Category Archives: Open Source Software

The US Government’s Tenuous Relationship With Open Source

Posted on by

By Jack M. Germain 11/12/14 5:45 PM PT

The amount of open source software used by the U.S. government might well be one of the biggest secrets in Washington. Not even purveyors of FOSS, as in free and open source software, know the extent of federal agency adoption of nonproprietary software.

Some in the Beltway Loop contend that open source is very prevalent. Others suggest that open source is avoided because its code is exposed for anyone to see.

One thing seems very sure, however. Most government agencies cling to well-known commercial software for desktop services. However, server-side and specialized software is a mixture of contracted code and community packages promulgated on Github and other open source software repositories.

Just how passionately government agencies support and use open source software may be a question nobody has bothered to pursue. For example, OpenSource.com claims that the U.S. government has directed that open source projects are to be considered equally with proprietary products -- but no government guidance is offered for carrying out that directive.

"The involvement varies. A lot of the initiatives for using open source takes a cultural change," Steve Wallo, chief solutions architect for Brocade Federal, told LinuxInsider.

Some agencies look at open source for a particular mission. Others look at open source for large scale deployment. So OSS adoption on the federal level is at different stages, said Wallo.

Some of the largest U.S. agencies are known users of open source. For instance, the U.S. Department of Veterans Affairs often is cited as one of the largest federal users of open source software. If accurate, that would be a significant investment in OSS. The VA is the second largest agency of the U.S. federal government.

Take MongoDB, for instance. This open source next-generation database has a broad list of government customers, according to Will LaForest, Senior Director of MongoDB Federal. That customer base includes the intelligence community, the Defense Department and civilian agencies in healthcare, finance and energy.

"There is actually quite a bit of variation within the government. Some favor OSS as a policy, others "permit" OSS, and some are not open to it at all," LaForest told LinuxInsider.

Continued here:
The US Government's Tenuous Relationship With Open Source

Coverity Security Report: Open source projects severely in need security programs

Posted on by

In todays IT environments, security has become a major concern. Despite recent reports of software vulnerabilities in open source code, including Shellshock, the OpenSSL Heartbleed and GoToFail, companies still prefer to use open source software.

But, open source developers dont always adhere to best practices when it comes to security such as conducting regular security audits and using static analysis, found Coverity Inc.s Spotlight report. The Coverity Scan Security Spotlight identifies several common defects and exposures (CVEs) in open source code, and identifies that the GoToFail vulnerability could have been detected in the scan.

The provider of application development testing added its Security Advisor to the Coverity Scan service, which resulted in the discovery of almost 4,000 defects. Almost 2400 of these were high severity defects, followed by 1330 low severity and 260 and so medium severity.

The Coverity Scan service analyzed several hundreds of millions of lines of code from more than 1,500 open source projects including C/C++ projects such as NetBSD, FreeBSD, LibreOffice and Linux, and Java projects such as Apache Hadoop, HBase and Cassandra.

The scan also detected 688 Open Web Application Security Project (OWASP) Top 10 issues in 37 open source projects, including big data, network management, and blog server projects. The top 10 issues found on the scan are injection, broken authentication and session management, cross-site scripting (XSS), insecure direct object references, security misconfiguration, sensitive data exposure, missing function level access control, cross-site request forgery (CSRF), using components with known vulnerabilities, and unvalidated redirects and forwards.

The road to application quality and security starts in development, said Zack Samocha, senior director of products at Coverity. With three major security issues related to open source code defects this year, its imperative that open source developers design code security into their projects starting as early as possible

That means utilizing security experts to help, adds Samocha. Vulnerable areas in code arent always immidiately obvious and how attackers will use them is even less obvious at the developer level. Most code bugs dont even become a problem until code is being executed in production; after its released from the sanitary world of the development environment.

The solution: regular security audits and in-depth vulnerability exams that try to suss out the problems before theyre exploited.

There have been several highly publicized open source vulnerabilities this year alone, including Heartbleed and Shellshock. Those two flaws impacted a large number of users because of the widespread implementation of open source software.

Coverity introduced its monthly Coverity Scan Project Spotlights due to high demand for the annual Coverity Scan Report and the insight it provides into the state of open-source software quality. The Coverity Scan Report has become something of a standard for measuring the state of open-source software quality.

Original post:
Coverity Security Report: Open source projects severely in need security programs

Microsoft Open Sources .NET, Saying It Will Run on Linux and Mac

Posted on by

Satya Nadellas rapid reinvention of Microsoft continues.

In yet another bid to make up lost ground in the long march to the future of computing, Microsoft is now open sourcing the very foundation of .NETthe software that millions of developers use to build and operate websites and other large online applicationsand it says this free code will eventually run not only on computer servers that use its own Windows operating system, but also atop machines equipped with Linux or Apples Mac OS, Microsofts two main operating system rivals.

We want to have a developer offering that is relevant and attractive and valuable to any developer working on any kind of application, says S. Soma Somasegar, the 25-year Microsoft veteran oversees the companys wide range of tools for software developers.

With the move, Microsoft is embracing the reality that modern software and online services run atop a variety of operating systemsand that Windows no longer dominates the market the way it once did. At least tacitly, the software giant is acknowledging that so many businesses and developers now choose to run their software atop computer servers loaded with the open source Linux operating system, which, in recent years, has evolved in ways that Windows has not. Most notably, it offers whats called containers, a new means of streamlining the way applications are built and operated.

Today, people who are stuck on the .NET platform have to use a server environment that doesnt have what Linux does, says James Watters, who, at a company called Pivotal, works hand-and-hand with a wide range of developers and companies as they build large online software applications. Theyre stuck with a generation-behind technology.

For Watters, Microsoft has ample ground to make up. But in opening sourcing whats called the .NET Core runtimefreely sharing it with the world at largethe company at least gives itself a fighting chance as it seeks to maintain a hold on the way the world builds and runs software.

In theory, an open source .NET that runs on Linux and Mac OS will expand the use of Microsofts developer tools. Then the company can pull in revenue through other channelsthrough premium versions of its developer tools and through its cloud computing service, Microsoft Azure, a means of building and running software without setting up your own servers.

The move is just the latest in a long line of rather large changes Microsoft has made since Nadella took over as CEO in Januaryall with an eye towards the rise of rival operating systems and open source software. The company now offers free versions of its Office applications for Apple iPhones and iPads. It provides a free version of Windows for phones and other small devices, hoping to catch up with Googles open source Android operating system. And it says that the next version of Windows for computer servers will run Docker, a hugely important container technology that was originally built on Linux.

All this seemed unlikely under previous CEO Steve Ballmerand all can help Microsoft find new relevance in the ever-changing world of online computing.

Among developers and businesses building websites and other large online services, .NET is one of the primary competitors to Java. Its widely used among companies that rely heavily on Microsoft software the company says .NET was installed more than 1.8 billion times over the last yearbut according to most estimates, Java is still the more popular tool. And many consider it the more powerful.

Excerpt from:
Microsoft Open Sources .NET, Saying It Will Run on Linux and Mac

Sourcefabric signs Australian news agency AAP to open source project

Posted on by

Prague, Czech Republic (PRWEB) November 12, 2014

Open source software developer Sourcefabric has signed Australian Associated Press to help develop an end-to-end news creation, production, curation, distribution and publishing platform.

The two parties are inviting other news publishers to participate in the project, called Superdesk.

Through Superdesk, AAP aims to better equip its editorial operations amid increasing cost pressure and ever-growing demands for innovative digital products and services.

AAP editor-in-chief Tony Gillies said, Over the past 10 years, our existing editorial platform has proven increasingly inflexible. The time is right for some true innovation in this area and we believe that Sourcefabric will set us on the right path.

Sava Tati, Sourcefabric managing director, said he was thrilled to be partnering with Australias national news agency.

Tati described the partnership as a great opportunity for Sourcefabric to showcase the power and flexibility of open source software to news and media organisations worldwide.

Sourcefabric is ready to serve as the custodian of the new code base for journalism, which will be open source, he said.

About Superdesk

Superdesk is a native editorial system for managing workflows and production in traditional, digital and converged news organisations. It has been designed specifically to be scalable to suit news operations of any size, and its modular approach makes it easily extensible without requiring rewrites of the base code.

Read more:
Sourcefabric signs Australian news agency AAP to open source project

Groupon backs down from GNOME over trademark, will change product name

Posted on by

GNOME.org

UPDATE: Groupon has decided touse a name other than "Gnome" for its tablet platform for merchants. "After additional conversations with the open source community and the Gnome Foundation, we have decided to abandon our pending trademark applications for 'Gnome,'" the company said. "We will choose a new name for our product going forward."

Our original story follows:

The foundation that runs the open source software project GNOME has accused Groupon of infringing its registered trademark with a new product called Gnome, and it's trying to raise $80,000 in donations to oppose Groupons trademark applications.

Groupon told Ars that the company is willing to find another name if it cant reach an acceptable compromise with the GNOME Foundation.

GNOME, a desktop environment for Linux-based operating systems, was created in 1997 as the GNU Network Object Model Environment. The acronym is no longer used, but the project name is still stylized in all upper-case letters. Its had a registered trademark since 2006 for downloadable computer software for creating and managing computer desktops, software for graphical user interfaces, word processing, database management, use as a spreadsheet, and for software tools and libraries that can be used to develop other software applications.

Groupon, a deal-of-the-day website, recently launcheda tablet platformfor merchants with the name, Gnome. The hardware and software can be used by businesses to "instantly recognize theirGrouponcustomers as they enter their business, seamlessly redeem Groupons, and save time and money with a simple point-of-sale system and credit card payment processing service." This is what it looks like:

The people at the GNOME Foundation were not happy about this, and they say theyhavent been able to convince Groupon to pick another name. In an announcement today, the GNOME Foundation said:

Recently Groupon announced a product with the same product name as GNOME. Groupons product is a tablet based point of sale operating system for merchants to run their entire operation." The GNOME community was shocked that Groupon would use our mark for a product so closely related to the GNOME desktop and technology. It was almost inconceivable to us that Groupon, with over $2.5 billion in annual revenue, a full legal team, and a huge engineering staff would not have heard of the GNOME project, found our trademark registration using a casual search, or even found our website, but we nevertheless got in touch with them and asked them to pick another name. Not only did Groupon refuse, but it has now filed even more trademark applications (the full list of applications they filed can be found here, here, and here). To use the GNOME name for a proprietary software product that is antithetical to the fundamental ideas of the GNOME community, the free software community and the GNU project is outrageous. Please help us fight this huge company as they try to trade on our goodwill and hard-earned reputation.

As noted earlier,a Groupon spokesperson told Ars that the company is willing to compromise. Groupon is a strong and consistent supporter of the open source community, and our developers are active contributors to a number of open source projects, Groupon said. Weve been communicating with the Foundation for months to try to come to a mutually satisfactory resolution, including alternative branding options, and were happy to continue those conversations. Our relationship with the open source community is more important to us than a product name. And if we can't come up with a mutually acceptable solution, we'll be glad to look for another name.

Visit link:
Groupon backs down from GNOME over trademark, will change product name

Groupon ignores 17 years of open source history, tries to trademark Gnome

Posted on by

Groupons getting into the point-of-sale game with a tablet-based system to rival Square. Theyre calling it Gnome, and they want to trademark the name which doesnt sit well with the GNOME project.

Grab a dictionary (or hit up Google), and its easy enough to see why Groupon feels like Gnome is a good name for their point-of-sale terminal. In the fantasy world, gnomes sometimes look after epic underground piles of treasure. Its also used as a label for experts in banking monetary matters (the gnomes of Zurich).

Still, for Groupon to ignore the 17-year history of the GNOME project and the highly popular desktop environment it produces is a slap in the face for supporters of free and open source software. Theyre also ignoring the fact that the project already has a trademark on GNOME, and have had it for the past eight years.

And theres still one more thing theyre ignoring: this blog post on their very own website. Its titled Sharing is Caring, and its all about how much Groupon loves open source and how important and amazing the people who contribute to open source software are. In their defense, that post was published a whole month ago, so its possible that they just forgot about how much they cared about the open source movement over the past four weeks.

GNOME supporters are not at all pleased by Groupons move. We are outraged that Groupon would attempt to insinuate that its proprietary software and products have anything to do with the GNOME community, said Andrew Lee of Private Internet Access.

Groupon has countered with a new blog post. In it, they claim that theyve been communicating with the GNOME for months to find a mutually satisfactory resolution, adding that theyll gladly look for another name if they cant work things out because, well, they love open source.

Now, if thats actually true, you wouldnt think that GNOME would need to go out looking for donations for a legal defense fund. No, the fact that theyre doing just that makes it seem as though mutually satisfactory really means Groupon will take the Gnome trademark and GNOME can slink off into a corner and figure out another way to brand their 17-year free software legacy.

GNOME figures theyll need around $80,000 to formally oppose Groupons first set of ten trademark applications. The good news is that if their legal team doesnt need all the money itll go toward furthering the GNOME project. Head on over and kick in a few bucks if you can.

Update: That was over in a hurry. After lengthy discussions with the open source community today (which no doubt involved a lot of shouting and fist shaking), Groupon decided to back down. Theyre officially looking for a new name and no, its not going to be Electronic Monetary And Coupon System or something like that.

See the article here:
Groupon ignores 17 years of open source history, tries to trademark Gnome

Hortonworks nears a Hadoop IPO: Open source software company files to raise $100 million

Posted on by

Hortonworks, which develops and supports open source distribution of Apache Hadoop for enterprises, filed on Monday with the SEC to raise up to $100 million in an initial public offering.

Hadoop is used for distributed storage and processing of data using clusters of commodity servers. Apache's open source Hadoop software framework was developed in the 2000s with major investments from Yahoo! ( YHOO ). Hortonworks was formed in 2011 when Yahoo! spun off its Hadoop engineering team with backing from Benchmark Capital.The company notes that Microsoft ( MSFT ) is its largest customer, representing over 20% of year-to-date revenue.

The Palo Alto, CA-based company, which was founded in 2011 and booked $52 million in support and services revenue for the 12 months ended September 30, 2012, plans to list on the NASDAQ under the symbol HDP. Hortonworks initially filed confidentially on June 27, 2014. Goldman Sachs, Credit Suisse and RBC Capital Markets are the joint bookrunners on the deal. No pricing terms were disclosed.

Investment Disclosure: The information and opinions expressed herein were prepared by Renaissance Capital's research analysts and do not constitute an offer to buy or sell any security. Renaissance Capital, the Renaissance IPO ETF (symbol: IPO) or the Global IPO Fund (symbol: IPOSX) , may have investments in securities of companies mentioned.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of The NASDAQ OMX Group, Inc.

See more here:
Hortonworks nears a Hadoop IPO: Open source software company files to raise $100 million