The Git Down – Issue 1

The Git Down – Issue 1

A Distilled View of the Week’s Most Important Open Source Developments

Issue 1 – May 29, 2017

This weekly selection of gems from the Bazaar is brought to you by Realitech, the letters AoP and the number 42.

Intel’s Embedded Security Flaw

Embedded software is great, except when it exposes your hardware infrastructure to light’s off security flaws that bypass any OS installed on the server. And the recently discovered flaw in Intel’s Active Management Technology (AMT) appears to be getting worse as experts look into it…

Exploits allow attackers access to this hugely critical hardware management interface without requiring a password. This highlights both the risk of embedded software and the cost of updating. Users with a large installation base will be burning the midnight oil discovering, patching and auditing this flaw.

From a trust standpoint, Intel have work to do, as it’s taken them a long time to patch a known severe bug.

https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/

Projects

MariaDB Gets $27M from the EIB

MariaDB Corporation, the company that develops solutions and contributes to the open-source MySQL fork managed by the MariaDB Foundation, has raised €25 million ($27 million) from the European Investment Bank (EIB)

It’s part of a bigger strategic push by the European Commission, under its Investment Plan for Europe, to increase investment in European businesses. Sometimes referred to as the “Juncker Plan” after EC president Jean-Claude Juncker, who introduced it in 2014, the target has been to invest at least €315 billion ($344 billion) in European businesses between January 2015 and December 2017.

With Brexit underway, presumably UK companies are no longer going to have access to that fund. Would certainly be of interest!

https://techcrunch.com/2017/05/08/open-source-database-developer-mariadb-picks-up-27m-from-the-eib/

The Chinese Arrival .. Alibaba’s RocketMq .. now an Apache incubator

Furthering their recent push into spaces more traditionally occupied by Amazon, Google and Microsoft, Alibaba are releasing some of the code that makes their platform tick. Not only is RocketMQ a compelling Message Queue  with some impressive benchmarks, it’s also an interesting window into Alibaba’s foray into Open Source software and collaboration with the Apache foundation. Expect to see more interesting software from them in the near future as they push both their software and cloud compute offering.

https://github.com/apache/incubator-rocketmq

….and

Weex

A framework for building Mobile cross-platform UIs. Different from a “web app”, “HTML5 app”, or “hybrid app”, you can use Weex to build a real mobile app. The code that you write is relatively simple,

https://weex.apache.org/

Open Source Business

An interesting pair of articles discussing the challenges of monetizing Open Source software. They both touch on the major issues faced by commercial Open Source software, and discuss whether the different models even have a future. Essentially they posit that another Open Source company the size and profitably of Red Hat will be rare outside of certain systemic applications. However, there seems to be plenty of scope for small to medium sized Open Source companies to thrive, and tellingly it appears that enterprise customers are now starting to insist on Open Source solutions. Another salient point appears to be that to succeed then Open Source companies need to engage in both the sales and marketing process early.

  1. https://siliconangle.com/blog/2017/05/06/open-source-software-startups-still-struggling-reach-escape-velocity/
  2. https://siliconangle.com/blog/2017/05/01/great-open-source-software-debate-model-future/

Snowden Advocates the Need for Open Source and OpenStack

NSA whistleblower Edward Snowden says that open source and OpenStack can help users avoid the silent vulnerability of things they don’t control or influence.

http://messaging.eweek.com/security/snowden-advocates-the-need-for-open-source-and-openstack

A federal court has ruled that an open-source license is an enforceable contract

In a potentially far reaching legal decision the GPL (Gnu Lesser Public License) has been found to be enforceable in the Northern District of California. Hancom, a South Korean developer of productivity apps integrated the Open Source PDF interpreter Ghost Script into their product. Although a commercial license for Ghost Script exists, Hanscom opted to ignore both this and the GPL license terms to republish source code using FOSS licenses.

This highlights that companies need to be both aware of the implications of FOSS type licenses and the obligations they impose. It’s also vital from a developer management point of few that there is auditing around the use of Open Source libraries to avoid being blindsided by compliance issues.  

https://qz.com/981029/a-federal-court-has-ruled-that-an-open-source-license-is-an-enforceable-contract/

The Case of the Stolen Source Code

Panic (A popular Macintosh app provider) have found out the hard way that trusting Open Source code unconditionally is not a good idea. It disproves two pieces of accepted wisdom; that Macintosh’s are invulnerable to malware, and that Open Source software is implicitly secure. This is an excellent example of why companies need to scrutinise who and what is accessing their source code, and to have a security solution for the now wide ranging list of devices that may have access to it. It is also a master class in dealing with a data breach, with a concise and honest post mortem of how it happened and the impact it has.

https://panic.com/blog/stolen-source-code/

Methods

We at Age of Peers like the human side of tech. Dan McKinley a former Etsy employee and co founder of a continuous delivery platform created good presentation on the challenges of continuous integration/continuous delivery and how to tackle them. The presentation mainly focuses on the human side and is wonderfully clear and well explained. From Dan’s experience, the challenges of deploying dozens of times per day are mostly interpersonal rather than technical.

http://pushtrain.club/

Other news

GPU assisted supercomputing has come a long way and gpu powered databases were limited to deep pocketed enterprises willing to pay for Netezza.  It comes as a welcome suprises that MapD the “world’s fastest GPU-powered database and visual analytics” tools are now open source and available to be compiled on a range of linux systems.

Benchmarks & Tips for Big Data, Hadoop, AWS, Google Cloud, Postgres, Spark, Python & More…

http://tech.marksblogg.com/compiling-mapd-ubuntu-16.html

Canonical founder Mark Shuttleworth reveals the reason for recent changes with the powerhouse Ubuntu Linux company were to prepare it for an IPO. That’s not a huge surprise… It’s been on the cards for a while. We are interested to see how much uptake there is.

http://www.zdnet.com/article/canonical-starts-ipo-path/

 

Contributions


Subscribe to ‘The Git Down’ here: http://eepurl.com/cPUjbP