Security Leftovers

• Industry Watch: Of open source, data breaches and speed [Ed: And proprietary software is a lot less suitable for security and privacy purposes because there are surveillance 'features' disguised and back doors too]

  Open-source software helps developers work faster and smarter, as they don’t have to ‘re-invent the wheel’ every time create an application. They just need to be sure the license attached to that software allows them to use the component the way they want. They also need to stay on top of that application, so if the component changes, or an API changes, their application isn’t affected and they are still in compliance. Data protection is also something organizations must get serious about. While the GDPR only affects users in the European Union, it’s only a matter of time before those or similar regulations are in place in the U.S. and elsewhere. Companies should get a jump on that by doing a thorough audit of their data, to know they are prepared to be compliant with whatever comes down from the statehouses or from Washington, D.C. On the speed side, the benefits of Agile and DevOps are clear. These methodologies enable companies to bring new software products to market faster, with the result of getting a jump on the competition, working more efficiently and ultimately serving your customers. Unfortunately, these efforts are usually done by different teams of developers, database administrators and security experts. If the Equifax and Facebook breaches have taught us anything, it’s that you can’t expect developers to be security experts, and you can’t expect DB admins to understand the ramifications on the business when data is misunderstood. It will take a coordinated approach to IT to achieve business goals while not leaving the company — and its IP and PII data — exposed.

• VLC patches critical flaws through EU open source bug bounty program

  More than 30 security issues have been fixed in VLC, the popular open source media player, with developers praising an EU-funded bug bounty program for helping produce its most secure update yet. VLC media player, created by the software non-profit VideoLAN, was found to have 33 vulnerabilities within various versions, including two that were considered critical. An out-of-bounds write was one of the severe vulnerabilities found to affect all VLC versions, and a stack buffer overflow was also discovered in VLC 4.0. Less severe vulnerabilities consisted of out-of-band reads, heap overflows, NULL-dereference, and use-after-free bugs. An updated version, VLC 3.0.7, has since been released for users to download.

• VLC Player Gets Patched for Two High Severity Bugs

• Asigra FreeNAS plugin brings open source data protection [Ed: Some openwashing of proprietary software]

  Asigra is trying to capture FreeNAS users with a free-to-try plugin version of its backup software. The Asigra FreeNAS plugin released this week allows customers to turn their iXsystems FreeNAS storage systems into backup targets. It encrypts and deduplicates data before it is sent to the FreeNAS system. The plugin also detects and quarantines malware and ransomware so that it doesn't get backed up.

• TrueCommand Brings Single Pane of Glass Management to TrueNAS and FreeNAS Fleets

• WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs

• The Open Source Cookbook: A Baker’s Guide to Modern Application Development

  Let’s begin our cookbook by selecting our recipe. I’ve had some phenomenal baked goods, and I’ve had some not-so-phenomenal baked goods (there is rarely a bad baked good). But I’ve been surprised before, by a croissant from a diner that didn’t taste like the one from the local French bakery, or by a buttercream frosting at a supermarket that just didn’t have the same delicate touch as the one I make at home. In each case, I expected the same as I had before – by title – yet encountered a much different experience. When selecting your recipes, it’s important to understand which type of a particular food you are expecting to make, or you may be met with a different taste when you finish than you were hoping for when you began. [...] As with cooking, when incorporating open source components into applications, it’s important to understand origin and evolution of what you’re baking into your software. Carefully review your open source component versions, and evaluate the community’s activity in order to have the greatest chance possible to predict the possible technical debt you may inherit.

The fight to keep open source truly “open” ⁠— open source providers need to stand up

However, as more projects get embedded into profitable business applications, we are beginning to see new trends in the space. Powerful vendors are pushing their own marketing agendas and monetising what should be freely available, leading open source providers to build walls around their code, limiting the extent to which companies can enrich, police and contribute to any given project, in a vicious cycle. This is the case with Amazon, for instance, which was able to profit from Redis Labs’ software without giving back to its open source community. In response, Redis Labs created a new software license that dictated clear restrictions on what could and could not be done with its software. [...] With more companies catching on to the ability to monetise open source by selling add-on support and enterprise services, huge technology players are scrambling to get into the scene. To demonstrate just how critical open source is to the software industry, in 2018 alone GitHub was bought for $7.5 billion, Salesforce purchased Mulesoft for $6.5 billion, and — the largest deal of them all — IBM took over Red Hat for $34 billion.

Tmax OS Releases Open Source OS as an Alternative to MS Windows

Tmax OS will release the Open Edition (OE) of the Tmax Operating System (OS), an open source version of the Tmax OS that anyone can freely use. This will create an ecosystem for an alternative OS to Microsoft's (MS) Windows. The Tmax OS OE has the same functionality as the existing Tmax OS commercial version, except that it limits some functions for the enterprise environment. Users can use a variety of applications such as Linux-based apps as well as its self-developed office program Two Office and the web browser Two Gate. Tmax emphasized that it can provide stable and continuous Tmax OS OE upgrade and technical support as it has more than 400 professional researchers and technical personnel. Its graphical environment makes it easy for new MS Windows users to use the Tmax OS OE.

Meet Kdenlive: Free Open Source NLE That Aims for Professionals

As the battle of the NLEs continues between the big four (Premiere Pro, FCPX, Avid, and DaVinci Resolve), there are a few underdogs that aim to conquer the market. One of them is Kdenlive. It’s important to mention that this NLE is not new. The project was started by Jason Wood in 2002 and is now maintained by a small team of developers. Being an open source project constitutes as a significant advantage since it’s backed up by a massive community of contributors that have the privilege of improving and making the software to be more sharpened from an R&D point of view.