVE-2019-16028), which has a score of 9.8 out of 10 on the CVSS scale, making it critical in severity.

  • No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down

    Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet. The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered various components of Rogers.com. The materials are marked "closed source" and copyright Rogers, yet can be found on the web if you know where to look. Details of and credentials for services and systems on the ISP's internal networks are included. This kind of information, along with source code to skim for security bugs, is a boon for miscreants casing the telco to compromise it. These details may have already been exploited by criminals, or may prove useful for future attacks. It's also a reminder that engineers and management must take all precautions to avoid pushing private company code to public repositories. It should be noted that no customer information nor account details – beyond the names, passwords, and email addresses of some members of the ISP's web development team – are present in the public code repository. The web app blueprints date back to 2015, so just how much of this code remains in production is unclear. One hopes the passwords and keys have been replaced over the past five years, at least. With any luck, this may well be more of an embarrassment to one of Canada's biggest broadband'n'telly telcos than anything else.

  • Rogers’ internal passwords and source code found open on GitHub

    Sensitive data of another major Canadian firm has been found sitting open on the GitHub developers platform. Security researcher Jason Coulls said he recently discovered two open accounts with application source code, internal user names and passwords, and private keys for Rogers Communications. No customer data was found. He suspects the code belonged to a developer who has left the telco. Coulls, who works in the IT department of a Toronto firm and has his own security consultancy, initially told The Register of the discovery, after which the news site contacted Rogers. One problem is the code he saw describes data payloads and how it goes between databases and web services. “You can use that to get to the stuff that people [thieves] would go after,” he explained.

  • How to patch your open source software vulnerabilities

    Software vulnerabilities are a fact of life. Researchers -- if not hackers -- constantly discover new ways to compromise popular software libraries. It's up to enterprises to quickly deploy patches to secure software before hackers get in. Consider the Equifax breach, in which a hacker exposed the data of more than 145 million users, resulting in $575 million in fines for the credit rating agency. A U.S. Senate investigation identified a backlog of over 8,500 unpatched vulnerabilities at Equifax -- the hacker gained access through just one of those unpatched systems. Vulnerability backlogs are especially prevalent within enterprises that rely on open source components. Nearly all applications make use of some open source components that take the place of either mundane or arcane coding tasks. An open source project often has an active community to maintain and augment it, but that's not always the case. Ultimately, open source software requires a leap of faith from the user that what they're adopting is secure and effective.

Entrapment and Digital Prisons (Microsoft GitHub and Sonos)

  • Microsoft open-sources ONNX Runtime model to speed up Google’s BERT

    This is the most recent leap forward in natural language for Microsoft, but not its first attempt to make Google’s BERT better. About a year ago, Microsoft AI researchers also released MT-DNN, a Transformer-based model that set new high performance standards for the GLUE language model performance benchmark.

  • GitHub now uses AI to recommend open issues in project repositories [Ed: Microsoft now uses mindless buzzwords like "HEY HI!!!" (AI) to market its proprietary software trap]
  • AVSystem Releases a New Version of Open-Source Anjay LwM2M SDK

    AVSystem is pleased to announce that an open-source version of Anjay 2.2.1 has just been released on GitHub.

  • See you later, Sonos: Meet the open-source audio system that would perhaps perhaps no longer ever die

    This week, Sonos launched — after which therefore retracted — that it would perhaps perchance ruin-of-life a assortment of popular audio streaming products made by the corporate at some level of its first 10 years in alternate. Sonos had made up our minds to complete improve on yarn of these first-skills products lack sufficient processing vitality and storage to accommodate contemporary aspects. Regardless that there delight in been many enhancements in presents, miniaturization, and general efficiency, loudspeaker skills has no longer fundamentally changed since its introduction in the 1920s. Offered that they’re no longer inclined outside their efficiency specifications, the drivers and cones can closing a long time. Diverse elements inner speakers encompass magnets constituted of ferrous and uncommon earth presents that attain no longer expire.

  • So long, Sonos: Meet the open-source audio system that will never die

    Sonos had decided to end support because these first-generation products lack sufficient processing power and storage to accommodate new features. Although there have been many improvements in materials, miniaturization, and overall performance, loudspeaker technology has not fundamentally changed since its introduction in the 1920s. Provided that they aren't used outside their performance specifications, the drivers and cones can last decades. Other components inside speakers include magnets made out of ferrous and rare earth materials that do not expire. In addition to solid-state MOSFET-based signal amplifiers, self-powered speakers also contain transformers, which are made of solid cores of metal wound with fine conductive wire. Updates to transformer technology in recent years include Gallium Nitride (GaN), which reduces heat and overall footprint. These components, particularly MOSFETs do not "go bad" unless they are abused, such as being subjected to high temperatures, very high voltages, or transient power spikes, which can be mitigated by a simple surge suppressor or power conditioner.

FUD and Openwashing Leftovers

  • Kevin Owocki on Gitcoin, Controversy and the Future of Open Source Funding

    Some of that controversy has been from outside the Ethereum community, pointing to Consensys and Ethereum Foundation support as an example of centralization. Some of the controversy has come from within, as debates rage about what is or isn’t an acceptable use of “public” resources.

  • Sonatype: Secure code with less hassle

    Software development has changed drastically over the past decade. Take a 22-year-old graduate with a degree in computer science. At one time, they would start off testing code, then start to write code line-by-line. Today, 80% of applications are developed using open source software. Instead of laboriously worrying over each caret and comma, code is grabbed and assembled. This can make for quick iterations and rapid project completion.

  • Lyft's open source asset tracking tool simplifies security

    The modern map -- in fact, any map since the Age of Sail -- serves an important purpose in navigation. Exploration feats, such as Magellan's circumnavigation of the globe, Lewis and Clark's American expedition, or more recent excursions to the Earth's polar regions, would not have been possible without mapping knowledge and ability. A cursory look at ancient or medieval history shows that early maps, prior to their use for navigation, served a different purpose entirely. The map in the 15th century manuscript La Fleur des Histoires was by no means intended to be geographically accurate. Instead, it was designed to convey a concept or idea -- in this case, the separation of ruling powers by region. However, the real power of mapmaking -- that is, for navigation -- would not be realized for generations.

  • vChain, the Makers of the CodeNotary Open Source Code Trust Solution With Over 9 Million Monthly Customer Integrity Verifications Raises $7 Million in Series A to Secure Today’s DevOps Process

    vChain, the leading trust and integrity company, announces the close of a $7M Series A investment round. Elaia, a leading European tech venture fund, led the new investment round which includes also other notable investors such as Swiss-based Bluwat and Acequia Capital (Seattle, USA). vChain was founded in late 2018 and released its first product in April 2019.

  • Open source licence series - WhiteSource: permissive is winning, but is there a hurt factor?
  • Open source licence series - Instaclustr: Is open core a rotten deal?

    Ideally, open source software should be, well, free and open.

  • Open source licence series - Percona: is the battle won, or is this a different war?

    Recently, the Cryptographic Autonomy License (CAL) was submitted for OSI consideration. As Holo’s co-founder Arthur Brock explains in his blog post, his goal is to protect end-user privacy and autonomy. Restrictions in this case focus not on whom, but how the software should be used. While many on the OSI board seem to support the licence, Bruce Perens, OSI co-founder and the person who drafted the original Open Source Definition (OSD), resigned from OSI saying, “… it seems to me that the organisation is rather enthusiastically headed toward accepting a licence that isn’t freedom-respecting. Fine, do it without me, please.”

  • Open Source Wood Innovation Award Given to an Active Member
  • Open Source Plant Material And Intellectual Property

    Today we hear the term “open source” more and more. It is a term that is most commonly identified with software and firmware development out of the Silicon Valley. However, the term is becoming common in the plant industry.

  • Garadget review: Open your garage door with open-source technology

    There’s no scheduling system nor (surprisingly) a logging system built into Garadget, but it does support Alexa, Google Assistant, SmartThings, IFTTT, and a whole host of lesser-known third-party tools, but all of that will invariably force you into the system’s forums again. For example, there are two Garadget Alexa skills, one for if you want to say “smart garage” and one for if you want to say “Garadget” to invoke the skill. Setting up a connection to SmartThings requires using Samsung’s developer tools.