Category Archives: Open Source Software

Out in the Open: The Tiny Box That Lets You Take Your Data Back From Google

Posted on by

The National Security Agency is scanning your email. Google and Facebook are hoarding your personal data. And online advertisers are selling your shopping habits to the highest bidder.

Today, more than ever, people are thinking about how to opt out of this madness without quitting the internet entirely. The obvious answer is to host your own web apps on your own computer server. And thanks to the burgeoning Indie Web Movement, theres no shortage of open source alternatives to popular services like Google Calendar, Facebooks photo albums, or Dropboxs file sharing. The problem is that setting up and managing your own server is a pain in the neckat least for the average consumer.

For open source developer Johannes Ernst, what the world really needs is a simple device that anyone can use to take their data back from the wilds of the internet. So he designed the Indie Box, a personal web server preloaded with open source software that lets you run your own web services from your home networkand run them with relative ease. Any system administrator will tell you that setting up a server is just the first step. Maintaining it is the other big problem. Indie Box seeks to simplify both, with an option to fully automate all updates and maintenance tasks, from operating system patches to routine database migrations.

Image: The Indie Box Project

Plus, Ernst says, other developers will be free to build their own products atop Indie Box. Its not supposed to be one product from one company, he explains. Its supposed to be a platform for lots of people to innovate on.

The first Indie Box will run off an Intel Atom processor, 2GB of RAM, and two 1TB hard drives that mirror each other to help protect your data. Software will include ownCloud, which offers a calendar, address book, and Dropbox-style file sharing; the photo album apps mediagoblin and Trovebox; and the e-mail client Mailpile. For now, it wont include an e-mail server since spam filters make it so hard to run one from home.

Eventually, he wants Indie Box to act as a hub for devices on the Internet of Things.

Theres also an app store that will let you add more tools. Although all apps in the store must be open source, developers will have the option of selling them for a fee, giving them the chance to actually make money from their projects. What we find is that users have no problem paying if they dont have to maintain the software, Ernst says.

Eventually, he wants Indie Box to act as a hub for devices on the Internet of Things. He personally runs many devices that send data to a server across the internet, which then notifies him of something that happened on the device sitting just a few feet away from him. Theres something wrong with that architecture, he says. Im much more comfortable with having my thermostat communicating with a computer in my house over my own Wi-Fi than going through Google.

Read more:
Out in the Open: The Tiny Box That Lets You Take Your Data Back From Google

Interview: Post-Heartbleed, is it time to consider an alternative to OpenSSL?

Posted on by

The Heartbleed Bug (and it's definitely a bug - not a virus) has ignited a debate around the security and reliability of open source software in recent months.

Discovered by researchers at Google and Codenomicon, the vulnerability was found in the open source OpenSSL cryptographic software library that provides Secure Sockets Layer (SSL) and Transport Layer Security (TSL) protection for anything from emails and web browsing to internet banking.

The programming mistake that led to Heartbleed - which was accidentally introduced by German programmer Dr. Robin Seggelmann, a frequent contributor of OpenSSL code - allows attackers to download 64k chunks of data stored in the supposedly secure main memory of servers.

It was an honest mistake, but one with far-reaching consequences. According to Errata Security, around 320,000 of 600,000 detected vulnerable servers are still vulnerable to Heartbleed. Post-Heartbleed, every private key on servers running OpenSSL are now suspect and could be potentially used by attackers to impersonate secure websites so long as those servers remain unpatched.

Is it time to switch from OpenSSL to a commercial solution (or another alternative) when it comes to web security? We spoke to industry experts at Infosec 2014 to find out more.

James Sherlow, SE Manager WEUR at Palo Alto Networks, thinks that ditching OpenSSL in the wake of Heartbleed would be something of a knee-jerk reaction:

"OpenSSL is still highly relevant and has scalability. It has a community of highly skilled developers, which is extremely valuable and still valid. Every software at a certain point in time will have some sort of vulnerability associated with it, but it doesn't mean we switch it off; it means we learn from our lessons."

"I think that the open source community needs to start putting mechanisms in different areas that could cross-check others. That's better than finger pointing and blame which doesn't get anyone anywhere. It would mitigate the risk, reduce the chance of attack and raise the bar. To get to zero errors is difficult, but let's aim for it. That's the bar."

The question of whether we should get rid of OpenSSL isn't so black-and-white, according to JD Sherry, VP of Technology & Solutions for Trend Micro. He believes that instead of turning down the services of dedicated and talented open source contributors, rewards should be offered to others who seek out errors in their work:

"Open source is always going to be an innate part of what we do, primarily because there's lots of great engineering involved with it - a lot of people pour their passion into these projects and a lot of excellent work comes out of them."

More:
Interview: Post-Heartbleed, is it time to consider an alternative to OpenSSL?

Blender 3D Tutorial – Skeleton Sketching, Easy Way to Add Bones to a Mesh by VscorpianC – Video

Posted on by


Blender 3D Tutorial - Skeleton Sketching, Easy Way to Add Bones to a Mesh by VscorpianC
Blender open source software; this tutorial shows how to rig a mesh by drawing the bones to create your armature. VscorpianC Blender 3D Modeling and Animation program can be downloaded and...

By: VscorpianC

Read more:
Blender 3D Tutorial - Skeleton Sketching, Easy Way to Add Bones to a Mesh by VscorpianC - Video

What’s that PARASITE wriggling inside my browser?

Posted on by

The group that last year demonstrated open source software to simulate a nematode has gone on Kickstarter to try and accelerate its OpenWorm project.

As noted by The Register last May, the nematode is a good subject for simulation, being one of the world's least complex creatures. At that time, the project had got as far as showing five muscle groups of a C. elegans simulation moving in water.

Their aim is now much more ambitious: to build a complete, open source cloud-hosted WormSim for educators, scientists, supporters and anyone else who's interested.

The 36 contributors to the code, which is available under the MIT license, have so far got as far as simple crawling (the code is at github here).

That's a bit less than a complete worm simulation, but the researchers are trying to work from a bottom-up perspective. Rather than programming the known behaviours of a nematode into software, they're trying to create the creature on a cell-by-cell basis, in the hope that behaviours will emerge from the detail of the simulation.

With two weeks to go, the project has so far raised $US32k of its $US120,000 target. The OpenWorm site is here, and its Kickstarter page is here.

Continued here:
What's that PARASITE wriggling inside my browser?