…all this and more in this week’s compendium of open source news!
Two Steps Forward, One Step Back
Sounds like a Strauss Waltz? Almost. After 10 years the city of Munich’s love affair with open source may be coming to an end. Despite saving $16 million by using the custom Linux distribution LiMux, the city is considering switching back to Windows due to user complaints. Read more about the motives surrounding the discussion at Network World.
Governments on GitHub
Governments across the globe have long been dabbling with open source software. Use of Open Source products like OpenOffice, Linux and Drupal are becoming commonplace. To further this trend, many governments are beginning to open source their own code as illustrated by the 10,000 active government users on GitHub. You could argue that since it is our taxes, then the code should be open. Read more about this growing trend at InfoWorld.
You Want Privacy? Google & Yahoo Are Here to Help
As a response to privacy concerns Google and Yahoo will be collaborating on end-to-end encryption for their respective webmail systems. The code will then be open sourced and safe, because the larger community can help search for bugs, backdoors, etc. Read more at Tech News World.
Who Are You Going To Sue?
At the recent Black Hat security conference, In-Q-Tel’s CIO Dan Greer laid out this thoughts on software security and liability. Greer believes that in the future software manufacturers will be held responsible for any problems caused by their software. By open sourcing all software Greer thinks it will be easier to pinpoint and remedy security problems. You can read his full rationale here.
GPL For House Design, Apache for Cars?
Well, it had to happen. The world is going gaga with open source. After open source plants and open source drugs, we have open source cars and open source houses! Paperhouses and a dozen other companies now offer architectural plans for a variety of dwellings. In the automotive industry, Local Motors thinks open source hardware can help accelerate the car design process allowing for transparency into what works and what doesn't work. And of course Open source seems poised to dominate automotive software.
Some sage advice…
If you’re curious about how open source vulnerability management fits into quality testing processes take a look at what our COO Norm Glaude has to say in a recent issue of Professional Tester Magazine.
There’s no shortage to the benefits open source software provides. Though the technology is certainly not without its criticisms—for example, depending on the product, you might run into a lack of quality support—lately, its proponents have been eying a new application for open source: compliance.
In a recent presentation, security professionals unveiled a proposed Payment Card Industry (PCI) Data Security Standard (DSS) compliance model that is based on open source technology. The system is designed, they said, to help reduce expenses, enhance scalability and make it easier to manage the technological infrastructure that supports PCI compliance.
The PCI standards are a set of protocols developed by major credit card companies that were designed to enhance data security. Should businesses fail to be PCI-compliant and then have their systems breached, they face significant fines and could even lose their merchant accounts. As such, it’s imperative that businesses consistently adhere to PCI standards.
There are open source alternatives available that support PCI compliance. For example, to meet the PCI DSS requirement that businesses use a consolidated log server and that the server be monitored with regularity, businesses can leverage a variety of open source tools like fluentd and logstash. As is the case with any piece of technology, companies will need to fine tune these tools to their precise specifications.
The question as to whether a business should adopt open source or proprietary solutions is one that has to be answered internally. With open source, when new needs arise, source code can be augmented to support those needs. But it could take some time to do that, so businesses need to decide whether the benefits of open source outweigh the costs.
Is open source positioned to become the next mode of standardization in the virtualization world?
It appears that might very well be the case following the European Telecommunications Standards Institute (ETSI) Network Functions Virtualization (NFV) Industry Specifications Group’s decision to move forward with an open source project designed to meet that end. The group hopes that open source solutions can be leveraged to provide businesses with the interoperability in their data centers that previously resulted from standardization.
The group’s project—Open Platform for NFV—would fall under the umbrella of the Linux Foundation. As OpenDaylight, a similar open source project, took an open source approach to the SDN controller, Open Platform for NFV, like its name suggests, aims to develop an open source platform for NFV.
During a panel discussion about the changing role of standards at the Big Telecom Event, Neela Jacques, executive director of OpenDaylight, said that open source is simply a more efficient way of solving complex problems, and because of that, programmers are increasing turning toward the technology.
“What you need is a common code base,” he said. “We dovetail very well with standards efforts – the fact is open source solutions are becoming de facto standards.”
Open source solutions aren’t out to put all proprietary companies out of business, according to Prodip Sen, CTO at Hewlett-Packard. At the end of the day, businesses still want to be able to call someone when there’s a problem with their hardware or software.
“The way we look at open source is that it is a way to create a sub-strata of interoperability, and a way we get to interoperability and standardization without waiting for a long, drawn-out standards process,” Sen explained.
Still, it appears we are a few years from NFV becoming pervasive in the data center. That’s because operations need to catch up, as every organization and employee has different needs and skills sets. But thanks to open source, that education might be finished sooner than later.
It’s all here in this week’s compendium of open source news
A Tangled Web of GPLv2, Patents and Software Distribution
A new court case could have Far-Reaching Effects for software Licensing. It began when Versata took its licensee Ameripres Financial to court to stop them from modifying its commercial Distribution Channel Management (DCM) software. Ameriprise counter claimed that since DCM included GPL code from XimpleWare, they were allowed to make modifications. XimpleWare sued both of them, alleging that they should both release their source code under GPL obligations. To make the matter more exciting, XimpleWare then claimed that they owned patents in their GPL-licensed code, and allowing the use of their code under GPL copyright license does not automatically mean a patent license permission. So a) admire our beautiful infographic (click on the image), b) read the complex tale at opensource.com and c) read our survey of other high profile IP infringement cases.
Forget About The Phones- Is Your Fridge Safe?
A recently discovered security vulnerability has some Android users on high alert. The vulnerability, called Fake ID, can allow malware to impersonate apps and can change the phones settings ultimately taking over the device. The security hole allows hackers to create their own identity certificates then forge a claim it was issued through a certificate authority. The vulnerability has existed since the launch of Android 2.1 in January 2010 and effects devices than run on anything older than Android 4.4. Read more at Ars Technica.
Shattering Open Source Myths
We officially love Matt Asay! This time he takes aim at those still attacking open source software, and points out that many studies show that open source is often better quality than proprietary software. And to those who say that there is no money in open source hepoints out the myriad of companies that either sell services built on open source software (Netflix, Facebook, Google etc.) or the companies like Hadoop or Cloudera that sell services and software to compliment open source offers. Read Asay’s full retort at InfoWorld.
Learning with GitHub
Last year Facebook launched Open Academy, a course that allows students from around the world to gain course credit by contributing to an open source project and equipping them with the broader open source skills to contribute when they enter the workforce. Open Academy works with GitHub, gives students free accounts to host their projects on, and on successfully passing the final exams honours them with Open Academy Awards. Read more at Fast Company.
Government Gives Small OSS Players a Chance
Following in the footsteps of other governments, The US General Services Administration (GSA) announced a new policy that will give priority to open source software for all new IT projects developed by the GSA. GSA CTO believes that this move will level the playing field for small open source projects that do not have a large sales force (and of course save the GSA money). Read more at Fed Scoop.
Governments Going Open. Seriously.
Adopting open source so successfully and looking quite pleased with themselves, governments are now toying with opening their other bureaucratic playgrounds. Governments at all levels around the world are slowly introducing open governance in the form of open data and transparent governance. Open of these is the city of Raleigh North Carolina with their SeeClickFix app which allows citizens to report “bugs” in infrastructure. Read more about Raleigh’s open government initiatives at Motherboard.
These days, computing processing power has advanced to the point where we can collect a previously unimaginable wealth of information relating to virtually everything. And it can be reasonably concluded that such processing power will increase substantially in the years to come, just as it has in years past.
As we enter the age of big data, it’s more important than ever that companies have the ability to process those vast amounts of data, analyzing it in such a way to derive actionable information that can be leveraged to improve business processes and better serve customers.
It’s increasingly looking like open source data architecture—like Apache Hadoop—provides businesses with the tools necessary to process all amounts of data. Whereas in the past, companies were more likely to collect relational data, today’s information is so diverse that in a majority of cases, those relationships aren’t evident.
“From cell phone logs to GPS data, 85 percent of data being created every year is unstructured, not transactional data,” explains Herb Cunitz, president of Hortonworks, a spinoff of Yahoo founded in 2011 to help companies process large swaths of data. “Hadoop, in our view, fits well into this environment. It doesn’t replace the old architecture, it augments it – and allows the existing tools you have to access that data, too.”
Hadoop allows companies to process large batches of data in a matter of seconds, providing decision makers with real-time results. While the rise of readily available metrics has led some companies to see an opportunity for proprietary solutions, open source – “the single fastest way to innovate,” Cunitz says – allows businesses freedom from vendor lock-in, something that’s essential in today’s technologically driven world. And that’s why Hadoop is being leveraged by more and more companies.
…are all covered in this week’s compendium of open source news!
Death of OSS licensing dead or in its prime?
Recently, technology writer Matt Asay wrote an article in InfoWorld heralding the death of open source licensing. OSI president Simon Phipps fired back by declaring open source licensing more important than ever. Phipps sates that using a (preferably OSI approved) licensed project is especially important in cases of distributed and commercial development. Read the rest of Phipps’ argument at InfoWorld, or read our thoughts on the subject here.
Open source Darwinism pays off
Evolution works by selecting the strongest species to survive while others perish. The same can be said for open source — for every successful open source project, there are thousands that have failed. So what’s the next evolutionary step after your open source project has gained dominance? Convert to a dual-license model, (if you goal is to make money from the project). Read about the ups and downs of some dual-licensed projects at the New York Times.
Open source toddler
If you find the idea of raising a human child a little to challenging, you could try your hand at a robotic one. Researchers from the France-based Inria Flowers Lab have released a 3D printable humanoid robot named Poppy. The group released everything you need to build the primitive (toddler-like) robot including CAD files and the control software under a Creative Commons license. So, if you’ve got a few days (and around $12k) to spare you can find everything you need to get started on your own Poppy farm here, or read more at Design Engineering.
The open source machine-learning platform PredictionIO has just raised $2.5 million in funding, which will help bring the platform to the wider open source community. The company hopes to give organizations of all sizes access to automated data interpretation and prediction platforms, which have traditionally been reserved to those who can either a) afford expensive closed source options or b) take the time to develop their own machine-learning code in house. Couple that with those Poppy toddlers in previous story, and wow! Read more at The VAR Guy.
Hacking the browser
Breech, a new open source browser launched earlier this month, is completely customizable – so customizable in fact that when you launch the browser it has no functionality. Unlike other browsers that allow the development third party plugins for extra functionality, Breech is customizable right down to the navigation and display. This could bring some innovative new ideas to increasingly stale browsers. Read more here or start hacking here.
Open source standards released in the UK
As part of its plan to migrate towards open source software, the UK government has announced that PDF/A or HTML for viewing government documents, and Open Document Format (ODF) for sharing or collaborating on government documents are now standard. By moving towards open source the UK hopes to spur innovation and, of course, save money. Read more at Public Technology.
For our German readers…
We recently had an article on package pre-approval published (in German) in Elektroniknet. We also have a webinar on managing open source security vulnerabilities (also in German) coming up. You can register here.
Taking advantage of open source software and hardware, Samsung recently announced a plan to help entrepreneurs craft wearable technology that will revolutionize the health care industry, according to Samsung officials.
The Samsung Digital Health Challenge will be funded by $50 million, and the company hopes programmers will help create innovative, non-invasive technology that will improve the delivery of health care. Moreover, officials hope developers will build data collection sensors and algorithms that collect health tracking data that can be leveraged to provide better care.
To do that, Samsung has released both open source software and hardware to encourage the open source community to help meet the challenge’s goals:
- From the hardware perspective, the Simband is a band that is worn on the wrist, which allows programmers to track whichever health metrics they want. The band also boasts the functionality of letting additional hardware be integrated into it, and Samsung has already said it hopes partners will augment the technology in the future so it can be worn elsewhere.
- From the software perspective, the Samsung Architecture for Multimodal Interactions (SAMI) is a cloud-based platform that enables programmers to analyze the various data that the sensors collect. Because the platform is open source, developers will be able to access the data that is generated by their own projects, while also being able to access the data from other projects as well. The company hopes that in the future, new algorithms will be able to be generated from the expansive health data collected by the program.
The University of Callifornia-San Francisco (UCSF) will be partnering with Samsung to test the technologies that emerge from the project.
“Our bodies have always had something to say but now, with advanced sensors, algorithms and software, we will finally be able to tune into what the body is telling us,” explained Dr. Michael Blum, associate vice chancellor of infomatics at USCF. “Validation of these technologies will improve the quality of data collected and help advance the ability to bring new products to market quickly.”
The fact that Samsung launched the initiative is perhaps a sign the company realizes it lacks the expertise to manufacture transformative wearable technology on its own. But by leveraging the open source community and investing in it, the company is likely to find some formidable partners.
No matter how sophisticated technologies become and how much mankind evolves, there is little—if anything—we can do to prevent natural disasters from occurring. What we can do, however, is implement technologies that help streamline the way we respond to such disasters.
And that’s where the World Bank Global Facility for Disaster Reduction and Recovery (GFDRR) comes into the equation. The organization educates governments and communities on how to respond most efficiently and effectively to natural disasters. One aspect of that management is Code for Resilience, an initiative run by the GFDRR that leverages the power of open source, bringing risk management decision makers and software developers together to work collaboratively on solving disaster-related issues.
For Dr. Alanna Simpson, senior disaster risk management specialists at GFDRR, such collaboration is one of the biggest perks of the open source and open data movements: bringing together two parties that might not interact with one another otherwise. There are proprietary tools governments can leverage to help reduce the risks associated with disasters, but those tools are often expensive, meaning many governments don’t have the funds to deploy them, particularly in today’s challenging economy.
That’s what makes open source so attractive.
“Open source software and the availability of open data really lower the barrier for everyone to participate,” Simpson said. After all, the technology can be extremely cost-effective, with governments around the globe realizing substantial cost savings by choosing to deploy open source solutions.
Some of the best approaches to disaster risk mitigation, Simpson said, combine top-down and bottom-up approaches to data collection. Indonesia has served as an example of this philosophy in action, taking a community-based approach to disaster risk management. Since 2011, the project has mapped more than 1 million buildings across the country using open source tools they developed for that particular cause.
To date, GFDRR has empowered 40 million people in 24 countries to access information related to natural risk hazards. The group hopes that governments will be better equipped to respond to natural disasters when they do unfortunately occur in the future.
Recent vulnerabilities like Heartbleed served as a reminder of the importance of maintaining the integrity of networks and code so that systems and intellectual property remain protected at all times.
At Protecode, we understand that fully, which is why we’ve engineered our Global IP Signatures database to constantly cross-reference the National Vulnerability Database (NVD), a government repository that contains a database of security checklists, security-related software flaws and more. In doing so, our customers benefit from real-time analysis of third-party open source code contained in their projects.
That analysis generates a comprehensive report on all security vulnerabilities that may exist in their projects. Such insight allows customers to move forward with these projects knowing that the integrity of their code remains fully intact.
If our tools do in fact identify security vulnerabilities in existing open source code, our customers receive color-coded identification of those flaws indicating their severity. On top of that, the reporting tool highlights the components of the code that are flawed and also provides a description of what the glitches entail. Customers are also directed to the appropriate place on the NVD’s website where they can find additional information if they so choose.
As we saw with Heartbleed, new serious security flaws can be discovered at any time. Thanks to our analysis, our customers will know about these new glitches and bugs as soon as they are added to the NVD . Customers can also choose to track security vulnerabilities against certain packages.
Protecting the integrity of your code and intellectual property is something we don’t take lightly. And we don’t expect you to figure out how to do it on your own. Open source security vulnerability reporting tools can do the hard work for you so that you can focus on other mission-critical areas of your business.
Open source of course! Get the scoop in this week’s collection of open source news…
Linux to go …
A new distribution of Linux, specifically Automotive Grade Linux (AGL), could soon be fuelling a new generation of open source powered cars. What this means is that a) future Herbies will be cyber-talking to each other, and b) because of open source, future souped-up cars will be created (and driven) by hackers. Read more at Tech Republic then find out about the Automotive Grade Linux Working Group.
Crowdfunding: who’s laughing now?
Ten years ago when David Rappo first came up with the idea for a crowdfunding site solely dedicated to financing open source software projects, people laughed. Since then both open source software and crowdfunding have become mainstream, so Rappo has re-launched Bountysource, an (open source) platform for getting open source projects off the ground. Read more here.
Short term pain could mean long term gain for the NHS
Up until now, the UK’s Nation Health Service (NHS) has been weary of switching from a proprietary to open source operating (pun intended) system. And with good reason, since patient health records are sensitive information. But the discontinuation of support for their current XP operating system has renewed calls for a move to Linux. And while the initial switch won’t be without its headaches, the long term cost savings could be just what the doctor ordered. Read more at The Conversation.
DNA under Apache 2.0?
Could DNA be open sourced, so you (assuming you are a garden-variety DNA scientist) could download it, modify it and create a whole new creature? John Schloendorn CEO of medical start-up Gene And Cell Technologies, is proposing exactly that. He wants to take expensive (and restrictively licensed) proteins and make them open source. Scientists could then use these proteins to synthesis DNA. Interesting proposition covered in Radar (garden-variety DNA scientists go here).
if (dual_licensed) then open_source = $$
Patrick McFadin, chief evangelist for Apache Cassandra recently explained the ups and downs organizations face when deciding to open sourcing their products. He advocates staying away from a services model and sticking with dual open source and commercial license model for proprietary add-ons. He also points out that licensing is a major consideration - since restrictive licenses like GPL can both hamper and drive commercial growth depending on how they are applied. Read the full story at opensource.com.
Some friendly advice on managing vulnerabilities
Excuse us for tooting our own horn, but we think you may find the advice recently published in Law360 useful. Peruse our tips for managing open source security vulnerabilities here.