Google announced "OSS-Fuzz," a beta project that open source software projects can join to do "fuzz testing." Fuzz testing, or "fuzzing," is an automated testing technique that can uncover memory corruption bugs in software by generating random inputs to a given program.
The program, developed in conjunction with the "Core Infrastructure Initiative" community over the past few years, specifically targets open source projects that have a "large user base" and/or are "critical to Global IT infrastructure."
Amazon Web Services has named Zaheda Bhorat, a booster of open source software with stints at Salesforce, Google and the U.K. Government Digital Service under her belt, to lead its open source strategy effort.
Open source software advantages are numerous: the product is being constantly improved by thousands of developers all across the world, a business owner can clearly see “what’s in the trunk” and adapt the product to his or her eCommerce store needs anytime.
Nevertheless, for those who consider eCommerce systems to be just a tool for selling their goods or services, open source products can be still suspicious. Read on to see how we dispel doubts about open source by examining concerns related to it.
In order to circumvent the regulations imposed by NHTSA on his aftermarket driver assist device, the ‘comma one’, George ‘geohot’ Hotz announced that his startup is releasing a new version of the product, ‘comma neo’ (an anagram for one), for free as an open-source platform.
The Node.js Foundation is set to oversee the Node.js Security Project in an effort to consolidate and improve security for the popular open-source application programming framework.
In a move that aims to help improve security vulnerability disclosure, the Node.js Security Project announced on November 30 that it is now officially becoming part of the Node.js Foundation. The move will help to improve the security of the open-source Node.js development framework and its modules, which are widely used in modern applications.
“DevOps isn’t any single person’s job — it’s everyone’s job.” What does DevOps mean for Atlassian and what shapes the company culture? How do departments support DevOps and what are the usual DevOps aspects that aren’t part of the company values? We invited Ian Buchanan, Developer Advocate, Integration Specialist for Atlassian’s DevOps Ecosystem to weigh in on Atlassian’s road to DevOps and to debunk some of the myths surrounding this movement.
Who is the market leader in IT monitoring? You won’t find the answer to that question in this article.
With a wide range of functionality being offered for multiple audiences, our priority is to provide clarity about who wants what. The New Stack is seeing two contradictory patterns. Many companies are trying to create a full stack of monitoring services, but there is also a desire to have a composable infrastructure.
We believe these trends will continue. The lines between infrastructure and application monitoring will continue to blur, but task-specific tools will gain prominence. Perhaps the biggest factor in how these changes unfold is the job roles of the people using the monitoring software.
After releasing daily snapshots without interruption for 17 days, Tumbleweed did slow down a bit during the last week. As already mentioned in my last review, 1124 had been canceled due to an issue with sddm installing strange branding configurations. And later on, we ‘broke’ our own staging setup and needed to bootstrap a few of them, making the throughput much lower than you were used to. So, we ended up with 3 snapshots since my last review: 1125, 1128 and 1129.
Ubuntu parent-company, Canonical, today posted that they've been in a dispute with "a European cloud provider" over their use of their own homespun version of Ubuntu on their cloud servers. Their implementation disables even the most basic of security features and Canonical is worried something bad could happen and it'd reflect badly back on them. The post read, "The home-grown images of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable. They are likely to behave unpredictably on update in weirdly creative and mysterious ways." They said they've spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. Canonical feels they have no choice but to "take legal steps to remove these images." They're sure Red Hat and Microsoft wouldn't be treated like this.
Ubuntu is amazing on the cloud because we work with cloud providers to ensure crisp, consistent and secure images which you can auto-update safely. On every major cloud—AWS, Azure, Google, Rackspace, SoftLayer and many more—you can be confident that ‘Ubuntu’ is Ubuntu, with the same commitment to quality that you can expect when you install it yourself, and we can guarantee that to you because we require that clouds offer only certified Ubuntu images.
Mark Shuttleworth has written a new blog post where he's outlining a dispute Canonical is having with a European cloud provider over a breach of contract and "publishing insecure, broken images of Ubuntu" for its cloud customers.
With these Ubuntu Cloud unofficial images reportedly being buggy, users are complaining to Canonical/Ubuntu, assuming it's an upstream issue. Having enough of that, they are now preparing for legal steps to remove the unofficial Ubuntu images from the particular cloud provider.