Language Selection

English French German Italian Portuguese Spanish

Security

Kali NetHunter App Store – Public Beta

Filed under
GNU
Linux
Security

Kali NetHunter has been undergoing a ton of changes of late. Now supporting over 50 devices and running on Android devices from KitKat (v4.4) to Pie (v9.0), its amazing the extra capabilities that have been introduced.

But, we don’t want to stop there. After a ton of work, we are really excited to introduce the Kali NetHunter App Store!

Read more

Network Security Toolkit 30-11210

Filed under
GNU
Linux
Red Hat
Security

We are pleased to announce the latest NST release: "NST 30 SVN:11210". This release is based on Fedora 30 using Linux Kernel: "kernel-5.1.17-300.fc30.x86_64". This release brings the NST distribution on par with Fedora 30.

Read more

Security: Windows, Books, Apple and More

Filed under
Security
  • Windows 7 Enters the Last Six Months of Support [Ed: Microsoft propagandist (for ages) Bogdan Popa won't advise people to hop over to GNU/Linux (which he lies about, saying Microsoft "loves Linux")]

    According to third-party data provided by NetMarketShare, Windows 7 continues to be one of the most popular choices for desktop users.

  • Security bootcamp: 8 must-read books for leaders

    The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture.

    Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.

  • Security scanning your DevOps pipeline

    Security is one of the most important considerations for running in any environment, and using open source software is a great way to handle security without going over budget in your corporate environment or for your home setup. It is easy to talk about the concepts of security, but it's another thing to understand the tools that will get you there. This tutorial explains how to set up security using Jenkins with Anchore.

    There are many ways to run Kubernetes. Using Minikube, a prepackaged virtual machine (VM) environment designed for local testing, reduces the complexity of running an environment.

  • This Is Why We Have Betas. iOS 13 Beta Shows Saved Passwords

    There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk.

    Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.

  • Hackers breached Bulgaria’s tax agency and leaked the data of 5M people

    Bulgaria has suffered what has been described as the biggest data leak in its history. The stolen data, which hackers emailed to local media on July 15, originates from the country’s tax reporting service – the National Revenue Agency (NRA).

    The breach contains the personal data of 5 million citizens, local outlet Capital reports. To put that into perspective, Bulgaria has a population of 7 million. Among other things, the trove includes personal identifiable numbers, addresses, and even income data.

Security: FOSS Updates, WhatsApp and Telegram, Windows as Malware and Respect to Fernando Corbató

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by CentOS (firefox), Debian (libspring-java, ruby-mini-magick, and thunderbird), Fedora (fossil, python-django, snapd-glib, and thunderbird), openSUSE (helm and monitoring-plugins), Red Hat (cyrus-imapd, thunderbird, and vim), Scientific Linux (vim), Slackware (bzip2), SUSE (bubblewrap, bzip2, expat, glib2, kernel, php7, python3, and tomcat), and Ubuntu (exiv2, firefox, and flightcrew).

  • WhatsApp, Telegram Vulnerable To ‘Media File Jacking’: Change Your Settings Now!

    Instant messaging apps like WhatsApp and Telegram keep your messages encrypted in transit, but once a media file reaches your phone, the same cannot be guaranteed.

    Researchers from Symantec have demonstrated how a vulnerability in WhatsApp and Telegram can be exploited by hackers to hijack the media files that are sent through these services.

  • Windows 7 & security-only telemetry - What gives?

    Sometimes, it is hard to separate fact from emotion when it comes to technology. This does not help the end user, because when people come searching for solutions to genuine concerns like this, they first have to filter through outbursts of pent-up frustration as a result of many years of salesy bullshit.

    From the technological point of view, there's nothing new here. However, the fact you now get non-security nonsense with security means you can't really trust updates from Microsoft anymore. So if anything, this will majestically backfire. People don't like being pushed, and I'm amazed with the repeated attempts to do so, again and again.

  • Fernando Corbató, Early Operating System Pioneer And Password Inventor, Dies At 93

    Corbató and his fellow researchers at MIT made possible much of what we now think of as computing.

  • Professor Emeritus Fernando Corbató, MIT computing pioneer, dies at 93

    Longtime MIT professor developed early “time-sharing” operating systems and is widely credited as the creator of the world's first computer password.

Security Leftovers

Filed under
Security
  • EAP-pwd security issues – SAE (Simultaneous Authentication of Equals) WPA3-Personal – potential full password recovery with weak passwords – CVE-2019-9495, CVE-2019-9497, CVE-2019-9498, CVE-2019-9499

    it might sound strange… and even if it sucks, but if you are concerned about security, call me paranoid but:

    your company’s critical infrastructure SHALL NOT BE REACHABLE BY WIFI! (especially not if you are running a nuclear power plant, just saying… nobody wants meltdown vulnerability of CPUs to actually be able to cause a meltdown)

  • RIP Fernando “Corby” Corbató, inventor of the password (1926-2019)

    Last Friday, legendary MIT computer scientist Fernando “Corby” Corbató passed away at his home in Newton, Massachusetts. He was 93.

    The Oakland-born researcher was responsible for several pivotal advances in the computer science space, most notably the password, which he invented during his pioneering work in computer time sharing.

  • GE Aviation Passwords, Source Code Exposed in Open Jenkins Server [Ed: 'Windows shop' GE needs to hire actual FOSS and GNU/Linux people who know how to properly set up and maintain things. This one is a shot in one's foot.]

    A DNS misconfiguration resulted in an open Jenkins server being available to all.

    A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure.

    GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine suppliers, and offers various airplane components. The server also contained a ReadMe file, outlining all the files it contained and their sensitivity.

  • Open Source Genomic Analysis Software Flaw Patched

    A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.

Security Leftovers

Filed under
Security
  • France Says Ransomware Attacks on Big Companies Are on the Rise [iophk: Windows TCO]

    Attackers changed strategy in the second half of 2018, ditching smaller companies to go after big corporations, sometimes strategic or vital to the nation’s economy, the ministry said on Tuesday in its 2019 cyber threats report. The trend accelerated this year.

  • New Elections Systems Vulnerable to Hacks, AP Analysis Shows

    An Associated Press analysis has found that like many counties in Pennsylvania, the vast majority of 10,000 election jurisdictions nationwide use Windows 7 or an older operating system to create ballots, program voting machines, tally votes and report counts.

    That’s significant because Windows 7 reaches its “end of life” on Jan. 14, meaning Microsoft stops providing technical support and producing “patches” to fix software vulnerabilities, which hackers can exploit. In a statement to the AP, Microsoft said Friday it would offer continued Windows 7 security updates for a fee through 2023.

  • Unusual Linux Ransomware Targets NAS Servers [Ed: Does not explain how the malware/ransomware gets onto there in the first place and whether it has anything at all to do with "Linux" rather than reckless people who install malware ot very weak passwords. They use a Tux logo/mascot anyway.]

    As for the decision to target NAS, Chris Morales, head of security analytics at Vectra, told Threatpost that it isn’t as common to deploy endpoint monitoring to a Linux dedicated network file server — thus, the QNAPCrypt malware represents the evolution and adaptation of an attack to bypass security controls.

  • Why Trump Caved to China and Huawei

    Everything about the trade war between the United States and China is bewildering. The world’s two largest economies entered a titanic struggle with harsh words and high tariffs, sending shudders through the global economy. Hundreds of billions of dollars of goods on either side stood before tariff walls that seemed unbreachable. Truces would come out of nowhere—as at the 2018 G20 meeting in Buenos Aires—but then they would be set aside by U.S. President Donald Trump in a stream of tweets at odd hours.

    In May, Trump went after Huawei, one of the world’s largest technology firms. The attack this time was not on economic grounds. Trump accused Huawei of being an espionage arm of the Chinese government. Firms from the United States that supplied Huawei with software and chips would no longer be permitted to do so. Trump’s diplomats went on the road to strongarm U.S. allies into no longer using Huawei technology in their countries. Pressure on China resulted in the arrest of Meng Wanzhou, Huawei’s chief financial officer, on charges of bank and wire fraud in relation to U.S. sanctions against Iran. Meng Wanzhou is the daughter of Huawei’s founder, Ren Zhengfei.

Security Leftovers

Filed under
Security
  • Microsoft Discreetly Drops ‘Telemetry’ As Part Of Larger ‘Security Cumulative Update’ Without First Informing Windows 7 Users? [Ed: Microsoft being Microsoft and backporting surveillance; With Windows Update any piece of software can become more malicious overnight.]

    Microsoft appears to have once again attempted to sneak telemetry components. The company released security updates for all supported operating systems on the July 2019 Patch Day. However, this month’s cumulative updates, which were supposed to contain only security-related components, contain an unexpected compatibility/telemetry component.

    The suspicious components were hidden in plain sight. Incidentally, this is the second time Microsoft has attempted to insert telemetry components. However, during the first attempt the Windows OS maker had openly mentioned the inclusion of the telemetry components, whereas this time, the company didn’t offer any indication. This methodology appears to an attempt to garner more accurate data about usage and installation patterns of the Windows operating system as Microsoft will soon phase out Windows 7.

    Windows Update delivered several packages of security and reliability fixes for Windows 7 earlier this week. The packages are different for each of the Windows operating system’s versions that Microsoft officially supports. However, the ‘cumulative update’ package contained a rather suspicious component. The security update in question was intended for Microsoft Windows 7 Operating System (OS) which was released as part of the July 2019 Patch Day.

  • Swimlane research team open sources pyattack

    As security teams adopt the Mitre ATT&CK Framework to help them identify gaps in their defenses, having a way to identify what malware and tools are being used by specific actors or groups becomes more critical. Additionally, having a way to identify these relationships programatically is even more critical.

    Today, we are excited to announce the Swimlane research team has released pyattck—a Python package to interact with the Mitre ATT&CK Framework. There are many different open-source projects being released on a daily basis, but we wanted to provide a straightforward Python package that allows the user to identify known relationships between all verticals of the Mitre ATT&CK Framework.

  • Strongbox Password Safe is a free, open-source KeePass client for iOS [Ed: iOS from Apple has back doors (see Vault 7 from Wikileaks for instance), so you should not put any passwords in it]
  • Research Finds Loads of Container Vulnerabilities

    Docker containers are great in that it’s easy to get started building an application using frameworks and components that others have made available via open source projects. The challenge, however, is not all those projects are current in terms of their cybersecurity patches. In fact, a developer of a framework may not even be actively supporting it anymore.

    A new report from vulnerability management platform vendor Kenna Security highlights the extent of the problem in the Docker community. Via the VulnerabilitiesContainer.org site, Kenna Security is sharing the results of analyses of containers being reused widely that find some of these open source projects have hundreds of unresolved Common Vulnerabilities and Exposure (CVE) issues.

  • A World of Infinite Choice in Open Source Software

    We recently released the fifth annual State of the Software Supply Chain Report in London. This year, we worked with Gene Kim and Dr. Stephen Magill to examine our largest data sample ever. Our goal? To qualify and quantify how exemplary development teams operate.

    As part of the research we identified the top 3% of DevOps teams using exemplary practices. (Take the quiz to see how your team stacks up.)

    Before we could truly understand these practice, we had to have the right context. The report’s first goal was to compare the use of open source in 2019 - to that of years past - and understand the broader environment developers are working in. As anticipated, open source component use continues to rocket upward.

  • In memoriam – Corby Corbató, MIT computer science pioneer, dies at 93

    Almost everyone’s heard of Linux – it’s the operating system kernel that’s behind a significant proportion of servers on the internet, including most of Google, Facebook, Amazon and many other contemporary online juggernauts.

    In its Android flavour, Linux powers the majority of smartphones out there, and in one form or another it’s also the kernel of choice for many so-called IoT devices such as bike computers, home Wi-Fi routers, webcams, baby monitors and even doorlocks.

    Most people who use Linux know that the name is a sort-of pun on Unix, the operating system that Linux most resembles.

    And Unix, of course, is the operating system behind a significant proportion of the devices out there that don’t run Linux, being at the heart of Apple’s macOS and iOS systems, as well as the various and widely-used open source BSD distributions.

Confirmed: Microsoft Windows Zero-Day Exploit Used In Government Espionage Operation

Filed under
Microsoft
Security

It has been revealed that a threat actor once best known for cyber bank robbery in Russia has made a move to espionage. The highly targeted attacks against government institutions in Eastern Europe, which took place during June 2019, employed the use of a Microsoft Windows zero-day exploit. In and of itself this isn't unusual as there have been plenty of Windows zero-days discovered. However, this is the first time that researchers had seen the Buhtrap group using a zero-day attack, although the group has been involved in the cyber-spying business for some years now across Eastern Europe and Central Asia.

Anton Cherepanov, a senior malware researcher at security vendor ESET, explained how the zero-day exploit abused a local privilege escalation vulnerability in Microsoft Windows in order to run arbitrary code and install applications, and view or change data on the compromised systems. As soon as the researchers had properly analyzed the exploit, it was reported to the Microsoft Security Response Center, and a fix was included in the July 9 "Patch Tuesday" update.

The vulnerability itself only impacted older versions of Windows, specifically variations of Windows and Windows Server 2008. This is because, as Cherepanov explained, "since Windows 8 a user process is not allowed to map the NULL page. Microsoft back-ported this mitigation to Windows 7 for x64-based systems." The advice, predictably, is to upgrade to a newer version of the operating system if possible. Especially as critical security updates will disappear soon when extended support for Windows 7 Service Pack 1 ends in January 2020. Gavin Millard, vice-president of intelligence at Tenable, warns users not to be complacent seeing as the vulnerability is "now being actively exploited in the wild," advising that "patches should be deployed as soon as possible."

Read more

Security Leftovers

Filed under
Security
  • Adjusting the Scope of our Security Vulnerability Disclosure Program

    At EFF we put security and privacy first. That's why over three years ago we launched EFF's Security Vulnerability Disclosure Program. The Disclosure Program is a set of guidelines on how security researchers can tell EFF about bugs in the software we develop, like HTTPS Everywhere or Certbot. When we launched the program, it was a bit of an experiment. After all, as a lean, member-driven nonprofit, we can't give out the tremendous cash rewards that large corporations can provide for zero days. Instead, all we can offer security researchers in return for their hard work is recognition on our EFF Security Hall of Fame page and other non-cash rewards like EFF gear or complimentary EFF memberships.

    Despite the limited rewards, the program has been a tremendous success. As of June 1, 2019, we've had over seventy different security researchers report valid security vulnerabilities to us, as you can see on our Security Hall of Fame page.

  • Court: Computer Experts May Examine Georgia Voting Systems

    A federal court in Georgia has ruled that Georgia election officials must allow the Coalition for Good Governance to review the state's election management databases. The Coalition argued that the databases "provide the roadmap that needs to be analyzed to identify flaws" in the state election system.

  • Hackers breach Canonical GitHub account [Ed: They breached a Microsoft GitHub account, but never blame Microsoft for anything...]

    Hackers compromised credentials to break into a Canonical Ltd. GitHub account...

Linux May Gain Protection Against Hyper-Threading Attacks

Filed under
Linux
Security

Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel’s Hyper-Threading (HT) feature. Multiple side-channel threats the feature's vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.

The Oracle developers didn't specify whether or not the recent MDS attacks against Intel’s HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.

Read more

Syndicate content

More in Tux Machines

Software: TenFourFox/Firefox, Linux Boot Loaders, Viber Alternatives, Switchconf, and HowTos

  • Clean out your fonts, people

    Thus, the number of fonts you have currently installed directly affects TenFourFox's performance, and TenFourFox is definitely not the only application that needs to know what fonts are installed. If you have a large (as in several hundred) number of font files and particularly if you are not using an SSD, you should strongly consider thinning them out or using some sort of font management system. Even simply disabling the fonts in Font Book will help, because under the hood this will move the font to a disabled location, and TenFourFox and other applications will then not have to track it further.

  • Some Of The Linux Boot Loaders
  • Best 4 Viber Alternatives Available to Download with Open-Source License

    We all know what Signal is. By using this app, you can easily talk to your friends without all the SMS fees. You can also create groups, share media and all kinds of attachments – it’s all private. The server never gets access to your messages. However, if you don’t like this app, we come with the best 5 alternatives for it.

  • New release of switchconf 0.0.16

    I have moved the development of switchconf from a private svn repo to a git repo in salsa: https://salsa.debian.org/debian/switchconf Created a virtual host called http://software.calhariz.com were I will publish the sources of the software that I take care. Updated the Makefile to the git repo and released version 0.0.16.

  • How To Install VirtualBox Guest Additions on Ubuntu 18.04
  • How To Install Proxmox VE Hypervisor

OSS Leftovers

  • How open source and AI can take us to the Moon, Mars, and beyond

    Research institutions and national labs across the globe are pouring hundreds of thousands of research hours into every conceivable aspect of space science. And, overwhelmingly, the high performance computing (HPC) systems used for all research are running open source software. In fact, 100% of the current TOP500 supercomputers run on some form of Linux. Therefore, it’s likely that the future of space exploration will be built on the open source philosophy of knowledge sharing and collaboration among researchers and developers. Success will depend on the adoption of open technologies to stimulate collaboration among nations, as well as advances in the field of AI and machine learning. Although these are ambitious objectives that could take several years to fully implement, we are already seeing great progress: open source software is already running in space, AI and machine learning is used in spacecraft communications and navigation, and the number of commercial companies interested in the space economy is growing.

  • ElectrifAi launches AI industry’s first open source machine learning platform

    With the new platform, ElectrifAi’s data scientists – as well as those of its customers – can code and access data in any programming language. According to ElectrifAi, the incorporation of Docker Containers and Kubernetes enables the firm to build and deploy hybrid cloud enterprise solutions at scale.

  • The development of the open source platform – An industry perspective

    There has been much dialog, but not much action with regard to the evolution of retail trading platforms in recent years. For many brokerages, relying on the status quo which represents an unholy alliance between third party vendor MetaQuotes, thereby disabling a broker from owning its own client base or infrastructure and becoming subservient to an affiliate marketing platform rather than empowered by a multi-faceted trading platform, remains. FinanceFeeds has attended numerous meetings with brokerage senior executives across the globe, all of whom understand the value and importance of going down the multi-asset product expansion route, and almost all of whom understand the clear virtues of having a bespoke user interface which engenders a loyal customer base, enables brokers to own the entire intellectual property base of its business – which let’s face it is why entrepreneurs start businesses in the first place – and offer differentiating services to specific audiences. A simple glance at the continuity and geographic location of client bases of companies such as Hargreaves Lansdown or CMC Markets, and the absolute lack of reliance on affiliate networks is testimony to that. This week, Richard Goers, CEO of Australian professional trading platform development company ManagedLeverage spoke out about a continuing issue which is something that has been prominent in the viewpoint of FinanceFeeds for some years, that being the development of open source platforms.

  • Break Up Your Innovation Program, If You Want It To Survive

    With open-source software, problems are solved faster than by any other means.

  • Don’t be fooled by the [Internet]: this week in tech, 20 years ago

    One thing I wanted to say is, don’t be fooled by the internet. It’s cool to get on the computer, but don’t let the computer get on you. It’s cool to use the computer, don’t let the computer use you. Y’all saw The Matrix. There’s a war going on. The battlefield’s in the mind. And the prize is the soul. So just be careful. Be very careful. Thank you.

  • How Suse is taking open source deeper into the enterprise

    The diversity in the open source software world can be a boon and a bane to wider adoption in the enterprise. After all, without the right knowhow, it can be hard to figure out how they are going to work together on existing infrastructure – and if the chosen projects will eventually survive. That’s where open source companies such as Suse step in. While smaller than US-based rival Red Hat, Suse has found its footing in identifying and supporting open source projects that help to run mission-critical enterprise workloads, improve developer productivity and solve business problems in industries such as retail.

  • SUSE joins iRODS Consortium

    iRODS is open source storage data management software for data discovery, workflow automation, secure collaboration, and data virtualization. By creating a unified namespace and a metadata catalog of all the data and users within a storage environment, the iRODS rule engine allows users to automate data management. [...] Alan Clark, SUSE CTO Office lead focused on Industry Initiatives and Emerging Standards and chairman of the OpenStack Foundation board of directors, said, “SUSE is excited to join the iRODS Consortium, lending our open source technical expertise to help advance the iRODS data management software. The integration with SUSE Enterprise Storage helps customers lower total cost of ownership, leveraging commodity hardware to support their iRODS-managed storage environments. As a leading provider of open source software, SUSE helps our customers leverage the latest open source technologies for application delivery and software-defined infrastructure. SUSE tests and hardens our solutions, ensuring they are enterprise ready and backed by our superior support experience.”

  • Cortex Command Goes Open Source, Gets LAN Support

    To help facilitate future community development, Data Realms have released the game’s source code.

  • Why Open Source Matters For Chinese Tech Firms?

    As companies plow more and more investment into AI research, China has finally woken up to the realisation of open source and how it can shape the development of a field that’s becoming increasingly attractive. Over the last few years, open-source has become the foundation of innovation — and the major contributions come from tech giants like Facebook, Microsoft, Google, Uber and Amazon among others. In November 2015, Google made an unparalleled move by open-sourcing its software library — which now rivals Torch, Caffe and Theano. These are the open-source lessons that big Chinese companies seem to be learning fast. Traditionally, Chinese firms have trailed behind their US counterparts when it comes to the contributions from the US and Europe, but that’s changing now. Over a period of time, Chinese tech companies are trying to grow their influence in the open-source world by building a robust ecosystem. Not only that, they have learnt that open-sourcing tech can help attract great ML talent and increasingly it is also making good business sense. At a time when the AI tool stack is evolving, enterprises are rushing to grab a pie and provide a unified software and hardware technology stack. Internet and cloud Chinese tech giants have woken up to the promise of open source and AI-related datasets and models can serve the bigger business goals of the companies.

  • How Open Source Alluxio Is Democratizing Data Orchestration

    Alluxio is one of the many leading open-source projects/companies – including Spark and Mesosphere – that emerged from UC Berkeley Labs. Haoyuan (H.Y.) Li Founder, Chairman and CTO of Alluxio, sat down with Swapnil Bhartiya, Editor-in-Chief of TFIR to discuss how Alluxio is providing new ways for organizations to manage data at scale with its data orchestration platform. Alluxio’s data orchestration layer has increased efficiency by four times, so companies are finding that work that used to take one year now takes three months. For many enterprise companies, the path to the cloud starts with an intermediate step of a hybrid cloud approach, Li said. He also sees widespread enterprise adoption of a multi-cloud strategy.

  • Cloudera Moves To All-Open Source Model In Major Shift

    Amidst financial troubles and departure of chief executive Tom Reilly, company says it wants to emulate success of pure open source pioneer Red Hat.

  • Cloudera Follows Hortonworks' Open Source Lead

    Trying to survive the carnage AWS and the like are causing in the Big Data space, Cloudera is open sourcing its entire product line. [...] Less than six months after closing its merger with Hortonworks, the Big Data company Cloudera has announced it's going all open source.

Database News on YugaByte Going for Apache 2.0 Licence

  • YugaByte Becomes 100% Open Source Under Apache 2.0 License

    YugaByte, a provider of open source distributed SQL databases, announced that YugaByte DB is now 100% open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The transition breaks the boundaries between YugaByte’s Community and Enterprise editions by bringing previously commercial-only, closed-source features such as Distributed Backups, Data Encryption, and Read Replicas into the open source core project distributed under the permissive Apache 2.0 license. Starting immediately, there is only one edition of YugaByte DB for developers to build their business-critical, cloud-native applications.

  • YugaByte's Apache 2.0 License Delivers 100% Open Source Distributed SQL Database

    YugaByte, the open source distributed SQL databases comapny, announced that YugaByte DB is now 100 percent open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The move, in addition to other updates available now through YugaByte DB 1.3, allows users to more openly collaborate across what is now the world’s most powerful open source distributed SQL database.

  • SD Times Open-Source Project of the Week: YugaByte DB

    This week’s SD Times Open Source Project of the Week is the newly open-sourced YugaByte DB, which allows users to better collaborate on the distributed SQL database. The move to the open-source core project distributed under the Apache 2.0 license makes previously closed-sourced features such as distributed backups, data encryption and read replicas more accessible, according to the team. By doing this, YugaByte plans to break the boundaries between YugaByte’s Community and Enterprise editions. “YugaByte DB combines PostgreSQL’s language breadth with Oracle-like reliability, but on modern cloud infrastructure. With our licensing changes, we have removed every barrier that developers face in adopting a business-critical database and operations engineers face in running a fleet of database clusters, with extreme ease,” said Kannan Muthukkaruppan, co-founder and CEO of YugaByte.

Programming: Ruby, NativeScript, Python, Rust/C/C++ FUD From Microsoft