Last year, the city of Munich completed its transition to open source. The city switched from Windows NT to LiMux, a Linux-based operating system. In the beginning of 2014, the migration of 15,000 workstations was deemed successful, and the city saved more than $16 million due to the migration.
But just eight months later, it appears as though the city might be forced to switch back to Microsoft’s closed solutions. According to Deputy Mayor Josef Schmid, many government employees are “suffering” after being transitioned to open solutions. These workers complain that it’s difficult to work with people outside the government who aren’t using open source solutions.
You could argue that Munich was foolish to try to live in an open source ecosystem that is external to many of the institutions with which it must regularly collaborate. But you could also argue that it is a true testament to the limits of proprietary solutions that Munich is unable to effectively collaborate with those organizations.
When businesses choose to deploy proprietary solutions, they are bound to them—so, it’s a good thing that most people run Microsoft and Windows. But the more you think about it, doesn’t that seem kind of dubious? Is Microsoft interested in giving you the flexibility needed to thrive in today’s fast-paced business world? Or is the company more concerned about making you depend on them so you’ll have to buy the Redmond, Washington-based company’s latest portfolio of offerings every few years?
On the other hand, open source solutions allow businesses to blaze whichever technological trail they so choose. Freedom from vendor lock-in is a beautiful thing, and with open source, you’ll be able to create a computing ecosystem that’s perfect for your specific needs.
To make the transition to open source a bit easier than Munich’s, it’s imperative that businesses or other organizations also put processes in place for open source adoption that help cut down on costs associated with support and maintenance.
The switch to open source is certainly a tricky one, but by drafting a comprehensive migration plan, it won’t be any harder than it has to be.
…and more in the week’s compendium of open source news!
New Security Vulnerability Leaves Linux Systems Vulnerable
The recently discovered security vulnerability known as “Bash” allows hackers to take control of targeted systems. The treat appears more serious than the Heartbleed bug discovered earlier this year which only allowed hackers to spy on targeted systems. Read more at Re/Code.
A Simple Security Solution
In the light of Bash, the recent announcement made by Google and Dropbox on the formation of Simply Secure seems particularly well timed. The goal of Simply Secure is to create open source security tools with a strong focus on usability- as many existing security tools are overly complicated for the average user. Read more at PC Mag.
Patent-Free Cancer Research
Chemist Isaac Yonemoto is hoping to apply the principles of open source programming to cancer research. Specifically he wants to revive research on an anti-cancer compound called 9-deoxysibiromycin, or 9-DS, which was never patented it is now in the public domain. Yonemoto is attempting to crowd fund $50,000 to begin research on mice and hopes to publish the data on an open source repository such as GitHub. Read more at Wired.
Making Health Care Easy With Open Source Telemedicine
Open Source Health Inc., a provider of cloud-based patient engagement systems has open sourced telemedicine software OSTeN. The organization hopes that the release of OSTeN will help accelerate the adoption of telemedicine which up until now has been dominated by proprietary solutions. Read more here or take a look at the code on GitHub.
Create Your Own Reality
Makers of the virtual reality headset Oculus Rift have open-sourced the original Oculus Rift developer kit. However some of the original components are no longer being manufactured and some files require high end equipment, but Oculus hopes that the community will create 3D printable replacements. You can read more at PC World or get started creating your own with the files at GitHub.
Keep Bitcoins Thieves at Bay with Raspberry Pi
Bitcoin users looking for a secure way to store their currency often prefer to keep them on a system not connected to the internet. However, this can make it difficult it access the coins for payment when they are away from the offline system. Developer Ronald Bell has created the open source Bitsmart Wallet which consists of two credit card sized computers powered by Raspberry Pi. One is for storing Bitcoins and is never connected to the internet and the other connected device is for transactions. Read more at Crypto Coin News.
3 Things Developer’s Need to Know About OSS Vulnerability Management
We have recently published some helpful tips for developers to keep in mind when leveraging open source in their projects. Read more in the Open Source Journal.
Software-defined networking (SDN) is a relatively new approach to managing computing networks. In SDN, different “body parts” of the network are fragmented in such a way that they can be optimized with much more efficiency.
Because SDN provides businesses with a variety of benefits—from flexibility to automation to enhanced speed—the market’s outlook is quite optimistic. In 2013, the global SDN market pulled in about $360 million, according to data in a recent infographic from the Open Networking Summit. That number is expected to explode to $3.7 billion by 2016, increasing tenfold in just three short years. And if that growth isn’t spectacular enough, the market could balloon to $8 billion by 2018, according to IDC.
After choosing SDN, businesses are increasingly turning toward open source controllers to manage their networks. Because these controllers are open source, they easily lend themselves to testing other infrastructures and applications, like network virtualization and network functions virtualization (NFV).
These days, customers embrace flexible technology. And that’s why we’re seeing more open source controllers on the market than ever before.
Are you considering SDN? Let’s take a look at some of the open source controllers available:
- OpenContrail provides all core components for network virtualization, including an SDN controller, virtual router, analytics engine and published northbound APIs.
- Ryu is described as a “component-based software-defined networking framework.” Fully written in Python, the project’s code is freely available under Apache 2.0.
- FlowVisor serves as a proxy between switches and other controllers.
- Floodlight is built by an open source community that develops open source software to enable SDNs.
- OpenDaylight is billed as an “open platform for network programmability to enable SDN and create a solid foundation for NFV for networks at any size and scale.”
What are your thoughts on SDN, and have you used any of these open source controllers? Let us know in the comments below!
…and more in this week’s compilation of open source news!
Explaining a Complex Legal Triangle
Intellectual Property lawyer, Dr. Kalyan Kankanala, has provided a good summary of the GPLv2 case involving Versata, Amirprise and XimpleWare. He outlines some potential outcomes such as the importance of choosing an appropriate licensing model as well as the effect the case may have on patents in open source software. Read Dr. Kankanala’s summary here, or our summary (including a demystifying infographic) here.
Trust Facebook to Select the Right OSS
You want to use open source in your next project? Great. But which OSS will you choose? There are close to a million open source projects out there (we know these things- we collect them). To address this problem, Facebook has recently announced a new project called Talk Openly, Develop Openly, or TODO, which seeks to make it easy for organizations to discern mature and reliable open source projects from the multitude of projects that exist today. TODO will also facilitate the discussion for open source deployment tips among organizations. Read more at Computer World.
Breaking Down Messaging Walls
A Gmail user can send an email to a Microsoft Outlook user, but a Google Hangouts user can’t send an instant message to a Skype user. A new open source project called Matrix is set to change that. The founders of the 2 week old project hope that Matrix will allow people to send instant messages to one another regardless of what app they are using. There is a catch though- that app must support Matrix. Read more at Cite World, or take a look at the code on GitHub.
Open Up and Encrypt
Worried about your online privacy? Pretty Easy Privacy (PEP), built upon OpenPGP, is a newly launched open source project that simplifies the encryption of messages sent through online communication tools such as Microsoft Outlook, Facebook, Android , Twitter and more. The project is open source, will be released under the GPLv3. Read more at PCWorld.
Getting Paid to Write Free Code
A study conducted by computer science professor Dirk Riehle has found that as much as 50% of open source code is contributed between 9am and 5pm. Although some may be the result of overzealous programmers goofing off at work, most are written by those actually doing their job. Read more of the study’s results at Tech Republic.
What Makes An Open Source Project Successful?
If you believe Linux Foundation’s Jim Zemlin, the success of an open source project can be measured by its ability to “inspire someone to think, to question, to imagine”. And of course there are other more mundane metrics such as market share or an active contributor base. Read more of Zemlin’s thoughts here.
Some quick tips on managing open source vulnerabilities
We recently published our top 10 tips for managing open source vulnerabilities. Take a look at the slideshow in CIO Magazine.
For a few years now, we’ve heard about Google Glass, wearable technology that essentially brings the functionality available on a smartphone to a pair of eyeglasses.
Users of the $1,500 glasses experience augmented reality, or enhancement of the real world with digital elements. For example, say you are studying an ancient sculpture at a museum. While wearing the glasses, simply look at the artwork and a variety of pertinent facts about it will appear on your glasses in real time, enhancing your learning experience.
It remains to be seen whether Google Glass adoption will become mainstream. While some research seems to indicate customers might not be interested in the product—being that it’s a new and untested device—other studies predict more than 800,000 pairs of glasses will be ordered this year. Fast forward to 2018, and that number explodes to 21.1 million.
One detractor from Google Glass usage could be that, despite the fact that Google likely knows quite a lot about us from our previous use of its products, some customers might be reluctant to allow the company deep visibility into their lives—from where they go, to with whom they speak , to what they’re seeing at any given time.
Wanting to take advantage of the promise of Google Glass, one Indian inventor put together some wearable tech of his own. Arvin Sanjeev built a Raspberry Pi-powered Google Glass knockoff—his “Smart Cap”—using open source technologies. The instructions to Sanjeev’s project can be seen here.
While it’s probably safe to say that the smart cap isn’t the sleekest looking piece of technology, it might be a pretty good alternative to Google Glass for those who want to maintain their privacy, enjoy challenging projects and not spend $1,500 on the technology anytime soon.
Sanjeev’s smart cap speaks to the power of open source: figuring out how to build or create something and then sharing those plans with the world. As such, we can expect to see someone figure out how to make the Indian inventor’s project slightly better, a process we hope will continue.
Some open source projects make it very simple to understand what license applies to the published works. Unfortunately, not all projects are created equal.
Despite all of the best intentions to share with the world, determining what licensing terms apply to an open source file or project is sometimes a lot more complicated than just looking for the one license file.
Protecode COO Norm Glaude will explore copyright and license declarations in open source code, packages and projects, and how these may apply to your final product.
When:September 24th 2014 at 9am EST
Repeat: September 24th 2014 at 2pm EST
What you will learn:
- A breif over view of open source license and copyright declarations
- The implications of using open source in your product
- A step by step process for uncovering hard to find license and copyright information in your product
- Steps to take to ensure your product is compliant
Who should attend:
- CTO’s and CIOs
- Technology Managers
- Corporate IP lawyers
- Licensing Managers
- Product Managers
- Quality Managers
- Software Developers
Over the past few years, we’ve seen more drones being used in more ways than ever before. With uses in the military, real estate, retail and everything in between, there’s no shortage of applications for drones.
Because they are connected to the Internet, these unmanned flying apparatuses pose quite the security threat should an unauthorized individual figure out how to hack into one of the machines’ networks and gain control of it from a remote location.
Seeking to provide drones with comprehensive security, NICTA, a research center in Australia, released its security project as open source in July. In doing so, governments and businesses are now able to tweak the code as they see fit, using it however they’d like.
In a video released by NICTA that showcases the power of the security software, viewers are exposed to two drones: one with the open source security measures and the other without it. Viewers see how the drone equipped with the security solution is able to maintain a normal flying pattern while the other drone can’t withstand the attack and plummets to its demise.
“What we are demonstrating here is that if one of the ground stations is malicious, and sends a command to the drone to stop the flight software, the commercially available drone will accept the command, kill the software and just drop from the sky,” explains June Adirondack, a senior researcher at NICTA.
NICTA claims that its software is bug-free, and by releasing the code to the open source community, hopes that it can be tweaked to become an even more formidable security solution.
As the prevalence of drones increases, the need for robust security solutions becomes that much more pronounced. Programmers certainly understand this, which is why we can expect to see stronger iterations of NICTA’s code in the future, thanks to the open source community.
It’s hard to believe that in 2014, there are still a lot of healthcare providers that have not yet fully transitioned to using Electronic Health Records (EHRs) to keep track of their patients’ medical histories. But despite the federal government offering financial incentives to healthcare providers that digitize their medical records, many businesses have yet to jump into the 21st century.
According to a recent survey on EHRs commissioned by Medscape, 83 percent of healthcare providers have transitioned to the new filing system, with an additional 4 percent currently transitioning to one. (Two years ago, 74 percent of providers were using such a system, with 8 percent in the process of installing one.)
As you could imagine, migrating paper-based records into the digital world is a painstaking process for any healthcare provider. But for Dr. Jay Kinsman, a healthcare provider in Colorado Springs, that process isn’t being made any easier thanks to the prevalence of many different EHR systems.
“Do we really need 250 different EHRs, and 30 fairly widely used ones and 15 really big ones?” Kinsman asks in a recent Kaiser Health News article. “Could we get by with one? Would we do better with just one product?”
The EHR market is extremely fragmented to say the least, and there is no shortage of software that healthcare providers can choose as they migrate to digital systems. But according to that same study, one system, the VA’s Computerized Patient Record System—also known as VistA—might be their most attractive option.
Built on a foundation of open source software, VistA doesn’t have licensing fees. The solution is the only one of its kind with a national footprint, as it has to cover veterans across the country. While the software lacks licensing fees, businesses will still have to foot the bill for installation, hardware and maintenance.
Still, healthcare businesses are employing the technology because they stand to save millions on licensing fees. What’s more, they can also change the software’s code to accommodate their unique business needs.
Because of the affordability and versatility open source solutions afford, it’s not surprising to see healthcare providers view VistA as favorably as they do. As such, we can expect to see VistA adoption rates increase in the near term.
When Heartbleed was uncovered earlier this year, many businesses scrambled to figure out how to better protect their networks from exploitation by this Internet bug. The fact that the vulnerability existed in OpenSSL, a commonly used component for encryption on the Internet, surely meant that other flaws would be found elsewhere—right?
Well, probably—as with proprietary code too. Programmers aren’t infallible. But even if Heartbleed scared some business owners away from open source, the fact remains that open source has become pervasive to the point where you really can’t avoid it altogether. And as such, business owners need to make sure they know exactly what’s in their open source code to manage any possible security vulnerabilities.
Luckily, doing so is quite easy. With the help of an intellectual property software audit, you can find out all of the pieces of code that are in your code base. At Protecode, our solutions constantly cross-reference the National Vulnerability Database, meaning that you will find out the exact weak spots in your code the minute they are uncovered and added to the catalog.
In today’s fast-paced business world, you need to work quickly to keep up with the speed of innovation. This means you might not have enough time to thoroughly assess your code base on your own. As such, you need to leverage tools that will help you pace your projects to meet industry best practices.
Very often, programmers copy open source code and paste it into their own projects. Effectively managing that code manually while ensuring its security is a time-consuming process.
But that process duration can be shortened when you employ modern tools to examine code move projects forward with confidence. Click here to learn more.
Earlier this year, a serious security flaw in Internet Explorer was revealed, allowing hackers to figure out ways to remotely commandeer computers that were running Microsoft’s pervasive proprietary Web browser. On top of that, last month researchers concluded that Google’s Android open source operating system contained similar security vulnerabilities, which if exploited, would allow intruders to gain access to all sorts of sensitive information—from payment histories to emails to credentials.
Though there’s a never-ending conversation surrounding whether open source code or proprietary code is more secure, these two documented situations should lead readers to the same conclusion: Regardless of whether code is open source or proprietary, it’s imperative that businesses work to manage all vulnerabilities in their code base.
Proponents of proprietary code will argue that solutions developed inside the walls of an organization are more secure because staff works hard to ensure protected software. After all, a company’s name is on the line with each release. On the other hand, proponents of open source say a community of dedicated programmers works tirelessly to ensure that the code they produce is impenetrable as well.
No matter which perspective you most support, the flaws in Android and Internet Explorer highlight a basic premise: Humans are not infallible. It’s only a matter of time before there’s a flaw in some of the code your business uses—whether that code is proprietary or open source.
To ensure your company is protected from exposure to vulnerabilities, decision makers should strongly consider leveraging tools that work to reveal security gaps. Such tools can also help companies see whether their software contains any third-party code and, if so, whether that code is properly licensed.
Click here to learn more about how your business stands to benefit from performing an intellectual property software audit with Protecode Certified.