Language Selection

English French German Italian Portuguese Spanish

OSS

A Setback for FOSS in the Public (War) Sector, CONNECT Interoperability Project Shifting to the Private Sector

Filed under
OSS
  • GAO: DoD Not Fully Implementing Open-Source Mandates

    The Department of Defense has not fully implemented mandates from the Office of Management and Budget (OMB) and the 2018 National Defense Authorization Act (NDAA) to increase its use of open-source software and release code, according to a September 10 Government Accountability Office (GAO) report.

    The report notes that the 2018 NDAA mandated DoD establish a pilot program on open source and a report on the program’s implementation. It also says that OMB’s M-16-21 memorandum requires all agencies to release at least 20 percent of custom-developed code as open-source, with a metric for calculating program performance.

    However, DoD has released less than 10 percent of its custom code, and had not developed a measure to calculate the performance of the pilot program. In comments to GAO, the DoD CIO’s office said there has been difficulty inventorying all of its custom source code across the department, and disagreement on how to assess the success for a performance measure. While the department worked to partially implement OMB’s policy, the department had not yet issued a policy.

  • Pentagon moves slowly on open-source software mandate amid security concerns

    The Defense Department has been slow to meet a government-wide mandate to release more open-source software code, as DOD officials have concerns about cybersecurity risks and are struggling to implement such a program across the department, according to a new audit.

  • DOD struggles to implement open source software pilots

    The Department of Defense’s congressionally mandated efforts to create an open source software program aren’t going so well.

    DOD must release at least 20 percent of its custom software as open source through a pilot required by a 2016 Office of Management and Budget directive and the 2018 National Defense Authorization Act. Open source software, OMB says, can encourage collaboration, “reduce costs, streamline development, apply uniform standards, and ensure consistency in creating and delivering information.”

  • DOD drags feet with open-source software program due to security, implementation concerns

    The Defense Department has been slow to meet a government-wide mandate to release more open-source software code, as DOD officials have concerns about cybersecurity risks and are struggling to implement such a program across the department, according to a new audit. Since 2016, DOD has been required by law to implement an open-source software pilot program in accordance with policy established by the Office of Management and Budget.

  • DOD pushes back on open source
  • DOD pushes back on open source
  • CONNECT Interoperability Project Shifting to the Private Sector

    The CONNECT project, an open source project that aims to increase interoperability among organizations, is transitioning from federal stewardship to the private sector and will soon be available to everyone.

    Developed ten years ago by a group of federal agencies in the Federal Health Architecture (FHA), CONNECT was a response to ONC’s original approach to a health information network. The agencies decided to build a joint health interoperability solution instead of having each agency develop its own custom solution, and they chose to make the project open source.

European Commission improving the security of widely used open source software

Filed under
OSS
Security

Amongst the many benefits of free and open source software, include the economic advantages of code reuse and the sharing of programming costs. For public institutions however, there are more fundamental reasons for embracing the open source model: [...]

Read more

Why the founder of Apache is all-in on blockchain

Filed under
OSS

As Behlendorf tells the story, Apache came out of an environment when "we might have had a more beneficent view of technology companies. We still thought of them as leading the fight for individual empowerment."

At the same time, Behlendorf adds, "there was still a concern that, as the web grew, it would lose its character and its soul as this kind of funky domain, very flat space, supportive of freedoms of speech, freedoms of thought, freedoms of association that were completely novel to us at the time, but now we take for granted—or even we have found weaponized against us."

This led him to want Apache to address concerns that were both pragmatic in nature and more idealistic.

The pragmatic aspect stemmed from the fact that "iteratively improving upon the NCSA web server was just easier and certainly a lot cheaper than buying Netscape's commercial web server or thinking about IIS or any of the other commercial options at the time." Behlendorf also acknowledges, "it's nice to have other people out there who can review my code and [to] work together with."

There was also an "idealistic notion that tapped into that zeitgeist in the '90s," Behlendorf says. "This is a printing press. We can help people publish their own blogs, help people publish their own websites, and get as much content liberated as possible and digitized as possible. That was kind of the web movement. In particular, we felt it would be important to make sure that the printing presses remained in the hands of the people."

Read more

Events and Shows: IBC 2019, User Error and Ubuntu Podcast

Filed under
OSS
  • Open Source at IBC 2019

    Showcasing two brand new Open Source software demonstrations featuring the Xilinx high-performance Zynq UltraScale+ MPSoC, and the Magic Leap One augmented reality headset.

  • Splitting Fun and Profit | User Error 74

    It's another #AskError episode. The finances of social situations and FOSS projects, automated vehicles, and ways to cheer up.

  • Ubuntu Podcast from the UK LoCo: S12E23 – Wing Commander

    This week we’ve been playing Pillars of Eternity. We discuss boot speed improvements for Ubuntu 19.10, using LXD to map ports, NVIDIA Prime Renderer switching, changes in the Yaru theme and the Librem 5 shipping (perhaps). We also round up some events and some news from the tech world.

    It’s Season 12 Episode 23 of the Ubuntu Podcast! Alan Pope and Mark Johnson are connected and speaking to your brain.

What politics can teach us about open source

Filed under
OSS

It would be dangerous to oversimplify the parallels between these political approaches and the relationship between open source and closed source software. Even so, it is worth examining the impact and challenges for democracy in the context of ongoing debates about the role of open source, especially in enterprise IT environments.

Democracy, particularly in the open source sense, is better than the autocratic, closed source model of software deployment. For closed source software vendors, a profit motive can ultimately be more influential than an interest in improving the software. More often than not, when deciding whether to invest in product innovation, commercial vendors will ask themselves at least one of these questions...

Read more

The Pentagon Needs to Make More Software Open Source, Watchdog Says

Filed under
OSS

The Defense Department is not abiding by a federal mandate to promote the use of open source software and make common code more readily available to other agencies, according to the Government Accountability Office.

In 2016, the Office of Management and Budget published a memorandum that required every federal agency to make at least 20% of their custom-built software open source within three years, meaning the code would be available for other agencies to use. However, as of July, the Pentagon had released less than 10% of its software as open source, according to GAO.

The department has also failed to fully implement a number of other open source software initiatives required by the OMB memo, such as creating an enterprisewide open source software policy and building inventories of custom code, auditors said. Additionally, officials never created performance metrics to measure the success of their open source software efforts.

In both industry and government, the popularity of open source software has exploded in recent years to keep up with the growing demand for fresh tech. By sharing and reusing code, organizations can reduce the cost of developing software and trust the code they’re using has been thoroughly tested by other users.

However, relying on software that someone else developed requires a certain level of trust. If the developer overlooks a vulnerability in the code—or intentionally inserts one—that bug could end up in countless applications, and users wouldn’t know it’s there.

Read more

Openwashing Attempts by Proprietary Vendors

Filed under
OSS

4 open source cloud security tools

Filed under
OSS

If your day-to-day as a developer, system administrator, full-stack engineer, or site reliability engineer involves Git pushes, commits, and pulls to and from GitHub and deployments to Amazon Web Services (AWS), security is a persistent concern. Fortunately, open source tools are available to help your team avoid common mistakes that could cost your organization thousands of dollars.

This article describes four open source tools that can help improve your security practices when you're developing on GitHub and AWS. Also, in the spirit of open source, I've joined forces with three security experts—Travis McPeak, senior cloud security engineer at Netflix; Rich Monk, senior principal information security analyst at Red Hat; and Alison Naylor, principal information security analyst at Red Hat—to contribute to this article.

We've separated each tool by scenario, but they are not mutually exclusive.

Read more

Openwashing Latest

Filed under
OSS

Events: Purism at GUADEC, SUSECON, LibreOffice Conference, Freedom Embedded, Flock

Filed under
OSS
  • Purism at GUADEC 2019

    GUADEC 2019 took place in Thessaloniki, Greece, and some of Purism’s team members were there. This year’s program was excellent, with plenty of interesting presentations; among them, Tobias Bernard’s talk about adaptive patterns and GNOME apps that work well across different form factors, from phones to desktops. Below is a video of his talk, which we think you should really watch when you have a chance–and here are the slides.

  • SUSECON 2020 Registration is Now Open!

    At SUSECON ’20 you will access a vast amount of technical knowledge and training as you participate in activities that enhance your skills, introduce you to new technologies, and pave the way for you to interact with peers and experts from around the world.

  • The LibreOffice Conference 2019 is underway! First stop, community meetings

    The LibreOffice Conference 2019 begins! Before the main talks start tomorrow, we’re having a community meeting to talk about translating LibreOffice and spreading the word. If you’re near Almeria, Spain, come and join us…

  • Freedom Embedded: Why privacy, security, and user rights depend on software freedom

    The event is free to members of Artisan's Asylum, with a $10 suggested donation from the public at the door.

  • Fedora Community Blog: Flock to Fedora ’19

    Attending a tech conference is not what I’ve experienced before, but I’m sure I’ll keep doing so forever. Flock ‘19 was an amazing one to start with, meeting a flock with same interest always gets you an amazing time. I’ll be sharing down some of the things that I took away from Flock to Fedora ‘19

    The community planned a tonne of talks for everyone to attend, unfortunately, it was impossible to attend all of them. These are the talks that I decided to attend.

Syndicate content

More in Tux Machines

An Easy Fix for a Stupid Mistake

I waited a long time for Mageia 7 and for OpenMandriva Lx 4. When both distros arrived, I was very happy. But new distros bring changes, and sometimes it is not easy to adapt. Mageia 7 has been rock-solid: it is doing a great job in my laptop and both in my daughter's desktop and in mine. There is one thing, though. I have been avoiding a strange mesa update that wants to remove Steam. OpenMandriva is also fantastic, but this new release provided options like rock, release, and rolling. When I first installed the distro, I chose rock because I was shying away from the rolling flavor. Eventually, I had to move to rolling because that was the only way in which I could manage to install Steam in both my laptop and desktop machines. Read more

today's leftovers

  • Clear Linux Is Being Used Within Some Automobiles

    Intel's speedy Clear Linux distribution could be running under the hood of your car. While we're fascinated by the performance of Intel's open-source Clear Linux distribution that it offers meaningful performance advantages over other distributions while still focused on security and offering a diverse package set, we often see it asked... who uses Clear Linux? Some argue that Clear Linux is just a toy or technology demo, but it's actually more.

  • Radeon ROCm 2.7.2 Released

    Radeon ROCm 2.7.2 is now available as the newest update to AMD's open-source GPU compute stack for Linux systems. ROCm 2.7.2 is a small release that just fixes the upgrade path when moving from older ROCm releases, v2.7.2 should now be running correctly. This release comes after the recent ROCm 2.7.1 point release that had corrected some components from properly loading the ROC tracer library.

  • How To Install Webmin on Debian 10 Linux
  • GNOME Shell + Mutter Patches Pending For Wayland Fullscreen Compositing Bypass

    There's an exciting patch set to GNOME Shell and Mutter now pending for finally wiring up the full-screen unredirected display / full-screen bypass compositing for helping the performance of full-screen games in particular on Wayland. GNOME on X11 has long supported the full-screen compositing bypass so the window manager / compositor gets out of the way when running full-screen games/applications. That support under Wayland hasn't been in place and thus there is a performance hit for full-screen Wayland-native software. But now thanks to Red Hat's Jonas Ådahl, that infrastructure now appears to be ready.

  • Xabber Server v.0.9 alpha is released

    After almost three years of research, planning and development we're proud to present the first public version of Xabber Server. Server is licensed under GNU AGPL v3 license, source code is available on GitHub. It is a fork of superb open source source XMPP server ejabberd by ProcessOne, with many custom protocol improvements an an all-new management panel.

  • September Edition of Plasma5 for Slackware

    After a summer hiatus during which I only released new packages for KDE Frameworks because they addressed a serious security hole, I am now back in business and just released KDE-5_19.09 for Slackware-current. The packages for KDE-5_19.09 are available for download from my ‘ktown‘ repository. As always, these packages are meant to be installed on a full installation of Slackware-current which has had its KDE4 removed first. These packages will not work on Slackware 14.2. On my laptop with slackware64-current, this new release of Plasma5 runs smooth.

  • Pen-testing duo cuffed for breaking into courthouse that hired them

    Later, the County official discovered that the two men were in fact, hired by the state court administration to try to "access" court records through "various means" to find out potential security vulnerabilities of the electronic court records.

    The state court administration acknowledged that the two men had been hired, but said they were not supposed to physically break into the courthouse.

  • Satellite, GNU Radio and SDR talks released

    Mark M5BOP reports the complete set of amateur radio technical talks from this year's Martlesham Microwave Round Table is now available to watch on YouTube Videos of these MMRT 2019 talks are available: • Practical GNUradio - Heather Lomond M0HMO

  • Destination Linux 138 - GNOME 3.34, Firefox 69, Librem 5, Chromebooks, Signal Messenger & more

    On DL 138 Gnome 3.34 Drops This Week, Super Grub2 Disk 2.04s1 Released, Firefox 69 Released, Purism Librem 5 Shipping, Chromebooks Targeting The Enterprise, Phantom 3D Coming To Linux

  • Agile project management: 10 reasons to use it

    On the road to change, you’ll encounter fear and loathing. People will undoubtedly cling to old ways of working. Successfully making it to the other side will require commitment, passionate change agents, and unwavering leadership. You might wonder – is it really worth it? Leaders who have made the switch to agile project management say that it has delivered benefits both large and small to their organizations, from the rituals that bring their team together – like daily stand-ups – to the results that make their business stronger – like better end products and happier customers.

Linux Kernel and Linux Foundation Leftovers

  • Improve memset
    
    since the merge window is closing in and y'all are on a conference, I
    thought I should take another stab at it. It being something which Ingo,
    Linus and Peter have suggested in the past at least once.
    
  • An Improved Linux MEMSET Is Being Tackled For Possibly Better Performance

    Borislav Petkov has taken to improve the Linux kernel's memset function with it being an area previously criticzed by Linus Torvalds and other prominent developers. Petkov this week published his initial patch for better optimizing the memset function that is used for filling memory with a constant byte.

  • Kernel Address Space Isolation Still Baking To Limit Data Leaks From Foreshadow & Co

    In addition to the work being led by DigitalOcean on core scheduling to make Hyper Threading safer in light of security vulnerabilities, IBM and Oracle engineers continue working on Kernel Address Space Isolation to help prevent data leaks during attacks. Complementing the "Core Scheduling" work, Kernel Address Space Isolation was also talked about at this week's Linux Plumbers Conference in Lisbon, Portugal. The address space isolation work for the kernel was RFC'ed a few months ago as a feature to prevent leaking sensitive data during attacks like L1 Terminal Fault and MDS. The focus on this Kernel ASI is for pairing with hypervisors like KVM as well as being a generic address space isolation framework.

  • The Linux Kernel Is Preparing To Enable 5-Level Paging By Default

    While Intel CPUs aren't shipping with 5-level paging support, they are expected to be soon and distribution kernels are preparing to enable the kernel's functionality for this feature to extend the addressable memory supported. With that, the mainline kernel is also looking at flipping on 5-level paging by default for its default kernel configuration. Intel's Linux developers have been working for several years on the 5-level paging support for increasing the virtual/physical address space for supporting large servers with vast amounts of RAM. The 5-level paging increases the virtual address space from 256 TiB to 128 PiB and the physical address space from 64 TiB to 4 PiB. Intel's 5-level paging works by extending the size of virtual addresses to 57 bits from 48 bits.

  • Interview with the Cloud Foundry Foundation CTO

    In this interview, Chip Childers, the CTO of the Cloud Foundry Foundation talks about some hot topics.

  • Research Shows Open Source Program Offices Improve Software Practices

    Using open source software is commonplace, with only a minority of companies preferring a proprietary-first software policy. Proponents of free and open source software (FOSS) have moved to the next phases of open source adoption, widening FOSS usage within the enterprise as well as gaining the “digital transformation” benefits associated with open source and cloud native best practices. Companies, as well as FOSS advocates, are determining the best ways to promote these business goals, while at the same time keeping alive the spirit and ethos of the non-commercial communities that have embodied the open source movement for years.

  • Linux Foundation Survey Proves Open-Source Offices Work Better

Releasing Slax 9.11.0

New school year has started again and next version of Slax is here too :) this time it is 9.11.0. This release includes all bug fixes and security updates from Debian 9.11 (code name Jessie), and adds a boot parameter to disable console blanking (console blanking is disabled by default). You can get the newest version at the project's home page, there are options to purchase Slax on DVD or USB device, as well as links for free download. Surprisingly for me we skipped 9.10, I am not sure why :) I also experimented with the newly released series of Debian 10 (code name Buster) and noticed several differences which need addressing, so Slax based on Debian 10 is in progress, but not ready yet. Considering my current workload and other circumstances, it will take some more time to get it ready, few weeks at least. Read more Also: Slax 9.11 Released While Re-Base To Debian 10 Is In Development