The medical industry is going through a period of transition as healthcare practices across the country move from paper-based records to electronic medical records (EMRs).
To facilitate this transition, many are turning toward open source solutions. After all, the easiest way for the healthcare industry to become more effective is by giving doctors the ability to access all pertinent records of a patient quickly and easily. Would that goal be easier to accomplish if the EMR space became fragmented with 250 different solutions? Or if there was an open source ecosystem that everyone use?
It remains to be seen whether open source will become the de facto standard in the healthcare industry, but the pulse is strong that this very well might be the case. To this end, Alfresco recently announced its integration with Fortrus’ Unity, the world’s first universal health viewer.
In the past, pertinent medical records might have been stored in different silos across an organization. When leveraging the open source solution, those records are able to be integrated. As a result, doctors and other medical staff are able to give patients the highest-quality care available.
Rather than risking a medical future that’s characterized by a myriad of proprietary EMR solutions that are incompatible with one another, healthcare providers should consider deploying open source solutions. In doing so, they are able to take advantage of the latest technologies while increasing their access to documents and records that will help them do their jobs more effectively.
By choosing open source, medical facilities are able to benefit from the latest innovation and won’t run into problems of vendor lock-in or incompatibility down the road. And patients will be healthier as a result.
First there was Heartbleed. Now there’s Shellshock.
Last month, security engineers discovered a bug that allows hackers to remotely control Web servers. Once a server is compromised and falls under the control of hackers, the sky is the limit in terms of what happens next. For example, hackers could easily decide to pilfer confidential information from servers—like usernames, passwords and financial documents.
Here’s how Shellshock, also known as the Bash bug, works: Web servers using Bash—a language interpreter found in Linux, Unix and Mac OS X Mavericks—to process commands could be affected by the vulnerability if they are able to remotely pass commands via the Internet. Hackers can commandeer these kinds of servers and take a look at all of the data they store, or worst, initiate operations such as a Denial of Service (DoS) attack.
Believe it or not, this vulnerability’s been around for nearly two decades but was only discovered in September.
So what can you do to protect your servers from Shellshock? The good news is that there are solutions that can detect the presence of Bash, and solutions that can detect Shellshock attacks.
Open source software scanning applications offered by Protecode can detect the presence of the Bash (or even modifications of Bash) in a development environment.
There are also open source solutions such as Trustwave, an information security company, can detect attacks thanks to its honeypots, which are essentially open Web servers affixed with the open source ModSecurity Web application firewall tool. These honeypots stay on the lookout for attacks, detecting anything that looks amiss.
Trustwave sponsors the ModSecurity project, and the company feels as though it’s the solution for those who want to make sure their servers are secure.
“Trying to execute commands line tools on a server is a common exploit attack, whether it’s cross-site scripting, SQL injection or Shellshock, so we just monitor for those commands in general Web traffic,” explains Karl Sigler, a manager at Trustwave. “If we see it, we block it, even if we don’t know which specific Web vulnerability the attack is trying to take advantage of.”
Heartbleed and Shellshock happen to be bugs that exploit open source software. But that doesn’t mean the bugs are unique to open source. In fact, studies have shown that open source code is generally less buggy than its proprietary counterpart.
In any event, when bugs emerge in open source code, there is no shortage in the amount of enthusiastic programmers who work quickly toward a solution.
With the benefits open source provides well documented—like cost savings, accelerated innovation and freedom from vendor lock-in—it’s quite curious that the federal government’s technological infrastructure isn’t wholly built on open source code. After all, the federal government is taxpayer-funded and, as such, the argument can be made that all of the code it owns is actually owned by its citizens instead.
While the government might have some valid reasons for choosing proprietary solutions—like the ability to call an actual support line and speak with a human, rather than having to browse support forums for open source tools—the fact remains that more open solutions should be embraced by our governing bodies for a variety of reasons. Let’s take a look at some:
- There’s probably not any incentive for contractors to produce open solutions for the government. After all, a company would rather get two contracts than one. Think about it: How much different do the systems for the Environmental Protection Agency and the Department of Education, for example, really have to be? But by choosing open source solutions, the government would spare the taxpayers the expenses associated with the same code being written two or more times.
- By choosing open source solutions, the government would be exposing itself to potential criticism from highly technical people who could peruse code and see what’s inefficient, identifying places changes could be made. While everyone is quick to criticize the government, feedback is perhaps just the thing that is needed to improve the government’s technological infrastructure.
- No matter how well-oiled an organization is, things can always be a little more efficient. While the government might not be the fastest-moving organization, by choosing open source, it’ll have to update its culture to accommodate collaboration within a quickly moving community. After all, the open source community is a vibrant one. By choosing open source, the government would be forced to modernize its operations, a move which would certainly bolster efficiency.
Historically, the government has never been an early adopter of technology. But by keeping the conversation going, we hope that’s something that changes.
Formed in 2002 in response to the terrorist attacks of Sept. 11, 2001, the United States Department of Homeland Security (DHS) is a cabinet-level organization that exists to ensure Americas are safe in the event manmade or natural disaster strikes.
Recently, the department dipped its toes into new waters: making sure that open source code is free of bugs and security holes. The government, after all, has been using open source software for quite some time. Until now, however, the government didn’t really know whether the code it was using was stable.
“With open source popularity, more and more government branches are using open source code,” explains Patrick Beyer, director of the Software Assurance Marketplace (SWAMP), the program the DHS created to audit the code. “Some are grabbing code from here, there and everywhere. There’s more and more concern about the safety and quality of this code.”
The fact that the federal government is investing in proper open source software license management underscores the importance of knowing exactly what’s in the code of the solutions you’re leveraging. Failure to do so could leave your intellectual property exposed to hackers or other unauthorized individuals.
The good news is that it’s not that difficult to figure out precisely what’s in your code. At Protecode, we can audit all of our customers’ code, cross-checking it against the National Vulnerability Database, to find out where it came from and what, if any, security vulnerabilities are present.
While there is really no shortage to the benefits of open source technology, as is the case with any technology, it’s crucial that you ensure all appropriate measures are taken to ensure security. Please click here if you’re interested in learning more about how to properly manage your open source code.
Last year, the city of Munich completed its transition to open source. The city switched from Windows NT to LiMux, a Linux-based operating system. In the beginning of 2014, the migration of 15,000 workstations was deemed successful, and the city saved more than $16 million due to the migration.
But just eight months later, it appears as though the city might be forced to switch back to Microsoft’s closed solutions. According to Deputy Mayor Josef Schmid, many government employees are “suffering” after being transitioned to open solutions. These workers complain that it’s difficult to work with people outside the government who aren’t using open source solutions.
You could argue that Munich was foolish to try to live in an open source ecosystem that is external to many of the institutions with which it must regularly collaborate. But you could also argue that it is a true testament to the limits of proprietary solutions that Munich is unable to effectively collaborate with those organizations.
When businesses choose to deploy proprietary solutions, they are bound to them—so, it’s a good thing that most people run Microsoft and Windows. But the more you think about it, doesn’t that seem kind of dubious? Is Microsoft interested in giving you the flexibility needed to thrive in today’s fast-paced business world? Or is the company more concerned about making you depend on them so you’ll have to buy the Redmond, Washington-based company’s latest portfolio of offerings every few years?
On the other hand, open source solutions allow businesses to blaze whichever technological trail they so choose. Freedom from vendor lock-in is a beautiful thing, and with open source, you’ll be able to create a computing ecosystem that’s perfect for your specific needs.
To make the transition to open source a bit easier than Munich’s, it’s imperative that businesses or other organizations also put processes in place for open source adoption that help cut down on costs associated with support and maintenance.
The switch to open source is certainly a tricky one, but by drafting a comprehensive migration plan, it won’t be any harder than it has to be.
…and more in the week’s compendium of open source news!
New Security Vulnerability Leaves Linux Systems Vulnerable
The recently discovered security vulnerability known as “Bash” allows hackers to take control of targeted systems. The treat appears more serious than the Heartbleed bug discovered earlier this year which only allowed hackers to spy on targeted systems. Read more at Re/Code.
A Simple Security Solution
In the light of Bash, the recent announcement made by Google and Dropbox on the formation of Simply Secure seems particularly well timed. The goal of Simply Secure is to create open source security tools with a strong focus on usability- as many existing security tools are overly complicated for the average user. Read more at PC Mag.
Patent-Free Cancer Research
Chemist Isaac Yonemoto is hoping to apply the principles of open source programming to cancer research. Specifically he wants to revive research on an anti-cancer compound called 9-deoxysibiromycin, or 9-DS, which was never patented it is now in the public domain. Yonemoto is attempting to crowd fund $50,000 to begin research on mice and hopes to publish the data on an open source repository such as GitHub. Read more at Wired.
Making Health Care Easy With Open Source Telemedicine
Open Source Health Inc., a provider of cloud-based patient engagement systems has open sourced telemedicine software OSTeN. The organization hopes that the release of OSTeN will help accelerate the adoption of telemedicine which up until now has been dominated by proprietary solutions. Read more here or take a look at the code on GitHub.
Create Your Own Reality
Makers of the virtual reality headset Oculus Rift have open-sourced the original Oculus Rift developer kit. However some of the original components are no longer being manufactured and some files require high end equipment, but Oculus hopes that the community will create 3D printable replacements. You can read more at PC World or get started creating your own with the files at GitHub.
Keep Bitcoins Thieves at Bay with Raspberry Pi
Bitcoin users looking for a secure way to store their currency often prefer to keep them on a system not connected to the internet. However, this can make it difficult it access the coins for payment when they are away from the offline system. Developer Ronald Bell has created the open source Bitsmart Wallet which consists of two credit card sized computers powered by Raspberry Pi. One is for storing Bitcoins and is never connected to the internet and the other connected device is for transactions. Read more at Crypto Coin News.
3 Things Developer’s Need to Know About OSS Vulnerability Management
We have recently published some helpful tips for developers to keep in mind when leveraging open source in their projects. Read more in the Open Source Journal.
Software-defined networking (SDN) is a relatively new approach to managing computing networks. In SDN, different “body parts” of the network are fragmented in such a way that they can be optimized with much more efficiency.
Because SDN provides businesses with a variety of benefits—from flexibility to automation to enhanced speed—the market’s outlook is quite optimistic. In 2013, the global SDN market pulled in about $360 million, according to data in a recent infographic from the Open Networking Summit. That number is expected to explode to $3.7 billion by 2016, increasing tenfold in just three short years. And if that growth isn’t spectacular enough, the market could balloon to $8 billion by 2018, according to IDC.
After choosing SDN, businesses are increasingly turning toward open source controllers to manage their networks. Because these controllers are open source, they easily lend themselves to testing other infrastructures and applications, like network virtualization and network functions virtualization (NFV).
These days, customers embrace flexible technology. And that’s why we’re seeing more open source controllers on the market than ever before.
Are you considering SDN? Let’s take a look at some of the open source controllers available:
- OpenContrail provides all core components for network virtualization, including an SDN controller, virtual router, analytics engine and published northbound APIs.
- Ryu is described as a “component-based software-defined networking framework.” Fully written in Python, the project’s code is freely available under Apache 2.0.
- FlowVisor serves as a proxy between switches and other controllers.
- Floodlight is built by an open source community that develops open source software to enable SDNs.
- OpenDaylight is billed as an “open platform for network programmability to enable SDN and create a solid foundation for NFV for networks at any size and scale.”
What are your thoughts on SDN, and have you used any of these open source controllers? Let us know in the comments below!
…and more in this week’s compilation of open source news!
Explaining a Complex Legal Triangle
Intellectual Property lawyer, Dr. Kalyan Kankanala, has provided a good summary of the GPLv2 case involving Versata, Amirprise and XimpleWare. He outlines some potential outcomes such as the importance of choosing an appropriate licensing model as well as the effect the case may have on patents in open source software. Read Dr. Kankanala’s summary here, or our summary (including a demystifying infographic) here.
Trust Facebook to Select the Right OSS
You want to use open source in your next project? Great. But which OSS will you choose? There are close to a million open source projects out there (we know these things- we collect them). To address this problem, Facebook has recently announced a new project called Talk Openly, Develop Openly, or TODO, which seeks to make it easy for organizations to discern mature and reliable open source projects from the multitude of projects that exist today. TODO will also facilitate the discussion for open source deployment tips among organizations. Read more at Computer World.
Breaking Down Messaging Walls
A Gmail user can send an email to a Microsoft Outlook user, but a Google Hangouts user can’t send an instant message to a Skype user. A new open source project called Matrix is set to change that. The founders of the 2 week old project hope that Matrix will allow people to send instant messages to one another regardless of what app they are using. There is a catch though- that app must support Matrix. Read more at Cite World, or take a look at the code on GitHub.
Open Up and Encrypt
Worried about your online privacy? Pretty Easy Privacy (PEP), built upon OpenPGP, is a newly launched open source project that simplifies the encryption of messages sent through online communication tools such as Microsoft Outlook, Facebook, Android , Twitter and more. The project is open source, will be released under the GPLv3. Read more at PCWorld.
Getting Paid to Write Free Code
A study conducted by computer science professor Dirk Riehle has found that as much as 50% of open source code is contributed between 9am and 5pm. Although some may be the result of overzealous programmers goofing off at work, most are written by those actually doing their job. Read more of the study’s results at Tech Republic.
What Makes An Open Source Project Successful?
If you believe Linux Foundation’s Jim Zemlin, the success of an open source project can be measured by its ability to “inspire someone to think, to question, to imagine”. And of course there are other more mundane metrics such as market share or an active contributor base. Read more of Zemlin’s thoughts here.
Some quick tips on managing open source vulnerabilities
We recently published our top 10 tips for managing open source vulnerabilities. Take a look at the slideshow in CIO Magazine.
For a few years now, we’ve heard about Google Glass, wearable technology that essentially brings the functionality available on a smartphone to a pair of eyeglasses.
Users of the $1,500 glasses experience augmented reality, or enhancement of the real world with digital elements. For example, say you are studying an ancient sculpture at a museum. While wearing the glasses, simply look at the artwork and a variety of pertinent facts about it will appear on your glasses in real time, enhancing your learning experience.
It remains to be seen whether Google Glass adoption will become mainstream. While some research seems to indicate customers might not be interested in the product—being that it’s a new and untested device—other studies predict more than 800,000 pairs of glasses will be ordered this year. Fast forward to 2018, and that number explodes to 21.1 million.
One detractor from Google Glass usage could be that, despite the fact that Google likely knows quite a lot about us from our previous use of its products, some customers might be reluctant to allow the company deep visibility into their lives—from where they go, to with whom they speak , to what they’re seeing at any given time.
Wanting to take advantage of the promise of Google Glass, one Indian inventor put together some wearable tech of his own. Arvin Sanjeev built a Raspberry Pi-powered Google Glass knockoff—his “Smart Cap”—using open source technologies. The instructions to Sanjeev’s project can be seen here.
While it’s probably safe to say that the smart cap isn’t the sleekest looking piece of technology, it might be a pretty good alternative to Google Glass for those who want to maintain their privacy, enjoy challenging projects and not spend $1,500 on the technology anytime soon.
Sanjeev’s smart cap speaks to the power of open source: figuring out how to build or create something and then sharing those plans with the world. As such, we can expect to see someone figure out how to make the Indian inventor’s project slightly better, a process we hope will continue.
Some open source projects make it very simple to understand what license applies to the published works. Unfortunately, not all projects are created equal.
Despite all of the best intentions to share with the world, determining what licensing terms apply to an open source file or project is sometimes a lot more complicated than just looking for the one license file.
Protecode COO Norm Glaude will explore copyright and license declarations in open source code, packages and projects, and how these may apply to your final product.
When:September 24th 2014 at 9am EST
Repeat: September 24th 2014 at 2pm EST
What you will learn:
- A breif over view of open source license and copyright declarations
- The implications of using open source in your product
- A step by step process for uncovering hard to find license and copyright information in your product
- Steps to take to ensure your product is compliant
Who should attend:
- CTO’s and CIOs
- Technology Managers
- Corporate IP lawyers
- Licensing Managers
- Product Managers
- Quality Managers
- Software Developers