US Government Is Playing Games With Open Source
Normally, the National Geospatial-Intelligence Agency (NGA) in the US provides imagery, map-based intelligence and geospatial information in support of the nation's military forces, national policy makers and civil users. So, it may come as a surprise when NGA announced that it has made the code for its gamification software available on GitHub under an MIT license. The larger community can then use, expand or improve the code for gamers, and for the NGA. Read the story at Gamasutra, then get the code at GitHub.
eBay Is Now Offering Open Source
Do you think there is anything you can’t buy on eBay? Well, no, there is sooo much on eBay, and frankly it is beginning to slow the site down. So, eBay designed its own online analytics processing (OLAP) engine called Kylin to speed up Apache Hadoop. Now they are joining a growing list of proprietary software companies that contribute to the open source community with its release of Kylin, helping enterprises take advantage of batch processing frameworks. There is more at Silicon Angle.
Even Drones Use Open Source
The Linux Foundation recently announced the formation of Dronecode, a partnership between chipmakers and drone companies that aims to establish the best practises in open source drone technology. The foundation wants to encourage drone adoption in the fields of environmental research, humanitarian work, and search and rescue. Read more at Cnet.
How Should Governments Adopt OSS?
A study commissioned by the US Department of Homeland Security recognizes the prevalence of open source software in Government operations. The study offers a number of solutions for removing common roadblocks that government agencies face when adopting open source software. The report addresses security concerns and suggests OSS accreditation focused on risk management. It also encourages the collaboration between government agencies and the open source community.
Open Source Slowly Gains Ground In Quebec
Government agencies around the world have been moving towards open source, and Quebec may be the next one to join the fun. Until now the Quebec government in Canada has been slow to embrace open source and the benefits that come with it. Following in the UK’s footsteps Quebec’s government passed a bill in 2011 to consider open source alternatives in IT decisions, which has opened the door for open source contractors. Read more at the Montreal Gazette.
The Robin Hood Of The Software World
Take from the companies and give to individuals. Borrowing from a proposed idea for subsidizing pharmaceutical research, Glyn Moody proposes funding open source projects through an Open Source Dividend – or taking a small fee from the sale of proprietary software and awarding it to open source projects. Read more of Moody’s rationale at Computer World UK.
Read some recommendations from some industry experts (including Protecode’s own Norm Glaude) at ACM.
Everywhere you look, government entities around the world are migrating to open source solutions. Perhaps most famously, the city of Munich recently switched to open source, saving the city $16 million along the way.
It appears as though Australia’s Department of Immigration and Border Protection is following in the footsteps of many of its governmental peers. Earlier this year, Klaus Felsche, the department’s director of analytics and risk tiering, explained the department’s decision to liberate itself from the shackles of proprietary solutions and choose open source. More specifically, Felsche’s team is using a set of open source tools called “R.”
According to Felsche, these open source tools are more capable than their proprietary counterparts in terms of speed and accuracy. Because they lack licensing and maintenance fees, open source solutions win hands-down when it comes to cost-effectiveness. On top of that, because the solutions are built and maintained by a team of dedicated programmers, those who leverage open source tools are benefitting from what is really global R&D.
While open source is free, generally speaking, it is however not without its costs, Felsche explained.
“Real costs do exist,” Felsche said. “We need to keep a specialist team on staff to build, maintain it,and but in the bigger scheme of things, other software would require similar in-house support.”
Felsche is perhaps proudest of the department’s risk analytics systems, software he says is “robust, fast and accurate” while producing “results that are fit-for-purpose.”
Open source software makes sense for businesses, organizations and other entities that need to be able to adapt to today’s fast-paced world. Because the tools are made by a community of enthusiastic programmers, they are constantly works in progress, improving along the way. As a result, you can expect your open source solutions to get even stronger and provide more utility over time.
Already, the immigration department has claimed it’s over 30 percent more effective because of its new approach to analytics. Click here to learn more about how your business stands to benefit from open source tools.
The medical industry is going through a period of transition as healthcare practices across the country move from paper-based records to electronic medical records (EMRs).
To facilitate this transition, many are turning toward open source solutions. After all, the easiest way for the healthcare industry to become more effective is by giving doctors the ability to access all pertinent records of a patient quickly and easily. Would that goal be easier to accomplish if the EMR space became fragmented with 250 different solutions? Or if there was an open source ecosystem that everyone use?
It remains to be seen whether open source will become the de facto standard in the healthcare industry, but the pulse is strong that this very well might be the case. To this end, Alfresco recently announced its integration with Fortrus’ Unity, the world’s first universal health viewer.
In the past, pertinent medical records might have been stored in different silos across an organization. When leveraging the open source solution, those records are able to be integrated. As a result, doctors and other medical staff are able to give patients the highest-quality care available.
Rather than risking a medical future that’s characterized by a myriad of proprietary EMR solutions that are incompatible with one another, healthcare providers should consider deploying open source solutions. In doing so, they are able to take advantage of the latest technologies while increasing their access to documents and records that will help them do their jobs more effectively.
By choosing open source, medical facilities are able to benefit from the latest innovation and won’t run into problems of vendor lock-in or incompatibility down the road. And patients will be healthier as a result.
First there was Heartbleed. Now there’s Shellshock.
Last month, security engineers discovered a bug that allows hackers to remotely control Web servers. Once a server is compromised and falls under the control of hackers, the sky is the limit in terms of what happens next. For example, hackers could easily decide to pilfer confidential information from servers—like usernames, passwords and financial documents.
Here’s how Shellshock, also known as the Bash bug, works: Web servers using Bash—a language interpreter found in Linux, Unix and Mac OS X Mavericks—to process commands could be affected by the vulnerability if they are able to remotely pass commands via the Internet. Hackers can commandeer these kinds of servers and take a look at all of the data they store, or worst, initiate operations such as a Denial of Service (DoS) attack.
Believe it or not, this vulnerability’s been around for nearly two decades but was only discovered in September.
So what can you do to protect your servers from Shellshock? The good news is that there are solutions that can detect the presence of Bash, and solutions that can detect Shellshock attacks.
Open source software scanning applications offered by Protecode can detect the presence of the Bash (or even modifications of Bash) in a development environment.
There are also open source solutions such as Trustwave, an information security company, can detect attacks thanks to its honeypots, which are essentially open Web servers affixed with the open source ModSecurity Web application firewall tool. These honeypots stay on the lookout for attacks, detecting anything that looks amiss.
Trustwave sponsors the ModSecurity project, and the company feels as though it’s the solution for those who want to make sure their servers are secure.
“Trying to execute commands line tools on a server is a common exploit attack, whether it’s cross-site scripting, SQL injection or Shellshock, so we just monitor for those commands in general Web traffic,” explains Karl Sigler, a manager at Trustwave. “If we see it, we block it, even if we don’t know which specific Web vulnerability the attack is trying to take advantage of.”
Heartbleed and Shellshock happen to be bugs that exploit open source software. But that doesn’t mean the bugs are unique to open source. In fact, studies have shown that open source code is generally less buggy than its proprietary counterpart.
In any event, when bugs emerge in open source code, there is no shortage in the amount of enthusiastic programmers who work quickly toward a solution.
With the benefits open source provides well documented—like cost savings, accelerated innovation and freedom from vendor lock-in—it’s quite curious that the federal government’s technological infrastructure isn’t wholly built on open source code. After all, the federal government is taxpayer-funded and, as such, the argument can be made that all of the code it owns is actually owned by its citizens instead.
While the government might have some valid reasons for choosing proprietary solutions—like the ability to call an actual support line and speak with a human, rather than having to browse support forums for open source tools—the fact remains that more open solutions should be embraced by our governing bodies for a variety of reasons. Let’s take a look at some:
- There’s probably not any incentive for contractors to produce open solutions for the government. After all, a company would rather get two contracts than one. Think about it: How much different do the systems for the Environmental Protection Agency and the Department of Education, for example, really have to be? But by choosing open source solutions, the government would spare the taxpayers the expenses associated with the same code being written two or more times.
- By choosing open source solutions, the government would be exposing itself to potential criticism from highly technical people who could peruse code and see what’s inefficient, identifying places changes could be made. While everyone is quick to criticize the government, feedback is perhaps just the thing that is needed to improve the government’s technological infrastructure.
- No matter how well-oiled an organization is, things can always be a little more efficient. While the government might not be the fastest-moving organization, by choosing open source, it’ll have to update its culture to accommodate collaboration within a quickly moving community. After all, the open source community is a vibrant one. By choosing open source, the government would be forced to modernize its operations, a move which would certainly bolster efficiency.
Historically, the government has never been an early adopter of technology. But by keeping the conversation going, we hope that’s something that changes.
Formed in 2002 in response to the terrorist attacks of Sept. 11, 2001, the United States Department of Homeland Security (DHS) is a cabinet-level organization that exists to ensure Americas are safe in the event manmade or natural disaster strikes.
Recently, the department dipped its toes into new waters: making sure that open source code is free of bugs and security holes. The government, after all, has been using open source software for quite some time. Until now, however, the government didn’t really know whether the code it was using was stable.
“With open source popularity, more and more government branches are using open source code,” explains Patrick Beyer, director of the Software Assurance Marketplace (SWAMP), the program the DHS created to audit the code. “Some are grabbing code from here, there and everywhere. There’s more and more concern about the safety and quality of this code.”
The fact that the federal government is investing in proper open source software license management underscores the importance of knowing exactly what’s in the code of the solutions you’re leveraging. Failure to do so could leave your intellectual property exposed to hackers or other unauthorized individuals.
The good news is that it’s not that difficult to figure out precisely what’s in your code. At Protecode, we can audit all of our customers’ code, cross-checking it against the National Vulnerability Database, to find out where it came from and what, if any, security vulnerabilities are present.
While there is really no shortage to the benefits of open source technology, as is the case with any technology, it’s crucial that you ensure all appropriate measures are taken to ensure security. Please click here if you’re interested in learning more about how to properly manage your open source code.
Last year, the city of Munich completed its transition to open source. The city switched from Windows NT to LiMux, a Linux-based operating system. In the beginning of 2014, the migration of 15,000 workstations was deemed successful, and the city saved more than $16 million due to the migration.
But just eight months later, it appears as though the city might be forced to switch back to Microsoft’s closed solutions. According to Deputy Mayor Josef Schmid, many government employees are “suffering” after being transitioned to open solutions. These workers complain that it’s difficult to work with people outside the government who aren’t using open source solutions.
You could argue that Munich was foolish to try to live in an open source ecosystem that is external to many of the institutions with which it must regularly collaborate. But you could also argue that it is a true testament to the limits of proprietary solutions that Munich is unable to effectively collaborate with those organizations.
When businesses choose to deploy proprietary solutions, they are bound to them—so, it’s a good thing that most people run Microsoft and Windows. But the more you think about it, doesn’t that seem kind of dubious? Is Microsoft interested in giving you the flexibility needed to thrive in today’s fast-paced business world? Or is the company more concerned about making you depend on them so you’ll have to buy the Redmond, Washington-based company’s latest portfolio of offerings every few years?
On the other hand, open source solutions allow businesses to blaze whichever technological trail they so choose. Freedom from vendor lock-in is a beautiful thing, and with open source, you’ll be able to create a computing ecosystem that’s perfect for your specific needs.
To make the transition to open source a bit easier than Munich’s, it’s imperative that businesses or other organizations also put processes in place for open source adoption that help cut down on costs associated with support and maintenance.
The switch to open source is certainly a tricky one, but by drafting a comprehensive migration plan, it won’t be any harder than it has to be.
…and more in the week’s compendium of open source news!
New Security Vulnerability Leaves Linux Systems Vulnerable
The recently discovered security vulnerability known as “Bash” allows hackers to take control of targeted systems. The treat appears more serious than the Heartbleed bug discovered earlier this year which only allowed hackers to spy on targeted systems. Read more at Re/Code.
A Simple Security Solution
In the light of Bash, the recent announcement made by Google and Dropbox on the formation of Simply Secure seems particularly well timed. The goal of Simply Secure is to create open source security tools with a strong focus on usability- as many existing security tools are overly complicated for the average user. Read more at PC Mag.
Patent-Free Cancer Research
Chemist Isaac Yonemoto is hoping to apply the principles of open source programming to cancer research. Specifically he wants to revive research on an anti-cancer compound called 9-deoxysibiromycin, or 9-DS, which was never patented it is now in the public domain. Yonemoto is attempting to crowd fund $50,000 to begin research on mice and hopes to publish the data on an open source repository such as GitHub. Read more at Wired.
Making Health Care Easy With Open Source Telemedicine
Open Source Health Inc., a provider of cloud-based patient engagement systems has open sourced telemedicine software OSTeN. The organization hopes that the release of OSTeN will help accelerate the adoption of telemedicine which up until now has been dominated by proprietary solutions. Read more here or take a look at the code on GitHub.
Create Your Own Reality
Makers of the virtual reality headset Oculus Rift have open-sourced the original Oculus Rift developer kit. However some of the original components are no longer being manufactured and some files require high end equipment, but Oculus hopes that the community will create 3D printable replacements. You can read more at PC World or get started creating your own with the files at GitHub.
Keep Bitcoins Thieves at Bay with Raspberry Pi
Bitcoin users looking for a secure way to store their currency often prefer to keep them on a system not connected to the internet. However, this can make it difficult it access the coins for payment when they are away from the offline system. Developer Ronald Bell has created the open source Bitsmart Wallet which consists of two credit card sized computers powered by Raspberry Pi. One is for storing Bitcoins and is never connected to the internet and the other connected device is for transactions. Read more at Crypto Coin News.
3 Things Developer’s Need to Know About OSS Vulnerability Management
We have recently published some helpful tips for developers to keep in mind when leveraging open source in their projects. Read more in the Open Source Journal.
Software-defined networking (SDN) is a relatively new approach to managing computing networks. In SDN, different “body parts” of the network are fragmented in such a way that they can be optimized with much more efficiency.
Because SDN provides businesses with a variety of benefits—from flexibility to automation to enhanced speed—the market’s outlook is quite optimistic. In 2013, the global SDN market pulled in about $360 million, according to data in a recent infographic from the Open Networking Summit. That number is expected to explode to $3.7 billion by 2016, increasing tenfold in just three short years. And if that growth isn’t spectacular enough, the market could balloon to $8 billion by 2018, according to IDC.
After choosing SDN, businesses are increasingly turning toward open source controllers to manage their networks. Because these controllers are open source, they easily lend themselves to testing other infrastructures and applications, like network virtualization and network functions virtualization (NFV).
These days, customers embrace flexible technology. And that’s why we’re seeing more open source controllers on the market than ever before.
Are you considering SDN? Let’s take a look at some of the open source controllers available:
- OpenContrail provides all core components for network virtualization, including an SDN controller, virtual router, analytics engine and published northbound APIs.
- Ryu is described as a “component-based software-defined networking framework.” Fully written in Python, the project’s code is freely available under Apache 2.0.
- FlowVisor serves as a proxy between switches and other controllers.
- Floodlight is built by an open source community that develops open source software to enable SDNs.
- OpenDaylight is billed as an “open platform for network programmability to enable SDN and create a solid foundation for NFV for networks at any size and scale.”
What are your thoughts on SDN, and have you used any of these open source controllers? Let us know in the comments below!
…and more in this week’s compilation of open source news!
Explaining a Complex Legal Triangle
Intellectual Property lawyer, Dr. Kalyan Kankanala, has provided a good summary of the GPLv2 case involving Versata, Amirprise and XimpleWare. He outlines some potential outcomes such as the importance of choosing an appropriate licensing model as well as the effect the case may have on patents in open source software. Read Dr. Kankanala’s summary here, or our summary (including a demystifying infographic) here.
Trust Facebook to Select the Right OSS
You want to use open source in your next project? Great. But which OSS will you choose? There are close to a million open source projects out there (we know these things- we collect them). To address this problem, Facebook has recently announced a new project called Talk Openly, Develop Openly, or TODO, which seeks to make it easy for organizations to discern mature and reliable open source projects from the multitude of projects that exist today. TODO will also facilitate the discussion for open source deployment tips among organizations. Read more at Computer World.
Breaking Down Messaging Walls
A Gmail user can send an email to a Microsoft Outlook user, but a Google Hangouts user can’t send an instant message to a Skype user. A new open source project called Matrix is set to change that. The founders of the 2 week old project hope that Matrix will allow people to send instant messages to one another regardless of what app they are using. There is a catch though- that app must support Matrix. Read more at Cite World, or take a look at the code on GitHub.
Open Up and Encrypt
Worried about your online privacy? Pretty Easy Privacy (PEP), built upon OpenPGP, is a newly launched open source project that simplifies the encryption of messages sent through online communication tools such as Microsoft Outlook, Facebook, Android , Twitter and more. The project is open source, will be released under the GPLv3. Read more at PCWorld.
Getting Paid to Write Free Code
A study conducted by computer science professor Dirk Riehle has found that as much as 50% of open source code is contributed between 9am and 5pm. Although some may be the result of overzealous programmers goofing off at work, most are written by those actually doing their job. Read more of the study’s results at Tech Republic.
What Makes An Open Source Project Successful?
If you believe Linux Foundation’s Jim Zemlin, the success of an open source project can be measured by its ability to “inspire someone to think, to question, to imagine”. And of course there are other more mundane metrics such as market share or an active contributor base. Read more of Zemlin’s thoughts here.
Some quick tips on managing open source vulnerabilities
We recently published our top 10 tips for managing open source vulnerabilities. Take a look at the slideshow in CIO Magazine.