In the wake of the recent celebrity photo leak scandal—and on the heels of what appears to be a similar Snapchat-related heist—digital security has become a high priority for all consumers and all businesses.
For the most part, people who use computers, the Internet and things like social media are not necessarily computer-savvy. In other words, while they might not have a problem figuring out how to turn a computer on and connect to the Internet, they might be susceptible targets for hackers and other ill-intentioned individuals.
To help protect those who need it most—and everyone else, for that matter—Google and Dropbox are teaming up with the Open Technology Fund Internet freedom program and other security professionals to form Simple Secure, a new consortium focusing on open source security.
There are a lot of security tools that Web users can employ to protect their digital footprints. But the lack of technological prowess among average Internet users makes them unlikely to discover and utilize those tools.
Simple Secure aims to create open source security tools that are easy to use—even for the most novice Internet user.
“Most security solutions are ineffective because they are too complex or time-consuming, so people make mistakes and give up,” explains Angela Sasse, a member of Simple Secure. “That does not mean they don’t want effective protection; people prefer to use the Internet and mobile services without constant worries.”
If Simple Secure accomplishes its goals, users won’t have to worry about being the victims of eavesdropping, keylogging or phishing, as they’ll be able to leverage an open source tool that even non-geniuses can use.
Today’s economic climate remains uncertain, and as a result of facing pressure from the public, lawmakers in Washington are continuing to look for ways in which they can reduce the expenses of the federal government. And it seems like one of the easiest places to find those budget reductions of late has been NASA.
Despite the fact that the government’s space administration doesn’t really account for that large of a chunk of the federal budget—this year, the White House requested a $17.46 billion budget for the department, a reduction of $186 million from the previous year—lawmakers continue to see NASA when they are looking for cost savings. (The department’s budget peaked in 2010 at $18.724 billion.)
So just how does NASA figure out how to stomach these kinds of budget cuts? Recently, the department moved its technological infrastructure into the cloud. At the same time, NASA switched to Drupal and Ubuntu, an open source content management system and operating system, respectively. Both changes resulted in cost savings related to NASA’s hosting expenses, according to Roopangi Kadakia, NASA’s web services executive.
NASA’s decision to move its computing infrastructure into the cloud has already generated cost savings of 40 percent, Kadakia said. The agency has also enjoyed a 25-percent reduction in operational and maintenance costs as well, she said.
No matter the industry, even in times of economic prosperity, it doesn’t make much sense to pay more than is necessary for products or services. As such, businesses and organizations across all verticals should consider looking into the significant cost savings associated with deploying open source tools. With reduced expenses, increased flexibility and freedom from vendor lock-in, it’s very likely that all organizations will at least be able to find some open source tools that make sense for their particular situations.
US Government Is Playing Games With Open Source
Normally, the National Geospatial-Intelligence Agency (NGA) in the US provides imagery, map-based intelligence and geospatial information in support of the nation's military forces, national policy makers and civil users. So, it may come as a surprise when NGA announced that it has made the code for its gamification software available on GitHub under an MIT license. The larger community can then use, expand or improve the code for gamers, and for the NGA. Read the story at Gamasutra, then get the code at GitHub.
eBay Is Now Offering Open Source
Do you think there is anything you can’t buy on eBay? Well, no, there is sooo much on eBay, and frankly it is beginning to slow the site down. So, eBay designed its own online analytics processing (OLAP) engine called Kylin to speed up Apache Hadoop. Now they are joining a growing list of proprietary software companies that contribute to the open source community with its release of Kylin, helping enterprises take advantage of batch processing frameworks. There is more at Silicon Angle.
Even Drones Use Open Source
The Linux Foundation recently announced the formation of Dronecode, a partnership between chipmakers and drone companies that aims to establish the best practises in open source drone technology. The foundation wants to encourage drone adoption in the fields of environmental research, humanitarian work, and search and rescue. Read more at Cnet.
How Should Governments Adopt OSS?
A study commissioned by the US Department of Homeland Security recognizes the prevalence of open source software in Government operations. The study offers a number of solutions for removing common roadblocks that government agencies face when adopting open source software. The report addresses security concerns and suggests OSS accreditation focused on risk management. It also encourages the collaboration between government agencies and the open source community.
Open Source Slowly Gains Ground In Quebec
Government agencies around the world have been moving towards open source, and Quebec may be the next one to join the fun. Until now the Quebec government in Canada has been slow to embrace open source and the benefits that come with it. Following in the UK’s footsteps Quebec’s government passed a bill in 2011 to consider open source alternatives in IT decisions, which has opened the door for open source contractors. Read more at the Montreal Gazette.
The Robin Hood Of The Software World
Take from the companies and give to individuals. Borrowing from a proposed idea for subsidizing pharmaceutical research, Glyn Moody proposes funding open source projects through an Open Source Dividend – or taking a small fee from the sale of proprietary software and awarding it to open source projects. Read more of Moody’s rationale at Computer World UK.
Read some recommendations from some industry experts (including Protecode’s own Norm Glaude) at ACM.
Everywhere you look, government entities around the world are migrating to open source solutions. Perhaps most famously, the city of Munich recently switched to open source, saving the city $16 million along the way.
It appears as though Australia’s Department of Immigration and Border Protection is following in the footsteps of many of its governmental peers. Earlier this year, Klaus Felsche, the department’s director of analytics and risk tiering, explained the department’s decision to liberate itself from the shackles of proprietary solutions and choose open source. More specifically, Felsche’s team is using a set of open source tools called “R.”
According to Felsche, these open source tools are more capable than their proprietary counterparts in terms of speed and accuracy. Because they lack licensing and maintenance fees, open source solutions win hands-down when it comes to cost-effectiveness. On top of that, because the solutions are built and maintained by a team of dedicated programmers, those who leverage open source tools are benefitting from what is really global R&D.
While open source is free, generally speaking, it is however not without its costs, Felsche explained.
“Real costs do exist,” Felsche said. “We need to keep a specialist team on staff to build, maintain it,and but in the bigger scheme of things, other software would require similar in-house support.”
Felsche is perhaps proudest of the department’s risk analytics systems, software he says is “robust, fast and accurate” while producing “results that are fit-for-purpose.”
Open source software makes sense for businesses, organizations and other entities that need to be able to adapt to today’s fast-paced world. Because the tools are made by a community of enthusiastic programmers, they are constantly works in progress, improving along the way. As a result, you can expect your open source solutions to get even stronger and provide more utility over time.
Already, the immigration department has claimed it’s over 30 percent more effective because of its new approach to analytics. Click here to learn more about how your business stands to benefit from open source tools.
The medical industry is going through a period of transition as healthcare practices across the country move from paper-based records to electronic medical records (EMRs).
To facilitate this transition, many are turning toward open source solutions. After all, the easiest way for the healthcare industry to become more effective is by giving doctors the ability to access all pertinent records of a patient quickly and easily. Would that goal be easier to accomplish if the EMR space became fragmented with 250 different solutions? Or if there was an open source ecosystem that everyone use?
It remains to be seen whether open source will become the de facto standard in the healthcare industry, but the pulse is strong that this very well might be the case. To this end, Alfresco recently announced its integration with Fortrus’ Unity, the world’s first universal health viewer.
In the past, pertinent medical records might have been stored in different silos across an organization. When leveraging the open source solution, those records are able to be integrated. As a result, doctors and other medical staff are able to give patients the highest-quality care available.
Rather than risking a medical future that’s characterized by a myriad of proprietary EMR solutions that are incompatible with one another, healthcare providers should consider deploying open source solutions. In doing so, they are able to take advantage of the latest technologies while increasing their access to documents and records that will help them do their jobs more effectively.
By choosing open source, medical facilities are able to benefit from the latest innovation and won’t run into problems of vendor lock-in or incompatibility down the road. And patients will be healthier as a result.
First there was Heartbleed. Now there’s Shellshock.
Last month, security engineers discovered a bug that allows hackers to remotely control Web servers. Once a server is compromised and falls under the control of hackers, the sky is the limit in terms of what happens next. For example, hackers could easily decide to pilfer confidential information from servers—like usernames, passwords and financial documents.
Here’s how Shellshock, also known as the Bash bug, works: Web servers using Bash—a language interpreter found in Linux, Unix and Mac OS X Mavericks—to process commands could be affected by the vulnerability if they are able to remotely pass commands via the Internet. Hackers can commandeer these kinds of servers and take a look at all of the data they store, or worst, initiate operations such as a Denial of Service (DoS) attack.
Believe it or not, this vulnerability’s been around for nearly two decades but was only discovered in September.
So what can you do to protect your servers from Shellshock? The good news is that there are solutions that can detect the presence of Bash, and solutions that can detect Shellshock attacks.
Open source software scanning applications offered by Protecode can detect the presence of the Bash (or even modifications of Bash) in a development environment.
There are also open source solutions such as Trustwave, an information security company, can detect attacks thanks to its honeypots, which are essentially open Web servers affixed with the open source ModSecurity Web application firewall tool. These honeypots stay on the lookout for attacks, detecting anything that looks amiss.
Trustwave sponsors the ModSecurity project, and the company feels as though it’s the solution for those who want to make sure their servers are secure.
“Trying to execute commands line tools on a server is a common exploit attack, whether it’s cross-site scripting, SQL injection or Shellshock, so we just monitor for those commands in general Web traffic,” explains Karl Sigler, a manager at Trustwave. “If we see it, we block it, even if we don’t know which specific Web vulnerability the attack is trying to take advantage of.”
Heartbleed and Shellshock happen to be bugs that exploit open source software. But that doesn’t mean the bugs are unique to open source. In fact, studies have shown that open source code is generally less buggy than its proprietary counterpart.
In any event, when bugs emerge in open source code, there is no shortage in the amount of enthusiastic programmers who work quickly toward a solution.
With the benefits open source provides well documented—like cost savings, accelerated innovation and freedom from vendor lock-in—it’s quite curious that the federal government’s technological infrastructure isn’t wholly built on open source code. After all, the federal government is taxpayer-funded and, as such, the argument can be made that all of the code it owns is actually owned by its citizens instead.
While the government might have some valid reasons for choosing proprietary solutions—like the ability to call an actual support line and speak with a human, rather than having to browse support forums for open source tools—the fact remains that more open solutions should be embraced by our governing bodies for a variety of reasons. Let’s take a look at some:
- There’s probably not any incentive for contractors to produce open solutions for the government. After all, a company would rather get two contracts than one. Think about it: How much different do the systems for the Environmental Protection Agency and the Department of Education, for example, really have to be? But by choosing open source solutions, the government would spare the taxpayers the expenses associated with the same code being written two or more times.
- By choosing open source solutions, the government would be exposing itself to potential criticism from highly technical people who could peruse code and see what’s inefficient, identifying places changes could be made. While everyone is quick to criticize the government, feedback is perhaps just the thing that is needed to improve the government’s technological infrastructure.
- No matter how well-oiled an organization is, things can always be a little more efficient. While the government might not be the fastest-moving organization, by choosing open source, it’ll have to update its culture to accommodate collaboration within a quickly moving community. After all, the open source community is a vibrant one. By choosing open source, the government would be forced to modernize its operations, a move which would certainly bolster efficiency.
Historically, the government has never been an early adopter of technology. But by keeping the conversation going, we hope that’s something that changes.
Formed in 2002 in response to the terrorist attacks of Sept. 11, 2001, the United States Department of Homeland Security (DHS) is a cabinet-level organization that exists to ensure Americas are safe in the event manmade or natural disaster strikes.
Recently, the department dipped its toes into new waters: making sure that open source code is free of bugs and security holes. The government, after all, has been using open source software for quite some time. Until now, however, the government didn’t really know whether the code it was using was stable.
“With open source popularity, more and more government branches are using open source code,” explains Patrick Beyer, director of the Software Assurance Marketplace (SWAMP), the program the DHS created to audit the code. “Some are grabbing code from here, there and everywhere. There’s more and more concern about the safety and quality of this code.”
The fact that the federal government is investing in proper open source software license management underscores the importance of knowing exactly what’s in the code of the solutions you’re leveraging. Failure to do so could leave your intellectual property exposed to hackers or other unauthorized individuals.
The good news is that it’s not that difficult to figure out precisely what’s in your code. At Protecode, we can audit all of our customers’ code, cross-checking it against the National Vulnerability Database, to find out where it came from and what, if any, security vulnerabilities are present.
While there is really no shortage to the benefits of open source technology, as is the case with any technology, it’s crucial that you ensure all appropriate measures are taken to ensure security. Please click here if you’re interested in learning more about how to properly manage your open source code.
Last year, the city of Munich completed its transition to open source. The city switched from Windows NT to LiMux, a Linux-based operating system. In the beginning of 2014, the migration of 15,000 workstations was deemed successful, and the city saved more than $16 million due to the migration.
But just eight months later, it appears as though the city might be forced to switch back to Microsoft’s closed solutions. According to Deputy Mayor Josef Schmid, many government employees are “suffering” after being transitioned to open solutions. These workers complain that it’s difficult to work with people outside the government who aren’t using open source solutions.
You could argue that Munich was foolish to try to live in an open source ecosystem that is external to many of the institutions with which it must regularly collaborate. But you could also argue that it is a true testament to the limits of proprietary solutions that Munich is unable to effectively collaborate with those organizations.
When businesses choose to deploy proprietary solutions, they are bound to them—so, it’s a good thing that most people run Microsoft and Windows. But the more you think about it, doesn’t that seem kind of dubious? Is Microsoft interested in giving you the flexibility needed to thrive in today’s fast-paced business world? Or is the company more concerned about making you depend on them so you’ll have to buy the Redmond, Washington-based company’s latest portfolio of offerings every few years?
On the other hand, open source solutions allow businesses to blaze whichever technological trail they so choose. Freedom from vendor lock-in is a beautiful thing, and with open source, you’ll be able to create a computing ecosystem that’s perfect for your specific needs.
To make the transition to open source a bit easier than Munich’s, it’s imperative that businesses or other organizations also put processes in place for open source adoption that help cut down on costs associated with support and maintenance.
The switch to open source is certainly a tricky one, but by drafting a comprehensive migration plan, it won’t be any harder than it has to be.
…and more in the week’s compendium of open source news!
New Security Vulnerability Leaves Linux Systems Vulnerable
The recently discovered security vulnerability known as “Bash” allows hackers to take control of targeted systems. The treat appears more serious than the Heartbleed bug discovered earlier this year which only allowed hackers to spy on targeted systems. Read more at Re/Code.
A Simple Security Solution
In the light of Bash, the recent announcement made by Google and Dropbox on the formation of Simply Secure seems particularly well timed. The goal of Simply Secure is to create open source security tools with a strong focus on usability- as many existing security tools are overly complicated for the average user. Read more at PC Mag.
Patent-Free Cancer Research
Chemist Isaac Yonemoto is hoping to apply the principles of open source programming to cancer research. Specifically he wants to revive research on an anti-cancer compound called 9-deoxysibiromycin, or 9-DS, which was never patented it is now in the public domain. Yonemoto is attempting to crowd fund $50,000 to begin research on mice and hopes to publish the data on an open source repository such as GitHub. Read more at Wired.
Making Health Care Easy With Open Source Telemedicine
Open Source Health Inc., a provider of cloud-based patient engagement systems has open sourced telemedicine software OSTeN. The organization hopes that the release of OSTeN will help accelerate the adoption of telemedicine which up until now has been dominated by proprietary solutions. Read more here or take a look at the code on GitHub.
Create Your Own Reality
Makers of the virtual reality headset Oculus Rift have open-sourced the original Oculus Rift developer kit. However some of the original components are no longer being manufactured and some files require high end equipment, but Oculus hopes that the community will create 3D printable replacements. You can read more at PC World or get started creating your own with the files at GitHub.
Keep Bitcoins Thieves at Bay with Raspberry Pi
Bitcoin users looking for a secure way to store their currency often prefer to keep them on a system not connected to the internet. However, this can make it difficult it access the coins for payment when they are away from the offline system. Developer Ronald Bell has created the open source Bitsmart Wallet which consists of two credit card sized computers powered by Raspberry Pi. One is for storing Bitcoins and is never connected to the internet and the other connected device is for transactions. Read more at Crypto Coin News.
3 Things Developer’s Need to Know About OSS Vulnerability Management
We have recently published some helpful tips for developers to keep in mind when leveraging open source in their projects. Read more in the Open Source Journal.