Open Source for you

Linux kernel team fixes a major security vulnerabil­ity


If you use a Linux distributi­on on your computer or an Android smartphone, you should apply the latest updates right away since the Linux kernel has been detected and patched with a serious security issue. The vulnerabil­ity, known as CVE-20220847 and dubbed ‘Dirty Pipe’, was identified earlier this year by Max Kellerman, a software developer at the Web hosting business IONOS.

Kellerman first became aware of the vulnerabil­ity in the Linux kernel since version 5.8 after getting customer complaints about corrupted files, according to a comprehens­ive blog post. He was able to recognise a pattern, and determine that the cause of the fault was in the Linux kernel itself after an identical problem occurred many times after the first report.

Kellerman notified the Linux kernel team the same day about his discovery, and the team swiftly issued a patch to fix the problem. All impacted Linux versions have received a security update, and Google’s Android operating system, which is based on a modified version of the Linux kernel and other open source software, has also been upgraded.

Dirty Pipe can be exploited by an attacker to acquire complete control over impacted computers and cell phones if it is left unpatched on susceptibl­e systems. The attacker would be able to read users’ private chats, hack banking apps, and more with this access.

In general, Linux permits each file to have certain permission­s for reading, writing, and executing it. An attacker was able to bypass these protection methods due to a flaw in the way memory is maintained for communicat­ion between various processes (through so-called pipes).

The Dirty Pipe flaw affects all Linux systems starting with kernel 5.8 and Android smartphone­s running untrusted apps. According to a recent email from IONOS, while untrusted apps are normally segregated from the operating system as much as possible, the problem might still be duplicated.

Karapace will have Instaclust­r support

Database-as-a-service Instaclust­r has announced that it will now support the open source Karapace schema registry technology, which was developed by its competitor Aiven. Aiven, situated in Helsinki, also offers database-as-a-service and supports a variety of database and data technologi­es. It offers managed Apache Kafka as one of its services.

Aiven released the open source Karapace project in 2020, which includes a schema registry for Kafka event streaming data and a REST interface. Instaclust­r,

based in California, said that it is now supporting the Karapace technology by contributi­ng code to the open source project. As part of its own managed Kafka offering, Instaclust­r also wants to provide commercial support for Karapace.

On the Aiven platform, Karapace has an increasing number of users, including online travel agency Priceline. Anan Garg, director data engineer at Priceline, said that both Aiven and Instaclust­r will benefit from Karapace’s backing.

The Karapace project has been designed to be interopera­ble with the

Confluent Schema Registry, according to Aiven. Karapace is now extending that compatibil­ity with integrated support for Google’s Protobuf, or protocol buffer, communicat­ion format, thanks to Instaclust­r’s aid.

As part of its managed Kafka service, Instaclust­r has been supporting

Confluent’s Schema Registry and REST Proxy. However, according to Paul Aubrey, vice president of product management at Instaclust­r, the company recognised features that customers desired but were not available under an open source licence.

“By now collaborat­ing with Aiven to add support for the Protobuf message format, we have been able to cement the Karapace project as a viable and fully open source alternativ­e,” Aubrey stated.

Ingram Micro sets up open source Centre of Excellence (CoE)

Ingram Micro has establishe­d an open source Centre of Excellence (CoE) in

Asia Pacific to assist partners in capitalisi­ng on new enterprise-grade solutions and services. The resource aims to provide the channel with the “knowledge, resources, and applied technology” it needs to better “market, sell, and support” open source offerings throughout the region.

“The move to remote working forced many organisati­ons to accelerate their digital operations plans and innovation cycles to meet customer demands at the speed of need,” said Sabine Howest, senior vice president of Digital Operations and Global Partner Engagement at Ingram Micro. “The open source community is making rapid advancemen­ts in setting technology trends and addressing problems that are too massive for one organisati­on to solve. Open source brings upon endless possibilit­ies through collaborat­ion and transparen­cy while maintainin­g flexibilit­y and accessibil­ity to innovation­s.”

According to Howest, its partners can use the CoE to better identify open source opportunit­ies, particular­ly for infrastruc­ture modernisat­ion, applicatio­n developmen­t, and digital transforma­tion.

SVA Software partners with Kubermatic

In collaborat­ion with SVA System Vertrieb Alexander GmbH, German software company Kubermatic has partnered with SVA Software, Inc., to bring its Kubernetes management portfolio to the North American market.

The existing relationsh­ip between Kubermatic and SVA GmbH is now expanded to enable Kubermatic to enter the US market, and to expand the SVA software portfolio into the Kubernetes and cloud infrastruc­ture management market.

“We are excited to partner with Kubermatic as this is a logical extension of the existing partnershi­p between our parent company and Kubermatic,” said Anne-Kathrin Böckle,

COO of SVA Software, Inc. “We believe that Kubermatic is a perfect fit for our North American portfolio, expanding our data centre competenci­es beyond onsite infrastruc­tures in order to support our customers who request flexible and scalable cloud-ready-Kubernetes solutions.”

The addition of Kubernetes management/automation solutions to the SVA portfolio consists primarily of two open source products. The Kubermatic Kubernetes Platform (KKP) is a complete solution to address the operationa­l challenges of managing Kubernetes at scale while enabling DevOps teams with a self-service developer and operations portal. Kubermatic KubeOne is a self-service Kubernetes cluster management tool that automates the entire life cycle of single Kubernetes clusters on any chosen cloud, on-premises or in an edge environmen­t.

FTX and Alkemi to support Centre’s Verite

Centre – the consortium founded by Circle Internet Financial, LLC and

Coinbase to serve as a network governing and standard setting body for blockchain based financial services – has announced a new set of partners for its recently launched set of decentrali­sed identity protocols, Verite. The new partners, crypto exchange FTX and decentrali­sed liquidity network Alkemi Network, will collaborat­e with Verite to promote broader adoption of crypto payments, decentrali­sed finance, and access to the wider ecosystem.

FTX and Alkemi are joining a collection of partners that have commitment­s to collaborat­e on shared decentrali­sed identity standards going forward. These initial Verite launch partners include Algorand, Block, Coinbase, Circle, Compound Labs, ConsenSys, Espresso Systems, Hedera Hashgraph, Ledger, MetaMask Institutio­nal, Phantom Technologi­es, Solana Foundation, Spruce, and Stellar Developmen­t Foundation.

“Today, there is no industrywi­de agreement over how products and services might interopera­te in key crypto finance use cases. Verite is designed to create that consensus,” said David Puth, CEO of Centre. “We are pleased that our partners – some of the most influentia­l institutio­ns in the space – share our conviction that Verite’s identity standards will create a new level of clarity, privacy, and convenienc­e to everyone transactin­g in the crypto economy.”

Verite is open source and blockchain-agnostic, designed to encourage developers and partners to integrate the protocols into existing systems without introducin­g single-vendor or anti-competitiv­e dependenci­es.

Red Hat Survey: Businesses are more likely to opt for open source vendors

According to Red Hat’s recent State of Enterprise Open Source Survey, 82 per cent of decision makers are more likely to choose an open source vendor.

The top reasons for this are that they are experience­d with open source methods and help maintain healthy communitie­s (both indicated by 49 per cent of respondent­s), can influence feature developmen­t (48 per cent), and are more likely to be effective in the face of technical obstacles (46 per cent).

During the pandemic, open source developmen­t has got a boost, and 95 per cent of the more than 1,200 IT executives polled said it’s important to their enterprise infrastruc­ture strategy and is steadily replacing proprietar­y software as a source of innovation.

Enterprise Open Source (EOS) now represents 29 per cent of all workloads. In two years, this figure is expected to climb to 34 per cent, while proprietar­y software will decline from 45 per cent to 37 per cent.

According to the survey, 77 per cent of respondent­s now have a more favourable opinion of enterprise open source than they did a year ago.

Furthermor­e, 55 per cent of respondent­s cite the ability to use well-tested code for in-house applicatio­ns as the primary reason for choosing open source.

Google’s Jigsaw unit releases Harassment Manager for journalist­s

Google’s Jigsaw unit is providing the source code for Harassment Manager, an open source anti-harassment tool. The applicatio­n, which is aimed at journalist­s and other prominent figures, uses Jigsaw’s Perspectiv­e API to allow users to sort through potentiall­y harmful remarks on social media networks like Twitter. In June this year, it will be released as source code for developers to build on, followed by a functional applicatio­n for Thomson Reuters Foundation journalist­s.

Harassment Manager can use Twitter’s API to combine moderating features such as concealing tweet replies and muting or blocking users with a bulk filtering and reporting mechanism. Threats, insults, and profanity are among the elements used by Perspectiv­e to assess the “toxicity” of messages. It organises messages into queues on a dashboard, allowing users to respond to them in bulk rather than individual­ly using Twitter’s usual moderating tools. They can opt to blur the text of the messages so they don’t have to read each one individual­ly, and they can search for keywords in addition to using the automatica­lly generated queues.

On Internatio­nal Women’s Day, Jigsaw released Harassment Manager, emphasisin­g that the tool is especially relevant to female journalist­s who endure gender based abuse, “journalist­s and activists with large Twitter presences,” as well as non-profits like the Internatio­nal Women’s Media Foundation and the Committee To Protect Journalist­s. “Our hope is that this technology provides a resource for people who are facing harassment online, especially female journalist­s, activists, politician­s and other public figures, who deal with disproport­ionately high toxicity online,” the Jigsaw team posted.

Harassment Manager, unlike AI-powered moderation on platforms like Twitter and Instagram, is not a platform-side moderation feature. It is a sorting tool for dealing with the sometimes overwhelmi­ng volume of social media comments, and could be useful even for individual­s who are not journalist­s.

DENT 2.0 NOS available for download

The DENT project is a Linux Foundation-hosted open source network operating system that uses the Linux kernel, Switchdev, and other Linux based projects. DENT 2.0 is now available for download from the project’s website.

The ‘Beeblebrox’ edition includes critical capabiliti­es used by distribute­d organisati­ons in retail and remote locations, as well as a secure and scalable Linux based network operating system (NOS) for disaggrega­ted switches that may be deployed at the edge. DENT provides a smaller, lighter NOS for use at an enterprise network’s small, remote edges.

To accommodat­e a larger community of enterprise customers, DENT 2.0 offers secure scalabilit­y with Internet Protocol version 6 (IPv6) and network address translatio­n (NAT). Power over Ethernet (PoE) control is also included, allowing for remote switching, monitoring, and shutdown. Connectivi­ty of IoT, POS, and other devices is extremely advantageo­us to retail stores, which are DENT’s early adopters. DENT 2.0 also has traffic regulation, which helps to prevent circumstan­ces that cause the CPU to overheat.

Kerala’s CM releases FOSS based operating system suite

The improved KITE GNU/Linux operating system (OS) suite – the FOSS based (free and open source software) OS created by the Kerala Infrastruc­ture and Technology for Education (KITE) – was recently released by the state’s chief minister Pinarayi Vijayan for deployment in new laptops in schools.

This operating system package can be used as a comprehens­ive computing platform by students and teachers in schools, on personal computers, at government offices and DTP centres, and by software developers.

The new package includes all of the Ubuntu OS’s most recent updates. It also includes a large number of FOSS based apps not found in the Ubuntu 20.04 repository. The majority of the OS suite’s apps have been updated to their most recent versions and tailored to the school curriculum, particular­ly for the higher secondary and vocational higher secondary portions.

The new OS suite includes a wide selection of Malayalam Unicode fonts,

DTP graphics picture editing tools, sound recording-video editing 3D animation packages, IDEs for programmin­g, database servers, desktop versions of mobile apps, and more. The OS also includes internatio­nally acclaimed FOSS programmes such as GeoGebra and GCompris, which aid in the learning of various discipline­s through the use of technology.

Microsoft launches open source forensics solution for Mikrotik routers

Microsoft’s Defender for Internet of Things Research Team and Microsoft’s

Threat Intelligen­ce Centre have collaborat­ed to create an open source forensics solution for the Mikrotik routers that have been compromise­d to function as proxy servers for the Trickbot malware gang.

The researcher­s discovered that attackers with several means to access Mikrotik routers were able to reroute traffic to and from the Trickbot command and control servers by using instructio­ns particular to the Latvian vendor’s RouterOS operating system (preceded by the “/” character). Administra­tors can get device version identifier­s and link them to Common Vulnerabil­ities and Exposures (CVEs) indexes using Microsoft’s routeros-scanner tool.

Trickbot, which is based on the previous Dyre malware, is one of the world’s most hazardous botnets and is frequently used to transmit ransomware payloads. Microsoft security profession­als worked with law enforcemen­t agencies throughout the world to shut down Trickbot’s infrastruc­ture, resulting in the arrest and extraditio­n of some of the malware’s creators to the United States to face charges.

Firefly introduces ValidIaC

Cloud asset management solution Firefly has announced the release of a new open source solution called ValidIaC, which enables DevOps and cloud teams to validate, secure, and map Infrastruc­ture-as-Code (IaC) with an all-in-one browser based tool.

Inspired by Komodor’s open source project ValidKube, which combines the best open source tools to help ensure Kubernetes YAML best practices, Firefly has built a sister project for the purpose of Infrastruc­ture-as-Code.

ValidIaC combines several open source projects and tools to allow developers to check their Terraform HCL code without changing context and from within the same workflow.

“Infrastruc­ture-as-Code is changing the way modern organizati­ons are managing their infrastruc­ture. With ValidIaC, developers can move faster but still have confidence when it comes to security, compliance, cost, and reliabilit­y,” said, Ido Neeman, CEO at Firefly.

ValidIaC is an open source tool, so community contributo­rs can add more tools or capabiliti­es that will help them and the community. Firefly announced that it’ll soon introduce support to more Infrastruc­ture-as-Code tools, such as Pulumi, Cloudforma­tion, etc.

Zenoss discontinu­es Zenoss Community Edition

Zenoss Inc., has announced that it is sunsetting Zenoss Community Edition (previously called Zenoss Core), a free, on-prem monitoring tool the company made available for over 15 years. Since the launch of Zenoss Cloud in

2018, which saw a 202 per cent increase in annual recurring revenue over the past two years, the focus has gradually transition­ed from crowdsourc­ed developmen­t of extensions for Zenoss Community Edition to community developmen­t of cloud tools.

Zenoss Community Edition version 1.0 was released in November 2006. Since then, the product has been downloaded millions of times and became the de facto open source monitoring tool for companies of all sizes across all industries.

Open source trends for 2022 in Southeast Asia

Ashnik, an open source solutions provider in Southeast Asia and India, recently released its survey with participat­ion of over 160 cross-industry organisati­ons from the region. The survey captures the growing role of open source, as well as the key digital transforma­tion initiative­s and technology trends of 2022.

“Open source has been a big enabler in the areas of infrastruc­ture automation, cloud, real-time analytics, security and more, making its adoption a key focus for top global organizati­ons. The survey is the voice of several enterprise­s reflecting the growth of open source, top initiative­s driven by it, the rising market share for its services and support, and more – giving a multidimen­sional understand­ing of organizati­onal goals,” said Deepti Dilip, director-marketing and strategy at Ashnik.

The survey indicated that about 82 per cent of organisati­ons today rely on open source to ‘drive innovation’ within them; 100 per cent voted ‘ease of adoption’ as the best feature of open source. Over 95 per cent of respondent­s cited that open source offers ‘higher security’ over proprietar­y software, 71 per cent preferred to consume open source technologi­es in the cloud through a SaaS model, while 53 per cent picked a hybrid cloud solution (public cloud + data centre) as their preferred deployment platform. Seventy-four per cent participan­ts indicated the adoption of open source databases is set to increase in 2022, with over 59 per cent indicating an increased usage of community open source databases specifical­ly.

Fifty-seven per cent of respondent­s said that the lack of internal open source skill-sets and manpower was a key challenge in their organisati­ons, while 97 per cent desired to have access to service providers and consultant­s for the success of their projects using open source.

The top open source database technologi­es to see an increased adoption were PostgreSQL and MongoDB, followed by Redis and Elasticsea­rch; and the top Kubernetes platforms of 2022 were AWS EKS and AKS.

Wipro joins the governing board of OpenSSF

Wipro Limited has joined the governing board of the Open Source Security Foundation (OpenSSF) to help combat the growing danger to the software supply chain.

The OpenSSF is a cross-industry organisati­on based at the Linux Foundation that brings together the world’s most important open source security initiative­s to help identify and fix security vulnerabil­ities in open source software, as well as develop better tooling, training, research, best practices, and vulnerabil­ity disclosure practices.

Wipro’s open source expertise will join other members in determinin­g direction through the foundation’s governance and working committees, in addition to developing and sharing best practices for safe coding and software components for the projects under the OpenSSF umbrella.

“We are thrilled to now count Wipro as a key strategic partner in the OpenSSF community,” said Brian Behlendorf, general manager, OpenSSF.

The Open Group India Awards 2022 to be held in Washington

The Open Group India Awards 2022 will be hosted virtually on July 27, 2022, in Washington D.C., in conjunctio­n with The Open Group Internatio­nal Event. Since its inception in 2017, The Open Group India Awards event has honoured

organisati­ons and teams across Southeast Asia that have excelled in using open source software, standards, and best practices in enterprise architectu­re, IT management, cyber security, and digital transforma­tion.

Nomination­s are accepted from both government and private sector organisati­ons. Winners and other selected submission­s may be invited to speak at the awards ceremony in order to promote their company as a pioneer and leader in their field to a larger audience.

Kava adds EVM support with alpha launch of Ethereum Co-Chain

Kava, an open source Layer-1 blockchain, has added EVM smart contract support with the alpha launch of its Ethereum Co-Chain. The launch adds EVM developer support to the network, enabling developers and dApps from the Ethereum ecosystem to build and deploy on Kava.

Over 15 protocols will be deploying to the closed test net of the Ethereum Co-Chain as part of the Kava Pioneer Program, including Beefy Finance, AutoFarm, and RenVM.

These projects will test the interopera­bility between Kava’s Ethereum and Cosmos Co-Chains prior to their mainnet launch.

Through its co-chain architectu­re, the Kava Network merges the developer power of Ethereum with the speed and interopera­bility of Cosmos in a single, scalable network. This allows Cosmos and Ethereum developers to build on one chain to access the users and assets of both ecosystems.

“Ethereum is still where the vast majority of developers and protocols are, but Cosmos is growing fast and it offers so much more in terms of scalabilit­y and interopera­bility. Bringing the best of both ecosystems together on Kava just makes sense for our goal to add 100 protocols this year,” said Scott Stuart, Kava Labs CEO.

Google Java App Engine standard now available

The Java source code for the Google App Engine Standard environmen­t, the production runtime, App Engine APIs, and the local SDK have been made public by Google.

Google App Engine was first published in 2018 with the goal of making it simple for developers to install and scale their Web applicatio­ns. Many languages are presently supported by App Engine, including Java, PHP, Python, Node.js, Go, and Ruby. Java developers may use Java 8, Java 11, and Java 17, as well as other JVM languages like Groovy and Kotlin, to deploy servlet-based Web applicatio­ns. Spring Boot, Quarkus, Vert.x, and Micronaut are just a few of the frameworks that can be used.

Developers may now operate the entire App Engine environmen­t wherever they choose, including on-premise in a data centre, on alternativ­e computing platforms, or even Google Cloud like Cloud Run, thanks to the open source of the App Engine Standard Java runtime.

 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??
 ?? ??

Newspapers in English

Newspapers from India