Mastodon has sent former President Donald Trumps company a formal notification that its breaking the rules by using Mastodons open-source code to build its social network, named Truth. This news comes from a blog post by Mastodons founder Eugen Rochko, but others have previously pointed out that the organization behind Truth, the Trump Media and Technology Group (or TMTG), was violating Mastodons software license by not providing the source code for the site built on top of it. Trumps group has 30 days from when the letter was sent to comply with the license or stop using the software, or it could lose the right to do so.

While Truth hasnt officially launched yet, internet users discovered that a test version basically had the same interface as Mastodon, and that some of the code for the site was unchanged from the other social networks code. By itself, thats actually the intended use of open-source software but as the Software Freedom Conservancy pointed out last week, apps or websites based on software that uses the AGPLv3 license have to in turn provide their own source code. According to the foundation that wrote AGPL, its meant to make the communitys software better: if you improve on something that someone else made, they should be able to benefit from your work like you did theirs.

As Mastodon and Rochko reiterated on Friday, though, TMTG hasnt done that it even went as far as to call its software proprietary, and seemingly tried to hide the fact that it was based on Mastodon. Now that the Truth has been revealed, however, TMTG will either have to rebuild it without using Mastodons code a tall order, as bootstrapping a social network site isnt particularly easy or release its source code and change the terms of service.

Its not the first time Mastodon has had to deal with, as Rochko puts it, people so antithetical to [its] values trying to build on top of its open-source platform. In 2019 Gab, a social network known for getting banned from almost everything due to how many toxic users it had, decided it would use Mastodon as a backend. Unlike that situation though, where Gab wasnt really breaking any rules (at least regarding its use of the software), Truth is violating the AGPL by using Mastodon's code in an unauthorized way. How TMTG will deal with the gauntlet now that its been thrown down (twice) is anyones guess, but itll have to respond unless it wants to open itself up to possible legal action.

Trump Media and Technology Group didnt immediately respond to a request for comment.

Read more:

Mastodon puts Trumps social network on notice for improperly using its code - The Verge

Today we are pleased to announce an important step in our mission to secure code. We have donated a sizable contribution to the LFx security module at the Linux Foundation so it now includes automatic scanning for secrets-in-code and non-inclusive language. Our contribution was announced on stage at the Linux Foundation Member Summit today in Napa.

LFx is a free, community resource that provides security and other services to open source developers and projects. Tens of millions of developers rely on projects hosted across the LFx platform. So in short, our alliance with the Linux Foundation means we can do a lot of good, for a lot of developers. And since over 99% of all codebases contain some open source code, its absolutely vital to give these developers the best tools to secure their code if we want to make a dent in code security.

At BluBracket we know how important it is to prevent secrets from ending up in code. And when its open source used by millions downstream, its even more crucial.

Why did we make this contribution? The security of our software supply chain must become a priority for all of us. As weve seen with high-profile attacks, hackers are going after code and becoming ever more sophisticated in their attacks on open source in order to get into commercial products. We must arm open source projects with the absolute best technology to keep their code safe, and we believe our contributed IPcombined with the vulnerability detection capabilities provided by Snyk and Linux Foundations own engineering team does exactly that.

Our contribution also helps projects quickly and easily find and replace non-inclusive language such as Master/Slave, etc. so projects can remain welcoming. Working with the Inclusive Naming Initiative, we are proud of how this tool has already been used by projects to solve this thorny issue.

We look forward to continued collaboration with the open source community on code security. As we work with these projects, we also expect to see innovation and improvements travel downstream to our corporate clients, which should result in enhanced code security up and down the software supply chain.LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by blubracket. Read the original post at: https://blubracket.com/open-source-code-linux-foundation/

Read the original post:

Securing Open Source Code with the Linux Foundation - Security Boulevard

While the dispute was unfolding, ppna Skolplattformen continued growing in popularityincluding a swell in the number of people involved in its development. Cofounders Landgren and brink say up to 40 people have worked on development of the app. This group of volunteers has found and squashed bugs, developed a search feature, and translated the app into different languages. They also raised potential security issues with the official app, even as the city worked against them. The team includes designers, lawyers, and developers. As private citizens, we are highly digitalized, Landgren says.

As Swedens startup scene has thrivedSpotify, Klarna, and King were all founded thereits public sector technology has struggled to keep up. The most recent OECD report into government digitization, from 2019, ranks Sweden at the bottom of the 33 countries reviewed. When we use these official tools, they are stuck in the 90s, Landgren says. To bridge that gap we, and a lot of other people that joined us, think that open source is probably the best way for us to start collaborating. He argues that citizen development can be more effective than costly and often botched government IT projects that take years to complete and are out of date by the time they are completed.

It shows very clearly some of the ways in which Swedens digitalization has gone wrong, says Mattias Rubenson, the secretary of the Swedish branch of the Pirate Party, which has been chronicling the problems it has with the Skolplattform. There is, in general, the possibility of a school platform being good. But you have to involve students, and especially teachers, in the development from the start. There has been none of that in the School Platform.

ppna Skolplattformen had to wait months to be cleared. We do not believe that anything criminal has been committed, sa Skldberg, the leader of the polices preliminary investigation, told Dagens Nyheter on August 16. Data regulator Integritetsskyddsmyndigheten did not open an investigation into the citys complaint, a spokesperson says.

The police report, shared with WIRED by Landgren, references the Certezza security review, which was commissioned by the city and completed on February 17, 2021. The review concluded that the open source app wasnt sending any sensitive information to third parties and didnt pose a threat to users. The police report went further in clearing the ppna Skolplattformen developers. All information that ppna Skolplattformen has used is public information that the City of Stockholm voluntarily distributed, it said.

Landgren was traveling to his brothers wedding in France at the start of September when he got the phone call. The city was changing its position on ppna Skolplattformenand any other apps seeking to do similar thingsand decided to let others access the data within its systems. To do so, the city struck a deal with an external provider that will be able to set up licenses between ppna Skolplattformen and the city.

With this solution, the City of Stockholm can guarantee that personal data is handled in a correct and secure way, while parents can take part in the markets digital tools in their everyday lives, Isabel Smedberg-Palmqvist, a city councillor in Stockholm, said in a statement issued on September 9. The move was validation of ppna Skolplattformens effortsthe team estimates that hundreds of hours of work have been put into the app. But the call also came as a shock to Landgren. Just days earlier, he claims, ppna Skolplattformen was once again being buffeted by attempts to block its access to official APIs. After the announcement was made, the efforts stopped.

Read the rest here:

These Parents Built a School App. Then the City Called the Cops - WIRED

QuestDB, makers of the speedy open source time series database, announced a $12 million Series A today from 468 Capital, Uncorrelated Ventures and a list of industry angels, including Alexis Ohanian. The company has now raised a total of $14.3 million, including the $2.3 million seed announced last July.

Since that time, the startup, which was a member of the Y Combinator summer 2020 cohort, has been working hard to build a community around the open source project, while working on the enterprise version and an upcoming hosted version, which should be ready by the end of the year.

Customers can install the enterprise version on their cloud of choice and manage it themselves, but the company has been hearing requests from customers for something easier.

This is something that a lot of companies have been asking us about. Essentially, most companies do not want to deal with the operational complexity of hosting on their own cloud. And they want the database provider to host that on their behalf, co-founder and CEO Nicolas Hourcard told me.

The database is built for speed and is fast enough that companies using Quest can cut back on servers, which they often will use to make up for lost speed on the database side. As Hourcard told TechCrunch at the time of the seed funding:

Were building an open source database for time series data, and time series databases are a multi-billion-dollar market because theyre central for financial services, IoT and other enterprise applications. And we basically make it easy to handle explosive amounts of data, and to reduce infrastructure costs massively.

On the open source front, Quest has built a Slack community with more than 900 developers, and over 70 code contributors have helped out on the project. In addition, the founders started a group made up of Y Combinator alums who have built businesses on open source and have 100 members in that group. The group meets regularly to discuss issues related to their chosen business model and hear from successful open source company founders.

On the commercial side, they wouldnt share the number of customers, but indicated that the enterprise product has features like more flexibility around the deployment and making it easier to operate quickly at scale.

So far the company has 15 employees, with plans to double that number in the next six months if things continue to go according to plan. Hourcard believes that as an open source and fully remote company, it should help to build a more diverse workforce. We dont pose limits in terms of where were going to hire or what sort of backgrounds, and we think that diversity ultimately would benefit the companys culture, so were trying to do that the best we can, he said.

He says that sometimes an employee can be an open source contributor first, who shows knowledge and enthusiasm for the product. Open source is an amazing way of getting to meet developers from different areas, and its true that sometimes you see a contributor who [is making a big] contribution, and then there is the question, okay, should we bring this person on the team,' he said.

More here:

QuestDB snares $12M Series A with hosted version coming soon - TechCrunch

TAIPEI, Nov. 4, 2021 /PRNewswire/ -- Wiwynn (TWSE: 6669), an innovative cloud IT infrastructure provider for data centers, today announces that its Open Compute Project Yosemite V3 (OCP YV3) based server has completed the implementation of Open System Firmware (OSF) and obtained the OCP Accepted recognition. With the help from OCP partners, including Facebook, Intel and 9elements, Wiwynn has made an important milestone for the open community to complete the first OCP product contribution that includes not only hardware design but also OSF.

OSF is a formal OCP project with the goal to move the control of firmware to the system owner. It allows the system firmware (also known as BIOS) to be modified and shared openly. Starting in March 2021, "OCP Accepted" badge for servers requires that server systems support OSF. The openness of OSF will lower the entry barrier of OCP system adoption and accelerate product development. The synergies with other open source firmware communities, such as LinuxBoot and coreboot, will enroll more talents to join and make the ecosystem more open and complete.

Wiwynn's YV3, the 3rd Gen Intel Xeon Scalable processor (codename: CooperLake) based single socket server, is the first product contribution that meets the new requirement of OCP Accepted recognition. 9elements will support the OSF code base maintenance, including rebasing to the tip of open source components, and making releases periodically.

"We have been devoted to the OCP community with more than 32 contributions and seen OSF become an important piece for modern server designs," said Steven Lu, Wiwynn's Senior Vice President of Product Development. "Thanks to Facebook, Intel and 9elements, we are able to move steps further to make OSF part of Wiwynn's YV3 server and obtained OCP Accepted recognition. We are looking forward to duplicating the successful model to more products to come."

"We are excited to see the ecosystem embrace Intel platforms to build the open system firmware," said Anjaneya "Reddy" Chagam, Intel's Cloud Architect. "It's our pleasure to work with Wiwynn, Facebook and 9elementsto realize a successful OSF practice and accelerate the community development."

"This is a disruptive milestone for the OSF Community," said Christian Walter, 9element's Executive Director of Firmware Development. "We are excited to work together with Wiwynn supporting the OSF code base for the Wiwynn YV3. This is the perfect showcase of what can be accomplished working together on open systems, and we hope this will pave the way for more products to come."

"As one of the very first OCP Solution Providers, Wiwynn has shown its continuous commitment to the open community. The OCP Accepted Wiwynn YV3 is a phenomenal milestone that includes system firmware in the OCP product contribution for the first time. We are thrilled to see the great progress of OSF through the close collaboration of Wiwynn and its partners. We also look forward to more OSF projects to be inspired and thrive," said Rajeev Sharma, OCP's Director of Software and Technologies

For more OCP OSF details, please refer to the recent OCP blog post.

Wiwynn will also showcase Wiwynn's YV3 at the upcoming OCP Global Summit 2021 at booth #C2. There will be two in-depth engineering workshops around OSF and SW management for OCP DeltaLake and Yosemite V3 as well. Please follow Wiwynn's OCP event page and stay tuned.

About Wiwynn

Wiwynn is an innovative cloud IT infrastructure provider of high-quality computing and storage products, plus rack solutions for leading data centers. We aggressively invest in next generation technologies for workload optimization and best TCO (Total Cost of Ownership). As an OCP (Open Compute Project) solution provider and platinum member, Wiwynn actively participates in advanced computing and storage system designs while constantly implementing the benefits of OCP into traditional data centers.

For more information, please visit Wiwynn website or contact [emailprotected]Follow Wiwynn on Facebook and Linkedin for the latest news and market trends.

SOURCE Wiwynn

More here:

Wiwynn Successfully Implemented Open System Firmware on Its OCP Yosemite V3 Server - PRNewswire

Global Remote Input Output Modules Market 2021-2025 The analyst has been monitoring the remote input-output modules market and it is poised to grow by $ 826. 12 mn during 2021-2025, progressing at a CAGR of 5.

New York, Nov. 04, 2021 (GLOBE NEWSWIRE) -- Reportlinker.com announces the release of the report "Global Remote Input Output Modules Market 2021-2025" - https://www.reportlinker.com/p04793528/?utm_source=GNW 48% during the forecast period. Our report on the remote input-output modules market provides a holistic analysis, market size and forecast, trends, growth drivers, and challenges, as well as vendor analysis covering around 25 vendors.The report offers an up-to-date analysis regarding the current global market scenario, latest trends and drivers, and the overall market environment. The market is driven by rise in investments in smart grids and the proliferation of IoT-based remote I/O modules in process and discrete automation. In addition, rise in investments in smart grids is anticipated to boost the growth of the market as well.The remote input-output modules market analysis includes controller type segment and geographic landscape.

The remote input-output modules market is segmented as below:By Controller type PLC-based remote I/O modules DCS-based remote I/O modules Industrial PC-based remote I/O modules

By Geographical Landscape North America Europe APAC South America MEA

This study identifies the increased use of open-source software for programming remote I/O modulesas one of the prime reasons driving the remote input-output modules market growth during the next few years.

The analyst presents a detailed picture of the market by the way of study, synthesis, and summation of data from multiple sources by an analysis of key parameters. Our report on remote input-output modules market covers the following areas: Remote input-output modules market sizing Remote input-output modules market forecast Remote input-output modules market industry analysis

This robust vendor analysis is designed to help clients improve their market position, and in line with this, this report provides a detailed analysis of several leading remote input-output modules market vendors that include ABB Ltd., Beckhoff Automation GmbH and Co. KG, Eaton Corporation Plc, Emerson Electric Co., General Electric Co., Hitachi Ltd., Mitsubishi Electric Corp., OMRON Corp., Rockwell Automation Inc., and Siemens AG. Also, the remote input-output modules market analysis report includes information on upcoming trends and challenges that will influence market growth. This is to help companies strategize and leverage all forthcoming growth opportunities.The study was conducted using an objective combination of primary and secondary information including inputs from key participants in the industry. The report contains a comprehensive market and vendor landscape in addition to an analysis of the key vendors.

The analyst presents a detailed picture of the market by the way of study, synthesis, and summation of data from multiple sources by an analysis of key parameters such as profit, pricing, competition, and promotions. It presents various market facets by identifying the key industry influencers. The data presented is comprehensive, reliable, and a result of extensive research - both primary and secondary. Technavios market research reports provide a complete competitive landscape and an in-depth vendor selection methodology and analysis using qualitative and quantitative research to forecast the accurate market growth.Read the full report: https://www.reportlinker.com/p04793528/?utm_source=GNW

About ReportlinkerReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need - instantly, in one place.

__________________________

Story continues

Read the original post:
The Global Remote Input Output Modules Market is expected to grow by $ 826.12 mn during 2021-2025, progressing at a CAGR of 5.48% during the forecast...