Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • Helping enterprises adapt to open source switching

    Enterprise adoption of open source switching hasn't kept pace with cloud providers and telcos. What are some of the barriers blocking the use of disaggregation?

    [...]

    Today, there are a number of NOSes available from vendors both large and small -- suitable for use in a variety of ways, including top of rack, where the Open Compute Project (OCP) has provided the underlying open source switching design standard.

    [...]

    Disaggregated NOS often requires Linux knowledge, rather than the familiar command-line interfaces known by conventional network engineers. Its deployment may rely on an automation-based Agile process, such as NetOps, which differs from predictable IT processes, like IT service management.

  • Summer of Code: Quick Update

    I noticed that my blog posting frequency is substantially higher than last year. For that reason I’ll try to keep this post shorter.

    Yesterday I implemented my first prototype code to encrypt and decrypt XEP-0374 messages! It can process incoming PubkeyElements (the published OpenPGP keys of other users) and create SigncryptElements which contain a signed and encrypted payload. On the receiving side it can also decrypt those messages and verify the signature.

    I’m still puzzled about why I’m unable to dump the keys I generate using pgpdump. David Hook from Bouncycastle used my code to generate a key and it worked flawlessly on his machine, so I’m stumped for an answer…

    I created a bug report about the issue on the pgpdump repository. I hope that we will get to the cause of the issue soon.

  • BCE Panel: Open Source Makes Telcos 'Nimble'

    Big Communications Event -- Open source can help telcos become "nimble," and shed their history of "wait and see," James Feger, CenturyLink VP of network virtualization, said here Tuesday at Light Reading's Big Communications Event (BCE).

    "The power of open source is it allows telcos to be more nimble, rather than the wait-and-see attitude we've traditionally been viewed with," CenturyLink Inc. (NYSE: CTL)'s Feger said, speaking on a panel about open source in telecom.

    Indeed, innovation rather than cost savings are the main reason to adopt open source, noted Csaba Kiss Kallo, head of connectivity, mobility and security portfolio at Vodafone Ireland. "'Free' is not the main reason we go after open source. The reason is agility -- the benefits you get from an ecosystem and development, those thousands of software developers who've put their knowledge together and developed something that can be used by everyone in the community," he said. (See Vodafone Prioritizes Automation as Efficiency Bolsters Margins.)

  • OpenFin contributes FCD3 program to Fintech Open Source Foundation

    The Fintech Open Source Foundation (FINOS), a nonprofit foundation promoting open innovation in financial services, together with OpenFin, the operating system powering digital transformation on financial desktops, today announced the contribution by OpenFin of the FCD3 program into the Foundation’s open source governance framework.

    Financial applications are often difficult or impossible to connect to one another, requiring users to continuously re-key information, hampering productivity and creating operational risk. The Financial Desktop Connectivity and Collaboration Consortium (FDC3) solves the problem by providing industry standards for desktop application interoperability.

  • App development tool provider Fuse joins open source community

    Fuse is joining the open-source world with the release of Fuse Open. Fuse is a cross platform mobile app development tool suite that supports Android and iOS applications. that aims to reduce development times and resources.

  • Ceph Day London 2018 Recap

    Some days since the Ceph and CloudStack Day in London last month now. It was a great event, great presentations and a lot of networking with the local community.

  • New in Firefox 61: Developer Edition

    Firefox 61: Developer Edition is available now, and contains a ton of great new features and under-the-hood improvements.

  • Zerocat Chipflasher "board-edition-1" now FSF-certified to Respect Your Freedom

    This is the first device under The Zerocat Label to receive RYF certification. The Chipflasher enables users to flash devices such as laptops, allowing them to replace proprietary software with free software like Libreboot. While users are able to purchase RYF-certified laptops that already come with Libreboot pre-loaded, for the first time ever they are capable of freeing their own laptops using an RYF-certified device. The Zerocat Chipflasher board-edition-1 is now available for purchase as a limited edition at http://www.zerocat.org/shop-en.html. These first ten limited edition boards are signed by Kai Mertens, chief developer of The Zerocat Label, and will help to fund additional production and future development of RYF-certified devices.

    "The certification of the Zerocat Chipflasher is a big step forward for the Respects Your Freedom program. Replacing proprietary boot firmware is one of the first tasks for creating a laptop that meets RYF's criteria, and now anyone can do so for their own devices with a flasher that is itself RYF-certified," said the FSF's executive director, John Sullivan.

    An RYF-certified flashing device could also help to grow the number of laptops available via the RYF program.

    "When someone sets out to start their own business selling RYF-certified devices, they now have a piece of hardware they can trust to help them with that process. We hope to see even more laptops made available under the program, and having those laptops flashed with a freedom-respecting device will help to set those retailers on the right path from the start," said the FSF's licensing & compliance manager, Donald Robertson, III.

  • Searching Open Source Material in the Age of Information

    Intelligence analysts are thought to be commensurate experts in writing, research, and analysis, but does the next generation of analysts have the skills necessary to be successful in the intelligence field? One of the greatest challenges for an analyst today is that the amount of information—as well as the means in which it’s shared—is growing exponentially.

    Intelligence analysts must be able to gather, correlate, analyze, and evaluate information from a wide variety of sources. These sources can include law enforcement portals and databases, surveillance systems, intelligence networks (various disciplines), geographic information systems (GIS), and private data-mining databases (subscription-based).

  • Global Nonprofit Patientory Stiftung Unveils And Launches Open-Source Blockchain Network, 'HealthNet,' At Inagural Blockchain In Healthcare Summit
  • Lemonade launches an open source insurance policy that anyone can edit

    According to a news release, the policy is open to editing from the ‘wisdom of the crowd’, turning the traditional way of crafting an insurance policy on its head. Because the policy is open source, it’s not copyrighted, which means the community can edit it on Github it and all of Lemonade’s competitors have access to it. The policy is also written in English and is intended for US renters, but the company plans to expand it to cover other lines, languages, and legal jurisdictions.

  • Lemonade Launches World’s First ‘Open Source’ Insurance Policy
  • Lemonade wants to rewrite the insurance policy itself
  • Insurtech Lemonade Posts “Open Source Insurance Policy,” Seeks Feedback on Github
  • Lemonade unveils open source policies

More in Tux Machines

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs. "It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory. Read more

Hands-on with Linux Mint Debian Edition 3 Beta

I have been out of touch for the past six months, because I accepted a teaching position in Amsterdam. The amount of time that required, and the weekly commute from Switzerland (yes, really, weekly), was vastly more than I expected, and left me no time to do justice to my blog. But now I am back again, and determined to manage my time more effectively and keep up with blogging. Although I haven't been writing, I certainly have been keeping up with news and developments in the Linux world. What really inspired me to get busy and write again was the announcement of LMDE 3 (Cindy) Beta. Hooray! How long have we been waiting for this? It feels like years. Oh, that's because it has been years. Read more

Security Leftovers

  • Theo on the latest Intel issues

    Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

    [...]

    These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together are the currently public artifacts of this one bug.

  • Putting Stickers On Your Laptop Is Probably a Bad Security Idea

    Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

  • Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat

    But the room check captured on video suggests the walkthroughs are subject to abuse by hotel personnel who may use them as opportunity to snoop on guests or take and post images for amusement. And accounts of other searches that involved hotel security staff refusing to show ID or showing insufficient ID, and displaying bullying and threatening behavior to guests in occupied rooms, raises questions about the legality of the searches and the tactics and training of security personnel.

  • Researchers in Finland detect vulnerability in password management software
    Researchers identified a security gap in more than 10 applications used by millions around the world, including an app used by Finland's population registry.
  • Trump ends Obama-era rules on US-led cyberattacks: report
     

    The memorandum required that an extensive interagency process take place before the U.S. government embarks on any cyberattacks. Trump reversed the rules to try and ease some of those restrictions, which critics argued were detrimental to launching the attacks quickly, according to the Journal.

Android Leftovers