Subscribe by Email

Your email:

Follow Protecode

Open Source Management Resource Blog

Current Articles | RSS Feed RSS Feed

Don’t Be So Quick to Blame the New Linux Security Flaw on Open Source Software

  
  

A ghost has been discovered hiding in the Linux GNU C Library (glibc).

Software vulnerability CVE-2015-0235, nicknamed “Ghost,” allows third-party hackers to remotely hijack Linux systems while bypassing basic security credentials like system identification numbers and passwords.

How is Ghost deployed? As ZDNet Editor Stephen J. Vaughn-Nichols explains, all a hacker has to do is target the glibc’s gethostbyname functions, which are used on just about every networked Linux computer. An attack can be performed by targeting an application that uses a Domain Name System (DNS) with an invalid hostname. This in turn creates a buffer overflow, which could give a hacker the necessary foothold for worming deeper into the software and potentially commandeering the computer.

The Ghost vulnerability primarily affects older Linux versions, although not all new ones are impervious to exploitation. It is a high-risk system bug that poses a legitimate risk to end users. Linux users operating glbic-2.2-based systems are now being urged to perform immediate system patches.

Being that Linux is one of the most widely used examples of open source software on the market today, this new flaw will naturally draw criticism to open source software from skeptics who believe that it is inherently susceptible to attack. The same problem happened last year following the infamous Heartbleed bug in OpenSSL.

It’s important to realize, however, that the Ghost vulnerability—as with Heartbleed—could just as easily have occurred in a company that uses proprietary software. In fact, one could argue that by using open source software, developers can discover the security weaknesses faster and devise patches quicker and more efficiently than they could with closed code.

If your organization leverages open source code, there are solutions available that will allow you to perform rapid security vulnerability checks so that you can identify known vulnerabilities and resolve them before they become a problem.

Tags: ,

GENIVI Alliance Announces Exciting Partnership With Android Auto Interface

  
  

The GENIVI Alliance is giving a whole new meaning to the “open” road.

On Jan. 5, the nonprofit automotive industry alliance announced it will extend its open source middleware solution to provide support for Google’s Android Auto platform.

Android Auto is a next-generation automotive infotainment interface that combines mobile voice command, steering wheel controls and other intuitive mobile features to motor vehicle dashboards. Its purpose is to provide a combination of contextual on-road information and entertainment to drivers and passengers in a way that is not distracting. Drivers, in other words, can use Android Auto to access a full suite of features without having to take their eyes off of the road.

By extending its middleware solution to the Android Auto platform, the GENIVI Alliance will make it easier for consumers to connect their Android mobile devices to dashboard interfaces. GENIVI’s middleware will allow for the seamless transfer of audio and voice interactions. It will also help facilitate services that require touch screen inputs or advanced levels of user authentication.

One of the most exciting aspects of GENIVI’s announcement to partner with Android Auto is that it will pave the way for automakers to incorporate open source infotainment solutions into their vehicles.

“GENIVI produces open source software that preserves the automaker’s branding and unique value to the driver,” explained GENIVI Alliance Executive Director Steve Crumb in a recent statement.

In other words, companies will be able to use proprietary applications that work in conjunction with the standards-based GENIVI middleware. Once an application is certified GENIVI-compliant, it will be able to work over any GENIVI-compliant platform.

Funding for the development will be paid for by the GENIVI Alliance, and will be released along with an open source license at http://projects.genivi.org.

Tags: ,

Three Ways to Contribute to Open Source Without Writing Code

  
  

The open source community is thriving these days. Just take a look at Hortonworks’ IPO, Microsoft’s decision to bring its .NET platform into the open source world and the seemingly endless amount of products that are being released by the open source community.

But let’s say open source excites you and you want to contribute to the community. You believe in open and free software, and you want to do what you can to help the community progress. Unfortunately, there’s one drawback: You don’t know how to write code.

Not a problem! The open source community needs a whole lot more than software code to succeed. If you’re looking to contribute but aren’t a programmer, consider these three ways you can help:

  1. Test solutions. Be sure to let developers know what issues you uncover as you go about using their software. The more detailed and thorough your feedback, the better able coders will be to improve their solutions for other uses. Your feedback can include bugs, glitches and ideas for improvement.
  2. Work on art and design. Open source projects need attractive logos, websites and interfaces. If you can’t write code, consider lending your talents to another area of the project by helping with web copy, design and layout.
  3. Become an evangelist. To succeed, users first have to be aware about open source projects. As such, these projects need to be marketed however possible. Whether that involves becoming a part of message board discussions, giving presentations or simply striking up conversation is up to you.

In order to grow into what proponents envision it will one day be—a well-rounded repository for cutting-edge technology that’s mostly free—the open source community needs as much help as it can get. Where do you fit in?

3 Tips for Strengthening Open Source Adoption at Your Organization

  
  

From cost savings to operational versatility to higher quality products, there’s no shortage of benefits of open source solutions.

But as is the case with all technology, it’s important you build on top of the right environment in order to achieve the best results. After all, you don’t want to risk disparate technologies being incompatible, and you don’t want to deal with security vulnerabilities that could leave some of your confidential data exposed.

In order to ensure that your organization realizes the biggest benefits from open source technology—and therefore increases its adoption—consider the following three tips:

  1. Standardize your software to ensure interoperability. There’s a reason students are expected to get the same textbooks for a class. If half of a geography class shows up with a brand new textbook and the other half shows up with an edition published in 1980, there’s a good chance the teacher would have trouble when it came to explaining countries in Europe since the map has changed considerably over the last three decades. Teaching is easier when students use the same text. By leveraging an open source repository like Software Collection, your developers and operations team are able to ensure software is standardized across departments. 
  2. Stay on top of security vulnerabilities. It seems as though every few weeks, yet another security vulnerability is found in either open source or proprietary solutions. Since that’s the case, it’s in your best interest to proactively monitor the latest detected vulnerabilities to see if you’re affected. There’s a shortcut: By making sure your software is compatible with the Common Vulnerabilities and Exposures (CVE), you make the vulnerability patching process incredibly simpler.
  3. Work with an open source vendor. Commercial open source vendors have already proven that they know products and code inside and out. In addition to that knowledge, they’ve also likely been on the receiving end of customer problems—and therefore know fixes. By maintaining an open dialogue with a commercial vendor, you’re able to get the maximum return on your open source tools. You’re also able to suggest features that should be added to a project.

Do you have any additional tips on how to increase open source adoption at your organization? Let us know in the comments below!

Meet Assembly, the Open Source Platform That Will Get You Paid

  
  
dollar 499481 640

The open source movement continues to gain steam, with organizations across all industries—from healthcare to education to government and everything in between—finding uses for software designed in collaborative environments.

But why should the open source philosophy start and stop with coding?

Meet Assembly, a new startup that intends to bring even more people into the open source community. The platform allows open source coders to link up with a slew of other talents—like product managers, marketers and salespeople—in order to enhance the collaborative process.

“By supporting that richer collaboration, Assembly brings the ethos of open source software to a much broader set of capabilities,” explains Brad Burnham, an investor in Assembly.

Here’s how it works: Let’s say you and a small team of programmers are working on a project. You might have a great idea, but you might not be the best salesmen, writer or graphic designer.

Chances are you’re going to need to find at least one or two more pieces of the puzzle in order to take your project to the next level. And that’s exactly where Assembly comes into the equation.

Instead of getting paid in a typical manner, Assembly contributors receive a stake in the company. They get “paid” as a percentage of future earnings. The more important the contribution, the larger the stake a contributor will receive. And all payment and legal aspects are overseen by Assembly.

Founded in 2013, Assembly recently announced a $2.9 million round of funding. The company is still in its infancy, and so far, only two of the five products that have launched via the platform have turned profits—though they’ve been used by four million customers.

But there are currently 50 projects underway on Assembly. So there’s a good chance those numbers might become even more impressive in the near future.

Open Source is Making ‘Dumb’ Phones Smart in India

  
  

phoneDeepak Ravindran, an Indian entrepreneur, found himself having to answer a question one day with access only to an older mobile phone—one that lacked the “intelligence” found in today’s smartphones. Being unable to use the Internet to answer a quick question pushed Ravindran was inspired to build an algorithm that would allow owners of rudimentary phones to still get Internet information—quickly.

Enter SMSGyan, a service that allows users to text a question and receive an answer. Once a question is received, the company’s algorithm is used to scour the Web to find the right answer and return it in text message form.

In a country where 700 million people lacked Internet access, SMSGyan brought 120 million of them into the digital age.

But once Android phones became available in India, however, many citizens upgraded to these inexpensive and intelligent smartphones. SMSGyan quickly become a thing of the past, at least in India. Ravindran understood this evolution, and began looking for other markets for his product.

There was a lot of interest, especially from countries in Africa and Southeast Asia, Ravindran reported, but this time around, with this launch, his company decided to take a different approach.

“The time is right for us to take the bold action of making our offline Internet service free, and we are going even further by committing to post the source code for free,” Ravindran says. “By giving away the source code, we can ignite the creative energies of the entire developer community and fuel unprecedented levels of innovation in the SMS market.”

 The Indian entrepreneur says the decision to go open source provides three benefits: Customers get access to better technology, developers are able to explore a whole new market opportunity and the business gets to license the product to telecom operators. And already, operators in Pakistan, Sri Lanka, the Philippines, Thailand, Indonesia, Nigeria and Kenya have expressed interest.

Thanks to Ravindran, many people will be able to take advantage of a mobile Internet of sorts, even without a smartphone. It’s about time.

Three Interesting Open Source Projects for 2015

  
  

A new year means new beginnings.

Maybe you’re looking for new open source tools that your business can use to take it to the next level. Or maybe you’ve made use of countless solutions over the years and feel as though it’s time to give back.

Whatever the case may be, there’s no shortage of exciting open source projects you could get involved with—or at least follow regularly. With that in mind, let’s take a look at three of them that you should keep your eye on in 2015:

  • OpenMRS. Healthcare facilities are required to migrate their record-keeping systems to the digital world. In doing so, they’re able to improve the quality of care they deliver, as information is easier to locate, enhance and save. Originally formed in Kenya, OpenMRS is now a globalized open source community that builds an open source platform to store, save and send electronic medical records.
  • BRL-CAD. These days, 3D designing and 3D printing are all the rage. We still have a long ways to go before seeing the full extent of how this kind of technology will change our lives. Maybe one day, instead of heading to the store to pick up some clothes hangers, we will be able to print 10 of them out at home. If this space piques your interest, consider joining BRL-CAD. The open source solid modeling system allows users to edit 3D projects and features high-performance ray-tracing for rendering and geometric analysis, according to the project’s website.
  • FLOSS Manuals. Not a programmer? Not a problem! If you’re an open source evangelist who thinks C++ looks closer to a test grade than a computer language, you can still contribute to projects. Maybe you can’t write code but you can write words. Head on over to FLOSS Manuals, a repository of manuals relating to open source projects. They’re always looking for new blood to get involved.

What current open source projects are you most interested in? Let us know in the comments below!

Do You Work in the Data Center? Here Are Three Open Source Projects You Need to Know About

  
  

dataFor years, open source solutions have gained steam as programmers and decision makers began to see firsthand how they could benefit from the technology.

From a coder’s point of view, open source solutions provide a foundation upon which new pieces of software can be built rather than starting from scratch. From a business manager’s perspective, open source tools will likely cost the company considerably less than proprietary solutions while at the same time providing a high level of security and functionality.

These days, open source tools have become ubiquitous. From platforms on which to build apps to printers to Internet of Things solutions and everything in between, there’s no shortage of open source technology on the market. In fact, it seems as though every few days we learn about how open source can transform another specific industry or aspect of a business.

Where is the technology going next? Let’s take a look three open source projects in the works that may impact data centers in the near future:

  1. OpenStack is billed as an open solution that helps businesses create either public or private clouds, managing provisioned resources with ease. A versatile cloud management platform, OpenStack allows data center administrators to manage all resources in heterogeneous environments from one central dashboard, boosting efficiency along the way.
  2. Docker, an open source virtual container management tool, has exploded in popularity this year. In June, there were 14,000 applications on the company’s repository. By October, that number had swelled to 35,000. Containers aren’t a new concept, dating back to 2000. But when applied to the data center, Docker is truly transformative, as it allows consumption of considerably less computing resources than traditional hypervisors. 
  3. OpenDaylight is an open platform that can be leveraged to enable software-defined networking in your data center. OpenDaylight serves as a controller, which gives administrators the ability to manage traffic flow and different network components.

Which open source tools are you using in your data center? Let us know in the comments below!

Last Year’s Open Source Accomplishments Paint an Optimistic Future for 2015

  
  

Years ago, when you thought about open source, your mind probably began thinking immediately about Linux. But last year—particularly after Microsoft decided to move its .NET platform to the open source community—we learned that companies of all ranks have finally accepted the merits of free and open solutions.

For all intents and purposes, 2014 was one of the strongest years for open source to date. Consider these three projects:

  • OpenJDK. In 2014, Java continued to move forward with its open source iteration. Last year, company brass offered insight into the ninth edition of the Open Java Development Kit (JDK), which should ostensibly be released sometime this year. OpenJDK is licensed under the GNU General Public License.
  • Kubernetes. Google’s open source cluster manager was launched in 2014. Within a month, Microsoft and IBM—two of Google’s bigger competitors—signed on to help with the project. Already, platform-as-a-service providers like OpenShift, Deis and Cloud Foundry have turned to Kubernetes as a standard orchestration framework. Taken together, this shows how open source makes strange bedfellows and the results can be quite impactful very quickly.
  • OpenStack. Long a darling of the open source movement, the once cacophonic OpenStack cloud computing software platform became more cohesive, successfully infiltrating the enterprise last year. “OpenStack is kind of a loose collection of modules,” explains Gary Chen of IDC. “But the past couple of releases, they’ve been working on getting the integration together, so now the teams have started collaborating.”

Of course, the list could go on and on. In any case, last year’s momentum appears likely to push the open source community even further in 2015. We look forward to seeing how it all plays out.

Does Open Source Code Impact Software Security?Download Our Whitepaper

With Hortonworks IPO, Open Source Invades Wall Street

  
  

Technology has helped companies collect a seemingly endless amount of customer-specific data. That data can be used to more effectively target customers. But in order to do that, businesses first have to make sense of the scores of data they now have at their disposal.

And that’s where Hortonworks comes into the equation.

A Yahoo spinoff, Hortonworks was founded in 2011 and uses the open source tool Hadoop to synthesize and analyze ever-increasing amounts of corporate data. While the company offers its solutions free of charge, Hortonworks collects revenues from subscription fees and professional services. In other words, it hopes that its customers get hooked so they can then upsell them additional features. This differs from their major competitors like Cloudera, which also uses Hadoop but build proprietary add-ons on top of it.

Hortonworks is now looking to Wall Street to raise additional funds. According to published reports, Hortonworks is looking to sell 6 million shares somewhere in the $12-to-$14 range. Following the company’s initial public offering (IPO), analysts place the value of the big data company somewhere in the ballpark of $600 million.

According to the company’s filing, the vision of Hortonworks is to completely change the way businesses collect and process data. This field of big data is an extremely lucrative one these days, with IDC predicting that market will grow 27 percent each year through 2017, exploding to $32.4 billion over the next few years.

It’ll certainly be interesting to see how Wall Street responds to Hortonworks (which has taken the symbol HDP). But as companies produce and collect more and more data, the company’s value proposition is intriguing to say the least.

All Posts