Open Source for you
Linux kernel team fixes a major security vulnerability
If you use a Linux distribution on your computer or an Android smartphone, you should apply the latest updates right away since the Linux kernel has been detected and patched with a serious security issue. The vulnerability, known as CVE-20220847 and dubbed ‘Dirty Pipe’, was identified earlier this year by Max Kellerman, a software developer at the Web hosting business IONOS.
Kellerman first became aware of the vulnerability in the Linux kernel since version 5.8 after getting customer complaints about corrupted files, according to a comprehensive blog post. He was able to recognise a pattern, and determine that the cause of the fault was in the Linux kernel itself after an identical problem occurred many times after the first report.
Kellerman notified the Linux kernel team the same day about his discovery, and the team swiftly issued a patch to fix the problem. All impacted Linux versions have received a security update, and Google’s Android operating system, which is based on a modified version of the Linux kernel and other open source software, has also been upgraded.
Dirty Pipe can be exploited by an attacker to acquire complete control over impacted computers and cell phones if it is left unpatched on susceptible systems. The attacker would be able to read users’ private chats, hack banking apps, and more with this access.
In general, Linux permits each file to have certain permissions for reading, writing, and executing it. An attacker was able to bypass these protection methods due to a flaw in the way memory is maintained for communication between various processes (through so-called pipes).
The Dirty Pipe flaw affects all Linux systems starting with kernel 5.8 and Android smartphones running untrusted apps. According to a recent email from IONOS, while untrusted apps are normally segregated from the operating system as much as possible, the problem might still be duplicated.
Karapace will have Instaclustr support
Database-as-a-service Instaclustr has announced that it will now support the open source Karapace schema registry technology, which was developed by its competitor Aiven. Aiven, situated in Helsinki, also offers database-as-a-service and supports a variety of database and data technologies. It offers managed Apache Kafka as one of its services.
Aiven released the open source Karapace project in 2020, which includes a schema registry for Kafka event streaming data and a REST interface. Instaclustr,
based in California, said that it is now supporting the Karapace technology by contributing code to the open source project. As part of its own managed Kafka offering, Instaclustr also wants to provide commercial support for Karapace.
On the Aiven platform, Karapace has an increasing number of users, including online travel agency Priceline. Anan Garg, director data engineer at Priceline, said that both Aiven and Instaclustr will benefit from Karapace’s backing.
The Karapace project has been designed to be interoperable with the
Confluent Schema Registry, according to Aiven. Karapace is now extending that compatibility with integrated support for Google’s Protobuf, or protocol buffer, communication format, thanks to Instaclustr’s aid.
As part of its managed Kafka service, Instaclustr has been supporting
Confluent’s Schema Registry and REST Proxy. However, according to Paul Aubrey, vice president of product management at Instaclustr, the company recognised features that customers desired but were not available under an open source licence.
“By now collaborating with Aiven to add support for the Protobuf message format, we have been able to cement the Karapace project as a viable and fully open source alternative,” Aubrey stated.
Ingram Micro sets up open source Centre of Excellence (CoE)
Ingram Micro has established an open source Centre of Excellence (CoE) in
Asia Pacific to assist partners in capitalising on new enterprise-grade solutions and services. The resource aims to provide the channel with the “knowledge, resources, and applied technology” it needs to better “market, sell, and support” open source offerings throughout the region.
“The move to remote working forced many organisations to accelerate their digital operations plans and innovation cycles to meet customer demands at the speed of need,” said Sabine Howest, senior vice president of Digital Operations and Global Partner Engagement at Ingram Micro. “The open source community is making rapid advancements in setting technology trends and addressing problems that are too massive for one organisation to solve. Open source brings upon endless possibilities through collaboration and transparency while maintaining flexibility and accessibility to innovations.”
According to Howest, its partners can use the CoE to better identify open source opportunities, particularly for infrastructure modernisation, application development, and digital transformation.
SVA Software partners with Kubermatic
In collaboration with SVA System Vertrieb Alexander GmbH, German software company Kubermatic has partnered with SVA Software, Inc., to bring its Kubernetes management portfolio to the North American market.
The existing relationship between Kubermatic and SVA GmbH is now expanded to enable Kubermatic to enter the US market, and to expand the SVA software portfolio into the Kubernetes and cloud infrastructure management market.
“We are excited to partner with Kubermatic as this is a logical extension of the existing partnership between our parent company and Kubermatic,” said Anne-Kathrin Böckle,
COO of SVA Software, Inc. “We believe that Kubermatic is a perfect fit for our North American portfolio, expanding our data centre competencies beyond onsite infrastructures in order to support our customers who request flexible and scalable cloud-ready-Kubernetes solutions.”
The addition of Kubernetes management/automation solutions to the SVA portfolio consists primarily of two open source products. The Kubermatic Kubernetes Platform (KKP) is a complete solution to address the operational challenges of managing Kubernetes at scale while enabling DevOps teams with a self-service developer and operations portal. Kubermatic KubeOne is a self-service Kubernetes cluster management tool that automates the entire life cycle of single Kubernetes clusters on any chosen cloud, on-premises or in an edge environment.
FTX and Alkemi to support Centre’s Verite
Centre – the consortium founded by Circle Internet Financial, LLC and
Coinbase to serve as a network governing and standard setting body for blockchain based financial services – has announced a new set of partners for its recently launched set of decentralised identity protocols, Verite. The new partners, crypto exchange FTX and decentralised liquidity network Alkemi Network, will collaborate with Verite to promote broader adoption of crypto payments, decentralised finance, and access to the wider ecosystem.
FTX and Alkemi are joining a collection of partners that have commitments to collaborate on shared decentralised identity standards going forward. These initial Verite launch partners include Algorand, Block, Coinbase, Circle, Compound Labs, ConsenSys, Espresso Systems, Hedera Hashgraph, Ledger, MetaMask Institutional, Phantom Technologies, Solana Foundation, Spruce, and Stellar Development Foundation.
“Today, there is no industrywide agreement over how products and services might interoperate in key crypto finance use cases. Verite is designed to create that consensus,” said David Puth, CEO of Centre. “We are pleased that our partners – some of the most influential institutions in the space – share our conviction that Verite’s identity standards will create a new level of clarity, privacy, and convenience to everyone transacting in the crypto economy.”
Verite is open source and blockchain-agnostic, designed to encourage developers and partners to integrate the protocols into existing systems without introducing single-vendor or anti-competitive dependencies.
Red Hat Survey: Businesses are more likely to opt for open source vendors
According to Red Hat’s recent State of Enterprise Open Source Survey, 82 per cent of decision makers are more likely to choose an open source vendor.
The top reasons for this are that they are experienced with open source methods and help maintain healthy communities (both indicated by 49 per cent of respondents), can influence feature development (48 per cent), and are more likely to be effective in the face of technical obstacles (46 per cent).
During the pandemic, open source development has got a boost, and 95 per cent of the more than 1,200 IT executives polled said it’s important to their enterprise infrastructure strategy and is steadily replacing proprietary software as a source of innovation.
Enterprise Open Source (EOS) now represents 29 per cent of all workloads. In two years, this figure is expected to climb to 34 per cent, while proprietary software will decline from 45 per cent to 37 per cent.
According to the survey, 77 per cent of respondents now have a more favourable opinion of enterprise open source than they did a year ago.
Furthermore, 55 per cent of respondents cite the ability to use well-tested code for in-house applications as the primary reason for choosing open source.
Google’s Jigsaw unit releases Harassment Manager for journalists
Google’s Jigsaw unit is providing the source code for Harassment Manager, an open source anti-harassment tool. The application, which is aimed at journalists and other prominent figures, uses Jigsaw’s Perspective API to allow users to sort through potentially harmful remarks on social media networks like Twitter. In June this year, it will be released as source code for developers to build on, followed by a functional application for Thomson Reuters Foundation journalists.
Harassment Manager can use Twitter’s API to combine moderating features such as concealing tweet replies and muting or blocking users with a bulk filtering and reporting mechanism. Threats, insults, and profanity are among the elements used by Perspective to assess the “toxicity” of messages. It organises messages into queues on a dashboard, allowing users to respond to them in bulk rather than individually using Twitter’s usual moderating tools. They can opt to blur the text of the messages so they don’t have to read each one individually, and they can search for keywords in addition to using the automatically generated queues.
On International Women’s Day, Jigsaw released Harassment Manager, emphasising that the tool is especially relevant to female journalists who endure gender based abuse, “journalists and activists with large Twitter presences,” as well as non-profits like the International Women’s Media Foundation and the Committee To Protect Journalists. “Our hope is that this technology provides a resource for people who are facing harassment online, especially female journalists, activists, politicians and other public figures, who deal with disproportionately high toxicity online,” the Jigsaw team posted.
Harassment Manager, unlike AI-powered moderation on platforms like Twitter and Instagram, is not a platform-side moderation feature. It is a sorting tool for dealing with the sometimes overwhelming volume of social media comments, and could be useful even for individuals who are not journalists.
DENT 2.0 NOS available for download
The DENT project is a Linux Foundation-hosted open source network operating system that uses the Linux kernel, Switchdev, and other Linux based projects. DENT 2.0 is now available for download from the project’s website.
The ‘Beeblebrox’ edition includes critical capabilities used by distributed organisations in retail and remote locations, as well as a secure and scalable Linux based network operating system (NOS) for disaggregated switches that may be deployed at the edge. DENT provides a smaller, lighter NOS for use at an enterprise network’s small, remote edges.
To accommodate a larger community of enterprise customers, DENT 2.0 offers secure scalability with Internet Protocol version 6 (IPv6) and network address translation (NAT). Power over Ethernet (PoE) control is also included, allowing for remote switching, monitoring, and shutdown. Connectivity of IoT, POS, and other devices is extremely advantageous to retail stores, which are DENT’s early adopters. DENT 2.0 also has traffic regulation, which helps to prevent circumstances that cause the CPU to overheat.
Kerala’s CM releases FOSS based operating system suite
The improved KITE GNU/Linux operating system (OS) suite – the FOSS based (free and open source software) OS created by the Kerala Infrastructure and Technology for Education (KITE) – was recently released by the state’s chief minister Pinarayi Vijayan for deployment in new laptops in schools.
This operating system package can be used as a comprehensive computing platform by students and teachers in schools, on personal computers, at government offices and DTP centres, and by software developers.
The new package includes all of the Ubuntu OS’s most recent updates. It also includes a large number of FOSS based apps not found in the Ubuntu 20.04 repository. The majority of the OS suite’s apps have been updated to their most recent versions and tailored to the school curriculum, particularly for the higher secondary and vocational higher secondary portions.
The new OS suite includes a wide selection of Malayalam Unicode fonts,
DTP graphics picture editing tools, sound recording-video editing 3D animation packages, IDEs for programming, database servers, desktop versions of mobile apps, and more. The OS also includes internationally acclaimed FOSS programmes such as GeoGebra and GCompris, which aid in the learning of various disciplines through the use of technology.
Microsoft launches open source forensics solution for Mikrotik routers
Microsoft’s Defender for Internet of Things Research Team and Microsoft’s
Threat Intelligence Centre have collaborated to create an open source forensics solution for the Mikrotik routers that have been compromised to function as proxy servers for the Trickbot malware gang.
The researchers discovered that attackers with several means to access Mikrotik routers were able to reroute traffic to and from the Trickbot command and control servers by using instructions particular to the Latvian vendor’s RouterOS operating system (preceded by the “/” character). Administrators can get device version identifiers and link them to Common Vulnerabilities and Exposures (CVEs) indexes using Microsoft’s routeros-scanner tool.
Trickbot, which is based on the previous Dyre malware, is one of the world’s most hazardous botnets and is frequently used to transmit ransomware payloads. Microsoft security professionals worked with law enforcement agencies throughout the world to shut down Trickbot’s infrastructure, resulting in the arrest and extradition of some of the malware’s creators to the United States to face charges.
Firefly introduces ValidIaC
Cloud asset management solution Firefly has announced the release of a new open source solution called ValidIaC, which enables DevOps and cloud teams to validate, secure, and map Infrastructure-as-Code (IaC) with an all-in-one browser based tool.
Inspired by Komodor’s open source project ValidKube, which combines the best open source tools to help ensure Kubernetes YAML best practices, Firefly has built a sister project for the purpose of Infrastructure-as-Code.
ValidIaC combines several open source projects and tools to allow developers to check their Terraform HCL code without changing context and from within the same workflow.
“Infrastructure-as-Code is changing the way modern organizations are managing their infrastructure. With ValidIaC, developers can move faster but still have confidence when it comes to security, compliance, cost, and reliability,” said, Ido Neeman, CEO at Firefly.
ValidIaC is an open source tool, so community contributors can add more tools or capabilities that will help them and the community. Firefly announced that it’ll soon introduce support to more Infrastructure-as-Code tools, such as Pulumi, Cloudformation, etc.
Zenoss discontinues Zenoss Community Edition
Zenoss Inc., has announced that it is sunsetting Zenoss Community Edition (previously called Zenoss Core), a free, on-prem monitoring tool the company made available for over 15 years. Since the launch of Zenoss Cloud in
2018, which saw a 202 per cent increase in annual recurring revenue over the past two years, the focus has gradually transitioned from crowdsourced development of extensions for Zenoss Community Edition to community development of cloud tools.
Zenoss Community Edition version 1.0 was released in November 2006. Since then, the product has been downloaded millions of times and became the de facto open source monitoring tool for companies of all sizes across all industries.
Open source trends for 2022 in Southeast Asia
Ashnik, an open source solutions provider in Southeast Asia and India, recently released its survey with participation of over 160 cross-industry organisations from the region. The survey captures the growing role of open source, as well as the key digital transformation initiatives and technology trends of 2022.
“Open source has been a big enabler in the areas of infrastructure automation, cloud, real-time analytics, security and more, making its adoption a key focus for top global organizations. The survey is the voice of several enterprises reflecting the growth of open source, top initiatives driven by it, the rising market share for its services and support, and more – giving a multidimensional understanding of organizational goals,” said Deepti Dilip, director-marketing and strategy at Ashnik.
The survey indicated that about 82 per cent of organisations today rely on open source to ‘drive innovation’ within them; 100 per cent voted ‘ease of adoption’ as the best feature of open source. Over 95 per cent of respondents cited that open source offers ‘higher security’ over proprietary software, 71 per cent preferred to consume open source technologies in the cloud through a SaaS model, while 53 per cent picked a hybrid cloud solution (public cloud + data centre) as their preferred deployment platform. Seventy-four per cent participants indicated the adoption of open source databases is set to increase in 2022, with over 59 per cent indicating an increased usage of community open source databases specifically.
Fifty-seven per cent of respondents said that the lack of internal open source skill-sets and manpower was a key challenge in their organisations, while 97 per cent desired to have access to service providers and consultants for the success of their projects using open source.
The top open source database technologies to see an increased adoption were PostgreSQL and MongoDB, followed by Redis and Elasticsearch; and the top Kubernetes platforms of 2022 were AWS EKS and AKS.
Wipro joins the governing board of OpenSSF
Wipro Limited has joined the governing board of the Open Source Security Foundation (OpenSSF) to help combat the growing danger to the software supply chain.
The OpenSSF is a cross-industry organisation based at the Linux Foundation that brings together the world’s most important open source security initiatives to help identify and fix security vulnerabilities in open source software, as well as develop better tooling, training, research, best practices, and vulnerability disclosure practices.
Wipro’s open source expertise will join other members in determining direction through the foundation’s governance and working committees, in addition to developing and sharing best practices for safe coding and software components for the projects under the OpenSSF umbrella.
“We are thrilled to now count Wipro as a key strategic partner in the OpenSSF community,” said Brian Behlendorf, general manager, OpenSSF.
The Open Group India Awards 2022 to be held in Washington
The Open Group India Awards 2022 will be hosted virtually on July 27, 2022, in Washington D.C., in conjunction with The Open Group International Event. Since its inception in 2017, The Open Group India Awards event has honoured
organisations and teams across Southeast Asia that have excelled in using open source software, standards, and best practices in enterprise architecture, IT management, cyber security, and digital transformation.
Nominations are accepted from both government and private sector organisations. Winners and other selected submissions may be invited to speak at the awards ceremony in order to promote their company as a pioneer and leader in their field to a larger audience.
Kava adds EVM support with alpha launch of Ethereum Co-Chain
Kava, an open source Layer-1 blockchain, has added EVM smart contract support with the alpha launch of its Ethereum Co-Chain. The launch adds EVM developer support to the network, enabling developers and dApps from the Ethereum ecosystem to build and deploy on Kava.
Over 15 protocols will be deploying to the closed test net of the Ethereum Co-Chain as part of the Kava Pioneer Program, including Beefy Finance, AutoFarm, and RenVM.
These projects will test the interoperability between Kava’s Ethereum and Cosmos Co-Chains prior to their mainnet launch.
Through its co-chain architecture, the Kava Network merges the developer power of Ethereum with the speed and interoperability of Cosmos in a single, scalable network. This allows Cosmos and Ethereum developers to build on one chain to access the users and assets of both ecosystems.
“Ethereum is still where the vast majority of developers and protocols are, but Cosmos is growing fast and it offers so much more in terms of scalability and interoperability. Bringing the best of both ecosystems together on Kava just makes sense for our goal to add 100 protocols this year,” said Scott Stuart, Kava Labs CEO.
Google Java App Engine standard now available
The Java source code for the Google App Engine Standard environment, the production runtime, App Engine APIs, and the local SDK have been made public by Google.
Google App Engine was first published in 2018 with the goal of making it simple for developers to install and scale their Web applications. Many languages are presently supported by App Engine, including Java, PHP, Python, Node.js, Go, and Ruby. Java developers may use Java 8, Java 11, and Java 17, as well as other JVM languages like Groovy and Kotlin, to deploy servlet-based Web applications. Spring Boot, Quarkus, Vert.x, and Micronaut are just a few of the frameworks that can be used.
Developers may now operate the entire App Engine environment wherever they choose, including on-premise in a data centre, on alternative computing platforms, or even Google Cloud like Cloud Run, thanks to the open source of the App Engine Standard Java runtime.