Practical advice for working with Open Source Software
Developing products using open source tools and applications has become the norm, but most teams that have adopted open source software still develop in a cl...
By: IASAOfficial
Continued here:
Practical advice for working with Open Source Software - Video
Oligopolies are unhealthy. When a small number of firms dominates a market, customers are left with a dearth of choice, and in the worst cases the dominant firms collude to raise prices.
And oligopoly describes fairly accurately the situation regarding software procurement within UK government. In fact, when it comes to office software monopoly might be a more appropriate description: its basically Microsoft or Microsoft. Its estimated that UK government departments have spent over 200m of public money on Microsoft Office applications since 2010.
Cabinet Office Minister Francis Maude admitted earlier this year: The software we use in government is still supplied by just a few large companies. A tiny oligopoly dominates the marketplace.
And Microsofts dominance of Whitehall appears at first glance to be reflected too in local government. When Computing spoke to Jos Creese, CIO of Hampshire County Council, and holder of one of the largest IT budgets in local government according to one inside source, he explained that Microsoft works out cheaper than open source alternatives.
We use Microsoft [for our desktops], said Creese. Each time weve looked at open source for desktop and costed it out, Microsoft has proved cheaper.
He explained that this is because most staff are already familiar with Microsoft products, and that they work well with the thin client model employed at Hampshire council. But its also partly down to Microsoft itself.
Microsoft has been flexible and helpful in the way we apply their products to improve the operation of our frontline services, and this helps to de-risk ongoing cost. The point is that the true cost is in the total cost of ownership and exploitation, not just the licence cost.
And Creese isnt alone in his attachment to Microsoft. Alan Shields, architect team manager at Cambridgeshire County Council, says: It is incredibly difficult to get away from the stranglehold of Microsoft products, and we are planning to reinforce this by entering into an Enterprise Agreement with Microsoft later this year.
Similarly, you wont find much open source running in the offices of the Royal Borough of Windsor & Maidenhead council. Rocco Labellarte, the organisations CIO, explains that a trial of productivity software suite Open Office was ultimately unsuccessful as it wasnt sufficiently compatible with other tools.
And other open source software was dismissed for different reasons.
The open source horse has bolted and organisations must scrutinise their network security to ensure the use of such software doesn't put data at risk.
That was the consensus of IT leaders speaking at Computing's Enterprise Security and Risk Management Summit, which took place at the London Tower Bridge Hilton Hotel.
During a panel discussion on the subject of "Keeping up with the security threats of today: can you future-proof your business?", Computing editor Stuart Sumner asked whether the participants were more doubtful about the security of open source software in the post-Heartbleed world.
"I think it's horses for courses. Open source needs more scrutiny," said Barry Coatesworth, chief information security officer for New Look.
"There are pros and cons. But I think it boils down to what's the habitat, where's the business going, is it cost saving to use open source? So it's swings and roundabouts," he added.
Marc Lueck, director of global threat management at publishing company Pearson, continued with the horse theme, using it to suggest open source is already out there in the enterprise and that it's something that security personnel need to take into account when managing risks and networks.
"I'd add to that using a horse analogy; the stable door is open and the horse has bolted. We don't have the opportunity to change our minds now, we're using open source, that decision is made," he said. "We now need to figure out how to fix it, how to solve it, how to protect ourselves from decisions that have already been made."
However, Ashley Jelleyman, head of information assurance at BT, took the view that no matter what sort of software is being used, it still has to be properly evaluated for security.
"I think the real issue is not whether it's open source or closed source, it's actually about what you do with it and how you actually evaluate it to make sure it's fit for purpose. It's have we checked this through, are we watching what it's doing?," he said.
"One of the things we can look at - whether it's open source or closed source software - is whether it's doing things that are expected, it's about having an eye on not just the software but the whole network around it, it's environment, to make sure you're not seeing shed loads of data disappearing out of your extranet for no good reason," Jelleyman added.
Read the original here:
Security of open source in a post-Heartbleed world
Maria Korolov | July 2, 2014
Given its prevalence, open source code is virtually impossible to avoid, but the proper steps need to be taken address its vulnerabilities.
This year has been the best of times and the worst of times for open source code and security.
On the one hand, the latest survey by Black Duck Software and North Bridge Venture Partners shows that 72 percent of industry professionals prefer open source software because it's more secure than proprietary solutions.
On the other hand, Heartbleed exposed a security flaw in the widely-used, open source OpenSSL encryption tool that affected more than half a million websites. Also this spring, TrueCrypt unexpectedly shut down, citing "unfixed security issues" on its SourceForge page, and a critical bug in Linux, GnuTLS, was finally exposed after having been undiscovered for more than 10 years.
Open source software is widely used in business in webservers running Linux and Apache, in databases, in the Android operating system, in code libraries used by enterprise developers, and embedded into commercial software packages.
Avoiding open source completely is not an option, but blindly trusting the open source community to fix all mistakes is also problematic.
One solution is to use automated code-scanning tools to scan code for known vulnerabilities and common programming errors. Fortunately, the automated tools are getting better every year.
Trust, but verify Over the past few years, more than 5,000 security vulnerabilities have been found in open source code, according to the National Vulnerability Database.
Ideally, a company would check each of these vulnerabilities against the open source software packages it uses, plus against the open source software used inside commercial packages, and even against pieces of code that their own programmers copied off the Internet.
View original post here:
Tools catch security holes in open source code
The basic idea behind Bountysource seems easy enough to explain--its a crowdfunding site for open source software. But when the site first launched about a decade ago, those were still fairly esoteric concepts for potential users and investors. Even the founders, then fresh out of college, had never heard the term crowdfounding, says cofounder and COO David Rappo. The project died fast.
"It ran for a few months before we realized this wasn't gonna pay our bills, and we needed to move on and get real jobs, says Rappo. But about a year and a half ago, Rappo and CEO Warren Konkel decided it was time to focus full time on Bountysource once again.
"Nowadays, we can say it's a crowdfunding platform for open source software, and people are like, we get it," Rappo says. "The time is right: people not only understand crowdfunding, but they love it."
The companys recently hosted successful and well-publicized funding campaigns for Neovim, a modern update to the venerable Vi used by generations of Unix hackers, and for RVM 2, an enhanced tool for Ruby developers managing libraries of third-party code.
Bountysource helped the RVM 2 team plan and distribute the rewards it offered backers and often helps software developers organize and even write copy for their funding campaigns, says Rappo.
But the other advantage of raising money for software projects with Bountysource, as opposed to a general purpose crowdfunding site like Kickstarter or Indiegogo, is that open source projects can publicly offer bounties payable to any developer willing to contribute certain features or quash particular bugs.
When you come to Bountysource and raise money, you can keep the money in the system, start paying it out to different developers for different versions of things," Konkel says.
Even outside of a major funding campaign, anyone can post a bounty offering to pay for improvements to a favorite open source tool, and other users are able to pledge their own funds until the bountys high enough that a programmer is willing to take on the task. Then, once the requested feature is implemented to the backers satisfaction, the developer gets paid by check, PayPal, or Bitcoin.
Bitcoins proven especially popular with programmers overseas in countries where paying by check or PayPal can be difficult, says Rappo.
"It's absolutely the preferred method of payment for a lot of developers these days, especially international developers," he says.
Read the original post:
Is This The Crowdfunding Site App Developers Have Been Wishing For?
An anonymous reader writes As the support for the Microsoft (MS) Windows XP service is terminated this year, the government will try to invigorate open source software in order to solve the problem of dependency on certain software. By 2020 when the support of the Windows 7 service is terminated, it is planning to switch to open OS and minimize damages. Industry insiders pointed out that the standard e-document format must be established and shared as an open source before open source software is invigorated. A similar suggestion that Korea might embrace more open source (but couched more cautiously, with more "should" and "may") is reported on the news page of the EU's program on Interoperability Solutions for European Public Administrations, based on a workshop presentation earlier this month by Korea's Ministry of Science, ICT, and Future Planning. (And at a smaller but still huge scale, the capitol city of Seoul appears to be going in for open source software in a big way, too.)
See the rest here:
Why The Korean Government Could Go Open Source By 2020
GIMP Tutorial - The Art of Smudge Painting a Selfie or Photo by VscorpianC
GIMP open source software; this tutorial shows techniques to creating good smudge art from photos. VscorpianC GIMP Image Manipulation and Photo Editing Software can be downloaded and used...
By: VscorpianC
Excerpt from:
GIMP Tutorial - The Art of Smudge Painting a Selfie or Photo by VscorpianC - Video
Entwicklertag 2014: Prof. Dr. Dirk Riehle - Open Source Software Developer Career and Its Benefits
Open source software development is changing the labor market for software developers. Benefits of participation in open source projects can be increased sal...
By: VKSI Karlsruhe
Read the original:
Entwicklertag 2014: Prof. Dr. Dirk Riehle - Open Source Software Developer Career and Its Benefits - Video
Bugbears New Car game - Derby Mode - 2nd place - left channel mic with OBS
Bugbears New Car game - Derby Mode - 2nd place - left channel mic with OBS - I reinstalled Mic today, works with my Audio DAW software looks like OBS (Game recording open source software)...
By: charlie brownau
View post:
Bugbears New Car game - Derby Mode - 2nd place - left channel mic with OBS - Video
Where might Red Hat be looking next, as it seeks to grow its cloud computing presence, capabilities and community? As has been the case for some time, cloud computing and some adjacent technology trends, such as Big Data, DevOps and storage, are likely to drive Red Hat's next M&A move. A prominent target might be Docker, whose open source containerization technology features prominently in RHEL 7.
Red Hat is famous for its ability to focus squarely on a market and technology and build success from there, as it did with Linux. However, the company increasingly has diverged from its roots and historical laser focus on the enterprise x86 server market with Red Hat Enterprise Linux.
The overarching theme and identity of Red Hat is still open source software, but the main driver for the company clearly is now cloud computing, which is intertwined with open source.
Red Hat continued its climb into cloud computing with its US$95 million cash-and-stock acquisition of eNovance, a French OpenStack consulting shop that bolsters Red Hat's services and support story. During its FY Q1 2015 earnings call -- the same day the eNovance deal was announced -- Red Hat CEO Jim Whitehurst said drivers of the deal were the top needs of Red Hat's OpenStack users and potential customers: installation and management, along with consulting on workflows and process.
Red Hat has not focused its business or most of its acquisitions on service and support, but eNovance highlights how critical consulting is to an OpenStack market that is anything but out-of-the-box for users and customers. This is particularly true for large enterprises and service providers that have legacy infrastructure, processes and people.
The deal for eNovance marks a more aggressive effort by Red Hat to expand its presence in Europe, where it has some traction in the enterprise and public sector markets, but not as much as it has had in North America.
Of course, eNovance isn't the only recent deal for Red Hat. Last month, it acquired open source Ceph storage backer Inktank for $175 million. That deal helped to validate growing interest and use of open source software in enterprise storage, which is one of the few areas of enterprise IT where open source has yet to achieve significant acceptance and penetration.
It also bolstered Red Hat's ascent in enterprise cloud computing and plays a significant role in its strategy on OpenStack, which is helping to fuel community and credibility for Ceph.
Red Hat's 2011 acquisition of Gluster, for $136 million, marked the company's movement into scale-out storage and the cloud, as well as the beginning of its integration and collaboration with OpenStack, which is now among Red Hat's top strategic initiatives.
As evidenced by its recent earnings call, OpenStack represents a small but fast-growing source of revenue for Red Hat. After being positioned against the open source cloud project just a few years ago, it is now all-in on OpenStack.
See more here:
Red Hat's Acquisition-Fueled Climb to the Cloud