Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • Google open sources ClusterFuzz

    The fuzzing software is designed to automatically feed unexpected inputs to an application in order to unearth bugs.

    Google originally wrote ClusterFuzz to test for bugs in its Chrome web browser, throwing 25,000 cores at the task. In 2012, Google said that ClusterFuzz was running around 50 million test cases a day on Chrome. So far it’s helped find some 16,000 bugs in the web browser.

    [...]

    ClusterFuzz has been released under version 2.0 of the Apache License.

  • Google open-sources ClusterFuzz, a tool that has uncovered 16,000 bugs in Chrome

    Ever heard of “fuzzing”? It’s not what you think — in software engineering, the term refers to a bug-detecting technique that involves feeding “unexpected” or out-of-bounds inputs to target programs. It’s especially good at uncovering memory corruption bugs and code assertions, which normally take keen eyes and a lot of manpower — not to mention endless rounds of code review.

    Google’s solution? Pass the fuzzing work off to software. Enter ClusterFuzz, a cheekily named infrastructure running on over 25,000 cores that continuously (and autonomously) probes Chrome’s codebase for bugs. Two years ago, the Mountain View company began offering ClusterFuzz as a free service to open source projects through OSS-Fuzz, and today, it’s open-sourcing it on GitHub.

  • Last week of early birds!

    We do have some parts of the schedule fixed: the trainings and some initial speakers.

    The trainings are open enrollment courses at a bargain price, where parts of the dividends goes to financing the conference. This year we have two great trainers: Michael Kerrisk of manpage and The Linux Programming Interface fame, and Chris Simmonds, the man behind the Mastering Embedded Linux Programming book and a trainer since more than 15 years. The trainings held are: Building and Using Shared Libraries on Linux and Fast Track to Embedded Linux. These are both one day courses held in a workshop format.

  • Closing AGPL cloud services loop-hole: a MongoDB approach

    The problem comes with software-as-a-service. Large cloud or hosted services providers have found ways to commercialise popular open source projects without giving anything back, thus limiting software freedom intended by the licensors. The business model primarily focuses on offering managed services, e.g. customisation, integration, service levels and others, to a freely available open source component and charging a fee for this. Open source projects do not usually have the scale to effectively withstand such competition by providing similar offerings. To say the least, this pattern incentivises the writing of the software in closed source code.

    AGPL is not enough to capture such a services scenario. Commercial entities rarely modify open source components and, if they do, releasing corresponding source code to such modifications does not affect their proprietary interests or revenue flow.

More in Tux Machines

FreeBSD Quarterly Status Report

We also provide some up to date information about the status of our IRC channels Read more Also: FreeBSD In Q2'2019 Saw Updated Graphics Drivers, Continued Linux Compatibility Layer

DragonFlyBSD Pulls In AMD Radeon Graphics Code From Linux The 4.7 Kernel

It was just last month that DragonFlyBSD pulled in Radeon's Linux 4.4 kernel driver code as an upgrade from the Linux 3.19 era code they had been using for their open-source AMD graphics support. This week that's now up to a Linux 4.7 era port. François Tigeot who continues doing amazing work on pulling in updates to DragonFlyBSD's graphics driver now upgraded the Radeon DRM code to match that of what is found in the upstream Linux 4.7.10 kernel. Read more

Android Leftovers

TenFourFox FPR16b1 available

FPR16 got delayed because I really tried very hard to make some progress on our two biggest JavaScript deficiencies, the infamous issues 521 (async and await) and 533 (this is undefined). Unfortunately, not only did I make little progress on either, but the speculative fix I tried for issue 533 turned out to be the patch that unsettled the optimized build and had to be backed out. There is some partial work on issue 521, though, including a fully working parser patch. The problem is plumbing this into the browser runtime which is ripe for all kinds of regressions and is not currently implemented (instead, for compatibility, async functions get turned into a bytecode of null throw null return, essentially making any call to an async function throw an exception because it wouldn't have worked in the first place). This wouldn't seem very useful except that effectively what the whole shebang does is convert a compile-time error into a runtime warning, such that other functions that previously might not have been able to load because of the error can now be parsed and hopefully run. With luck this should improve the functionality of sites using these functions even if everything still doesn't fully work, as a down payment hopefully on a future implementation. It may not be technically possible but it's a start. Read more