Language Selection

English French German Italian Portuguese Spanish

OSS

Lessons from the rise and fall of an open source project

Filed under
OSS

Eight years ago, the CyanogenMod project exploded onto the mobile device software scene. The Android-based open source mobile operating system quickly caught the attention of developers, Android fans and investors, and attracted interest from tech giants including Microsoft and Google. But at the end of last year the project imploded spectacularly. Today the CyanogenMod project is no more, but the arc of its story offers fascinating insight into the world of open source software development.

Read more

Open source users: It’s time for extreme vetting

Filed under
Interviews
OSS

Open source software is the norm these days rather than the exception. The code is being written in high volumes and turning up in critical applications. While having this code available can offer big benefits, users also must be wary of issues the code can present and implement proper vetting.

Josh Bressers, cybersecurity strategist at Red Hat, emphasized this point during a recent talk with InfoWorld Editor at Large Paul Krill.

Read more

Do you know where that open source came from?

Filed under
OSS

Last year, while speaking at RSA, a reporter asked me about container provenance. This wasn’t the easiest question to answer because there is a lot of nuance around containers and what’s inside them. In response, I asked him if he would eat a sandwich he found on the ground. The look of disgust I got was priceless, but it opened up a great conversation.

Think about it this way: If there was a ham sandwich on the ground that looked mostly OK, would you eat it? You can clearly see it’s a ham sandwich. The dirt all brushed off. You do prefer wheat bread to white. So what’s stopping you? It was on the ground. Unless you’re incredibly hungry and without any resources, you won’t eat that sandwich. You’ll visit the sandwich shop across the street.

Read more

Leftovers: OSS and Sharing

Filed under
OSS
  • 10 trends that will impact open-source tech in Saudi Arabia

    OPEN source has become an integral piece of every developer’s arsenal. The power of the community, the wisdom of many, and the ability to hook into various systems and solutions make open source incredibly powerful.

    At A10, we contribute to and embrace open-source solutions and provide APIs to empower developers to integrate their tools into our systems.

  • Netflix open-sources a Slack bot that helps devs manage GitHub repos [Ed: What good is "Open Source" that requires proprietary software to do anything?]

    Netflix announced today the release of HubCommander, an open source Slack bot to track and manage GitHub organizations and repositories.

    Netflix is the second large company to launch a Slack bot today. Earlier in the day, PayPal released its Slack bot for peer-to-peer payments.

  • IBM pushes accessibility with open-source projects

    Today, IBM began a new push to make applications accessible to users with disabilities. The company announced that is has made two accessibility projects available under open-source licenses. These projects are designed to help developers determine if their applications support the needs of those with limited mobility or vision.

    The two new projects are AccProbe and Va11yS. AccProbe is a standalone Eclipse RCP application designed to help developers test and debug accessible applications.

  • New Options for Valuable Hadoop and Spark Training

    Metis, which bills itself as "an accredited intensive data science bootcamp," is steadily moving forward with its big data processing courses, which teach students how to work with Hadoop and Spark, two of today’s most widely used distributed computing paradigms. As we've reported, enterprises are finding tools like Hadoop hard to work with. Gartner, Inc.'s Hadoop Adoption Study, involving 284 Gartner Research Circle members, found that only 125 respondents who completed the whole survey had already invested in Hadoop or had plans to do so within the next two years. The study found that there are difficulties in implementing Hadoop.

  • Charlie Reisinger’s ‘The Open Schoolhouse’

    Charlie Reisinger is the IT Director of the Penn Manor School District, in Lancaster, Pennsylvania. He recently finished writing a spellbinding book describing how his school district decided to adopt open source software and methods. When reading this book, I sent an email to Charlie saying: “This book reads as if it’s your doctoral thesis — it’s a multiyear capstone project.” Charlie responded, “It felt in some way like that while writing the book.” Charlie went on to tell me that the reason he wrote the book was to help other school districts make the plunge into open source. “Come on in – the water is warm!” is the reassuring tone throughout the book.

    Here is my video review of this book. Note — at 27-minutes long, it’s much longer than my other video book reviews. I had no choice but to give the book its due. It’s a masterful piece of storytelling that offers hope to students and teachers everywhere.

  • IKEA’s ‘Open Source’ Sofa Lets Builders Customize It To Their Liking

    Hacking IKEA furniture is a global trend, attracting creatives and technologists alike from around the globe to give items alternative usages or personalized touches. Their modest price tag and widespread availability make IKEA furniture a true gem for the hacker community who share their designs on dedicated websites, blogs, Pinterest boards and even books.

  • openbsd changes of note 6

    In a bit of a hurry, but here’s some random stuff that happened.

    Add connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.

  • Don't Send An Engineer To Do A Lawyer's Job

    A thread on an open source project mailing list offers seven lessons on how to engage an open source community over legal issues.

    A thread on an Apache mailing list (Now safely in the past) provides a great illustration of what not to do when your employer's interests seem to need engagement in an open source community. Instead of asking a suitably-trained lawyer to directly engage, the company asked an engineer to engage when they wanted special terms for a contribution. They went on to propose custom terms, a custom CLA and even implied that they wanted private bilateral negotiations. This session runs through the thread and draws seven lessons for approaching an open source community with your legal issues.

  • Is the GPL a copyright license or a contract under U.S. law?

    In this talk I will summarize the case law on the contract or license question in the U.S. Certain obligations under the GPL may be merely contractual, meaning there are less damages and enforcement mechanisms available to a plaintiff, while other obligations may have more teeth. I will use this analysis to help the community think about how it might craft software licenses in the future.

  • Looking for a job? 6 questions to ask your recruiter

    Who owns the copyright to my open source contributions? You should carefully review any employment contract because some companies may claim ownership of anything you create while employed by them, regardless of whether it was created during your personal time. There is no right or wrong, but it is good to know before you start. Understanding the equipment and time that you can use for your personal open source contributions is of the upmost importance when signing any contracts.

  • 5 elements for getting teams organized

    In his book The Open Organization, Dr. Philip Foster defines governance as "the system and process by which power is managed and thus instills order where potential conflict threatens the opportunities to realize mutual gains which is essential for open organizations." According to Dr. Foster, open governance models for 21st Century businesses should contain five core elements: independence, pluralism, representation, decentralized decision making, and autonomous participation.

Linux and FOSS Events

Filed under
OSS
  • FOSDEM 2017 Day 3: Talks & Chats

    Today I got early up, going with Andreas to the venue, arriving at 8.30 AM. He was going there to open the Open Source Design room, I was going there to open the GNOME booth. After the shift I then decided to wandered around to collect stickers and speak to various projects at their booths.

  • syslog-ng at FOSDEM 2017

    I spent the weekend at Free and Open Source Software Developers’ European Meeting, or as it is better known: FOSDEM – as I did in the past several years as well. This time I delivered two presentations on syslog-ng, and as usual, I spent the rest of the time in devrooms and in the exhibition areas.

  • DebConf17: Call for Proposals

    The DebConf Content team would like to Call for Proposals for the DebConf17 conference, to be held in Montreal, Canada, from August 6 through August 12, 2017.

    You can find this Call for Proposals in its latest form at: https://debconf17.debconf.org/cfp

    Please refer to this URL for updates on the present information.

  • Speak at ApacheCon 2017: 4 Days Left to Submit a Talk

    ApacheCon gathers attendees from over 60 countries to learn about core open source technologies directly from the Apache developer and user communities.

FOSS CMS News

Filed under
OSS
Security
  • Migrated blog from WordPress to Hugo

    My WordPress blog got hacked two days ago and now twice today. This morning I purged MySQL and restored a good backup from three days ago, changed all DB and WordPress passwords (both the old and new ones were long and autogenerated ones), but not even an hour after the redeploy the hack was back. (It can still be seen on Planet Debian and Planet Ubuntu. Neither the Apache logs nor the Journal had anything obvious, nor were there any new files in global or user www directories, so I’m a bit stumped how this happened. Certainly not due to bruteforcing a password, that would both have shown in the logs and also have triggered ban2fail, so this looks like an actual vulnerability.

  • WordPress 4.7.2

    When WordPress originally announced their latest security update, there were three security fixes. While all security updates can be serious, they didn’t seem too bad. Shortly after, they updated their announcement with a fourth and more serious security problem.

    I have looked after the Debian WordPress package for a while. This is the first time I have heard people actually having their sites hacked almost as soon as this vulnerability was announced.

  • 4 open source tools for doing online surveys

    Ah, the venerable survey. It can be a fast, simple, cheap, and effective way gather the opinions of friends, family, classmates, co-workers, customers, readers, and others.

    Millions turn to proprietary tools like SurveyGizmo, Polldaddy, SurveyMonkey, or even Google Forms to set up their surveys. But if you want more control, not just over the application but also the data you collect, then you'll want to go open source.

    Let's take a look at four open source survey tools that can suit your needs, no matter how simple or complex those needs are.

4 open source tools for doing online surveys

Filed under
OSS

Ah, the venerable survey. It can be a fast, simple, cheap, and effective way gather the opinions of friends, family, classmates, co-workers, customers, readers, and others.

Millions turn to proprietary tools like SurveyGizmo, Polldaddy, SurveyMonkey, or even Google Forms to set up their surveys. But if you want more control, not just over the application but also the data you collect, then you'll want to go open source.

Read more

Experts: ‘Swedish govt. cloud should use open source’

Filed under
OSS

The key IT principles for Sweden’s government cloud services should be vendor-independence, open standards and open source, experts recommend. On Tuesday, the government shared service centre (Statens servicecenter, SSC) published an advisory report, containing the opinions of management at government data centres. Sweden’s public administrations would profit immensely from national, reliable and secure cloud services, these experts agree.

Read more

‘Open Source’ Is Now a Word?

Filed under
OSS

“Open source” is now officially a word according to Merriam-Webster, according to my good friends at Ars Technica. Actually, I don’t know anybody at Ars Technica, but whenever you’re stealing news from another news source, you’re traditionally allowed to refer to everyone who works there as “my good friends.” The theory is that if they think you’re a friend of theirs, they won’t sue you.

I say “according to Ars” because I can’t find proof anywhere that “open source” was indeed just added to the dictionary, as it’s not included as an example in the article my good friends at Merriam-Webster posted announcing the introduction of 1,000 new words on Tuesday. Or, if it’s there, the “find” function on my browser couldn’t find it, which would be really strange since the browser is designed and built by my good friends at Google.

Read more

How to Manage the Security Vulnerabilities of Your Open Source Product

Filed under
Interviews
OSS

The security vulnerabilities that you need to consider when developing open source software can be overwhelming. Common Vulnerability Enumeration (CVE) IDs, zero-day, and other vulnerabilities are seemingly announced every day. With this flood of information, how can you stay up to date?

“If you shipped a product that was built on top of Linux kernel 4.4.1, between the release of that kernel and now, there have been nine CVEs against that kernel version,” says Ryan Ware, Security Architect at Intel, in the Q&A below. “These all would affect your product despite the fact they were not known at the time you shipped.”

Read more

Syndicate content

More in Tux Machines

Leftovers: OSS

  • Diving into Drupal: Princeton’s Multi-site Migration Success with Open-source
    Princeton University’s web team had a complex and overwhelming digital ecosystem comprised of many different websites, created from pre-built templates and hosted exclusively on internal servers. Fast forward six years: Princeton continues to manage a their multisite and flagship endeavors on the open-source Drupal platform, and have seen some great results since their migration back in 2011. However, this success did not come overnight. Organizational buy-in, multi-site migration and authentication were a few of the many challenges Princeton ran into when making the decision to move to the cloud.
  • GitHub Invites Developers to Contribute to the Open Source Guides
    GitHub has recently launched its Open Source Guides, a collection of resources addressing the most common scenarios and best practices for both contributors and maintainers of open source projects. The guides themselves are open source and GitHub is actively inviting developers to participate and share their stories.
  • Top open source projects
    TechRadar recently posted an article about "The best open source software 2017" where they list a few of their favorite open source software projects. It's really hard for an open source software project to become popular if it has poor usability—so I thought I'd add a few quick comments of my own about each.
  • Dropbox releases open-source Slack bot
    Dropbox is looking to tackle unauthorized access and other security incidents in the workplace with a chatbot. Called Securitybot, it that can automatically grab alerts from security monitoring tools and verify incidents with other employers. The company says that through the use of the chatbot, which is open source, it will no longer be necessary to manually reach out to employees to verify access, every time someone enters a sensitive part of the system. The bot is built primarily for Slack, but it is designed to be transferable to other platforms as well.
  • Dropbox’s tool shows how chatbots could be future of cybersecurity
    Disillusion with chatbots has set in across the tech industry and yet Dropbox’s deep thinkers believe they have spotted the technology’s hidden talent: cybersecurity.

Desktop GNU/Linux

  • Entroware have unleashed the 'Aether' laptop for Linux enthusiasts featuring Intel's 7th generation CPUs
  • New Entroware Aether Laptop Pairs Intel Kaby Lake with Ubuntu
    The new Entroware Aether is the latest Linux powered laptop from British company Entroware, and is powered by the latest Intel Kaby Lake processors.
  • Freedom From Microsoft v1.01
    But we can be Free from Microsoft! As we saw above, there is a powerful – and now popular movement afoot to make alternative software available. The Free Software Foundation, and the GNU Project, both founded by Richard Stallman, provide Free software to users with licenses that guarantee users rights: the rights to view, modify, and distribute the software source code. With GNU-licensed software, such as Linux, the user is in complete control over the software they employ. And as people contribute to modify Free Software source code, and are required to share those modifications again, the aggregate creative acts give rise to the availability of many more, much more useful results. Value is created beyond what anyone thought possible, and our freedom multiplies.
  • Review of the week 2017/08
    This week we had to cancel a couple snapshots, as a regression in grub was detected, that caused issues on chain-loading bootloaders. But thanks to our genius maintainers, the issue could be found, fixed and integrated into Tumbleweed (and this despite being busy with hackweek! A great THANK YOU!). Despite those canceled snapshots, this review will still span 4 revisions: 0216, 0218, 0219 and 0224. And believe me, there have been quite some things coming your way.

Security Leftovers

  • [Older] The Secure Linux OS - Tails
    Some people worry a lot about security issues. Anyone can worry about their personal information, such as credit card numbers, on the Internet. They can also be concerned with someone monitoring their activity on the Internet, such as the websites they visit. To help ease these frustrations about the Internet anyone can use the Internet without having to “look over their shoulder”.
  • Password management made easy as news of CloudFlare leak surfaces
    In the last 24 hours, news broke that a serious Cloudflare bug has been causing sensitive data leaks since September, exposing 5.5 million users across thousands of websites. In addition to login data cached by Google and other search engines, it is possible that some iOS applications have been affected as well. With the scale of this leak, the best course of action is to update every password for every site you have an account for. If there was ever a good time to modernize your password practices, this is it. As consumers and denizens of the Internet, we have a responsibility to be aware of the risks we face and make an attempt to mitigate that risk by taking best-effort precautions. Poor password and authentication hygiene leaves a user open to risks such as credit card fraud and identity theft, just like forgetting to brush your teeth regularly can lead to cavities and gum disease. This leaves us with the question of what good password and authentication hygiene looks like. If we stick with the (admittedly poorly chosen) dentistry analogy, then there are five easily identifiable aspects of good hygiene.
  • Security: You might want to change passwords on sites that use Cloudflare
  • Smoothwall Express
    The award-winning Smoothwall Express open-source firewall—designed specifically to be installed and administered by non-experts—continues its forward development march with a new 3.1 release.

Leftovers: Ubuntu and Derivatives

  • 'Big Bang Theory's' Stuart wears Ubuntu T-shirt
    Am I the only person to notice that comic book shop-owning Stuart (Kevin Sussman) on the "The Big Bang Theory" is wearing an Ubuntu T-shirt on the episode airing Thursday, Feb. 23, 2017? (It's Season 10, Episode 17, if that information helps you.) The T-shirt appearance isn't as overt as Sheldon's mention of the Ubuntu Linux operating system way back in Season 3 (Episode 22, according to one YouTube video title), but it's an unusual return for Ubuntu to the world of "Big Bang."
  • Unity Explained: A Look at Ubuntu’s Default Desktop Environment
    Ubuntu is the most well-known version of Linux around. It’s how millions of people have discovered Linux for the first time, and continues to draw new users into the world of open source operating systems. So the interface Ubuntu uses is one many people are going to see. In this area, Ubuntu is unique. Even as a new user, rarely will you confuse the default Ubuntu desktop for something else. That’s because Ubuntu has its own interface that you can — but probably won’t — find anywhere else. It’s called Unity.
  • A Look at Ubuntu MATE 16.04.2 LTS for Raspberry Pi
    Installing Ubuntu MATE onto my Raspberry Pi 3 was straight forward. You can easily use Etcher to write the image to a microSD card, the partition is automatically resized to fill your microSD card when the pi is powered up for the first time, and then you are sent through a typical guided installer. Installation takes several minutes and finally the system reboots and you arrive at the desktop. A Welcome app provides some good information on Ubuntu MATE, including a section specific for the Raspberry Pi. The Welcome app explains that the while the system is based on Ubuntu MATE and uses Ubuntu armhf base, it is in fact using the same kernel as Raspian. It also turns out that a whole set of Raspian software has been ported over such as raspi-config, rpi.gpio, sonic-pi, python-sent-hat, omxplayer, etc. I got in a very simple couple of tests that showed that GPIO control worked.
  • Zorin OS 12 Business Has Arrived [Ed: Zorin 12.1 has also just been released]
    This new release of Zorin OS Business takes advantage of the new features and enhancements in Zorin OS 12, our biggest release ever. These include an all new desktop environment, a new way to install software, entirely new desktop apps and much more. You can find more information about what’s new in Zorin OS 12 here.