Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, SDNs, Oklahoma’s Department of Securities (ODS)

Filed under
Security
  • Security updates for Monday
  • Break free from traditional network security

    From a security stance, the network is becoming perimeterless, and rather than a hard network barrier, the corporate network needs to be porous; security inside the network has to be zero-trust.

    The experts Computer Weekly contacted regarding perimeterless network security generally agree that such an architecture is not easy to achieve, but software-defined networking (SDN) and containerisation offer network security architects a sound foundation on which to implement a perimeterless network security strategy.

  • State agency exposes 3TB of data, including FBI info and remote logins

    Oklahoma’s Department of Securities (ODS) exposed three terabytes of files in plain text on the public internet this month, which contained sensitive data including social security numbers, details of FBI investigations, credentials for remote access to computers, and the names of AIDS patients.

    Researchers at security company UpGuard found the files using the Shodan search engine, which indexes internet-connected devices. In this case, they ran across an unsecured rsync server registered to ODS.

    Rsync is a utility commonly found on Unix and Linux systems that enables administrators to synchronize files between different computers. It is used for ‘delta’ syncing, in which one computer copies to another only the parts of files that have changed, enabling them to maintain identical copies of the files in different locations.

Security: Bogdan Popa's Latest Microsoft FUD, Banks With Windows, Huawei Scare, and It's Possible to Install Malicious Things on Google

Filed under
Security
  • Linux Virus Removes Security Software to Mine Monero [Ed: Bogdan Popa, "Microsoft News Editor" (basically the Microsoft PR/propagandist of Softpedia), only ever writes about GNU/Linux to attack it. Here too he uses a misleading title, a provocative headline and picture. These are already-compromised machines. It's not a "Linux" issue per se. So yeah... Microsoft loves Linux... Linux FUD.]
  • Hackers Wield Commoditized Tools to Pop West African Banks

    Symantec says. Attackers also used an open source, remote administration tool for Windows called UltraVNC, then infected systems with Cobalt Strike malware, which can also provide backdoors onto PCs and download additional malware. "Communication with the C&C server was handled by dynamic DNS infrastructure, which helped shield the location of the attackers."

  • Huawei and Apple smartphones are both made in China, so what is the difference?

    Do Huawei phones really pose that much more of a security risk than iPhones in the face of China's potential espionage threat? A

  • Google Play malware used phones’ motion sensors to conceal itself

    Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection—they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.

  • New Android Malware Uses Motion Sensors To Stay Hidden

    ecurity measures are not the only ones seeing improvements! Malicious apps are also figuring out new ways to enhance its working, and one such Android malware proves this.

Security: ThreadX, Kali Linux, Rocke and Data Loss

Filed under
Security
  • Vulnerabilities Found in Highly Popular Firmware for WiFi Chips

    WiFi chip firmware in a variety of devices used mainly for gaming, personal computing, and communication comes with multiple issues. At least some of them could be exploited to run arbitrary code remotely without requiring user interaction.

    The security flaws were discovered in ThreadX, a real-time operating system (RTOS) developed by Express Logic. The vendor claims on their website that ThreadX has over 6.2 billion deployments, being one of the most popular software powering Wi-Fi chips.

    The firmware is also powering the Avastar 88W8897 SoC (Wi-Fi + Bluetooth + NFC) from Marvell, present in Sony PlayStation 4 (and its Pro variant), Microsoft Surface (+Pro) tablet and laptop, Xbox One, Samsung Chromebook and smartphones (Galaxy J1), and Valve SteamLink.

  • Wolf Halton on what’s changed in tech and where we are headed

    The tech industry is changing at a massive rate especially after the storage options moved to the cloud. However, this has also given rise to questions on security, data management, change in the work structure within an organization, and much more. Wolf Halton, an expert in Kali Linux, tells us about the security element in the cloud. He also touches upon the skills and knowledge that should be inculcated in your software development cycle in order to adjust to the dynamic tech changes at present and in the future. Following this, he juxtaposes the current software development landscape with the ideal one.

  • Rocke coinminer disables cloud protection agents

    A group of hackers that specializes in infecting servers with cryptocurrency mining software has started disabling security software agents used in cloud environments to evade detection. Known as Rocke in the security industry, the group has been active since at least April 2018 and is known for exploiting critical vulnerabilities in web application frameworks and servers like Apache Struts, Oracle WebLogic and Adobe ColdFusion.

  • Malware used by “Rocke” group evolves to evade detection by cloud security products
  • Malware uninstalls cloud security products from Linux machines

    After removing the cloud security, the malware then proceeded to mine the monero cryptocurrency on its hosts.

  • I Nearly Lost All Of My Data!

    At this point I’m really worried. You see, I cancelled my off-site Amazon Glacier backups around 6 months ago. What are the chances of both a 4 disk RAID failing AND a USB drive at the same time? Not likely, I thought. Boy was I wrong

Livepatching With Linux 5.1 To Support Atomic Replace & Cumulative Patches

Filed under
Linux
Security

With the Linux 5.1 kernel cycle that should get underway in just over one month's time, there will now be the long in development work (it's been through 15+ rounds of public code review!) for supporting atomic replace and cumulative patches.

Read more

IPFire 2.21 - Core Update 127 is available for testing

Filed under
GNU
Linux
Security

New year, new update ready for testing! We have been busy over the holidays and are bringing you an update that is packed with new features and many many performance improvements.

This is quite a long change log, but please read through it. It is worth it!

Read more

Security: Bo Weaver, New Scares, Clones With Malware

Filed under
Security
  • Bo Weaver on Cloud security, skills gap, and software development in 2019

    Bo Weaver, a Kali Linux expert shares his thoughts on the security landscape in the cloud. He also talks about the skills gap in the current industry and why hiring is a tedious process. He explains the pitfalls in software development and where the tech is heading currently.

    Bo, along with another Kali Linux expert Wolf Halton were also interviewed on why Kali Linux is the premier platform for testing and maintaining Windows security. They talked about advantages and disadvantages for using Kali Linux for pentesting. We also asked them about what they think about pentesting in cybersecurity, in general. They have also talked about their stance about the role of pentesting in cybersecurity in their interview titled, “Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity”

    [...]

    I laugh and cry at this term. I have a sticker on my laptop that says “There is no Cloud…. Only other people’s computers.” Your data is sitting on someone else’s system along with other people’s data. These other people also have access to this system. Sure security controls are in place but the security of “physical access” has been bypassed.

    You’re “in the box”. One layer of security is now gone.
    Also, your vendor has “FULL ACCESS” to your data in some cases. How can you be sure what is going on with your data when it is in an unknown box in an unknown data center? The first rule of security is “Trust No One”. Do you really trust Microsoft, Amazon, or Google? I sure don’t!!! Having your data physically out of your company’s control is not a good idea. Yes, it is cheaper but what are your company and its digital property worth?

    [...]

    In software development, I see a dumbing down of user interfaces. This may be good for my 6-year-old grandson, but someone like me may want more access to the system. I see developers change things just for the reason of “change”. Take Microsoft’s Ribbon in Office. Even after all these years, I find the ribbon confusing and hard to use. At least, with Libre Office, they give you a choice between a ribbon and an old school menu bar. The changes in Gnome 3 from Gnome 2. This dumbing down and attempting to make a desktop usable for a tablet and a mouse totally destroyed the usability of their desktop. What used to take 1 click now takes 4 clicks to do.

  • Security experts, Wolf Halton and Bo Weaver, discuss pentesting and cybersecurity [Interview]
  • Cloud security products uninstalled by mutating malware [Ed: Affects already-compromised servers]

    Linux is more prevalent than one might think, Microsoft Azure is now predominantly run on Linux servers - it's not just the Chinese cloud environments being hosted via Linux, it's likely that your business is running at least one cloud service on a Linux server too.

  • Google Play still has a clone problem in 2019 with no end in sight

    A fake app tries to clone another app in name, looks, and functionality, often also adding something like malware. Despite Google’s best efforts, both types of apps were fairly common in 2018.

Security: Cincoze Back Doors (ME), Windows 10 Mobile Killed (No More Patches), New FUD About 'Linux Servers'

Filed under
Security
  • Industrial Apollo Lake mini-PC features dual GbE with PoE

    Cincoze announced a compact, rugged “DA-1100” embedded PC with an Apollo Lake SoC, triple display support, dual GbE ports with PoE, 4x USB 3.0 ports, SATA, and expansion via mini-PCIe and homegrown add-on modules.

    Cincoze has updated its “entry level” Intel Bay Trail based DA-1000 industrial mini-PC, which is sold under the same name in the U.S. by Logic Supply. The new Apollo Lake based DA-1100, which is now referred to as an edge computer is not only a bit faster, but offers a few key enhancements, including PoE and triple displays. No pricing was listed by Taiwan-based Cincoze, but Logic Supply sold the earlier DA-1000 at $569 and up including a 32GB SATA SSD. It’s possible the new model will end up at Logic Supply as well.

  • Microsoft is Ending Windows 10 Mobile Support on December 10th, 2019

    After the end of support, Windows Phones will continue to work, but some features will eventually shut down. Automatic and manual backups for settings and apps will cease after March 10, 2020. And services like photo upload and device restore will stop December 2020.

  • Linux-Targeting Cryptojacking Malware Disables Cloud-Based Security Measures: Report [Ed: They make it sound like GNU/Linux is the problem; but it relies on already-compromised GNU/Linux systems]

    A new cryptojacking malware has the ability to disable cloud-based security measures to avoid detection on Linux servers, research by information security company Palo Alto Networks Jan. 17 reveals.

    The malware in question mines Monero (XMR) and is reportedly a modified version of one used by the so-called “Rocke” group, originally discovered by cybersecurity firm Talos in August last year. According to the research, one of the first things that the malware does is check for other cryptocurrency mining processes and add firewall rules to block any other cryptojacking malware.

Security: Updates, 'Smart' Things, Android Proprietary Software and Firefox Woes on Windows

Filed under
Security
  • Security updates for Friday
  • How Do You Handle Security in Your Smart Devices?

    Look around your daily life and that of your friends and family, and you’ll see that smart devices are beginning to take over our lives. But this also means an increase in a need for security, though not everyone realizes it, as discussed in a recent article on our IoT-related site. Are you aware of the need for security even when it’s IoT-related? How do you handle security in your smart devices?

  • A Vulnerability in ES File Explorer Exposes All of Your Files to Anyone on the Same Network
  • 2018 Roundup: Q1

    One of our major pain points over the years of dealing with injected DLLs has been that the vendor of the DLL is not always apparent to us. In general, our crash reports and telemetry pings only include the leaf name of the various DLLs on a user’s system. This is intentional on our part: we want to preserve user privacy. On the other hand, this severely limits our ability to determine which party is responsible for a particular DLL.

    One avenue for obtaining this information is to look at any digital signature that is embedded in the DLL. By examining the certificate that was used to sign the binary, we can extract the organization of the cert’s owner and include that with our crash reports and telemetry.

    In bug 1430857 I wrote a bunch of code that enables us to extract that information from signed binaries using the Windows Authenticode APIs. Originally, in that bug, all of that signature extraction work happened from within the browser itself, while it was running: It would gather the cert information on a background thread while the browser was running, and include those annotations in a subsequent crash dump, should such a thing occur.

Security: Jenkins, Polyverse, Rootkits, Cryptojacking and Kali Linux

Filed under
Security

Security: Updates, Leaks, Kubernetes and Let's Encrypt

Filed under
Security
  • Security updates for Thursday
  • Oracle Releases First Critical Patch Update of 2019, Red Hat Enterprise Linux and Fedora to Drop MongoDB, The Linux Foundation Announces Its 2019 Event Lineup, Firefox Closing Its Test Pilot Program and GoDaddy to Support AdoptOpenJDK

    Oracle released its first Critical Patch Update of the year this week, which addresses 284 vulnerabilities. eWeek reports that "Thirty-three of the vulnerabilities are identified as being critical with a Common Vulnerabilities Scoring System (CVSS) score of 9.0 or higher."

  • Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised

    Good morning! A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history. Here’s how to make sure your information is still safe.

    This collection of email address and passwords—dubbed “Collection #1”—groups together several smaller breaches into a larger master file of sorts. This huge collection of data comes from several different sites, so your personal info may have been compromised from multiple different sources. That means your information could’ve been compromised multiple times—the same email address with different passwords.

  • Kubernetes security: 4 tips to manage risks

    Kubernetes has one of the liveliest (if not the liveliest) communities around. Getting involved is one of the best ways to get up to speed and stay abreast of best security practices. That community values the same thing you’re seeking: Making the most of Kubernetes’ power while minimizing any risks that come with its increasing adoption.

    “This community clearly cares deeply about security, and it emphasizes education and inclusion, so security staff can look forward to a helpful, educational community from whom they can learn,” Dang says.

    “Get educated and follow industry best practices, like the CIS Kubernetes Benchmark,” advises Amir Jerbi, CTO at Aqua Security. “Kubernetes is a complex system with many configuration options, any of which, if done wrong, could leave clusters open to attacks.”

    Plugging into the vibrant Kubernetes community is a great step toward ensuring your organization’s implementation isn’t creating unnecessary vulnerabilities.

  • Protect Your Websites with Let's Encrypt

    Back in the bad old days, setting up basic HTTPS with a certificate authority cost as much as several hundred dollars per year, and the process was difficult and error-prone to set up. Now we have Let's Encrypt for free, and the whole thing takes just a few minutes.

Syndicate content

More in Tux Machines

Bare-Metal Kubernetes Servers and SUSE Servers

  • The Rise of Bare-Metal Kubernetes Servers
    While most instances of Kubernetes today are deployed on virtual machines running in the cloud or on-premises, there is a growing number of instances of Kubernetes being deployed on bare-metal servers. The two primary reasons for opting to deploy Kubernetes on a bare- metal server over a virtual machine usually are performance and reliance on hardware accelerators. In the first instance, an application deployed at the network edge might be too latency-sensitive to tolerate the overhead created by a virtual machine. AT&T, for example, is working with Mirantis to deploy Kubernetes on bare-metal servers to drive 5G wireless networking services.
  • If companies can run SAP on Linux, they can run any application on it: Ronald de Jong
    "We have had multiple situations with respect to security breaches in the last couple of years, albeit all the open source companies worked together to address the instances. As the source code is freely available even if something goes wrong, SUSE work closely with open source software vendors to mitigate the risk", Ronald de Jong, President of -Sales, SUSE said in an interview with ET CIO.
  • SUSE Public Cloud Image Life-cycle
    It has been a while since we published the original image life-cycle guidelines SUSE Image Life Cycle for Public Cloud Deployments. Much has been learned since, technology has progressed, and the life-cycle of products has changed. Therefore, it is time to refresh things, update our guidance, and clarify items that have led to questions over the years. This new document serves as the guideline going forward starting February 15th, 2019 and supersedes the original guideline. Any images with a date stamp later than v20190215 fall under the new guideline. The same basic principal as in the original guideline applies, the image life-cycle is aligned with the product life-cycle of the product in the image. Meaning a SLES image generally aligns with the SUSE Linux Enterprise Server life-cycle and a SUSE Manager image generally aligns with the SUSE Manager life-cycle.

Steam's Slipping Grip and Release of Wine-Staging 4.2

  • Steam's iron grip on PC gaming is probably over even if the Epic Games Store fails
     

    It doesn’t matter though. Whether Epic succeeds or not, Steam has already lost. The days of Valve’s de facto monopoly are over, and all that matters is what comes next.

  • Wine-Staging 4.2 Released - Now Less Than 800 Patches Atop Upstream Wine
    Wine 4.2 debuted on Friday and now the latest Wine-Staging release is available that continues carrying hundreds of extra patches re-based atop upstream Wine to provide various experimental/testing fixes and other feature additions not yet ready for mainline Wine.  Wine-Staging for a while has been carrying above 800 patches and at times even above 900, but with Wine-Staging 4.2 they have now managed to strike below the 800 patch level. It's not that they are dropping patches, but a lot of the Wine-Staging work has now been deemed ready for mainline and thus merged to the upstream code-base. A number of patches around the Windows Codecs, NTDLL, BCrypt, WineD3D, and other patches have been mainlined thus now coming in at a 798 patch delta.

OSS Leftovers

  • Tomorrow is Good: #Freethemodels: we need open source energy models
    The transition from fossil fuels to renewable energy is arguably the biggest operation in human history. But it’s increasingly based on secret models with a bad track record. That has to change! For me, this journey started in 2007 (Dutch link). I was doing some research in my spare time and it struck me that solar, wind and electric vehicles were on course to become cheaper than fossil alternatives. What struck me even more, was that the predictions of ‘authoritative’ institutions like the International Energy Agency and the Energy Information Administration seemed to ignore this development. At first, it seemed unrelated to my work in computers, the Internet and mobile phones. Then I realized the similarity: I had been ‘fighting’ with ‘trusted experts’ in Telecom for the past 15 years. They had been denying the future of PCs, the Internet and mobile phones all through my career. The lesson I take from this: experts of the old cannot fathom the new.
  • Google open-sources PlaNet, an AI agent that learns about the world from images
    Reinforcement learning — a machine learning training technique that uses rewards to drive AI agents toward certain goals — is a reliable means of improving said agents’ decision-making, given plenty of compute, data, and time. But it’s not always practical; model-free approaches, which aim to get agents to directly predict actions from observations about their world, can take weeks of training. Model-based reinforcement learning is a viable alternative — it has agents come up with a general model of their environment they can use to plan ahead. But in order to accurately forecast actions in unfamiliar surroundings, those agents have to formulate rules from experience. Toward that end, Google in collaboration with DeepMind today introduced the Deep Planning Network (PlaNet) agent, which learns a world model from image inputs and leverages it for planning. It’s able to solve a variety of image-based tasks with up to 5,000 percent the data efficiency, Google says, while maintaining competitiveness with advanced model-free agents.
  • eLife invests in Texture to provide open-source content production tools for publishers
    Originally created by Substance Software GmbH (Substance) as a JavaScript library of tools for web-based content editing, Texture has been supported by a community of organisations collectively known as the Substance Consortium and including Érudit, the Public Knowledge Project (PKP) and SciELO. eLife has now invested in Texture's development to support its own open-source publishing platform, but - as with the organisation's other open-source projects - any new features will be added to the tool in such a way that they can be repurposed by other publishers.
  • SD Times Open-Source Project of the Week: Principled GraphQL
    GraphQL is quickly becoming the preferred approach for working with APIs. It is a query language for APIs, and is designed to give users more insight and understanding into the data inside their APIs. According to GraphQL platform provider Apollo, it’s also so much more than a query language. “It’s a comprehensive solution to the problem of connecting modern apps to services in the cloud. As such, it forms the basis for a new and important layer in the modern application development stack: the data graph. This new layer brings all of a company’s app data and services together in one place, with one consistent, secure, and easy-to-use interface, so that anyone can draw upon it with minimal friction,” the company wrote.
  • Open source your automation testing for the mobile web with OpenTest
    Testing is a crucial part of the development cycle. How else will we find out if that cool new idea actually works in practice? Entering a crowded field, OpenTest offers developers a new tool for standardizing functional tests across a wide variety of platforms and teams. OpenTest is an open source functional test automation tool for web applications, mobile apps and APIs. With a wide variety of features and a focus on mainstream testing practices, OpenTest gives developers a spectacular foundation to evaluate their applications for the mobile web. What’s more, it is an easy to use tool for beginners as well as experts.
  • Facebook Open-Sources PyText NLP Modeling Framework
    Facebook AI Research is open-sourcing PyText, a natural-language-processing (NLP) modeling framework that is used in the Portal video-calling device and M Suggestions in Facebook Messenger. NLP is a technology for parsing and handling human languages and is a key component of chatbot or smart-assistant applications. Engineers developing NLP algorithms often turn to deep-learning systems to build their solutions, such as Facebook's PyTorch platform. PyText builds on top of PyTorch by providing a set of interfaces and models specifically tuned for NLP. Internally, Facebook is using PyText to power NLP in their Portal video-calling device and in their Messenger app's M Suggestion feature.
  • Fasttoken Is Making Its Codes Open Source
    One of the most common problems facing the Ethereum blockchain is scaling. While Ethereum has seen its fair share of proposed scaling solutions, state channels appear to be the best solution so far. State channels are a form of block communication that occurs outside of the blockchain and can be used to support greater scalability. And that’s not in the distant future – state channels are already available.
  • Novel Software May Help Detect Heart Diseases: Study
    Researchers have developed a new software that could spot potentially lethal heart diseases and may lead to improvements in prevention and treatment, says a new study. The software - ElectroMap - which measures electrical activity in the organ, is a new open-source software for processing, analysis and mapping complex cardiac data.
  • This new software reads cardiac data, can predict risk of heart disease
    The ElectroMap software is an open-source software for processing, analysis and mapping complex cardiac data, said experts at the University of Birmingham Dubai.  The heart's pumping ability is controlled by electrical activity that triggers the heart muscle cells to contract and relax.  In certain heart diseases such as arrhythmia, the organ's electrical activity is affected.  Cardiac researchers can already record and analyse the heart's electrical behaviour using optical and electrode mapping, but widespread use of these technologies is limited by a lack of appropriate software, according to the study published in the journal Scientific Reports.
  • Gadgetbridge is an open-source replacement for the Android app of Pebble, Mi Band, Amazfit, and other smart bands
    Purchasing a Smart Band or a smart wrist-based fitness tracker means that you not only purchase a product, but you also purchase yourself into an ecosystem of services controlled by the manufacturer. The functionality that is present on your smart band flows to you through the manufacturer, meaning that your data always goes through one extra pair of hands than is required. For most smart bands, you have to create an account with the manufacturer and continue tracking your activity and data through the manufacturer’s app — something that may not appeal to everyone in this privacy-conscious world. Enter Gadgetbridge, an open-source app that focuses on removing the manufacturer out of the equation.
  • The Pros and Cons of Open Source Cloud Computing
    Open source software is becoming increasingly more common in the technology world. True to its name, the underlying base of open source software is available for its users to study and tinker with. As such, dedicated userbases for open source technology have propped up to provide resources, updates, and technical help for open source programs.
  • You Can Now Use Open-Source Machine Learning Tools In Your Ableton Sessions
    Despite having become buzzwords in music technology over the last few years, it has often felt like “artificial intelligence” and “machine learning” were experiments taking place in secluded computer labs or only with established musicians. The tools that promised to revolutionize the way we make music never seemed to trickle down to the “we” of your regular bedroom producer. Magenta Studio might be set to change all that. Developed by the Google AI team and first showed at Ableton Loop in Los Angeles last year, Magenta is now available standalone and on Ableton (both Mac and Windows), giving you the chance to experiment with the powerful data analysis that machine learning provides.
  • 5 Open-source ML Tools You Can Use Without Coding
    As the demand for machine learning and artificial intelligence goes up, leading tech giants realised the need to give developers access to tools to build and deploy models. From the industrial perspective, there aren’t enough skilled programmers and data scientists within the industry to develop these systems. Tech giants are now open sourcing their platforms and developer tools to lower the barrier for entry in AI/ML. In this article, we list down 5 such tools that are making ML and AI accessible: Lobe:Lobe is an easy-to-use visual mechanism that lets users to build custom deep learning models, promptly train them, and ship them immediately in a user desired app without writing any code. Users can begin by dragging in a folder of training examples from there desktop. Lobe automatically builds its users a custom deep learning model and starts training. User can export the trained model and ship it directly in their app.
  • Healthcare Design Studio Publishes Open Source Health Finance Visualization
    “The Healthscape visualization serves two purposes. The first is to provide the public and professionals interested in the healthcare space a way to increase understanding and explore how all the pieces fit together. The second is to give providers, patient advocacy groups, health policymakers, and health economists a visual communication tool to discuss issues at the higher health systems level,” said Juhan Sonin, director of GoInvo.
  • HUAWEI's open source WATCH GT smartwatch is coming to America
    The company is hoping American consumers will also be interested in its wearables, as today, it reveals the previously announced HUAWEI WATCH GT is finally coming to America. While not the company's first smartwatch to hit the USA, it is definitely the most intriguing. It runs an open source operating system called LiteOS, and battery life can apparently reach two weeks. No, that is not a typo -- two weeks! It focuses heavily on health -- it can monitor fitness and sleep. Best of all, it is compatible with both iOS and Android, so it won't lock you into either platform.
  • Argonne’s Innovative Community Software Is on Weather Scientists’ Radar
    In 2015, the Python-ARM Radar Toolkit (Py-ART) made its open-source debut. After 4 years, and with contributions from 34 individual editors, it is now a staple in radar science. The toolkit helps scientists analyze radar data to improve models of the Earth’s systems; its growth illustrates the power of community software. Py-ART is an architecture for working with radar data in the Python programming language. It ingests data from a wide variety of atmospheric radars to produce visualizations that enable users to draw meaningful conclusions. Institutions across the world — including the National Weather Service, MeteoSwiss, IBM and the University of Illinois — use Py-ART to organize and analyze radar data. [...] Inspired by Py-ART’s success, scientists have launched the OpenRadar Partnership, an informal collaboration across Europe, Canada and the United States on open-source radar software education and inter-compatibility.
  • Furnace turns up heat on data streaming apps
  • Furnace – New, Serverless, Open Source Platform -- Lets Developers Create Advanced, Data-Intensive Apps In Hours, Not Months
  • Why Use Open Source to Gain More Visibility into Network Monitoring
  • 8 Free & Best Open source bare metal hypervisors (Foss)
  • Open Robotics turns its focus to ROS 2.0
    Open Robotics, previously known as the Open Source Robotics Foundation, is pouring its development efforts into rewriting the core of the Robot Operating System (ROS) 1.0 this year. ROS has been around since 2007, and while version 1.0 is already being used in a number of different applications and solutions, the robotics industry is changing and Open Robotics is determined to see that the technology changes with it. Despite its name, ROS is not exactly an operating system. It is a collection of software libraries and tools used to develop robot applications. According to Brian Gerkey, CEO of Open Robotics, when the organization first started working on ROS, many of the robotics solutions already available were in the form of traditional robot arms used in factories or in such things as floor-cleaning robots for consumers. “Since that time we’ve seen an explosion of products in other domains, especially mobile robots that do everything from transport goods, to provide facility security, to entertain. And of course we’ve seen the impossible to ignore trend of investment and advancement in autonomous vehicles,” he said. The ongoing evolution of the robotics industry, and the need for more advanced solutions, is what led Open Robotics to rethink the core system.
  • MITRE Announces Compass™, a New Open-Source Application to Collect Common Oncology Data
  • New geometric model improves predictions of fluid flow in rock
    "Relationships once thought to be inherently history-dependent can now be reconsidered based on rigorous geometric theory," McClure said. The team used the open source Lattice Boltzmann for Porous Media (LBPM) code, developed by McClure and named for the statistics-driven lattice Boltzmann method that calculates fluid flow across a range of scales more rapidly than calculations using finite methods, which are most accurate at small scales. The LBPM code, which uses Titan's GPUs to speed fluid flow simulations, is released through the Open Porous Media Initiative, which maintains open-source codes for the research community.
  • Over 16,000 bugs later, Google’s fuzz tester is now open source
    Here comes another tool open sourced by Google! This time, security and testing take the center stage. ClusterFuzz helps find bugs in your software so you can exterminate them with its scalable fuzzing infrastructure. Open sourced on February 7, 2019, this service focuses on stability and security. ClusterFuzz already has some impressive numbers to brag about. So far, it found over 16,000 bugs in Chrome, as well as over 11,000 bugs in open source projects integrated with OSS-Fuzz. If you use Chrome as your browser of choice, then you owe some of your experience to ClusterFuzz. Now you too can harness that power for good and keep your own projects secure and bug-free. As always, it is a great plus to all developers when a useful tool gets open sourced. Contributing to open source is becoming the new normal, with even large organizations getting on board. Hopefully FOSS will continue to grow and help break down silos.
  • Continuous Fuzzing for all? Google open sources ClusterFuzz bug hunter
    Google has open sourced ClusterFuzz, a scalable fuzzing infrastructure project that has already helped to get rid of more than 16,000 Chrome bugs. It is also the tool used for Google’s Oss-Fuzz initiative, which aims at helping maintainers of open source projects get their project as ready to deal with anything users throw at it as possible – an offer over 160 projects have accepted in the last two years. Fuzzing is a sort of testing approach which confronts a system with random inputs to help developers to find security flaws and unexpected behaviour.  ClusterFuzz has been written to offer fuzzing at scale and in a continuous manner, which is why Google claims to have it running on over 25,000 cores for Chrome. There it is integrated into the development workflow and provides users with a web interface for managing and viewing crashes caused during testing. To ensure no issue goes unnoticed, it also includes automatic bug filing and closing for the Monorail issue tracker.
  • Rubrik Launches Open Source Community Called Build
    Rubrik announced an open source community, Rubrik Build, which aims to simplify improvement of existing projects and ease creation of applications, automation tooling, and integrations. It’s based on a set of APIs providing pre-built use cases, quick-start guides, and integrations with popular tooling. A goal is inclusion. “Many people in the tech community do not come from a traditional software engineering background, and this can make contributing to open source seem daunting,” Rubrik Principal Technologist Rebecca Fitzhugh told SDxCentral. “The goal of Rubrik Build is to break down these barriers so anyone can contribute to a project.”
  • Rubrik just launched an open source community
    Rubrik just announced Rubrik Build, a new 100 percent public, 100 percent Open Source community built around use cases and integrations that consume Rubrik APIs. As part of Rubrik Build, contributors can leverage existing software development kits, tools, and use cases or contribute their own ideas, code, documentation, and feedback. The goal of Rubrik Build to establish a community around consuming Rubrik's world-class APIs to quickly get started with pre-built use cases, quick start guides, and integrations with popular tooling. The Build program was designed with customers in mind, easing their transition to consuming APIs.
  • A former Marine explains how her service helped prepare her to lead a new open source initiative for $3.3 billion startup Rubrik
     

    The idea, says Fitzhugh, is to encourage an open source ecosystem to flourish around Rubrik, though the company's main offering is not offered as open source.  

  • The Internet Was Built on the Free Labor of Open Source Developers. Is That Sustainable?
     

    In a recent interview with New Left Review, Stallman described how MIT’s AI lab fostered a culture of collaboration and radical openness to the point where the lab’s giant computer wasn’t protected with passwords and the doors to the lab were always unlocked. To be sure, Stallman acknowledged that some of this culture of openness was a product of circumstance: Minsky, for instance, was always losing his door keys and the researchers in the lab couldn’t help but share the room-sized computer because it was the only one. Nevertheless, the spirit of the lab made an impression on Stallman.  

    In 1983, he posted a message to a Usenet group—basically a proto-forum—in which he declared his intention to create an operating system and “give it away free to everyone who can use it.” Stallman called the operating system GNU, a recursive acronym for “Gnus Not Unix,” a challenge to the dominant proprietary OS of the time—Unix, which was used internally at Bell Labs—embedded in its very name.  

    GNU was the opening salvo in the free software movement, whose principles Stallman summarized in the 1985 GNU Manifesto: “I consider that the Golden Rule requires that if I like a program I must share it with other people who like it. Software sellers want to divide the users and conquer them, making each user agree not to share with others. I refuse to break solidarity with other users in this way.”  

  •  
  • Open-Source Biology and Biohacking Hack Chat
    Justin Atkin‘s name might not ring a bell, but you’ve probably seen his popular YouTube channel The Thought Emporium, devoted to regular doses of open source science. Justin’s interests span a wide range, literally from the heavens above to the microscopic world. His current interest is to genetically modify yeast to produce spider silk, and to perhaps even use the yeast for brewing beer. He and the Thought Emporium team have been busy building out a complete DIY biology lab to support the effort, and have been conducting a variety of test experiments along the way.

FOSS in Networking: O-RAN Alliance, AT&T, OMEC/ONF

  • The Telecoms.com Podcast: Europe, Huawei, O-RAN & Legere
    They move on, inevitably, to Huawei and its ongoing drama, before concluding with a look at the growing O-RAN Alliance and the unique qualities of T-Mobile US boss John Legere.
  • AT&T Building 5G Network on an Open Source Foundation
    "We made a big bet that open source was the right way to go," Ryan Van Wyk, AT&T Inc. (NYSE: T) associate VP, network cloud software engineering, tells Light Reading. And that bet paid off handsomely, he says. AT&T last week described a substantial, multi-year project to build its 5G network on a cloud based on Kubernetes and OpenStack. The telco has implemented OpenStack on Kubernetes in more than 20 regions to date, with more to come. (See AT&T Inks '8-Figure' Kubernetes & OpenStack 5G Deal With Mirantis.)
  • AT&T signed an '8-digit' deal that isn't good news for VMware, Cisco, or Huawei — but could be great for Google Cloud
    AT&T is in the midst of an ambitious project called Airship that could have sweeping implications for the $350 billion telecom equipment industry. Late last week, AT&T signed an "8-figure," three-year deal with a company called Mirantis. According to Mirantis, the company will help AT&T build out and manage the infrastructure it needs for its 5G network. Airship means that if you want to build a cloud, specialized hardware and software from vendors like VMware, Cisco, Juniper, and Huawei are unnecessary, Mirantis' cofounder and chief marketing officer, Boris Renski, tells us.
  • ONF to address CSPs’ Core issues with new open source projects
    Taking at a look at OMEC first, the ONF envisages it as a high performance, scalable, open source mobile core platform. It is being established under the CORD project umbrella in collaboration with Sprint (there are plenty of “umbrellas” in the open source community, and let’s not forget that the ONF is a member of the Linux Foundation). CORD, incidentally, is an acronym for Central Office Re-architected as a Datacenter – an ONF project that combines NFV and SDN with the elasticity of commodity clouds to bring datacenter economics and the traditional telco Central Office. The OMEC project is intended to become an open source production grade Evolved Packet Core (EPC). OMEC is being built using an NFV architecture that is optimised for Intel platforms and has reportedly already been tested for scale. It is 3GPP Release-13 compatible, features a DPDK-based data plane to support large subscriber numbers (hence the Intel connection), and provides full connectivity, billing and charging capabilities. It is also designed for lightweight and cost-effective deployments, including IoT and edge applications.
  • ONF and Sprint Launch Open Evolved Mobile Core (OMEC) Open Source Project
    ONF, the recognized leader driving transformation of the networking industry through collaborative development of open source platforms, today announced the launch of Open Mobile Evolved Core (OMEC), an industry-first high performance scalable open source Mobile Core platform.  ONF, in collaboration with Sprint, is launching OMEC under the CORD® project umbrella.  The project is intended to become an open source production grade Evolved Packet Core (EPC).