Language Selection

English French German Italian Portuguese Spanish

OSS and Sharing Leftovers

Filed under
OSS
  • Best open source cloud-storage services

    Worried about storing your private files with data-hungry tech giants such as Google and Microsoft? Here are three open source alternatives

  • New Open-Source Software SHARPy Launched

    The Aeroelastics Research Group has launched an open-source software tool – SHARPy

    The tool offers dynamic simulation for everything from wind turbines to solar-powered aircraft.

    SHARPy (which stands for Simulation of High-Aspect Ratio aeroplanes in Python) is a dynamic aeroelasticity simulation package. It offers structural, aerodynamic and coupled aeroelastic/flight dynamics analysis, and has particular application for low-speed and very flexible aircraft, and for wind turbines.

  • Iowa Caucus App Fiasco Shows Need for Open Source Transparency

    The Iowa caucuses were thrown into disarray as reports surfaced an opaque app used to tabulate the results and report them to Democratic Party officials was reporting only part of the required data. Although the app had been developed to improve efficiency in communicating the final caucus tallies, it ended up causing significant delays. According to security experts, the incident served to highlight the risks of relying on digital systems and the centralization of information, and a lack of transparency regarding these systems.

  • How to Vet the Engineering Chops of Your Software Vendors

    After witnessing the debacle in Iowa, campaign decision-makers across the country are wondering just how good is the engineering behind the software they purchase for their campaigns? And for good reason: the stakes couldn’t be higher.

  • SD Times Open-Source Project of the Week: OWASP SAMM

    The Open Web Application Security Project (OWASP) has announced version 2 of the Software Assurance Maturity Model (SAMM). SAMM is an open-source framework that enables teams and developers to assess, formulate and implement better security strategies that can be integrated into the software development life cycle.

  • Austin Alexander Burridge of Rosemount Compares Open-Source and Proprietary Software Security

    When open-source software developers are made aware of a specific security vulnerability or bug in their software products, they often publish the vulnerability to the community. If there's a developer who wants to offer a fix, he can build one and publish it as a particular version. If there's no funding to develop an upgrade, an IT professional is still aware of the problem so that he can create a custom workaround for his company's unique system until an updated version of the software becomes available.

  • Robust security crucial for adoption of open source

    New Delhi [India], Feb 11 (ANI/NewsVoir): While speaking at the inaugural session of the "3rd Open Source Summit 2020" recently in New Delhi, Vivek Banzal, Director (CFA), Bharat Sachar Nigam Limited (BSNL) said that it is a challenge to keep pace with the technology, more so when security of data has to be quite robust.

    [...]

    "The Government of India has encouraged the adoption of this technology in the Digital India initiative and this has further encouraged the CIO's of enterprises and other government organizations to make a move towards Open source technology. The rise of digital transformation in India has pushed the adoption of open source both by enterprises and government," said Sunil Kumar, Deputy Director-General, National Informatics Centre (NIC), while commenting on the adoption of Open source by the Government to India.

  • Leaders share how agencies bring agility into application development

    Additionally, tapping into open source development communities allows them to overcome some of chronic IT skills gaps many agencies continue to face.

    [...]

    Open source is being used both in civilian and defense agencies. Even though open source code is used for unclassified applications, it does not mean it’s unsecure, assures Michael Kanaan, co-chair of artificial intelligence and machine learning for the U.S. Air Force.

  • The Top 13 Free and Open Source RPA Tools

    Searching for Robotic Process Automation (RPA) software can be a daunting (and expensive) process, one that requires long hours of research and deep pockets. The most popular RPA tools often provide more than what’s necessary for non-enterprise organizations, with advanced functionality relevant to only the most technically savvy users. Thankfully, there are a number of free and open source RPA tools out there. Some of these solutions are offered by vendors looking to eventually sell you on their enterprise product, and others are maintained and operated by a community of developers looking to democratize robotic process automation.

    In this article, we will examine free and open source RPA tools, first by providing a brief overview of what to expect and also with short blurbs of the options currently available in the space. This is the most complete and up-to-date directory on the web.

  • The Two Faces of Open Source: ECT News Roundtable, Episode 5

    The open source software movement has evolved dramatically over the past two decades. Many businesses that once considered open source a threat now recognize its value.

    On the other hand, in spite of increased enthusiasm among enterprises, consumer interest by and large has not materialized.

    With large companies increasingly embracing open source, what does it mean to be a part of the free and open source software, or FOSS, "community"?

  • Pimcore’s free, open source digital experience platform - a rock tossed into the CX pond?

    The retail and eCommerce landscapes have changed dramatically over the past decade as customer experience has risen to the forefront of enterprise marketing priorities. Marketers have turned their focus away from price as the key driver of sales to their ability to deliver the most convenient, streamlined and personalized experiences across channels whether online, in-store, or on mobile phones.

    [...]

    Their solution Pimcore, introduced in 2013, is a free open source software platform for managing digital data and customer experiences for any channel, device, or industry.

  • Chef Serves Up Partner Program to Push Open DevOps Model

    Aims to help channel sell 100% open-source portfolio

  • Chef Introduces New Global Partner Program Purpose-Built for 100 Percent Open Source Software

    Chef, the leader in DevOps, today announced a new channel program specifically designed to ensure that partners and customers are able to take maximum advantage of Chef’s 100 percent open source business model. The Chef Partner Program (CPP) creates three tiers of partners -- Principal, Senior and Junior -- with the highest benefits and incentives applied to those who drive the strongest results for themselves and their mutual enterprise customers using Chef Enterprise Automation Stack.

  • CableLabs, Altran team to take open source to the edge

    Altran and CableLabs have teamed up on "Project Adrenaline," an open source initiative that aims to help the cable industry build and manage edge networks and smooth the path for apps that can run on them.

    And while Adrenaline is initially focused on cable, the broader aim is to apply the resulting open source platform to multiple industries while still staying aligned with Kubernetes.

  • Building even more of LibreOffice with Meson, now with graphics

    Note that this contains only the main deliverables, i.e. the shared libraries and executables. Unit tests and the like are not converted apart from a few sample tests.

    It was mentioned in an earlier blog post that platform abstraction layers are the trickiest ones to build. This turns out to be the case here also. LO has at least three such frameworks (depending on how you count them). SAL is the very basic layer, UNO is a component model used to, for example, expose functionality to Java. Finally VCL is the GUI toolkit abstraction layer. Now that we have the GUI toolkit and its GTK plugin built we can build a VCL sample application and launch it. It looks like this:

  • XSS vulnerability patched in TinyMCE

    A security update has been released for the popular open source text editor TinyMCE after a researcher discovered a a cross-site scripting (XSS) vulnerability impacting three of its plugins.

  • Should You Opt For An Open-Source LMS [Ed: The proprietary software LMS vendors badmouthing Free software as if that means "no support" (which is exactly the opposite of what's true, the support of the lifeline of the developers)]

    In the modern world, organizations are increasingly using learning management systems (LMS) for corporate training. However, with the availability of both open-source LMS and commercial LMS, choosing the more appropriate one for your organization can be challenging.

    Although leading open-source industry pioneers such as Moodle has dominated eLearning over the past few years, many organizations still prefer proprietary LMS over open-source LMS. In this article, we have assessed both these options and jotted down the factors you must consider before making a decision.

  • Open Source Community Responds to Rapid Adoption of Tech in Financial Services as FINOS Announces New Fintech Members

    The companies include: EPAM Systems, Inc., a product development, digital platform engineering, and digital and product design agency; NearForm, an open source solutions design and delivery company; and CloudBees, a provider of DevOps solutions.

  • Finos welcomes new members

    Finos (Fintech Open Source Foundation), a nonprofit whose mission is to foster adoption of open source, open standards, and collaborative software development practices in financial services, today announces the addition of three established fintechs to its already growing membership roster of prestigious financial institutions, technology companies and global consultancies.

  • Open source licence series - Cockroach Labs: Scaling a sustainable open source business model

    Big cloud vendors have preyed upon open source R&D by providing open source software (OSS) software as-a-service to edge out small competitors. Combine that with the platform benefits of economies of scale and greater opportunities for integration… and you can see how the big cloud providers can drown open source startups.

    That said, companies eclipsing growth-stage and legacy companies looking to store mission-critical data in the cloud are becoming wary of big vendors not investing in their R&D.

  • Open source licence series - OpenStack Foundation: Protecting open source freedoms

    Reduced to its essence, free and open source software is defining a set of freedoms, encoded into software licences.

    The Open Source Initiative (OSI) maintains an open source definition and a list of compatible licences, with the double goal of guaranteeing those essential freedoms and rights… and facilitating adoption by limiting licence proliferation.

  • Open source energy modelling tool shows how to decarbonise Australia

    The future of Australia’s energy mix has spawned innumerable heated arguments over how to balance secure electricity supply with economic and environmental needs, prompting energy consultants ITP to launch an open source modelling tool to settle arguments and provide clarity.

    Inspired by similar open source models in Europe and North America, ITP launched the openCEM model as a free, transparent tool to cut through the complexity of Australia’s energy mix and how it can securely transition away from carbon.

    “ITP felt, as many have felt, that public discussions around renewables were fraught with many assumptions and made with few facts and little expertise,” ITP strategy group manager Oliver Woldring said.

    [..]

    Once openCEM is being used widely by policy makers and investors across Australia, ITP and ThoughtWorks aims to engage other markets across APAC and further afield, about creating tools to model uptakes of renewables into the grids of other countries.

  • Self-driving car dataset missing labels for pedestrians, cyclists

    A popular self-driving car dataset for training machine-learning systems – one that’s used by thousands of students to build an open-source self-driving car – contains critical errors and omissions, including missing labels for hundreds of images of bicyclists and pedestrians.

    Machine learning models are only as good as the data on which they’re trained. But when researchers at Roboflow, a firm that writes boilerplate computer vision code, hand-checked the 15,000 images in Udacity Dataset 2, they found problems with 4,986 – that’s 33% – of those images.

  • New Project Eyes an Open Platform for Data From mHealth Wearables

    A Massachusetts-based partnership aims to create a common workplace for healthcare providers and researchers using mHealth sensors in wearables and other devices.

    The Open Wearables Initiative (OWEAR), launched last September by Nextbridge Health, Shimmer Research and Dr. Vincent van Hees, announced that it is now “actively soliciting” open-source software and datasets from wearable sensors and other connected health technologies. The group wants to create a platform from which researchers and care providers can share digital health source codes and algorithms.

  • Monash Uni, Red Cross & Red Crescent team up on open-source video program

    Monash University’s Faculty of Information Technology (IT), the International Federation of Red Cross and Red Crescent Societies (IFRC) have announced that they have developed an innovative approach to empower communities around the world through development of a special video program.

    According to a joint statement from Monash, the Red Cross and Red Crescent some of the world’s most isolated and remote communities will now have the ability to share their stories and raise public awareness of the local issues they’re facing “through a unique open-source video program developed by Monash”.

More in Tux Machines

Graphics: Wayland in 2020, NVIDIA, AMD and Khronos

  • Wayland in 2020

    It is nearly a year since my last blog article about Wayland on Linux. Thus I thought it is time for an update on how my desktop with sway developed. What happened?

  • Mainline Linux Kernel Starts Seeing A NVIDIA Tegra X1 Video Input Driver

    While the Tegra X1 SoC (Tegra210) has been available for several years, finally with the upcoming Linux 5.8 kernel is a mainline driver contributed by NVIDIA for the video input support. The Tegra X1 features a high-end video input controller that can support up to six MIPI CSI camera sensors concurrently.

  • AMDVLK 2020.Q2.4 Released With TMZ Enabled, Improved Memory Allocation

    As the first open-source code drop in two weeks, AMDVLK 2020.Q2.4 is out today as the latest update to this official open-source AMD Radeon Vulkan driver stack for Linux. AMDVLK 2020.Q2.4 comes with improved memory allocation for systems not using any local invisible memory, command buffer prefetch is now disabled for local memory, TMZ is enabled, and a back-end optimization for kills is used. There are also several bug fixes concerning the Radeon Graphics Profiler and other targeted bug fixes.

  • Khronos Releases OpenVG 1.1 Lite For High Quality Vector Graphics On Mobile

    It's been a while since hearing of OpenVG as The Khronos Group's hardware-accelerated 2D vector graphics API. But today they announced a "Lite" version of OpenVG 1.1. OpenVG 1.1 as their latest version came back in 2008 and since then there hasn't been much to report on this vector graphics API besides maintenance tasks and a short-lived OpenVG Gallium3D state tracker. Out today though is the provisional specification of OpenVG 1.1 Lite.

IBM/Red Hat Leftovers

Chrome, Mozilla and Firefox Leftovers

  • Chrome 84 Beta: Web OTP, Web Animations, New Origin Trials and More

    Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 84 is beta as of May 28, 2020.

  • Chrome 84 Beta Brings Better Web Animations API, Experimental WebAssembly SIMD

    Following the recent Chrome 83 release, Chrome 84 has now been promoted to beta. The Chrome 84 Beta is bringing Web OTP API (SMS Receiver API) support on Android, significant improvements to its Web Animations API implementation, WebAssembly SIMD support with a 128-bit value type is now available via the Origin trials (experimental functionality) along with a Cookie Store API, Idle Detection API, and other trial features.

  • Should you buy a Chromebook?

    With more and more people buying laptops to work or learn from home, a lot of folks are probably looking into the prospect of switching to a lighter, cheaper Chromebook instead of a traditional Windows or Mac laptop. Chromebooks come at a wide range of price points and with a variety of features, but the big question for most people is about Chrome OS itself. How hard is it to switch? What are Android apps like? Does Linux support really work, and how well? Do Chromebooks make good tablets? Can I use Firefox on one? We'll cover as much of that as we can in this post.

  • Firefox features for remote school (that can also be used for just about anything)

    Helping kids with school work can be challenging in the best of times (“new” math anyone?) let alone during a worldwide pandemic. These Firefox features can help make managing school work, and remote summer classes if those are on your horizon, a little easier.

  • The influence of hardware on Firefox build times

    I recently upgraded my aging “fast” build machine. Back when I assembled the machine, it could do a full clobber build of Firefox in about 10 minutes. That was slightly more than 10 years ago. This upgrade, and the build times I’m getting on the brand new machine (now 6 months old) and other machines led me to look at how some parameters influence build times. [...] The XPS13 being old, it is subject to thermal throttling, making it slower than it should be, but it wouldn’t beat the 10 years old desktop anyway. Macbook Pros tend to get into these thermal issues after a while too. I’ve relied on laptops for a long time. My previous laptop before this XPS was another XPS, that is now about 6 to 7 years old, and while the newer one had more RAM, it was barely getting better build times compared to the older one when I switched. The evolution of laptop performance has been underwelming for a long time, but things finally changed last year. At long last. I wish I had numbers with a more recent laptop under the same OS as the XPS for fairer comparison. Or with the more recent larger laptops that sport even more cores, especially the fancy ones with Ryzen processors.

  • Writing inside organizations

    My team keeps snippets, which kinda-sorta feels like a blog-like interface for sharing context. We keep our snippets in a google doc largely because it has a low barrier to entry and it's a fast solution. However, I find that keeping snippets in a doc really limits the value I personally get from keeping a weekly log. Ostensibly, the value to writing snippets is keeping my team up to date on my work. However, I find that the secondary personal benefits are the ones that keep me motivated to write updates.

  • Mozilla Localization (L10N): L10n Report: May 2020 Edition

    IMPORTANT: Firefox 78 is the next ESR (Extended Support Release) version. That’s a more stable version designed for enterprises, but also used in some Linux distributions, and it remains supported for about a year. Once Firefox 78 moves to release, that content will remain frozen until that version becomes unsupported (about 15 months), so it’s important to ship the best localization possible.

  • Mozilla’s journey to environmental sustainability

    The programme may be new, but the process has been shaping for years: In March 2020, Mozilla officially launched a dedicated Environmental Sustainability Programme, and I am proud and excited to be stewarding our efforts. Since we launched, the world has been held captive by the COVID-19 pandemic. People occasionally ask me, “Is this really the time to build up and invest in such a large-scale, ambitious programme?” My answer is clear: Absolutely.

  • Mozilla Privacy Blog: An opportunity for openness and user agency in the proposed Facebook-Giphy merger

    Facebook is squarely in the crosshairs of global competition regulators, but despite that scrutiny, is moving to acquire Giphy, a popular platform that lets users share images on social platforms, such as Facebook, or messaging applications, such as WhatsApp. This merger – how it is reviewed, whether it is approved, and if approved under what sort of conditions – will set a precedent that will influence not only future mergers, but also the shape of legislative reforms being actively developed all around the world. It is crucial that antitrust agencies incorporate into their processes a deep understanding of the nature of the open internet and how it promotes competition, how data flows between integrated services, and in particular the role played by interoperability. Currently Giphy is integrated with numerous independent social messaging services, including, for example, Slack, Signal, and Twitter. A combined Facebook-Giphy would be in a position to restrict access by those companies, whether to preserve their exclusivity or to get leverage for some other reason. This would bring clear harm to users who would suddenly lose the capabilities they currently enjoy, and make it harder for other companies to compete.

Security and FUD

  • Security updates for Thursday

    Security updates have been issued by Fedora (dovecot, dpdk, knot-resolver, and unbound), Mageia (ant, libexif, and php), SUSE (libmspack), and Ubuntu (php5, php7.0, php7.2, php7.3, php7.4 and unbound).

  • 5 Kernel Live Patching Tools That Will Help To Run Linux Servers Without Reboots

    Within IT organizations, there are processes and practices so routine that they are invisible. It doesn’t matter if such processes and practices are flawed, or if there exists a better way: if something has worked for a few years, people stop looking for alternatives. This perfectly describes current approaches to kernel patching. Right now, most organizations patch the servers by planning reboot cycles. Because rebooting the server fleet is a headache that causes downtime, people put it off for as long as they can. Which means patches aren’t applied as early as possible. This gap between patch issue and its application means risk, malpractice and may cause non-compliance. This standard approach to kernel patching exposes servers to malicious intent by threat actors on multiple attack vectors, putting IT organizations at risk of major security issues. Anyone tasked with keeping their organization safe from cyber attacks should be seeking a better way to run Linux servers without reboots (ideally, for years). In this article you will learn what is live patching, how it ensures the uptime, what 5 tools are available to help you run servers for years – without reboots and what are the advantages and drawbacks of each tool.

  • USB systems may have some serious security flaws - especially on Linux [Ed: ZDNet's FUD is going places; the tests were mostly done on Linux, so it's hardly shocking that the bugs found were in Linux. But it's presented as Linux being particularly bad.]

    Academics have developed a new tool that allowed them to discover 26 previously unidentified vulnerabilities in the USB driver stack used by many popular operating systems including Linux, macOS, Windows and FreeBSD.

  • New fuzzing tool picks up insecure USB driver code

    Matthias Payer at the federal polytechnic school in Lausanne, Switzerland, and Hui Peng at Purdue University, United States, said [pdf] that they leveraged open-source components such as QEMU processor emulator to design a tool that's low-cost and hardware independent, called USBFuzz.

  • New fuzzing tool for USB drivers uncovers bugs in Linux, macOS, Windows

    With a new fuzzing tool created specifically for testing the security of USB drivers, researchers have discovered more than two dozen vulnerabilities in a variety of operating systems. “USBFuzz discovered a total of 26 new bugs, including 16 memory bugs of high security impact in various Linux subsystems (USB core, USB sound, and network), one bug in FreeBSD, three in macOS (two resulting in an unplanned reboot and one freezing the system), and four in Windows 8 and Windows 10 (resulting in Blue Screens of Death), and one bug in the Linux USB host controller driver and another one in a USB camera driver,” Hui Peng and Mathias Payer explained.

  • NSA: Russian agents have been hacking major email program

    The U.S. National Security Agency says the same Russian military hacking group that interfered in the 2016 presidential election and unleashed a devastating malware attack the following year has been exploiting a major email server program since last August or earlier. The timing of the agency's advisory Thursday was unusual considering that the critical vulnerability in the Exim Mail Transfer Agent — which mostly runs on Unix-type operating systems — was identified 11 months ago, when a patch was issued. Exim is so widely used — though far less known than such commercial alternatives as Microsoft's proprietary Exchange — that some companies and government agencies that run it may still not have patched the vulnerability, said Jake Williams, president of Rendition Infosec and a former U.S. government hacker.