Gerrit, an open-source project from Google, is a highly extensible and configurable tool for web-based code review and repository management for all projects that utilize the Git version control system.

It works to enable teams to discuss code, serve Git as an integrated experience within the larger code review flow, and manage workflows with integrated and delegatable access controls.

According to Google, Gerrit is an essential part of the development workflow for products that are developed with Git, including Android and Chromium.

With Gerrit, teams are able to discuss code and boost code fu by talking about specifics, serve Git as an integrated experience within a larger code review flow, and manage workflows with deeply ingrained access controls.

Additionally, users can read and discuss old and new versions of files with syntax highlighting and colored differences. With this, specific sections of code can be communicated about in order to ensure that the right changes are being made.

Gerrit also offers users Git-enabled SSH and HTTPS servers compatible with every Git client. This allows for the simplification of Git repositories by allowing teams to host several Git repositories together.

Furthermore, Gerrit Code Review can be extended and customized by installing server-side plugins. Source code for additional plugins can be found through the project listing.

For more information and to download the latest version of Gerrit, visit the website.

See more here:

SD Times Open-Source Project of the Week: Gerrit - SDTimes.com

Earlier this year Mozilla decided to stop development on its mixed reality browser. Rather than shuttering the project completely, it passed the source code to open source consultancy Igalia, which is using it to build the Wolvic browser. If youve been following browser and JavaScript development closely, then you may know about Igalia. Chances are though, youve never heard of them. Yet youre almost certainly using something that Igalia helped build.

That includes big-ticket items like CSS Grid and dozens of other improvements, optimizations and even foundational web features.

Igalia was involved in the arrow functions and destructuring that were standardized in ECMAScript 2015; major features now used universally. It worked on generators and the async functions in ECMAScript 2017, that offer cleaner, less verbose execution for what developers previously had to do with manual promise chains. It also worked on async await (which Igalia implemented in V8 and JavaScript Core for WebKit) and top-level await.

For BigInt, Igalia was involved in the spec and testing and implemented the feature in both SpiderMonkey and JavaScript Core. Igalia contributors are working on Class Fields, a long-awaited approach that will make plain JavaScript classes powerful enough to express the constructs developers currently need for internal proprietary class systems for, the universally adored Temporal replacement for the JavaScript Date field, and more speculative features like type annotations and erasable types. Its also on track to finally produce a MathML Core specification that browsers will adopt, resolving a process that predates the W3C.

Igalia is the premiere web standards consultancy and their mission is to improve the commons.

Rob Palmer, Bloomberg

In 2019, Igalia was the second largest contributor to both Chromium (after Google) and WebKit (after Apple), as well as a major contributor to Mozillas Servo. Igalia has contributed to many efforts in the web platform, including moving standards forward, implementing missing features, and fixing bugs that positively impact both web developers and browser users, the Microsoft Edge team told us when we asked how a browser maker views their work.

Its not just browsers. The consultancy is also involved with projects like Node.js and Wayland, and Igalias work also shows up on the Steam Deck because of its contributions to graphics libraries like Mesa and Vulkan.

But who is Igalia and how can it make such significant contributions to the web (and related platforms)?

Igalia is the premiere web standards consultancy and their mission is to improve the commons, said Rob Palmer, head of Bloombergs JavaScript Infrastructure and Tooling team and co-chair of the TC39 ECMAScript standardization committee.

Its not a typical consultancy and much of its success comes from how different it is: We are a worker-owned cooperative, explains Brian Kardell, a developer advocate at Igalia known for his work on the Extensible Web Manifesto and HitchJS. We have a flat structure. There are no bosses, there are no shareholders. Its our lives, our company and we want to work on something that is valuable. For Igalia, that means focusing on open source and free software almost exclusively, and on filling gaps: we try very hard to improve what we think are failures in the status quo and create a system that is healthier for everyone.

Although the company is based in Spain and the pay may not match Silicon Valley, being able to work fully remote on technology they view as significant allows Igalia to hire an almost unique combination of experts.

We have a flat structure. There are no bosses, there are no shareholders. Its our lives, our company and we want to work on something that is valuable.

Brian Kardell, Igalia

Because the mission is so attractive, you get top tier candidates, people who have worked directly on the engines for the browsers and other projects but choose to work for Igalia because they believe in that fundamental mission to improve the web and improve the commons for all, Palmer suggests.

Calling Igalia influential and well respected in the browser development community is almost an understatement. In recent years, a number of senior developers have moved to Igalia from the browser engineering teams at Apple, Firefox, Google and other projects, giving the company expertise in codebases like WebKit, Gecko, Servo, SpiderMonkey, V8, Chromium and Blink; along with excellent connections to those projects, often with commit rights and membership of organizations like Blink API owners (which makes decisions about which developer-facing features become available in Chromium).

That means Igalia has the technical ability to work on significant features (which isnt necessarily rare) and can also help get the code to deliver them into multiple browsers at almost the same time (which is rare).

Igalia brings expertise in standardization, Palmer explains. Consensus building, having the relationships and the expertise to engage and to make forward progress, which is a very tough thing to do in this world because were trying to get many disparate parties to all agree. But also, theyre not just doing the standardization, theyre also doing things like implementation and test: the full end to end story of what is required.

All the major web browser engines are open source and, in theory, anyone can contribute to the underlying projects. But not everyone can invest the necessary time; plus, those projects have a core group of maintainers who decide what code goes into them. For Chromium, the Chrome API owners have to agree that its something that largely fits the architecture and principles of the web, Kardell points out. Not every contribution would be accepted. But Igalias contributions almost always are.

We have expertise. We belong to all the standards bodies, we have good relationships with people in all the standards bodies, we belong to a lot of working groups with members who are actively involved and we do implementation work. We are core contributors, API owners, reviewers for all kinds of things in all those browsers, he explains.

Part of what attracts browser engineers with this level of expertise is Igalias funding approach, which avoids common problems of burnout and unsustainable business models, Kardell says.

Open source is great in many ways. You can take software and try it out, inspect it, you can mold it and fork it and help evolution happen. You can create a startup very quickly. There are all kinds of things I love about open source, but what I dont love is that it can become a source of burnout and non-compensation.

There are all kinds of things I love about open source, but what I dont love is that it can become a source of burnout and non-compensation.

Brian Kardell, Igalia

Igalia does work directly for paying clients, encouraging them to use open source and contribute the technology it builds to the commons. It also works with sponsors like Bloomberg, Salesforce and the AMP Project (which is part of the OpenJS Foundation). And most recently it experimented with fundraising from smaller organizations and individual web developers, to have the web community rather than a single paying client drive the implementation of a missing feature.

Even organizations that dont sponsor any work through Igalia welcome its contributions. We believe that the evolution of the web is best served through open debate from a wide variety of perspectives, and we appreciate the perspective that Igalia and others bring to standards discussions and the Chromium community, Microsoft told us.

A single organization might sponsor a feature but that ends up with something thats useful for a lot of web developers, even or especially when the different priorities of the browser makers mean there hadnt been significant progress before.

We helped unblock container queries, which was the number one ask in CSS forever, Kardell told us. We unblocked has(), which is now in two browsers. The has() selector had been in the CSS spec since 1988 and was also a top request from developers, but it was a complex proposal and so browser makers were concerned it would affect performance. Kardell tried to make progress on it in the CSS working group: every year or two I would say lets do something about this, its a big deal and we just could not make it happen.

When Eeyo, the company behind AdBlock, sponsored Igalia to work on it so they could use CSS for their rules, they were able to get past what he terms a nuclear standoff. With a little investment and research showing that it could work, and it could be performant, once we did that Apple said we can do that and they did it and in fact they landed it already.

Some browser engineers say that if it wasnt for Igalia, CSS Grid might not have become widely available.

Its a similar story with CSS Grid, which lets developers achieve much more advanced and custom layouts than Flexbox: Palmer calls it a huge feature thats loved by developers. But some browser engineers say if it wasnt for Igalia, it might not have become widely available. Microsoft started work on what became the original CSS Grid Layout specification, shipping the prefixed version in IE10 in 2012: Google started to add support for CSS Grid to WebKit in 2011 but then forked WebKit to create Blink in 2012, while Mozilla didnt adopt it because it was focused on its own XUL grid layout.

Bloomberg uses web technologies both for serverside operations and rendering on the Bloomberg terminal, which Palmer describes as a data-intensive real-time rendering system that really pushes the limits of Chromium; in 2013, it sponsored Igalia for a multi-year project to work on a new approach to CSS Grid, which it implemented in both Blink and WebKit.

Its in our interests, to truly become successful, for us to build amazing fast and rich applications for our users, Palmer told us. But when we can do more [with web technologies], the world can do more as a result. We run into bottlenecks that we find are worth optimizing that maybe not everyone runs into, and when we fund those optimizations, everyone benefits, because everyones browser goes a little bit faster.

If there is any uncertainty about whether there is demand, about whether everyone will step forwards together, we can help provide that push. We can say these two browsers are moving ahead [with a feature] because its the top of their priority list and this one is not, so we should fund the one that is behind, we should fill that gap. And by achieving that completeness, everyone moves forward.

He refers to the work Bloomberg and Igalia do as pipe cleaning a process, because it isnt just getting a new feature into browsers or the JavaScript runtime: Igalia also works on the toolchain required to use it and develops test suites to help drive interoperability between different browser engines. Sometimes it can also lead to more significant features in future.

BigInt in ECMAScript was a sponsored improvement that Bloomberg wanted for working with numbers bigger than can be expressed with IEEE double precision variables; BigInt means they can ergonomically pass those around. But the precedent of adding a new numeric type to JavaScript may make it easier to add the decimal numbers everyone uses in daily life. Bloomberg wants that because financial market data is often supplied as 64-bit decimal numbers, but it would also help any developer who finds simple arithmetic like adding up 0.1 and 0.2 (which doesnt equal 0.3 in any language that uses IEEE numbers) counterintuitive in JavaScript. This would solve one of the most frequently reported problems with the language, Palmer suggested.

Its clear how important Igalias contributions are to the web platform, but theres sometimes confusion over why they come from Igalia although the occasional misunderstandingor controversy is often for political rather than technical reasons. It may seem odd that, for example, both Google and the web community effectively pay Igalia to work on features in WebKit that Apple hasnt prioritized. While Apple has been hiring well-respected developers to expand the Safari team and is now adding key features after a period of underinvestment, its also salutary to note how many more web platform features (both experimental and stable) are unavailable only in Safari.

Historically, browser makers like Apple, Firefox, Google and Microsoft have acted as what Kardell terms stewards of the web, with pressure from the broader web community pushing them to implement W3C standards. But while the commons of the web has become fundamental to systems far beyond the browser, in everything from TVs to cars, adopting those standards is still completely voluntary.

Different browsers have their own different priorities and even the largest budget has limits.

Its not great that weve set up a system in which everything is dependent on the completely voluntary budget and participation of what is effectively three organizations. Its great that weve gotten it this far: its open and we have multiple contributors. But different browsers have their own different priorities and even the largest budget has limits.

With the web platform being at least as large and complex as an operating system, building a browser takes a wide range of expertise. Inevitably, even though browser makers want to be competitive by pushing the web platform forward (or at least not being the last browser to implement a feature), their priorities and commitments dictate what gets implemented and what doesnt.

The strength of the W3C is the breadth of who is involved beyond the browser makers there are over 500 members, although many are involved with a single working group rather than contributing broadly but that also leads to what Kardell characterizes as potentially long, difficult, incredibly complex discussions, that can take an extraordinary amount of time from your limited resources.

A lot of things just dont move forward because implementers are in the critical path, its completely voluntary, and its independently prioritized by them. Getting all those stars to align is really, really, really hard.

Thats the problem Igalia is so good at unblocking.

Most web developers care less about the priorities of individual browsers and more about not relying on features that arent supported across all browsers. Normally, Palmer notes, new features turn up in all the browsers and thats what makes things wildly adoptable and its easy to think that this is a natural flow a fountain of features where the platform just gets better and all by itself.

Actually, it takes a lot of hard work and funding and time: not just writing the code, but getting it reviewed, tested for compliance, put through QA and accepted into multiple codebases.

Its almost a superpower that Igalia has, says Palmer: to work across browsers and help everyone move forward in consensus-based lockstep.

Thats something individual browser makers, with their individual priorities and expertise in their own specific codebase, find difficult to do.

If you come to us and you have a reasonable case, if we think there is some there there that we can help you with, then you can pay us and we can help you, Kardell explains. We can be the implementor that you need to have to move the conversation.

Its almost a superpower that Igalia has, to work across browsers and help everyone move forward in consensus-based lockstep.

Rob Palmer, Bloomberg

Even if a feature is a high priority for all the browser makers, it can also be more difficult to implement a feature in one browser than it is in another: what it will cost to do it for Chrome isnt what it will cost to do it for Safari and isnt what it will cost to do it for Firefox, he notes. Standards require multiple implementations, which means a significant commitment from multiple browser makers, which is where some proposals get stuck.

The shortage of people with the deep expertise to build browsers results in the kind of nuclear standoff that held up has(), he explains. Where theres something thats going to be hard and potentially expensive and we dont know how valuable yet because we havent had the discussion, we just know we cant afford to do it because doing it means not doing something else. So it gets to where nobodys willing to be the first one to pull the trigger and you have these things that linger for lots and lots and lots of years. They cant get past go. But once someone gets passed go, suddenly people are like, okay, I guess were going to have to figure this out and Igalia plays that role sometimes.

In some cases, a feature is important for one particular use case like embedded systems and mainstream browser makers dont see it as a priority even though they would benefit from it.

While Apple controls the way WebKit powers Safari, WebKit-based browsers on PlayStation, Epiphany and embedded devices like smart TVs and refrigerators, digital signage and in-vehicle displays use WPE WebKit, which Igalia maintains. Appliance makers like Thermomix (which uses the embedded browser for the screen of its smart food processor) and set-top box manufacturers come to Igalia for help with it; and their investment has driven major improvements in Canvas and SVG hardware acceleration.

Despite having developed for the web since the mid-90s, even Kardell didnt expect JavaScripts Off-Screen Canvas to be relevant to him. The number of times that I have ever professionally programmed against Canvas is zero but I use Canvas every single day without realizing it and I have used libraries that use Canvas to do things. Maps, blob databases and Google Docs all use Canvas and the way Canvas blocked the main thread, so everything else in the browser was interrupted while you pan or zoom, might be bearable on a high-end device, but was a significant problem for performance on resource-constrained embedded devices. Fixing that improves the experience for everyone.

Thats a clear example of why prioritizing features in browser development is so hard, he suggests. When you ship Off-Screen Canvas, a whole bunch of the world will say: why dont you do this instead? This is clearly more important but the problem is its all the most important.

Rather than letting anyone buy a standard, sponsorship is a way to get responsible development of features that browser developers are asking for that involves collaboration and co-design with different browser makers and thorough testing with developers, without expecting developers to work for free.

Kardell understands the concern because he felt it himself before learning more about Igalia, but hes clear that it doesnt work like that. If we agree to work with you, its because we think theres a chance of us helping you do something valuable. What you can buy is us championing [your feature] and the priority of someone who has implementer experience and implementer credibility, who has the right skills and ability to help move that forward.

They dont just do anything that is asked of them: they consider the impact, whether it is good for the community, whether its the right thing for the platform, Palmer agrees.

Because all the work is open anyway, you cant just subvert it by saying I want my pet feature in the web platform. It always involves going through that consensus-building committee process.

In fact, this is an advantage of having an open ecosystem rather than centralized decision-making, he suggests. You can spin this either way. On one hand, you can say, why is the trillion-dollar company not moving things forward themselves? But the other way of looking at it is, wow, these browsers are open source and were able to contribute the features that we want.

This is the opportunity given by open source, lets celebrate that. Lets encourage more people to get involved and contribute, lets encourage more people to fund that style of development, because it means that then the priorities can be more and more set by the community and a large, wide base of developer interests.

Companies like Igalia can help bring attention to new customer problems that arent already being discussed by browser vendors.

Microsoft representative

Having Igalia work on a particular web feature doesnt guarantee that it will happen but its a signal to browser makers that the feature is worth taking seriously. Companies like Igalia can help bring attention to new customer problems that arent already being discussed by browser vendors, Microsoft told us.

In a way, Igalia can act as a filter for all the requests that browser makers get, Kardell suggests. The trouble with being at the core of everything in the whole world is that everybody can see very clearly the problem that they have, and they send it into the bucket but the bucket is the size of an ocean.

He also hopes the Open Prioritization experiment can help with highlighting what organizations like Igalia should work on. The idea came from the question: why do we need single, very, very rich companies to fund something? It would be great if we had diversity of funding that would help the web last, that would help it reach its potential.

That could be smaller companies or working groups or even individuals. It could be all of us or a few of us that sponsor the work and unblock it and make the thing happen, and then we control the priority.

Why couldnt a million developers democratically decide this is worth a dollar and if you collected a million dollars in funding, then you could do a million dollars worth of work and thats amazing.

Feature image via Shutterstock.

Read more here:

Igalia: the Open Source Powerhouse You've Never Heard of - thenewstack.io

By Olivier Maes, Co-Founder and Chief Revenue Officer, Baserow

According to Gartner, the no-code landscape is rapidly evolving, with 70% of applications leveraging no code tools by 2024. The no-code sector is democratising tech innovation within organisations by providing non-programmers with the means to use and create software tailored to their business needs. Unlike traditional software development, no code tools do not require expensive developers and have very low adoption ramp-up time as they are intended to be user-friendly for non-technical users. No-code tools also increase the productivity of DevOps teams as they focus on integrations or extensions rather than building applications from scratch.

With only 3% of the world population having the skills to write code and most business processes, services, or products being supported by an application, the tension between business and IT keeps growing as IT budgets are still mainly consumed to maintain existing systems.

Business units must be creative to keep up with time-to-market deadlines, productivity imperatives, and innovation pressure. And they need to address their applications needs without going through cumbersome IT processes. That is where no code comes into play.

Why does your business need no-code tools?

First, what are no code tools? No-code is a web application, or web app, utilising web browsers and web technology to perform different functions, allowing users to interact and take logical actions. These tools offer a visual app-building experience through their drag-and-drop interface. Then, the applications are developed on forms and reports, with options to automate workflows without requiring user coding. This means that the code is already written and optimised on the backend, and automatically configured as different modules and extensions are added to the application.

Here are some real-world examples to make this more tangible. Think about a manufacturing plant where digital boards replace paper wallboards with incident management, shift schedules, production schedules, and inventory. The data they need to manage the factory floor workers and processes can be visualised and stored in a no-code database built by the users to capture precisely the information they need.

Furthermore, inventory, product lifecycle, returns, customer support tickets and other business operations can all be handled with no-code tools involving a web frontend database and some backend automation process to eliminate repetitive manual work.

Here is another example. HR departments can capture recruitment applicants information through the company website, store the details, and process the steps in a no-code database to manage the hiring and onboarding processes.

Finally, marketing teams can employ no-code tools to manage multi-channel campaigns involving multiple stakeholders, content types, agencies, and distribution channels. Additionally, they can easily leverage the information to pull out insights to track the progress of their campaigns and KPIs. Today, modern organisations recognise that Excel Sheets need to be replaced with collaborative no-code databases and project management tools that can do precisely what the marketing teams want.

The list of processes that benefit from applications developed and maintained by the business units is endless, as every process in every company is specific.

So what are the tangible benefits of no-code applications:

Which tool is right for you?

No-code is transforming IT and business operations at a critical time. A growing developer shortage and increased reliance on IT teams for business success means more businesses and entrepreneurs have to revolutionise their advanced IT processes independently without the need for sophisticated, costly, and sometimes proprietary code. In the past few years, the no-code landscape has evolved and matured considerably, offering enterprises the next-level tool to manage every process step in their customer, partner, supplier, and employee journeys.

See below a recent no-code industry map that captures the tools which are Enterprise-ready:

Image source: Baserow

Here are the things to consider when deciding on the right tool for your business.

Extensibility and Customisation:

Applications built with no-code platforms are similar to manually-coded software because they are flexible, extensible, and scalable. Developers can create any plug-ins if their organisations code architecture supports it. There is an excellent opportunity for the users to leverage other available extensions and applications to meet their specific needs. For instance, the modular architecture of Baserow empowers developers to create their custom fields seamlessly.

Business Continuity and Security

If a company or public sector entity uses a no-code tool to collaborate on sensitive data or builds all sorts of processes around it, they do not want to risk losing any of that work or applications in the future. An open-source no-code software alleviates that risk as the source code is in our users hands forever. Combined with the option to self-host, many businesses will further benefit from eliminating vendor lock-in, which future-proofs their applications.

Innovation

The speed of innovation and the quality assurance from an open-source community goes well beyond the software vendors own developer teams. A strong user community with contributors is excellent for users who benefit from these new ideas and innovations from the broader knowledge and technical pool instead of spending the time and investment needed to develop their applications or plug-ins from scratch.

Data governance and compliance

When choosing a no-code tool, it is crucial to consider the Enterprise or Public Sector rules related to data governance, SAAS usage, and other aspects of data sovereignty. Still, many no-code tools are SaaS only and provided by US-based companies. That can be an issue for companies and governments with stringent data governance policies.

Read this article:

Why your company needs no-code tools to outpace your competitors - Global Banking And Finance Review

LOS ANGELES, Aug. 3, 2022 /PRNewswire/ -- The Academy Software Foundation the motion picture industry's premier organization for advancing open source software development across image creation, visual effects, animation, and sound technologies today announces OpenFX as its newest hosted project. First developed in 2004, OpenFX is a popular open source plugin standard that allows interoperability between image processing tools in the VFX industry.

Originally designed by Bruno Nicoletti, OpenFX serves as an open, extensible C API that defines an industry-wide common interface between image-based visual effects plugins and host applications. This makes it easier both for creative applications to support a variety of plug-ins, and for plug-in developers to support many host applications reducing proprietary development and industry fragmentation. By creating an interoperable ecosystem of plugins, OpenFX has become the reference standard for visual effects and video processing software creators. Leading software solutions including Autodesk Flame, Foundry Nuke, Blackmagic Design DaVinci Resolve and Fusion, Sony Catalyst and MAGIX Vegas Pro, Assimilate Scratch, Filmlight Baselight, Boris FX Sapphire and Silhouette, RE:Vision Effects, and others support OpenFX commercial plug-ins. By allowing the same plugins to run on multiple editing, video processing, and VFX applications with little or no modification, OpenFX makes it easier for artists to access a wider set of tools.

"OpenFX is the work of smart engineers who focused on developing a standard for interoperability in the image-based software ecosystem. We are very happy to welcome them to the Foundation," shared David Morin, Executive Director of the Academy Software Foundation. "In a world where interoperability is more important than ever, OpenFX will contribute to our growing community, and benefit from the resources of the Academy Software Foundation."

OpenFX has previously been managed by the non-profit Open Effects Association, which will dissolve. Its existing directors Gary Oberbrunner, Pierre Jasmin, Peter Huisma, Dennis Adams, John-Paul Smith will join the project's Technical Steering Committee at the Academy Software Foundation.

"We're very much looking forward to being part of the Academy Software Foundation and the added visibility and infusion of new ideas and contributors that go along with that," said Oberbrunner. "With the backing of the Foundation, we expect to be able to add new features more quickly, thereby enhancing the overall ecosystem for image-based VFX throughout the industry."

Currently on version 1.4, new features are already in the works for OpenFX version 1.5, anticipated for release later this year. Most notably, the team recently added an overlay draw suite so that the host application and the plugin can automatically negotiate and agree on the desired graphics API (e.g. OpenGL, DirectX, Vulkan, Metal or others).

Developers interested in learning more or contributing to OpenFX can visit https://tac.aswf.io/engagement/#OpenFX.

Companies interested in supporting the mission of the Academy Software Foundation can learn more and join at aswf.io/join.

About Academy Software FoundationDeveloped in partnership by the Academy of Motion Picture Arts and Sciences and the Linux Foundation, the Academy Software Foundation was created to provide a world-class home for open source software developers in the motion picture and broader media industries to share resources and collaborate on technologies for image creation, visual effects, animation and sound. The Academy Software Foundation is home to DPEL, MaterialX, OpenVDB, OpenColorIO, OpenEXR, OpenCue, OpenTimelineIO, Open Shading Language, rawtoaces and Rez. For more information about the Academy Software Foundation, visit https://www.aswf.io/.

Contact:Emily OlinAcademy Software Foundation(281) 380-9661

SOURCE Academy Software Foundation

Read more:

Academy Software Foundation Adds OpenFX Image Processing Standard as Newest Hosted Project - PR Newswire

Even as it is unclear as to what is the exact loss incurred due to the Solana hack, the reason behind it is still unknown. A huge hack in the Solana ecosystem affected over 8,000 wallets on Wednesday, draining out at least $8 million and counting. Assets in the form of SOL and USDC were withdrawn from the wallets by the perpetrators.

Responding to the attack, the Solana management said several engineers and security expert firms were trying to find the cause of the hack. One of the many theories being speculated is the possibility of aprivate key compromise. Meanwhile, Senor Doggo, a Twitter profile that goes with the name, said the hack was avoidable with a different approach. They said having an open source code could have helped the management figure out what went wrong with the hack.

Doggo added that the closed source code is not helping the cause of researchers trying to figure out the issue. The intellectual property protection was unnecessary as it is leading to loss of money, he said.

The Solana wallet hack demonstrates why it is irresponsible not to have open source code in crypto. Researchers have been working around the clock to discover what the issue is and cant because the code is closed source. Hundreds of millions lost due to unnecessary IP protection.

Earlier on Wednesday, the news of a security compromise on Solana led to a sharp fall in the assets price. From trading at around $41, SOL dropped to just over $38 within the space of an hour. However, the price has been steadily recovering since then. As of writing, SOL is trading at $40.31, down 2.38% in the last 24 hours, according to CoinMarketCap.

On the other side, assets stored in the hardware wallets are not part of the compromise. Solana said there was no evidence of any impact on hardware wallets. It said an exploit allowed a malicious actor to drain funds from a number of wallets on Solana.

The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.

Next Story

More:

Solana Hack Could Have Been Prevented With Source Code Change - CoinGape

You might remember that one month ago, the sole developer left working on open source VIA x86 graphics support for Linux intended to eventually mainline this OpenChrome DRM/KMS driver for the Linux 5.20 cycle. Even though Linux 5.19 is being published today and the Linux 5.20 merge window is now open, the OpenChrome DRM driver is still in the development stage.

For the Linux 5.20 merge window, the OpenChrome DRM/KMS driver has not yet been queued into the DRM-Next tree. According to the most recent activity on dri-devel as of this weekend, at least one more patch series revision is still required to resolve outstanding problems identified during the current v3 round of review. Before the code is integrated, the outstanding issues must be resolved.

Since they rarely pose a threat to present customers, etc., new drivers are occasionally submitted after the merge window has closed. There is still a potential that something similar will occur, but it is more likely that the OpenChrome driver will be delayed by at least one more cycle.

This OpenChrome DRM/KMS driver has been in development for more than ten years, albeit intermittently, and is intended to work with the VIA CLE266/KM400/K8M800/P4M800 Pro/PM800/P4M890/K8M890/P4M900/CX700/VX800/VX855/VX900 chipsets. Kevin Brace was the last developer actively involved in advancing open source VIA x86 graphics driver support. However, even as of 2022, this OpenChrome driver does not yet provide 2D or 3D hardware acceleration, therefore it is essentially adequate for kernel mode-setting and display functions.

The driver will only be loaded by default if the via.modeset=1 kernel option is passed and will be treated as experimental when it is finally integrated, at least until 2D acceleration is implemented.

See more here:

OpenChrome, An Open Source Driver, Is Not Yet Ready To Be Integrated Into Linux 5.20 - Open Source For You

From hijacked updates to compromised open source code, software supply chain attacks dont seem to be slowing down. Over the course of 2021, 62% of organizations faced attacks. Securing the supply chain can be challenging due to its many components and the numerous opportunities for exploitation from cybercriminals. Scribe Security, a cybersecurity company specializing in the software supply chain, is aiming to make security a standard thats easy to uphold.

Scribe is releasing a code integrity validator (Scribe Integrity) that verifies and authenticates proprietary and open source code. For developers, this will provide more transparency for ensuring code doesnt have any malicious components. In an interview with The New Stack, Scribe Security, CTO and founder Danny Nebenzahl said, Its not something in the current toolbox of DevSec. Unfortunately, in many areas, security does not come first.

Paired with Scribe Integritys release is an open source Github security project from the company. GitGat is a free policy-as-a-code tool whose features allow users to run reports that supply an overarching view of a business security position by using the OPA (Open Policy Agent) policy manager. Both products are in early stages but with the state of security in open source software, CEO and co-founder Rubi Arbel says the market is long overdue for these tools. Better security is crucial for open source technologys survival. If people dont trust open source, they wont use it.

According to Nebenzahl, Scribes approach to securing against open source and supply chain attacks is focusing on the artifacts. Regarding code with a neverending suspicion, Nebenzahl says, When an artifact is created, we tell it that its guilty unless it can prove otherwise. At that point, metaphorically, the artifact should collect evidence that will prove its innocence. Along that pipeline, policies can be evaluated.

What can be classified as evidence? Nebenzahl says it varies. Integrity of materials and processes or the final artifacts, proof that nothing was modified. It could also be things that have to do with processes, like did the right people sign off on what they needed to? It could have to do with the security of the factory are the gates locked? This evidence collection capability is a part of what Scribe calls their bottom-up concept. On the other side is the top-down description, where employees in higher roles can use insights from the data for compliance and other matters.

These insights are what connects the bottom-up and top-down approach. The DevSecOps guy is worried if the code was modified. The Cisco guy is more worried about Did we comply with the SDF? Which requires integrity and preservation along the pipeline, Nebenzahl said. Arbel weighed in to agree. The tools main goal is to give users the feeling of what integrity along the pipeline should look like. He continued, Suppose you have a Node project. How would verification of the pipelines integrity look if you had only two points, the beginning and the end including verifying the open source components?

The road to release was not easily traveled, Arbel says. Software integrity is inherently a difficult problem, but creating the technology behind Scribe Integrity was filled with roadblocks. The evidence collectors, or sensors as Arbel calls them, were a complex puzzle to solve. We had to develop sensors whose main task is to collect evidence that isnt being collected by anyone today. Its not just application logs of GitHub or Jenkins, its a new kind of data. We need to generate the data, collect it, and then transfer it to a secure place where we can run our rule engines on it. And thats the second challenge.

Deciding what is and isnt suspicious isnt always as easy as one would think for a machine. Arbel went on, Lets say that the data is metadata in the hash in a cryptographically hard signature. So now youve got it, but now you need to decide what is a normal process. What is an anomaly, and when the integrity changes, you need to understand if a certain specific change is legitimate or not.

Now that Scribe Integrity is ready for public use, Arbel is confident in the uniqueness of the technology. There is no good technology for software integrity today that were familiar with, especially one capable of doing it in an automatic way towards pipelines.

The open source bug spread pretty fast. Though its been an astronomical help in advancing technology, Nebenzahl says security tends to be an afterthought.

The open source movement, which started from more volunteering ecosystem, is now more business-oriented with business-related activities inside. What was driving it at first was community building, and now we are seeing Business and Technology building, he said.

While he acknowledged that it isnt a bad thing, Nebenzahl says users have to be mindful of the lack of security. Whoever is building an open source project has not committed currently to any security requirements, he noted. Hes not building a product, hes not giving a service. Hes just writing code. The requirements of security and regulation become irrelevant when you start using this technology. However, when it gets to real-world scenarios and in real products, or real companies that are liable, people scratch their heads and say, Hey, what about the security of these pieces?

Low-security oversight has been the cause of millions of dollars in hacker theft and the nail in the coffin for otherwise strong businesses. The developer community continues to see growth and change in the way code is shared, and its more necessary than ever to stay vigilant with the software supply chains security. As the open source community expands and attacks continue, prepare to see tools like Scribe Securitys at the forefront of the fight.

View original post here:

Scribe Security Releases Tools for Integrity Validation The New Stack - thenewstack.io

Involving everyone in security, and pushing crucial conversations to the left, will not only better protect your organization but also make the process of writing secure code easier.

Technology has transformed everything from how we run our businesses to how we live our lives. But with that convenience comes new threats. High profile security breaches at companies like Target, Facebook and Equifax are reminders that no one is immune. As technology leaders, we have a responsibility to create a culture where securing digital applications and ecosystems is everyones responsibility.

One approach to writing, building and deploying secure applications is known as security by design, or SbD. Taking the cloud by storm after the publication of an Amazon White Paper in 2015, SbD is still Amazons recommended framework today for systematically approaching security from the onset. SbD is a security assurance approach that formalizes security design, automates security controls and streamlines auditing. The framework breaks securing an application down into four steps.

Outline your policies and document the controls. Decide what security rules you want to enforce. Know which security controls you inherit from any of the external service providers in your ecosystem and which you own yourself.

As you begin to define the infrastructure that will support your application, refer to your security requirements as configuration variables and note them at each component.

SEE: Hiring kit: Data scientist (TechRepublic Premium)

For example, if your application requires encryption of data at rest, mark any data stores with an encrypted = true tag. If you are required to log all authentication activity then tag your authentication components with log = true. These tags will keep security top of mind and later inform you of what to templatize.

Once you know what your security controls are and where they should be applied, youll not want to leave anything to human error. Thats where your templates come in. By automating infrastructure as code, you can rest easy knowing the system itself prevents anyone from creating an environment that doesnt adhere to the security rules youve defined. No matter how trivial the configuration may seem, you dont want admins configuring machines by hand, in the cloud or on-premises. Writing scripts to make these changes will pay for themselves a thousand times over.

The last step in the security by design framework is to define, schedule and do regular validations of your security controls. This too can be automated in most cases, not just periodically but continuously. The key thing to remember is that you want a system that is always compliant, and as a result the system is always audit ready.

When properly executed, the SbD approach provides a number of tangible benefits.

Additionally, whether on-premises or in the cloud, make sure your security policies address the following vectors:

When it comes to the actual application development, be aware of the OWASP Top 10. This is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. It changes over time, but below weve compiled the 2022 top list of threats.

While its important for your developers to understand these threats (step one of the SbD process) so that they can identify proper controls and implement accordingly (steps two and three), its equally important that the validation activities (step four) are applied during and after the development process. There are a number of commercial and open source tools that can assist with this validation.

The OWASP project keeps an updated list of these tools, and even maintains a few of these open source projects directly. Youll find these tools mostly targeted at a particular technology, and the attacks unique to it.

No organization can be truly secure without mitigating the largest risk to security: The users. This is where account best practices come in. By enforcing account best practices, organizations can make sure their users dont inadvertently compromise the overall security of the system. Make sure as an organization you are following best security practices around account management:

In some industries or geographies, you will need to conform to additional security controls. Common ones include PCI for payments and HIPAA for medical records. Its crucial you do your homework, and if you find yourself subject to any of these additional security requirements, it may be worth contacting a security consultant that specializes in the particular controls needed, as violations often carry stiff fines.

Its important to remember that while organizations are the targets of cyber attacks, the victims are individuals: They are your customers; they are your employees; they are real people who have put their trust in you and your technology. Thats why its paramount that organizations lean into securing applications from the onset.

Reactive security measures will not succeed in todays fast paced digital environment. Savvy CIOs are taking a proactive approach, pulling security conversations to the left, involving the entire business and embedding best practices in every step of the software development lifecycle.

Read more:

Pulling security to the left: How to think about security before writing code - TechRepublic

What is Bittle?

Bittle is a DIY, servo-based robot dog from Petoi, controllable via Bluetooth, infrared and WI-FI. It comes disassembled in kit form (although there is a pre-built option available), and once assembled its remarkably agile, operating via remote control, via the app or via a number of different programming options (more on that below). You can run demo codes before writing your own, and its a great little tool to learn robotics with the open source software.

The robot is built on Petois OpenCat open source platform and features a customised Arduino board to coordinate movements. And, being open source, users can add on different smart sensors, accessories or even AI chips. After playing with Bittle for around a week, Ive found it to be a practical and engaging application for those keen to get into coding and/or robotics. Not to mention its great fun to build.

This is the build-it-yourself version of Bittle.

Bittle is a small robot, just a little bigger than your palm, and weighs in at just 290g. Its a versatile little gadget that can detect orientation and will even right itself, should it end up on its back (and it will). The highly customisable NyBoard (essentially Bittles motherboard) can support a whole host of additional hardware, including an intelligent camera module, sound sensor, light sensor, touch sensor, PIR Sensor and even an OLED display.

Bittle is the result of a crowdfunding campaign on Kickstarter back in 2020, when it smashed the original target of $50,000, raising instead just over $500,000.

For more tech inspiration, browse our ultimate list of cool gadgets, or, if youre keen to dive into the world of coding, why not check out our round-up of the best coding toys for kids.

Think of servos as tiny motors. But unlike motors that continuously turn over, servos can be precisely manipulated so that you can adjust limbs by the merest fraction. Servos are commonly found in robotics, as they are small, powerful and easy to program. Nine servos are used to actuate Bittle; eight for the walking joints and one for head panning.

Open source software (OSS) is a type of computer software with a source code that can be seen, modified, or enhanced by anyone. OSS is a non-propriety software that is publicly accessible, and the code can also be distributed to anyone, and for any reason.

Source code is essentially a set of instructions that a programmer uses, and its usually written in plain text.

Building the robot can be accomplished in as little as around 30-60 minutes. However, if you dont fancy putting it together yourself theres also a pre-built option you can buy, although I found that building Bittle was very much part of the fun.

The design has been modified since the original version was released in 2020. Now, the body chassis comes fully assembled, with the neck already fixed in place. Gone also are the seven RGB LEDs on the NyBoard, and although useful for debugging, theyre covered up (for the most part) by the bodyframe cover. The legs too, have had a modification; gone are the days of breaking your fingers trying to get the shock-absorbent springs in place. Instead, the legs only require you to install the servos and secure them with the self-tapping screws.

This, however, does bring me onto a minor gripe with the design; the included screwdriver is simply too small. Its near impossible to get enough leverage to fasten the screws all the way. And, being self-tapping screws, they require more pressure to fasten them into the robot. I had success using both a standard-sized Phillips screwdriver and an electric one.

The battery fits easily into the bottom of the bodyframe and slides up and down a pre-cut channel. This is particularly useful for changing batteries or shifting the centre of mass if you decide to opt for the add-on components (as the heavier, chunkier part of the battery is on the front). For reference, the cable comes out the back of the battery, and loops around so that the connector is facing towards the front.

The first step in the construction process is to attach the servos to the lower leg pieces, paying attention to the direction of the cables.

Bittle uses nine P1S micro servos (eight for the walking joints and one for the neck) specially designed for Bittle, plus a spare. Having this many servos drastically increases the versatility of movement that can be achieved, and each has a controllable angle of 270, which is very welcome in a robot at this price point.

The general construction process begins with slotting four long-cable servos into the lower leg pieces, then fixing them into position with the self-tapping screw; own screwdriver is recommended. A short-cable servo forms the neck joint, slotting into the head and securing as before. Once the neck servo is in place, the head can be popped on and off the main frame of the robot with ease.

With the battery removed, you can slot the four short-cable servos easily into the bodyframe to create Bittles shoulders.

Four short-cable servos are used for the shoulders and slot easily into position on the bodyframe. Once youve secured these with the screws, the cables on the legs and head are easy enough to feed through the body. It does get a bit fiddly at this point as there are lots of wires hanging loose, so its important to keep them as organised and tidy as possible.

The NyBoard is on the right of this picture, and you can see the infrared sensor that Ive pulled out (compare this to the picture above, where the sensor is not pulled out).

Theres a small infrared sensor at the rear of the NyBoard, which needs to be pulled down before attaching it to the body. Its just wire and unfolds easily, although I was careful not to ding it too much.

Make sure that you keep your cables neat so that the NyBoard has room to slot on top.

After that, its just a case of connecting the servos to the correct pin set on the NyBoard. Once all the servos are connected, its important to tuck the cables away neatly so that the NyBoard can be screwed onto the pillars.

Bittle with the NyBoard fitted, ready for the upper leg pieces.

The last thing that youll need to do before calibration, is to attach the upper leg pieces to complete the model. Youll need to do this as precisely as possible, and I found I needed to make several adjustments before I was happy.

Before you start making Bittle do tricks, it will need to be calibrated. There are three ways to calibrate Bittle: through the mobile app, through the desktop app or through Arduino IDE. The easiest (and quickest) way to do this is via the app, and I recommend calibrating via the app if youre pushed for time.

But be warned: whichever method you choose to calibrate Bittle, its a fiddly process!

I decided to calibrate via the app, which is compatible with both iOS and Android. Plug in the blue-coloured Bluetooth adaptor to the six-pin socket on the NyBoard, connect the battery and long-press the button on the back to turn it on. Try not to jump as Bittle suddenly comes to life and in my case, flailing limbs all over the place.

Youll need to calibrate each of Bittles joints separately. Its a fiddly process, but the Petoi app will guide you through it.

After it calms down, youll need to calibrate each joint separately. The aim is to fine-tune the position of each servo so that the limbs move smoothly during operation, and the robot doesnt fall over.

Although fiddly (and it does take a while to get right), the process itself is relatively straightforward.

This is the calibration pose. You can see that the front left limb is not perfectly at a 90 angle and needs to be calibrated further.

The app will display an image of Bittle, showing each of the nine servos in position. Select each servo in turn (by tapping on the image) and adjust the angle of that joint using the plus or minus buttons on the app. Youre aiming for a perfect 90 angle for each of the legs, and theres an L-shaped calibration tool (essentially a set-square) in the box to help you.

Once you think its calibrated, use the commands to instruct Bittle to stand and rest (lie down). The real test comes when you instruct it to walk. If it doesnt walk straight, walks in a circle, or falls over when walking, then one (or more) of the legs is not at a perfect 90.

Unfortunately, youve only got your eyes as a way of determining the angle, the app doesnt tell you. Although fiddly, once I was happy with the calibration, I actually found that I enjoyed the process.

Once youre happy that you dont need to make any further coarse adjustments (taking the limbs off again), youll need to lock the legs in place using the flat head screws. After that, youll need to pop the cable cover off the lower leg piece, before hiding the remaining loose wires inside the leg.

As far as the electronics go, Bittle is powered by NyBoard V1, which is a customised Arduino Uno board, with sockets for external modules. It can drive up to 12 pulse width modulation (PWM) servos, and an IMU (Inertial Measurement Unit) is used for balancing. When Bittle is turned on, you can see the IMU in action when you tilt Bittle to one side; his face and limbs will turn towards you!

Like the software itself, the operation of Bittle is flexible. There are multiple methods available to give you control of your new friend, depending on your experience level and the time you have available. For immediate use straight after building (or taking out the box if you bought the pre-built version), then it comes with a standard infrared remote control.

Alternatively, you can use the mobile app Petoi or the Petoi desktop app. If youre keen to dive into the world of coding or hone your skills further, then it also uses Arduino IDE (essentially a text editor for writing code) and Python, one of the most popular programming languages (often used to build websites and software and to automate tasks).

Its also compatible with Raspberry Pi, a credit card-sized computer that plugs into the NyBoard and allows Bittle to analyse more data even make decisions by itself. But if you dont fancy writing your own code, you can download demo codes from GitHub.

The basic control panel for Bittle in the Petoi app is clean and simple to use

Using the app you can have full control over the robot, and you can even create your own customised commands. From the off, you can instruct Bittle to step, crawl (very cute), walk or trot. There are two pre-set speed settings, fast and slow, with directional arrows to control Bittle like you would a drone, or remote control car.

There are also a number of pre-programmed controls, including stand, rest, sit, stretch, say hi, hip up, push up and play dead. You can even make Bittle raise his back leg and pee.

The app is clean and straightforward to use, although you do need to reconnect Bittle every time you turn it on.

Bittle in the stand pose

Bittle in the sit pose

Bittle in the stretch pose

Bittle in the rest pose

The build quality of Bittle is surprisingly sturdy. According to the manufacturers, an assembled Bittle can support the weight of an adult standing on its back although Im not quite that brave to test that particular claim!

Bittle is made with high-strength, injection moulded 3D interlocking parts, so there are only a handful of screws in the whole robot. As the screws that you install as part of the build process are self-tapping (that means they cut a thread into the plastic as youre screwing them in), once assembled its a solid little thing. And it feels it, too.

The tail is made from silicone, which provides a nice little bounce when the robot is in operation, and the NyBoard cover helps add crossbody support.

The exception to this is perhaps the head itself, and the head attachment feels a little flimsy compared to the rest of the robot. However, Ive not had any problems yet time will tell.

Everything considered, I really like Bittle. Its the sort of gadget that the more you use, and the more you dive into the coding side of things, the more youll get out of it. Going by the plethora of complaints in the community regarding the difficulty assembling the legs in the first iteration, the tweaks that Petoi have made to the build-it-yourself model are certainly for the better.

If youre just after a remote control dog and youre not fussed about coding, with a 300 price tag Bittle is probably not worth the investment. However, as a STEM learning tool, or for anyone interested in robotics and programming, Bittle is a fantastic little gadget, especially when you consider the variety of additional hardware.

Bittle is advertised for ages 14 and up, and although the build is fairly straightforward for bright children, the coding element makes it better suited for adults, or older teen tech enthusiasts.

If youre after cute, its hard to beat the iconic Vector robot from Anki. Powered by AI and advanced robotics, Vector is alive and engaged by sight, sound, and touch. Vector can independently navigate and self-charge, but does require a compatible iOS or Android device, as well as the free Vector app for set up only.

Vector is a curious and attentive companion, who will answer questions, take pictures, and even time your dinner with the built-in Amazon Alexa.

Using an HD camera, he can identify people, see and remember faces, and navigate his environment without bumping into objects (or pets). Hes also got a powerful four-microphone array for directional hearing and communicates in a unique language made up of hundreds of synthesised sounds.

If youre a fan of Raspberry Pi, then the Freenove Robot Dog Kit could be a nice open source alternative. Like Bittle, it requires assembly, although the design is somewhat less polished. Its controlled wirelessly by your Android phone or tablet, but the actual Raspberry Pi and battery are sold separately.

The ELEGOO Smart Robot Car V4.0 has the added bonus of a camera, something that Bittle doesnt have as standard. This robot car is another DIY robot that requires assembly, and like Bittle, runs on Arduino IDE.

It has multiple different modes, including auto-go, infrared control, obstacle avoidance and line tracking modes. In each mode, you will learn how to load programs and command the car to run as instructed. It is, however, significantly bigger and heavier than Bittle, measuring 26.3 x 14.5 x 8cm and weighing in at 1,140g, but is less than a third of the price of Bittle.

Read more reviews:

Read the original:

We test out Bittle, a pet robot dog that will teach you how to code - review - BBC Science Focus Magazine

DevOps company JFrog Ltd. delivered solid second-quarter financial results today, beating Wall Streets expectations, but its stock fell slightly in after-hours trading when it offered guidance for the next quarter that was only in line with analysts targets.

The company reported a net loss of $23.7 million for the period, amounting to a loss before certain costs such as stock compensation of two cents per share. Revenue came to $67.8 million, up 39% from a year earlier. Wall Street had been targeting a loss of three cents per share on sales of $65.5 million.

JFrog is a provider of software developer tools, best known for its open-source binary repository manager Artifactory. The offering is somewhat similar to GitHub, which is used by developers to store their code. But it caters to a different part of the development lifecycle, storing the binary files that are created when engineers compile code into a functioning program.

The JFrog Platform also includes JFrog Pipelines, a continuous integration and continuous delivery platform. Its used to create automated software workflows that transform raw code into binaries before deploying them automatically.

JFrog co-founder and Chief Executive Shlomi Ben Haim (pictured) said revenue from the companys cloud offerings accelerated on a sequential basis, showing the importance of hybrid and multicloud DevOps among big enterprises.

We believe that our success in the second quarter provides further validation that the JFrog platform is the backbone of their software supply chain, Ben Haim said. We remain laser-focused on making our Liquid Software vision a reality.

JFrog said its cloud revenue grew by 68% from a year ago, to $19.2 million, representing 28% of its total sales. That suggests its cloud offerings are growing in importance, because cloud accounted for just 24% of sales one year earlier.

The company showed plenty of other positive growth metrics too. Its net dollar retention rate, which is a measure of its ability to retain customers and the revenue they provide, ended the quarter at 132%. Meanwhile, customers that deliver at least $100,000 in annual revenue grew to 647, up from 415 one year earlier. Of those, 36% have adopted the complete JFrog Platform, as opposed to just 32% a year ago.

For the third quarter, JFrog said its anticipating earnings of between a penny loss and a penny profit, and revenue of $70.5 million to $71.5 million. Thats more or less in line with Wall Streets forecast of a penny profit on sales of $70.9 million.

JFrogs stock slipped just over 1% on the report, having made gains of more than 5% in the regular trading session.

Continue reading here:

JFrog's revenue jumps almost 40% as it beats Wall Street's expectations - SiliconANGLE News