Open Source

Companies Overlook Risks in Open Source Software, Survey Finds (betanews.com) 118

An anonymous reader shares a report: Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. The recent Equifax breach for example exploited a vulnerability in a widely used open source web framework, Apache Struts, and the study by software monetization specialist Flexera points out that as much as 50 percent of code in commercial and IoT software products is open source. "We can't lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space," says Jeff Luszcz, vice president of product management at Flexera. "However, most software engineers don't track open source use, and most software executives don't realize there's a gap and a security/compliance risk." Flexera surveyed 400 software suppliers, Internet of Things manufacturers and in-house development teams. It finds only 37 percent of respondents to the survey have an open source acquisition or usage policy, while 63 percent say either their companies either don't have a policy, or they don't know if one exists. Worryingly, of the 63 percent who say their companies don't have an open source acquisition or usage policy, 43 percent say they contribute to open source projects. There is an issue over who takes charge of open source software too. No one within their company is responsible for open source compliance, or they don't know who is, according to 39 percent of respondents.
Open Source

How Open Source Software Helps The Federal Reserve Bank of New York (hpe.com) 24

Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise: When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd.

One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all."

Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."
Open Source

Linux Now Has its First Open Source RISC-V Processor (designnews.com) 161

"SiFive has declared that 2018 will be the year of RISC V Linux processors," writes Design News. An anonymous reader quotes their report: When it released its first open-source system on a chip, the Freeform Everywhere 310, last year, Silicon Valley startup SiFive was aiming to push the RISC-V architecture to transform the hardware industry in the way that Linux transformed the software industry. Now the company has delivered further on that promise with the release of the U54-MC Coreplex, the first RISC-V-based chip that supports Linux, Unix, and FreeBSD... This latest development has RISC-V enthusiasts particularly excited because now it opens up a whole new world of use cases for the architecture and paves the way for RISC-V processors to compete with ARM cores and similar offerings in the enterprise and consumer space...

"The U54 Coreplexes are great for companies looking to build SoC's around RISC-V," Andrew Waterman co-founder and chief engineer at SiFive, as well as the one of the co-creators of RISC-V, told Design News. "The forthcoming silicon is going to enable much better software development for RISC-V." Waterman said that, while SiFive had developed low-level software such as compilers for RISC-V the company really hopes that the open-source community will be taking a much broader role going forward and really pushing the technology forward. "No matter how big of a role we would want to have we can't make a dent," Waterman said. "But what we can do is make sure the army of engineers out there are empowered."

Printer

New Open Source 3D Printer Can Print Without Human Intervention (autodrop3d.com) 49

Slashdot reader mmiscool shares some videos about "the next step in 3D printing": Autodrop3d is an open source system that solves the problem of needing a human to remove a 3D print from its print bed. Implemented as an open source hardware and software system, it allows for web based, multi-user print queue, automatic notifications, and web-based CAD design tools to all be integrated in one open source system. There's a video that shows the hardware in operation and a link to the web site with a Git repository for the software and hardware components.
Autodrop3D is now raising money on Kickstarter, promising to show their support for open source innovation by "releasing all of our documentation, design files, and software prior to the end of this Kickstarter campaign."

And for $75 pledges, "we will 3D print an object of your choice and mail it to you.... You will also receive our heartfelt thanks."
Open Source

Ask Slashdot: What's The Best Open Source Hardware to Tinker With? 134

This question comes from an anonymous Slashdot reader who just got an Arduino and started tinkering with electronics: I'm quite amazed at the quality of the hardware, software, and the available tutorials and (mostly free) literature. A very exciting and inexpensive way to get a basic understanding of electronics and the art of microcontroller programming.

Now that I'm infected with the idea of Open Source hardware, I'm wondering if the Slashdot community could suggest a few more things to get for a beginner in electronics with experience in programming and a basic understanding of machine learning methods. I was looking at the OpenBCI project [Open Brain Computer Interface], which seems like an interesting piece of hardware, but because of the steep price tag and the lack of reviews or blog posts on the internet, I decided to look for something else.

Leave your best answers in the comments. What's the best open source hardware to tinker with?
Mozilla

Donate Your Noise To Xiph/Mozilla's Deep-Learning Noise Suppression Project (xiph.org) 119

Mozilla-backed researchers are working on a real-time noise suppression algorithm using a neural network -- and they want your noise! Long-time Slashdot reader jmv writes: The Mozilla Research RRNoise project combines classic signal processing with deep learning, but it's small and fast. No expensive GPUs required -- it runs easily on a Raspberry Pi. The result is easier to tune and sounds better than traditional noise suppression systems (been there!). And you can help!
From the site: Click on this link to let us record one minute of noise from where you are... We're interested in noise from any environment where you might communicate using voice. That can be your office, your car, on the street, or anywhere you might use your phone or computer.
They claim it already sounds better than traditional noise suppression systems, and even though the code isn't optmized yet, "it already runs about 60x faster than real-time on an x86 CPU."
Open Source

Best Open Source Software Identified By InfoWorld Listicles (infoworld.com) 63

An anonymous reader writes: InfoWorld announced the winners of this year's "Best of Open Source Software Awards" -- honoring 68 different projects, spread across five categories. Besides the 15 best software development tools, they also recognized the best cloud computing software, machine learning tools, and networking and security software (as well as the best databases and analytics tools).

"Open source software isn't what it used to be," writes Doug Dineley, the site's executive editor. "The term used to conjure images of the lone developer, working into the night and through weekends, banging out line after line of code to scratch a personal itch or realize a personal vision... But as you wend your way through our Bossie winners, you're bound to be struck by the number of projects with heavyweight engineering resources behind them... Elsewhere in the open source landscape, valuable engineering resources come together in a different way -- through the shared interest of commercial software vendors."

More than 10% of the awards went to the Apache Software Foundation -- 7 of the 68 -- though I was surprised to see that five of the best software development tools are languages -- specifically Kotlin, Go, Rust, Clojure, and Typescript. Two more of the best open source software development tools were Microsoft products -- .Net Core and Visual Studio Code. And in the same category was OpenRemote a home automation platform, as well as Ethereum, which "smells and tastes like an open source project that is solving problems and serving developers."

Google

Google Publicly Releases Internal Developer Documentation Style Guide (betanews.com) 96

BrianFagioli shares a report from BetaNews: The documentation aspect of any project is very important, as it can help people to both understand it and track changes. Unfortunately, many developers aren't very interested in documentation aspect, so it often gets neglected. Luckily, if you want to maintain proper documentation and stay organized, today, Google is releasing its internal developer documentation style guide. This can quite literally guide your documentation, giving you a great starting point and keeping things consistent.

Jed Hartman, Technical Writer, Google says, "For some years now, our technical writers at Google have used an internal-only editorial style guide for most of our developer documentation. In order to better support external contributors to our open source projects, such as Kubernetes, AMP, or Dart, and to allow for more consistency across developer documentation, we're now making that style guide public. If you contribute documentation to projects like those, you now have direct access to useful guidance about voice, tone, word choice, and other style considerations. It can be useful for general issues, like reminders to use second person, present tense, active voice, and the serial comma; it can also be great for checking very specific issues, like whether to write 'app' or 'application' when you want to be consistent with the Google Developers style."
You can access Google's style guide here.
AMD

New Ryzen Running Stable On Linux, Threadripper Builds Kernel In 36 Seconds (phoronix.com) 186

An anonymous reader writes: After AMD confirmed the a "performance marginality problem" affecting some Ryzen Linux users, RMAs are being issued and replacement Ryzen processors arriving for affected opensource fans. Phoronix has been able to confirm that the new Ryzen CPUs are running stable without the segmentation fault problem that would occur under very heavy workloads. They have also been able to test now the Ryzen Threadripper 1950X. The Threadripper 1950X on Linux is unaffected by any issues unless you count the lack of a thermal reporting driver. With the 32 threads under Linux they have been able to build the Linux kernel in just about a half minute.
Open Source

How Open Source Advocates Celebrated The 26th Anniversary of Linux (linux.com) 99

To celebrate Linux's 26th anniversary, the Linux Foundation tweeted a picture of Tux on a birthday cake, and linked to an essay on OpenSource.com by FreeDOS founder Jim Hall: My first Linux distribution was Softlanding Linux System (SLS) 1.03, with Linux kernel 0.99 alpha patch level 11. That required a whopping 2MB of RAM, or 4MB if you wanted to compile programs, and 8MB to run X windows... To celebrate, I reinstalled SLS 1.05 to remind myself what the Linux 1.0 kernel was like and to recognize how far Linux has come since the 1990s.
"Getting X windows to perform was not exactly easy..." Hall writes, adding "the concept of a desktop didn't exist yet." Meanwhile Phoronix celebrated by republishing that fateful email Linus Torvalds sent on August 25, 1991. And Fossbytes shared the most recent statistics about modern-day Linux's 20 million lines of code from the Linux Foundation: During the period between the 3.19 and 4.7 releases, the kernel community was merging changes at an average rate of 7.8 patches per hour; that is a slight increase from the 7.71 patches per hour seen in the previous version of this report, and a continuation of the longterm trend toward higher patch volumes.
Debian

OpenSource.com Test-Drives Linux Distros From 1993 To 2003 (opensource.com) 80

An anonymous reader quotes OpenSource.com: A unique trait of open source is that it's never truly EOL (End of Life). The disc images mostly remain online, and their licenses don't expire, so going back and installing an old version of Linux in a virtual machine and getting a precise picture of what progress Linux has made over the years is relatively simple... Whether you're new to Linux, or whether you're such an old hand that most of these screenshots have been more biographical than historical, it's good to be able to look back at how one of the largest open source projects in the world has developed. More importantly, it's exciting to think of where Linux is headed and how we can all be a part of that, starting now, and for years to come.
The article looks at seven distros -- Slackware 1.01 (1993), Debian 0.91 (1994), Jurix/S.u.S.E. (1996), SUSE 5.1 (1998), Red Hat 6.0 (1999), Mandrake 8.0 (2001), and Fedora 1 (2003). Click through for some of the highlights.
Open Source

Linux Kernel Hardeners Grsecurity Sue Open Source's Bruce Perens (theregister.co.uk) 307

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Programming

How a VC-Funded Company Is Undermining the Open-Source Community (theoutline.com) 84

Adrianne Jeffries, reporting for The Outline: Is a $4 million venture capital-funded startup stealthily taking over popular coding tools and injecting ads and spyware into them? That's what some programmers fear may be happening. It is one of the most troubling scandals to hit the open-source community -- a robust network of programmers who work on shared tools for free -- in recent memory. It started back in April, when a programmer noticed a strange change to an open-source tool called Minimap. Minimap has had more than 3.5 million downloads, but like many open-source tools, it was maintained by a single person who no one knew much about other than their username: @abe33. At some point, @abe33, whose real name is Cedric Nehemie, was hired by Kite. Kite was started by Adam Smith, a successful tech entrepreneur who raised funding from a slew of big names including the CEO of Dropbox and the creator of WordPress. It is unclear what Kite's business model is, but it says it uses machine-learning techniques to make coding tools. Its tools are not open source. After being hired by Kite, @abe33 made an update to Minimap. The update was titled "Implement Kite promotion," and it appeared to look at a user's code and insert links to related pages on Kite's website. Kite called this a useful feature. Programmers said it was not useful and was therefore just an ad for an unrelated service, something many programmers would consider a violation of the open-source spirit. "It's not a feature, it's advertising -- and people don't want it, you want it," wrote user @p-e-w. "The least you can do is own up to that." "I have to wonder if your goal was to upset enough people that you'd generate real attention on various news sites and get Kite a ton of free publicity before your next funding round," @DevOpsJohn wrote. "That's the only sane explanation I can find for suddenly dropping ads into the core of one of the oldest and most useful Atom plugins." [...] Although Kite has no business model yet, it's widely thought in Silicon Valley that having users is the first step toward profitability. Adding users potentially benefits the company in another way, by giving it access to precious data. Kite says it uses machine learning tactics to make the best coding helper tools possible. In order to do that, it needs tons of data to learn from. The more code it can look at, the better its autocomplete suggestions will get, for example.
Debian

Debian 'Stretch' Updated With 9.1 Release (debian.org) 40

An anonymous reader quotes Debian.org: The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems... Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media... Those who frequently install updates from security.debian.org won't have to update many packages, and most such updates are included in the point release.
AI

Mozilla's New Open Source Voice-Recognition Project Wants Your Voice (mashable.com) 55

An anonymous reader quotes Mashable: Mozilla is building a massive repository of voice recordings for the voice apps of the future -- and it wants you to add yours to the collection. The organization behind the Firefox browser is launching Common Voice, a project to crowdsource audio samples from the public. The goal is to collect about 10,000 hours of audio in various accents and make it publicly available for everyone... Mozilla hopes to hand over the public dataset to independent developers so they can harness the crowdsourced audio to build the next generation of voice-powered apps and speech-to-text programs... You can also help train the speech-to-text capabilities by validating the recordings already submitted to the project. Just listen to a short clip, and report back if text on the screen matches what you heard... Mozilla says it aims is to expand the tech beyond just a standard voice recognition experience, including multiple accents, demographics and eventually languages for more accessible programs. Past open source voice-recognition projects have included Sphinx 4 and VoxForge, but unfortunately most of today's systems are still "locked up behind proprietary code at various companies, such as Amazon, Apple, and Microsoft."
Open Source

Media Player Classic Home Cinema (MPC-HC) for Windows Pushes What Could Be Its Last Update (mpc-hc.org) 139

Popular open-source media player for Windows, Media Player Classic Home Cinema -- or MPC-HC, has issued what it says could be the last update the app ever receives. The team writes: v1.7.13, the latest, and probably the last release of our project... For quite a few months now, or even years, the number of active developers has been decreasing and has inevitably reached zero. This, unfortunately, means that the project is officially dead and this release would be the last one. ... Unless some people step up that is. So, if someone's willing to really contribute and has C/C++ experience, let me know on IRC or via e-mail. Otherwise, all things come to an end and life goes on. It's been a nice journey and I'm personally pretty overwhelmed having to write this post.
Programming

Open Source Contributions More Important Than Tabs Vs Spaces For Salary (opensource.com) 164

Jason Baker, a Red Hat data analyst, doesn't believe developers who use spaces make more money than those who use tabs. An anonymous reader quotes Baker's blog post: After reading the study one data scientist, Evelina Gabasova, performed some additional analysis and came to a slightly different conclusion, which feels a little more precise: "Environments where people use Git and contribute to open source are more associated both with higher salaries and spaces, rather than with tabs." In other words, if you're at a company where you're using version control and committing open source code upstream, you're statistically a little more likely to be a space-user and a higher wage-earner.
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.

"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."
Open Source

In Which Linus Torvalds Makes An 'Init' Joke (lkml.org) 359

Long-time Slashdot reader jawtheshark writes: In a recent Linux Kernel Mailing List post, Linux Torvalds finishes his mail with a little poke towards a certain init system. It is a very faint criticism, compared to his usual style. While Linus has no direct influence on the "choices" of distro maintainers, his opinion is usually valued.
In a discussion about how to set rlimit default values for setuid execs, Linus concluded his email by writing, "And yes, a large part of this may be that I no longer feel like I can trust "init" to do the sane thing. You all presumably know why."
Open Source

Bruce Perens Warns Grsecurity Breaches the Linux Kernel's GPL License (perens.com) 474

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.

Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."
Operating Systems

48-Year-Old Multics Operating System Resurrected (multicians.org) 94

"The seminal operating system Multics has been reborn," writes Slashdot reader doon386: The last native Multics system was shut down in 2000. After more than a dozen years in hibernation a simulator for the Honeywell DPS-8/M CPU was finally realized and, consequently, Multics found new life... Along with the simulator an accompanying new release of Multics -- MR12.6 -- has been created and made available. MR12.6 contains many bug and Y2K fixes and allows Multics to run in a post-Y2K, internet-enabled world.
Besides supporting dates in the 21st century, it offers mail and send_message functionality, and can even simulate tape and disk I/O. (And yes, someone has already installed Multics on a Raspberry Pi.) Version 1.0 of the simulator was released Saturday, and Multicians.org is offering a complete QuickStart installation package with software, compilers, install scripts, and several initial projects (including SysDaemon, SysAdmin, and Daemon). Plus there's also useful Wiki documents about how to get started, noting that Multics emulation runs on Linux, macOS, Windows, and Raspian systems.

The original submission points out that "This revival of Multics allows hobbyists, researchers and students the chance to experience first hand the system that inspired UNIX."

Slashdot Top Deals