Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Purism’s Librem Key, Silex 'Malware' (Brute-Forcing Bad/Unchanged Passwords), Arch Linux Reproducible Builds

Filed under
Security
  • Security updates for Thursday
  • Made in USA Librem Key

    We would never use the words “Made in USA” lightly. We had to meet very strict requirements before being allowed to use that label. It’s well-known that other firms have been fined for mislabeling their Made in China products as Made in USA, for instance because “screwdriver assembly” only (getting electronics made elsewhere and doing final case-assembly in the USA) is not enough to qualify for “Made in USA”. A company can source specific, individual electronics components from around the world (we source chips like the OpenPGP smart card from a European supplier, for example) but must actually make–as in fabricate–the product here, in the US, to be able to label it as “Made in USA.”

  • Purism’s Librem Key is Now the First and Only USB Security Token to be Made in the USA

    Purism, the social purpose corporation which designs and produces popular hardware and software that protects users’ digital lives, today announced its Librem Key product will be the first device of its category to be made in the USA.

    Librem Key, the first and only OpenPGP smart card closely integrated with the Heads-firmware offering a tamper-evident boot process, launched in September 2018. Initially manufactured in-part by partner Nitrokey, Purism is now manufacturing Librem Keys entirely from Purism’s Carlsbad, California headquarters – the same U.S. facility used to manufacture its Librem 5 smartphone devkits in 2018. Version 2 also stores up to 4096-bit RSA keys and up to 512-bit ECC keys and securely generates keys directly on the device.

    Supply chain security is a rising concern due to the lack of control hardware companies have over manufacturing links. Threats include security hacks, malware concerns, cyber-espionage, and even copyright theft. Purism sees protection of its supply chain as an existentially important issue, and has invested in supply chain improvements including the launch of Librem Key V2.

  • The Curious Case of Silexbot

    A new piece of malware that is using default credentials to log into IoT devices and then erase their file systems and shut them down is on the move, but it may not end up having the reach that it’s alleged creator intended.

  • Thousands of IoT Devices Bricked By Silex Malware
  • Jelle Van der Waa: Reproducing Arch [core] repository packages

    As Arch Linux we are working on reproducible builds for a while and have a continuous test framework rebuilding package updated in our repositories. This test does an asp checkout of a package and builds it twice in a schroot, we do not try to reproduce actual repository packages yet. In the end this is however what we want to achieve, giving users the ability to verify a repository package by rebuilding it on their own hardware.

  • mariadb 10.4.x update requires manual intervention

    The update to mariadb 10.4.6-1 and later changes configuration layout as recommended by upstream.

Kodachi 6.1 The Secure OS

Filed under
GNU
Linux
Security

Linux Kodachi operating system is based on Xubuntu 18.04 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure.
Kodachi is very easy to use all you have to do is boot it up on your PC via USB drive then you should have a fully running operating system with established VPN connection + Connection established + service running. No setup or knowledge is required from your side we do it all for you. The entire OS is functional from your temporary memory RAM so once you shut it down no trace is left behind all your activities are wiped out.

Read more

Security Leftovers

Filed under
Security
  • Chinese hackers accused of 'mass-scale attack' on mobile operators

    The cyberespionage campaign, dubbed Operation Soft Cell, was first noticed a year ago. Since then, hackers been attacking various mobile operators to gain access to their networks and obtain call detail records (CDRs) of their targets from the database.

  • OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass

    The more technical explanation: Cavallarin noted that macOS treats apps loaded from a network share differently than apps downloaded from the Internet. By creating a symbolic link (or "symlink"—similar to an alias) to an app hosted on an attacker-controlled Network File System (NFS) server, and then creating a .zip archive containing that symlink and getting a victim to download it, the app would not be checked by Apple's rudimentary XProtect bad-download blocker.

  • Apple macOS Gatekeeper security flaw exploited out in the wild

    Cavallarin noted that he alerted Apple to the problem in February, and Cupertino's code wranglers were meant to have fixed it with macOS 10.14.5. But that doesn't appear to have happened, as security company Intego has discovered an example of it being used.

  • An 14-year-old's Internet-of-Things worm is bricking shitty devices by the thousands

    A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices' firewall rules and removes its network config and triggers a restart -- this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device's firmware.

  • scripting sudo's digest functions

    At my last job I wrote a couple perl scripts to build platform-specific digest-checking sudoers files for all programs in system directories. I've cleaned them up some and added Linux support. They're not on github because once I do that other folks might find them, and I'm not convinced this is a good thing. But I'd like some feedback, so I'm posting here.

  • VideoLAN Patches Critical Vulnerability in VLC Media Player

    Discovered by Symeon Paraschoudis from Pen Test Partners, the issue allows a remote attacker to create a specially crafted file to trigger a double free in zlib_decompress_extra() (demux/mkv/utils.cpp).

    This could then be leveraged to execute arbitrary code on the vulnerable system, the researcher says.

  • Double-Free RCE in VLC

    I spent three months working on VLC using Honggfuzz, tweaking it to suit the target. In the process, I found five vulnerabilities, one of which was a high-risk double-free issue and merited CVE-2019-12874.

    Here’s the VLC advisory https://www.videolan.org/security/sa1901.html.

    Here’s how I found it. I hope you find the how-to useful and it inspires you to get fuzzing.

  • PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

    As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.

    However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site scripting (XSS) flaw that could allow attackers to run scripts in the context of the current user just by sending a specially crafted email to the victims.

    Now, Bryan Appleby from F5 Networks, one of the security researchers who reported this issue independently to Microsoft, released more details and proof-of-concept for the Outlook vulnerability that he reported to the tech giant almost six months ago.

  • How I [Cracked] the Microsoft Outlook Android App and Found CVE-2019-1105

    In a web browser, it’s possible to run JavaScript code by using a URL that starts javascript:. But in a web browser, JavaScript in an iframe on a separate domain shouldn’t have access to the data in the rest of the page. In Outlook on the Android, there is no such restriction. My iframe JavaScript had full access to cookies, tokens and even some emails. Not only that, I could send them back out to a remote attacker.

    This kind of vulnerability could be exploited by an attacker sending an email with JavaScript in it. The server escapes that JavaScript and does not see it because it’s within an iframe. When delivered, the mail client automatically undoes the escaping and the JavaScript runs on the client device. Bingo – a stored XSS. This code can do whatever the attacker desires, up to and including stealing information and/or sending data back out. An attacker can send you an email and just by you reading it, they could steal the contents of your inbox. Weaponized, this can turn into a very nasty piece of malware.

  • More than 400 737 Max pilots are suing Boeing over an 'unprecedented cover-up' of flaws in the plane's design

    More than 400 Boeing 737 Max pilots are suing the company over what they allege was an "unprecedented cover-up" of "known design flaws" in the plane, and over the financial losses they face as the plane remains grounded after two fatal crashes.

    A class-action lawsuit was filed against Boeing on Friday "for financial and other losses arising from the circumstances and grounding of the MAX fleet," according to the two law firms representing the pilots, based in Chicago and Australia.

  • US Public Might Not Be Told About Foreign Efforts to Alter Next Election

    With the 2020 presidential campaign getting under way, intelligence agencies, along with the Department of Homeland Security and FBI, have set about briefing the candidates and making them aware of the resources available should their campaign come under attack.

  • US election security: still a dumpster fire

    There's some progress on eliminating the voting-machine business altogether, with a free/open source system emerging from Los Angeles County's election authorities -- LA County is a national leader in election security and inclusiveness, with an 11-day voting window, available paper ballots for all, and a slate of accessibility features in its machines.

    But LA County is an exception, and between the poor-quality systems in place nationwide, intransigence from Senate Republicans on allocating funds for election security, and the diplomatic chaos that has failed to produce any international norms on election meddling, 2020 is looking like a potential shitshow to put 2016 to shame.

  • [Older] Securing Our Cyber Future

    This study seeks to provide a partial substitute for such a commission report. Building on the abovementioned research and investigations, our report begins by summarizing in Chapter One what the Kremlin did in 2016 and why. Chapters Two through Eight then offer concrete prescriptions for protecting the integrity and independence of U.S. elections, focusing in particular on strengthening resiliency before the 2020 presidential election. Our recommendations are practical, concrete, and achievable before 2020— but they demand action now.

  • A Likely Chinese [Attacker] Crew Targeted 10 Phone Carriers to Steal Metadata

    On Monday night, researchers at Boston-based cybersecurity firm Cybereason revealed the results of tracking a years-long cyberespionage campaign they've called Operation Soft Cell, which they say targeted the networks of at least 10 cellular providers around the world. And while researchers' visibility into that [attack] campaign is incomplete, they say it appears to be a prolific but highly targeted espionage campaign likely based in China. In one of the 10 breaches that affected a Cybereason customer, the researchers say they found that the [attackers] had gained deep access to the victim's network and stolen gigabytes of metadata related to 20 specific individuals' phone usage and location.

  • The Bug That Crashed New York’s Wireless Network

    The simple remedy involved some necessary upgrades.

    Yet somehow, New York City’s technology managers were caught completely off guard, and did nothing to prepare for the calendar reset of the centralized Global Positioning System.

    As a result, a wireless network used by city agencies crashed in April, crippling many services that relied on it, including some Police Department license plate readers and a system to remotely control traffic lights. It took 10 days to get the network running again.`

  • Sheryl Crow: Universal Studios fire destroyed all my master tapes

    "And secondly, I can't understand how you could make safeties [back-up copies] and have them in the same vault. I mean, what's the point?

    "And thirdly, I can't understand how it's been 11 years," she added. "I mean, I don't understand the cover-up."

    Crow, who had seven US top 10 albums between 1995 and 2008, is the first artist to confirm the loss of their recordings since the New York Times' investigation was published two weeks ago.

  • Windows 10 USB-C glitch is causing sluggish shutdowns

    While a minute might not seem like a long time, despite the protestations of some, when one is working on the move and needs to quickly pack up a laptop to so they can hop off a train, for example, 60 whole full-fat seconds can seem like a drag.

    It's also disconcerting when a computer takes a long time to shut down as well, given you don't know if it's suddenly going to throw up a blue screen of death.

Security Leftovers/FUD

Filed under
Security
  • New Linux Worm Attacks IoT Devices [Ed: How to blame "Linux" for default passwords in devices (and some now also blame "Iran", citing a CIA 'proxy' Recorded Future in relation to this because they want war)]

    Silex has 'bricked' more than 2000 Linux-based IoT devices so far.

  • Your server remote login isn't root:password, right? Cool. You can keep your data. Oh sh... your IoT gear, though? [Ed: All this "Silex" 'news' tries to blame Iran for cracking by guessing default passwords; but this is attempted every day by dozens of nations, every minute in a lot of cases. Any political motivation behind this Iran angle?]

    Earlier this week, infosec outfit Recorded Future claimed a Tehran-backed group known as Elfin, or APT33, has been increasingly active in recent months, largely targeting industrial facilities and companies within Saudi Arabia that do business with the US and other Western countries.

  • 'Silex' Malware Renders Internet-of-Things Devices Useless. Here's How to Prevent It [Ed: War lovers' media, e.g. Fortune (see parent) and CBS (through ZDNet) push this whole "Iran" angle, manufactured in part by Recorded Future, which works with the CIA. This is the source of all these "Iran is cracking your gear" stories (every large nation does it all the time, so why the focus on Iran all of a sudden?)]
  • Silex malware targeting IoT devices spotted by security researchers
  • Daily News Roundup: Hackers Broke into Ten Telecom Networks [Ed: Definitely sounds like they used Windows, which executes malware without obstructing the users (who might just open an E-mail or click on a link)]

    Security researchers have revealed hackers spent years burrowing into ten different telecoms. Using a common method of an email with a link leading to malware, the hackers then used sophisticated techniques to target specific individuals.

    Security researchers at Cybereason revealed details of years-long attempts to break into telecom services (cell phone carriers). Starting in 2017, and possibly before, hackers sent emails to unsuspecting telecom employees with malicious links. The initial payload gave the hackers access to the telecom networks.

    Once in, the hackers ultimately compromised the network, gaining administrative privileges, and even creating a VPN on the system that let hackers access large amounts of data and empowered them even to shut down the telecom network entirely. The hackers had so much power that Amit Serper, Principal Security Researcher at Cybereason, described them as essentially a “de facto shadow IT department of the company.”

Security: Updates, Devices With Default Credentials and Open Ports, Regulatory Compliance and Red Hat Security and More

Filed under
Security
  • Security updates for Wednesday
  • This Malware Created By A 14-Yr-Old Is Bricking Thousands Of Devices [Ed: "It's targeting any Unix-like system with default login credentials," the original source says.]

    A new malware called Silex is on its way to brick thousands of IoT devices. The malware has been developed by a 14-year old teenager known by the pseudonym Light Leafon. The malware strain is inspired by the infamous malware called BrickerBot, which is notorious for bricking millions of IoT devices way back in 2017.

  • New Silex malware is bricking IoT devices, has scary plans
  • Regulatory Compliance and Red Hat Security

    In today’s interconnected world, data security has never been more important. Virtually every industry, from healthcare to banking and everything in between, has rules for how businesses handle data. Failure to meet regulatory compliance spells serious trouble for your business. Depending on the severity of the infraction, you could end up with fines, loss of reputation/revenue, or jail time.

    Fortunately, these consequences are avoidable with a few proactive steps. By training your IT staff to keep your systems secure, you can prevent harmful or costly data breaches.

  • Using Quay.io to find vulnerabilities in your container images

    You’ve created a container image that has all the packages that you and your team need to do something useful, or maybe you’ve built a public image that anybody can use. But, what if that image contains packages with known security vulnerabilities? Regardless of the severity of those vulnerabilities, you’ll want to learn more and take steps to mitigate them as soon as possible.

    Fortunately, your team uses Quay.io* as your registry. When you push an image to Quay.io, it automatically runs a security scan against that image.

AMD Releases Firmware Update To Address SEV Vulnerability

Filed under
Hardware
Security

A new security vulnerability has been made public over AMD's Secure Encrypted Virtualization (SEV) having insecure cryptographic implementations. Fortunately, this AMD SEV issue is addressed by a firmware update.

CVE-2019-9836 has been made pulic as the AMD Secure Processor / Secure Encrypted Virtualization having an insecure cryptographic implementation.

Read more

Security: Updates, FUD, Back Doors and More

Filed under
Security
  • Security updates for Tuesday
  • Sting Catches Another Ransomware Firm — Red Mosquito — Negotiating With “Hackers”

    ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers.

    Now there’s new evidence that a U.K. firm takes a similar approach. Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting operation he conducted in April, Scotland-based Red Mosquito Data Recovery said it was “running tests” to unlock files while actually negotiating a ransom payment. Wosar, the head of research at anti-virus provider Emsisoft, said he posed as both hacker and victim so he could review the company’s communications to both sides.

    Red Mosquito Data Recovery “made no effort to not pay the ransom” and instead went “straight to the ransomware author literally within minutes,” Wosar said. “Behavior like this is what keeps ransomware running.”

  • Carbon Black adds Linux support and more to its endpoint protection solution

    Endpoint protection company Carbon Black is adding a number of features to its platform, including Linux support and Amazon Web Services and container protection.

    The cloud-native platform gives security and IT teams remote access to cloud workloads and containers running in their environment, making it easier to resolve configuration drift, address vulnerabilities in real time, confidently respond to incidents and demonstrate compliance with business policies and industry regulations.

    The cloud workload and container protection capabilities are available from the same universal agent and cloud-native platform protecting Microsoft Windows, macOS and Linux endpoints.

    "The industry is quickly moving into the cloud era for endpoint protection and IT operations," says Ryan Polk, Carbon Black's chief product officer. "Carbon Black is proud to be at the front edge for cloud innovation and, with this latest release, our cloud-native EPP is now protecting some of the most important and emerging cloud real estate."

    As well as supporting AWS workloads and nearly every Linux distribution released since 2011, Carbon Black's platform extends direct access to more than 1,000 individual system artifacts across all major operating systems, including the ability to check the status of disk encryption, installed applications, kernel integrity, listening network ports, logged in users, OS versions, USB devices and more.

  • Top 10 Ethical Hacking Books

    Hacking is an ongoing process of information gathering and exploitation of any target. The hackers are consistent, practical and stay updated with daily appearing vulnerabilities. The first step to exploitation is always reconnaissance. The more information you gather, the better there are chances that you will make your way through the victim boundary. The attack should be very structured and verified in a local environment before being implemented on live target. The pre requisites are Networking skills, programming languages, Linux, Bash scripting and a reasonable workstation.Ethical hacking is the application of hacking knowledge for the benefit of society through good morals, and is usually defensive in nature, based on good knowledge of the core principles.
    Many books are available on hacking, but we will discuss today the top 10 which are appreciated and recommended by the hacking community. Note: The books are in no particular order.

  • Raspberry Pi used to steal data from Nasa lab [Ed: RasPi has a major new release (4), so MSBBC needs to spread some negative things/stories about it (googlebombing?). Microsoft failed to take over Raspberry Pi Foundation like it did OLPC. BBC (run by ex-Microsoft UK people) spreads anti-RasPi news belatedly (blaming it for something unrelated) only hours after a major product release.]

    A tiny Raspberry Pi computer has been used to steal data from Nasa's Jet Propulsion Laboratory, the space agency has revealed.

    An audit report reveals the gadget was used to take about 500MB of data.

  • VMware’s Dirk Hohndel On Container Security, Mental Health And Open Source
  • Trump Ponders Banning All Chinese-Made Gear From US 5G Networks [Ed: Mandating NSA back doors everywhere]

    We've already noted extensively how the "race to fifth generation wireless (5G)" is kind of a dumb thing. While 5G is important in the way that faster, better networks are always important, the purported Earth-rattling benefits of the technology have been painfully over-hyped. And they've been painfully over-hyped largely for two reasons: one, mobile carriers want to give a kick to stalling cellphone sales numbers, and network hardware vendors like Cisco want to drive the adoption of new, more expensive, telecom hardware.

    The "race to 5G" isn't a race. And even if it were, our broadband maps are so intentionally terrible, we'd have no idea if and when we'd won it. Regardless, 5G has subsequently become a sort of magic pixie dust of tech policy conversations, justifying all manner of sometimes dubious policy. But the underlying desire to simply sell more kit has also infected the Trump administration's protectionist attacks on companies like Huawei, which is based on about 40% actual cybersecurity concerns, and 60% lobbying efforts by US hardware vendors that don't want to compete with cheaper Chinese hardware.

KDE Plasma 5.16.2 Desktop Environment Released with More Than 30 Bug Fixes

Filed under
KDE
Security

Coming just one week after the first point release, the KDE Plasma 5.16.2 maintenance update is here to add yet another layer of bug fixes with the ultimate goal to make the KDE Plasma 5.16 desktop environment more stable and reliable for users. In particular, this second point release introduces a total of 34 changes across various core components and apps.

"Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.16.2. Plasma 5.16 was released in June with many feature refinements and new modules to complete the desktop experience. This release adds a week's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important," reads today's announcement.

Read more

Also: Plasma 5.16.2

Tails 3.14.2 is out

Filed under
Security
Debian

This release is an emergency release to fix a critical security vulnerability in Tor Browser.

You should upgrade as soon as possible.

Read more

Security Leftovers

Filed under
Security
  • Security updates for Monday
  • OpenSSH code gets an update to protect against side-channel attacks

    Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.

    SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.

    However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.

  • Bird Miner cryptominer targets Macs, emulates Linux [Ed: This is actually malware that spreads itself using proprietary software and not about "Linux"]

    A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool.

  • Linux Admins! Grab Our Free Tool To Protect Against Netflix SACK Panic

    Your Linux boxes may be vulnerable to TCP networking vulnerabilities that can lead to a remote DoS attack.

Syndicate content

More in Tux Machines

Software: TenFourFox/Firefox, Linux Boot Loaders, Viber Alternatives, Switchconf, and HowTos

  • Clean out your fonts, people

    Thus, the number of fonts you have currently installed directly affects TenFourFox's performance, and TenFourFox is definitely not the only application that needs to know what fonts are installed. If you have a large (as in several hundred) number of font files and particularly if you are not using an SSD, you should strongly consider thinning them out or using some sort of font management system. Even simply disabling the fonts in Font Book will help, because under the hood this will move the font to a disabled location, and TenFourFox and other applications will then not have to track it further.

  • Some Of The Linux Boot Loaders
  • Best 4 Viber Alternatives Available to Download with Open-Source License

    We all know what Signal is. By using this app, you can easily talk to your friends without all the SMS fees. You can also create groups, share media and all kinds of attachments – it’s all private. The server never gets access to your messages. However, if you don’t like this app, we come with the best 5 alternatives for it.

  • New release of switchconf 0.0.16

    I have moved the development of switchconf from a private svn repo to a git repo in salsa: https://salsa.debian.org/debian/switchconf Created a virtual host called http://software.calhariz.com were I will publish the sources of the software that I take care. Updated the Makefile to the git repo and released version 0.0.16.

  • How To Install VirtualBox Guest Additions on Ubuntu 18.04
  • How To Install Proxmox VE Hypervisor

OSS Leftovers

  • How open source and AI can take us to the Moon, Mars, and beyond

    Research institutions and national labs across the globe are pouring hundreds of thousands of research hours into every conceivable aspect of space science. And, overwhelmingly, the high performance computing (HPC) systems used for all research are running open source software. In fact, 100% of the current TOP500 supercomputers run on some form of Linux. Therefore, it’s likely that the future of space exploration will be built on the open source philosophy of knowledge sharing and collaboration among researchers and developers. Success will depend on the adoption of open technologies to stimulate collaboration among nations, as well as advances in the field of AI and machine learning. Although these are ambitious objectives that could take several years to fully implement, we are already seeing great progress: open source software is already running in space, AI and machine learning is used in spacecraft communications and navigation, and the number of commercial companies interested in the space economy is growing.

  • ElectrifAi launches AI industry’s first open source machine learning platform

    With the new platform, ElectrifAi’s data scientists – as well as those of its customers – can code and access data in any programming language. According to ElectrifAi, the incorporation of Docker Containers and Kubernetes enables the firm to build and deploy hybrid cloud enterprise solutions at scale.

  • The development of the open source platform – An industry perspective

    There has been much dialog, but not much action with regard to the evolution of retail trading platforms in recent years. For many brokerages, relying on the status quo which represents an unholy alliance between third party vendor MetaQuotes, thereby disabling a broker from owning its own client base or infrastructure and becoming subservient to an affiliate marketing platform rather than empowered by a multi-faceted trading platform, remains. FinanceFeeds has attended numerous meetings with brokerage senior executives across the globe, all of whom understand the value and importance of going down the multi-asset product expansion route, and almost all of whom understand the clear virtues of having a bespoke user interface which engenders a loyal customer base, enables brokers to own the entire intellectual property base of its business – which let’s face it is why entrepreneurs start businesses in the first place – and offer differentiating services to specific audiences. A simple glance at the continuity and geographic location of client bases of companies such as Hargreaves Lansdown or CMC Markets, and the absolute lack of reliance on affiliate networks is testimony to that. This week, Richard Goers, CEO of Australian professional trading platform development company ManagedLeverage spoke out about a continuing issue which is something that has been prominent in the viewpoint of FinanceFeeds for some years, that being the development of open source platforms.

  • Break Up Your Innovation Program, If You Want It To Survive

    With open-source software, problems are solved faster than by any other means.

  • Don’t be fooled by the [Internet]: this week in tech, 20 years ago

    One thing I wanted to say is, don’t be fooled by the internet. It’s cool to get on the computer, but don’t let the computer get on you. It’s cool to use the computer, don’t let the computer use you. Y’all saw The Matrix. There’s a war going on. The battlefield’s in the mind. And the prize is the soul. So just be careful. Be very careful. Thank you.

  • How Suse is taking open source deeper into the enterprise

    The diversity in the open source software world can be a boon and a bane to wider adoption in the enterprise. After all, without the right knowhow, it can be hard to figure out how they are going to work together on existing infrastructure – and if the chosen projects will eventually survive. That’s where open source companies such as Suse step in. While smaller than US-based rival Red Hat, Suse has found its footing in identifying and supporting open source projects that help to run mission-critical enterprise workloads, improve developer productivity and solve business problems in industries such as retail.

  • SUSE joins iRODS Consortium

    iRODS is open source storage data management software for data discovery, workflow automation, secure collaboration, and data virtualization. By creating a unified namespace and a metadata catalog of all the data and users within a storage environment, the iRODS rule engine allows users to automate data management. [...] Alan Clark, SUSE CTO Office lead focused on Industry Initiatives and Emerging Standards and chairman of the OpenStack Foundation board of directors, said, “SUSE is excited to join the iRODS Consortium, lending our open source technical expertise to help advance the iRODS data management software. The integration with SUSE Enterprise Storage helps customers lower total cost of ownership, leveraging commodity hardware to support their iRODS-managed storage environments. As a leading provider of open source software, SUSE helps our customers leverage the latest open source technologies for application delivery and software-defined infrastructure. SUSE tests and hardens our solutions, ensuring they are enterprise ready and backed by our superior support experience.”

  • Cortex Command Goes Open Source, Gets LAN Support

    To help facilitate future community development, Data Realms have released the game’s source code.

  • Why Open Source Matters For Chinese Tech Firms?

    As companies plow more and more investment into AI research, China has finally woken up to the realisation of open source and how it can shape the development of a field that’s becoming increasingly attractive. Over the last few years, open-source has become the foundation of innovation — and the major contributions come from tech giants like Facebook, Microsoft, Google, Uber and Amazon among others. In November 2015, Google made an unparalleled move by open-sourcing its software library — which now rivals Torch, Caffe and Theano. These are the open-source lessons that big Chinese companies seem to be learning fast. Traditionally, Chinese firms have trailed behind their US counterparts when it comes to the contributions from the US and Europe, but that’s changing now. Over a period of time, Chinese tech companies are trying to grow their influence in the open-source world by building a robust ecosystem. Not only that, they have learnt that open-sourcing tech can help attract great ML talent and increasingly it is also making good business sense. At a time when the AI tool stack is evolving, enterprises are rushing to grab a pie and provide a unified software and hardware technology stack. Internet and cloud Chinese tech giants have woken up to the promise of open source and AI-related datasets and models can serve the bigger business goals of the companies.

  • How Open Source Alluxio Is Democratizing Data Orchestration

    Alluxio is one of the many leading open-source projects/companies – including Spark and Mesosphere – that emerged from UC Berkeley Labs. Haoyuan (H.Y.) Li Founder, Chairman and CTO of Alluxio, sat down with Swapnil Bhartiya, Editor-in-Chief of TFIR to discuss how Alluxio is providing new ways for organizations to manage data at scale with its data orchestration platform. Alluxio’s data orchestration layer has increased efficiency by four times, so companies are finding that work that used to take one year now takes three months. For many enterprise companies, the path to the cloud starts with an intermediate step of a hybrid cloud approach, Li said. He also sees widespread enterprise adoption of a multi-cloud strategy.

  • Cloudera Moves To All-Open Source Model In Major Shift

    Amidst financial troubles and departure of chief executive Tom Reilly, company says it wants to emulate success of pure open source pioneer Red Hat.

  • Cloudera Follows Hortonworks' Open Source Lead

    Trying to survive the carnage AWS and the like are causing in the Big Data space, Cloudera is open sourcing its entire product line. [...] Less than six months after closing its merger with Hortonworks, the Big Data company Cloudera has announced it's going all open source.

Database News on YugaByte Going for Apache 2.0 Licence

  • YugaByte Becomes 100% Open Source Under Apache 2.0 License

    YugaByte, a provider of open source distributed SQL databases, announced that YugaByte DB is now 100% open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The transition breaks the boundaries between YugaByte’s Community and Enterprise editions by bringing previously commercial-only, closed-source features such as Distributed Backups, Data Encryption, and Read Replicas into the open source core project distributed under the permissive Apache 2.0 license. Starting immediately, there is only one edition of YugaByte DB for developers to build their business-critical, cloud-native applications.

  • YugaByte's Apache 2.0 License Delivers 100% Open Source Distributed SQL Database

    YugaByte, the open source distributed SQL databases comapny, announced that YugaByte DB is now 100 percent open source under the Apache 2.0 license, bringing previously commercial features into the open source core. The move, in addition to other updates available now through YugaByte DB 1.3, allows users to more openly collaborate across what is now the world’s most powerful open source distributed SQL database.

  • SD Times Open-Source Project of the Week: YugaByte DB

    This week’s SD Times Open Source Project of the Week is the newly open-sourced YugaByte DB, which allows users to better collaborate on the distributed SQL database. The move to the open-source core project distributed under the Apache 2.0 license makes previously closed-sourced features such as distributed backups, data encryption and read replicas more accessible, according to the team. By doing this, YugaByte plans to break the boundaries between YugaByte’s Community and Enterprise editions. “YugaByte DB combines PostgreSQL’s language breadth with Oracle-like reliability, but on modern cloud infrastructure. With our licensing changes, we have removed every barrier that developers face in adopting a business-critical database and operations engineers face in running a fleet of database clusters, with extreme ease,” said Kannan Muthukkaruppan, co-founder and CEO of YugaByte.

Programming: Ruby, NativeScript, Python, Rust/C/C++ FUD From Microsoft