With Linux 5.2-rc5 providing no upsets and the release candidate smaller than the one last week, things are looking good for seeing the stable Linux 5.2 kernel release happen in early July...

• Android Pie-based LineageOS 16 now available for the OnePlus 6
• Huawei's next version of EMUI leaks, based on Android Q
• The NVIDIA SHIELD Android TV may get refreshed with a newer Tegra X1
• Samsung Galaxy Note 10 5G speed test result are in. Just how quick is this Android powerhouse?
• How To Delete Keyboard History On Your Android Smartphone
• This week in Android: Official Pixel 4 preview and Huawei’s shifting strategy
• 21 best new Android games released this week including Grimvalor, Nonstop Knight 2, and Spirit Roots

read more

It's no secret I'm impressed with Zorin OS 15. The polished and user-friendly distro is worth paying attention to, especially as a gateway for beginners into the world of desktop Linux. In what, until today, would have been a totally unconnected observation, I'm also thrilled that Star Labs has popped up on my radar. The UK-based Linux laptop company has a worthy challenger to the Dell XPS 13, and Star Labs is beginning to make waves in the dedicated Linux hardware space. As someone who appreciates the efforts of both these entities, I'm thrilled to exclusively report that they'll be joining forces.

Beginning this Friday June 21 at 3pm UK time, Star Labs will begin offering Zorin OS 15 as a pre-loaded option on their entire range of laptop, which currently consists of the Star LabTop Mk III and Star Lite. Zorin OS compliments existing OS options of Ubuntu and Linux Mint.

read more

Exciting news!
Shortly after the release candidate we are very proud to introduce you the fruit of so much work, some visible and much more behind the scenes and under the hood.

OpenMandriva Lx is a cutting edge distribution compiled with LLVM/clang, combined with the high level of optimisation used for both code and linking (by enabling LTO, and profile guided optimizations for some key packages where reliable profile data is easy to generate) used in its building.

OMLx 4.0 brings a number of major changes since 3.x release...

Also: OpenMandriva Lx 4.0 Released With AMD Zen Optimized Option, Toolchain Updates

read more

• Stuffed/Stacked Panels Sent Back Packing After One-Sided Patent Hearings That Will Convince Nobody, Just Preach to the Choir
• 2019 H1: American Software Patents Are as Worthless as They Were Last Year and Still Susceptible to Invalidation
• As European Patent Office Management Covers up Collapse in Patent Quality Don’t Expect UPC to Ever Kick Off
• António Campinos — Unlike His Father — Engages in Imperialism (Using Invalid Patents)
• António Campinos Takes EPO Waste and Corruption to Unprecedented Levels and Scale
• Code of Conduct Explained: Partial Transcript – August 10th, 2018 – Episode 80, The Truth About Southeast Linuxfest
• Links 16/6/2019: Tmax OS and New Features for KDE.org
• Links 15/6/2019: Astra Linux in Russia, FreeBSD 11.3 RC
• Links 14/6/2019: Xfce-Related Releases, PHP 7.4.0 Alpha

read more

• Georges Basile Stavracas Neto: Calendar management dialog, archiving task lists, Every Detail Matters on Settings (Sprint 2)

  This was a long-time request, and something that I myself was missing when using To Do. Since it fits well with the product vision of the app, there was nothing preventing it from being implemented.

  Selecting this feature to be implemented during the week was a great choice – the task was self contained, had a clear end, and was just difficult just enough to be challenging but not more than that.

  However, I found a few issues with the implementation, and want to use the next round to polish the feature. Using the entire week to polish the feature might be too much, but it will give me some time to really make it great.

• Open Source Answer To Dropbox And OneDrive: Meet Frank Karlitschek

  During the OpenSUSE Conference in Nurnberg (German), Nextcloud founder Frank Karlitschek appeared on “Let’s Talk’ to talk about the importance of fully open source file sync and storage solutions for enterprise customers. As one of the early contributors to desktop Linux he also talked about the reasons why desktop Linux has not succeeded.

• Load-Bearing Internet People

  Some maintainers for critical software operate from a niche at a university or a government agency that supports their effort. There might be a few who are independently wealthy.

• Robert Helmer: Vectiv and the Browser Monoculture

  So, so tired of the "hot take" that having a single browser engine implementation is good, and there is no value to having multiple implementations of a standard. I have a little story to tell about this.

  In the late 90s, I worked for a company called Vectiv. There isn't much info on the web (the name has been used by other companies in the meantime), this old press release is one of the few I can find.

  Vectiv was a web-based service for commercial real estate departments doing site selection. This was pretty revolutionary at the time, as the state-of-the-art for most of these was to buy a bunch of paper maps and put them up on the walls, using push-pins to keep track of current and possible store locations.

  The story of Vectiv is interesting on its own, but the relevant bit to this story is that it was written for and tested exclusively in IE 5.5 for Windows, as was the style at the time. The once-dominant Netscape browser had plummeted to negligible market share, and was struggling to rewrite Netscape 6 to be based on the open-source Mozilla Suite.

read more

• Letter of Recommendation: Bug Fixes

  I wouldn’t expect a nonprogrammer to understand the above, but you can intuit some of what’s going on: that we don’t need ImageMagick to scale images anymore, because the text editor can scale images on its own; that it’s bad form to spell-check hex values, which specify colors; that the bell is doing something peculiar if someone holds down the alt key; and so forth.

  But there’s also something larger, more gladdening, about reading bug fixes.

  My text editor, Emacs, is a free software project with a history going back more than 40 years; the codebase itself starts in the 1980s, and as I write this there are 136,586 different commits that get you from then to now. More than 600 contributors have worked on it. I find those numbers magical: A huge, complex system that edits all kinds of files started from nothing and then, with nearly 140,000 documented human actions, arrived at its current state. It has leaders but no owner, and it will move along the path in which people take it. It’s the ship of Theseus in code form. I’ve probably used Emacs every day for more than two decades. It has changed me, too. It will outlive me.

  Open source is a movement, and even the charitably inclined would call it an extreme brofest. So there’s drama. People fight it out in comments, over everything from semicolons to codes of conduct. But in the end, the software works or it doesn’t. Politics, our personal health, our careers or lives in general — these do not provide a narrative of unalloyed progress. But software, dammit, can and does. It’s a pleasure to watch the code change and improve, and it’s also fascinating to see big companies, paid programmers and volunteers learning to work together (the Defense Department is way into open source) to make those changes and improvements. I read the change logs, and I think: Humans can do things.

• The Top 17 Free and Open Source Network Monitoring Tools

  Choosing the right network monitoring solution for your enterprise is not easy.

• Hedge-fund managers are overwhelmed by data, and they're turning to an unlikely source: random people on the internet

  Alternative data streams of satellite images and cellphone-location data are where managers are now digging for alpha, as new datasets are created every day. And hedge funds have been spending serious cash searching for those who can take all this information and quickly find the important pieces.

  Now, as margins shrink and returns are under the microscope, hedge funds are beginning to consider a cheaper, potentially more efficient way to crunch all this data: open-source platforms, where hundreds of thousands of people ranging from finance professionals to students, scientists, and developers worldwide scour datasets — and don't get paid unless they find something that a fund finds useful.

• TD Ameritrade Is Taking Its First Steps Towards Major Open Source Contributions

  STUMPY is a python library to identify the patterns and anomalies in time series data. STUMPY has benefited from open source as a means to shorten development roadmaps since the early 2000s and it represents a new opportunity for TD Ameritrade to give back to the developer community.

• The Future of Open Source Big Data Platforms

  Three well-funded startups – Cloudera Inc., Hortonworks Inc., and MapR Technologies Inc. — emerged a decade ago to commercialize products and services in the open-source ecosystem around Hadoop, a popular software framework for processing huge amounts of data. The hype peaked in early 2014 when Cloudera raised a massive $900 million funding round, valuing it at $4.1 billion.

• No Easy Way Forward For Commercial Open Source Software Vendors

  While still a student in 1995, Kimball developed the first version of GNU Image Manipulation Program (GIMP) as a class project, along with Peter Mattis. Later on as a Google engineer, he worked on a new version of the Google File System, and the Google Servlet Engine. In 2012, Kimball, Mattis, and Brian McGinnis launched the company Viewfinder, later selling it to Square.

• 6 Reasons Why Developers Should Contribute More To Open Source

  Even by fixing minor things like a bug in a library or writing a piece of documentation can also help the developers to write readable or maintainable code. They can independently suggest to the community and generally tend to stick by the rules of writing a code that is easy to understand. The fact that the code will be exposed to everyone naturally makes them write focus on making it readable.

• WIDE Project, KDDI develop router with open-source software, 3.2T-packet transmission

  The WIDE Project has adopted a router developed by Japanese operator KDDI. The router runs open-source software, and will be used with the networks operated and managed by the WIDE Project. The router will use open-source software with up to 3.2T-packet transmission.

  For this project, KDDI plans to start tests this month to verify the practical utility and interoperability of these routers when put to use in the actual service environment. The WIDE Project will be in charge of network administration and definition of requirements for router implementation.

• Lack of progress in open source adoption hindering global custody’s digitisation

  Custody industry is lagging behind the rest of the financial services sector for open source projects, according to industry experts.

• TNF: Industry should be focusing on open source development

  According to O'Shea, open source and the community are helping firms to find and attract experienced technology talent “uber engineers”.

• Google Open Sources TensorNetwork , A Library For Faster ML And Physics Tasks

  “Every evolving intelligence will eventually encounter certain very special ideas – e.g., about arithmetic, causal reasoning and economics–because these particular ideas are very much simpler than other ideas with similar uses,” said the AI maverick Marvin Minsky four decades ago.

  Mathematics as a tool to interpret nature’s most confounding problems from molecular biology to quantum mechanics has so far been successful. Though there aren’t any complete answers to these problems, the techniques within domain help throw some light on the obscure corners of reality.

• Open source to become a ‘best practice’

  There are many magic rings in this world… and none of them should be used lightly. This is true.

  It is also true that organisations in every vertical are now having to work hard and find automation streams that they can digitise (on the road to *yawn* digital transformation, obviously) and start to apply AI and machine learning to.

  Another key truth lies in the amount of codified best practices that organisations now have the opportunity to lay down.

  One we can denote a particular set of workflows in a particular department (or team, or group, or any other collective) to be deemed to be as efficient as possible, then we can lay that process down as a best practice.

• 10 Open-Source and Free CAD Software You Can Download Right Now

  Many CAD software products exist today for anyone interested in 2D or 3D designing.

  From browser tools to open-source programs, the market is full of free options available for hobbyists or small companies just starting out.

read more

A brief introduction to SSMTP, steps to install it and use the same to send emails from Linux terminal.

read more

• How We Helped Our Reporters Learn to Love Spreadsheets

  But, some people did learn. At The New York Times and elsewhere, coder-journalists have mashed databases to discover wrongdoing, designed immersive experiences that transport readers to new places and created tools that change the way we work.
  Even with some of the best data and graphics journalists in the business, we identified a challenge: data knowledge wasn’t spread widely among desks in our newsroom and wasn’t filtering into news desks’ daily reporting.

  Yet fluency with numbers and data has become more important than ever. While journalists once were fond of joking that they got into the field because of an aversion to math, numbers now comprise the foundation for beats as wide ranging as education, the stock market, the Census and criminal justice. More data is released than ever before — there are nearly 250,000 datasets on data.gov alone — and increasingly, government, politicians and companies try to twist those numbers to back their own agendas.

• The New York Times has a course to teach its reporters data skills, and now they’ve open-sourced it

  The New York Times wants more of its journalists to have those basic data skills, and now it’s releasing the curriculum they’ve built in-house out into the world, where it can be of use to reporters, newsrooms, and lots of other people too.

• Open Source Headset With Inside-Out Tracking, Video Passthrough

  The folks behind the Atmos Extended Reality (XR) headset want to provide improved accessibility with an open ecosystem, and they aim to do it with a WebVR-capable headset design that is self-contained, 3D-printable, and open-sourced. Their immediate goal is to release a development kit, then refine the design for a wider release.

• Open-Source Bionic Leg Aims to Rapidly Advance Prosthetics

  Scientists at University of Michigan have created an open-source leg in hopes of expediting the development of smart prosthetics.

• Open-Source AI Bionic Leg Offers a Unified Platform for Prosthetics

  Open-source design and programming could accelerate scientific advances by offering a unified platform to prosthetics research efforts.

• Bringing Pneumatics To The Masses With Open Source Soft Robotics

  Physicist and engineer [tinkrmind] wants to change that. He has been developing an open source soft robotics tool called Programmable Air for the past year with the aim of creating an accessible way for the hacker community to work with pneumatic robotics. We first came across [tinkrmind]’s soft robotics modules at World Maker Faire in New York City in 2018 but fifty beta testers and a wide range of interesting projects later — from a beating silicone heart to an inflatable bra — they are now being made available on Crowd Supply.

• Samasource announces company growth ahead of exhibition of fashion R&D open source dataset at CVPR 2019

read more

• Jack Dorsey answers our questions about Square’s plans for Bitcoin

  Square is a company best known for its disruptive card payment technology. Founded in 2009 by Twitter CEO Jack Dorsey, the company sells affordable mobile-based point-of-sale systems. But beyond the world of traditional fiat currencies, the firm is making cautious steps into the fast-paced world of cryptocurrency.

  Back in March, Dorsey tweeted that Square was actively recruiting a modest team of cryptocurrency developers and designers to work on open-source contributions to the ecosystem. In the months that followed, Square’s kept quiet about its progress.

• Jack Dorsey’s open-source Bitcoin initiative makes its first hire

  Jack Dorsey's open-source Bitcoin initiative, Square Crypto, brings on a former Google project manager as its first hire.

• Nash Prepares to Launch Beta Version of Decentralized Exchange

  With a mission of “bringing distributed finance to everyone,” five open-source blockchain developers have come together to form a distributed finance platform using blockchain technology that allows for decentralized and non-custodial cryptocurrency trading.

• Target open sources a blockchain solution called ConsenSource; plans to contribute to Hyperledger Grid framework

  Retail behemoth Target has been working on a blockchain proof of concept since mid-2018, the company’s vice president of architecture Joel Crabb wrote in a blog post. The blockchain solution called ConsenSource, which has been recently open-sourced, was developed to manage the certification of Target’s suppliers in the manufacturing of Target-branded paper products.

• US Retailer Target Unveils Open Source Blockchain for Supply Chain Tracking
• The Graph: An open-source query protocol for blockchains, using GraphQL

  Anyone who's ever tried to build distributed applications (dApps) on the (Ethereum) blockchain would concur: Although blockchains are conceptually quite close to databases, querying databases feels like a different world entirely compared to querying blockchains.

• Why cloud is the best defense against AWS [Ed: Adobe keeps sending its stooge Mac Asay to support turning FOSS into de facto proprietary software (sometimes Adobe even pays the publishers to do this])
• Software below the poverty line [Ed: Overlooks the fact that a lot of proprietary software is not profitable, is a failure, goes bankrupt faster due to high expenditure]

  Most people believe that open source sustainability is a difficult problem to solve. As an open source developer myself, my own perspective to this problem was more optimistic: I believe in the donation model, for its simplicity and possibility to scale.

  However, I recently met other open source developers that make a living from donations, and they helped widen my perspective. At Amsterdam.js, I heard Henry Zhu speak about sustainability in the Babel project and beyond, and it was a pretty dire picture. Later, over breakfast, Henry and I had a deeper conversation on this topic. In Amsterdam I also met up with Titus, who maintains the Unified project full-time. Meeting with these people I confirmed my belief in the donation model for sustainability. It works. But, what really stood out to me was the question: is it fair?

  I decided to collect data from OpenCollective and GitHub, and take a more scientific sample of the situation. The results I found were shocking: there were two clearly sustainable open source projects, but the majority (more than 80%) of projects that we usually consider sustainable are actually receiving income below industry standards or even below the poverty threshold.

read more

• Trident 4 Comes with Open-Source Network Language

  Broadcom is sampling its first 7-nm network switch chip. In tandem with the Trident 4, the company released as open-source a new network programming language in an effort to stave off competition from startup Barefoot Network’s P4.

• Programming languages: Python predicted to overtake C and Java in next 4 years

  Open-source language Python is already one of the most popular programming languages among developers. It ranks in third place behind mainstays Java and C, according to programming language index Tiobe.

• HackerRank: Circular Array Rotation in Python

  I asked myself/google "python array shift right" and was reminded that collections and deque exist. I've used them before. Python has so many cool tools I forget about all the time. You can't penalize someone for not remembering every single thing.

• sphinxcontrib.sqltable 1.1.0

  sphinxcontrib-sqltable is a Sphinx extension for embedding database contents in documents

• sphinxcontrib.sqltable 2.0.0
• “A starter data science process for software engineers” – talk at PyLondinium 2019
• “On the Delivery of Data Science Projects” – talk at PyDataCambridge meetup
• Learn PyQt: PyQt5/PySide2 custom Graphic Equalizer visualisation widget
• Weekly Python StackOverflow Report: (clxxxii) stackoverflow python report
• Introducing Stencil One

  Last week at JSConf EU, we had the pleasure of announcing the Stencil One final release on stage, just a few weeks after we released the beta. Now I’m excited to go in-depth and explain what this moment means for Stencil and Ionic.

• SD Times Open-Source Project of the Week: Stencil

  Since Stencil One’s release just last week, developers can use the compiler to generate standards-compliant Web Components, while also delivering concepts from popular frameworks into a build-time tool.

  According to Ionic, the creator of Stencil, stencil takes features such as async rendering, reactive data-binding, Typescript and JSX and generates web components with all the features included.

• Tibco sharpens open source cloud-native developer toolkit

  Tibco has made a direct developer play designed to drive recognition of its technologies in areas where programmers are looking to build cloud-native applications.

  Known for its integration, API management and analytics stack, Tibco (sometimes written as TIBCO for The Information Bus COmpany) has now enhanced TIBCO Cloud Integration, TIBCO Cloud Mashery and TIBCO Cloud Events.

read more

Details are light up to this point but in fifteen days EndeavourOS will be announced as a new Arch-based Linux distribution aiming to continue where Antergos Linux left off...

Landing this week in the LLVM Clang 9.0 development code-base is the new clang-scan-deps tool for much faster scanning of files for dependencies compared to the traditional pre-processor based approach...

• Here’s what you need to know about Software Composition Analysis now [Ed: More of the typical FUD from Gilad David Maayan. He's back with the usual, neglecting to note the much greater risks associated with proprietary software]
• Procter & Gamble Invented—And Plans to Open-Source—New Recycling Technology [Ed: Openwashing and greenwashing by a company that releases millions of tons of bad chemicals]
• Seven reasons why open source GPS tracking systems are reliable, cost-effective solutions for SMBs [Ed: The openwashing of surveillance]
• Pulumi Crosswalk for AWS Accelerates Delivery of Well-Architected Infrastructure as Code [Ed: They call themselves "open source", but all it does is promote proprietary software from Amazon -- digital imperialism/surveillance by AWS]
• UnionPay International Adds New Mobile Payment Solution Packages to Open Source Platform
• How Teemill is making circular fashion stylish and open source [Ed: That's openwashing purely for marketing purposes; one of the most polluting industries out there and they also add some greenwashing towards the end ("waste")]
• Graphene as an open-source material
• Western Digital launches open-source zettabyte storage initiative [Ed: According to longtime Microsoft propagandist Andy Patrizio, "open source" means having a Web site with .io suffix.]
• Lightning Web Components goes open source
• Why Salesforce decided to open source its Lightning Web Components framework [Ed: CBS is openwashing Salesforce even though the company is proprietary software with surveillance. Former editor of theirs now works for Salesforce.]
• wav2letter++: Facebook's Fast Open-source Speech Recognition System [Ed: Facebook's listening devices agenda. Marketing by openwashing (fear not, we throw a little source code while using it "in the cloud" for surveillance against your family)]
• Facebook Open-sources AI Habitat To Help Robots Navigate Realistic Environments [Ed: The openwashing distracts from the real intended purpose of it]
• Facebook is creating photorealistic homes for AIs to work and learn in [Ed: Facebook intentions here are so creepy, so openwashing is the media strategy]

  Called Habitat, Facebook’s new, open-source simulator was briefly mentioned some months ago but today received the full expository treatment, to accompany a paper on the system being presented at CVPR.

• Facebook Quietly Changes Search Tool Used by Investigators, Abused By Companies [Ed: Facebook surveillance harms everyone, never mind the openwashing (which arguably makes things worse, making available spying tools for more people to exploit)]

  Facebook’s Graph Search allowed anyone to search a wealth of public data on Facebook in very specific ways, such as searching content for keywords in a particular point in time.

• Facebook open-sources AI Habitat to help robots navigate realistic environments
• GitHub platform improvements are helping orgs keep their dependencies in check [Ed: This is terrible marketing from GitHub (proprietary) apologists. What actually happens is, Microsoft (biggest NSA partner) is asserting the right to modify projects' source code without manual intervention by owners. One day the NSA et al. can exploit this.]
• GitHub hires Bitnami co-founder Erica Brescia as its first COO [Ed: After the founder/owner of Bitnami sold the company to one GPL violator and FOSS enemy (VMware) she joins another, Microsoft. Bitnami gone rogue, likely defunct now. Working against FOSS.]

  GitHub, a Microsoft company, hired Bitnami co-founder Erica Brescia as its first COO to scale the company — weeks after VMware snapped up her startup.

• Microsoft Backs Open Source API Marketplace Startup RapidAPI [Ed: How to manufacture a headline that makes it seems like "Microsoft Backs Open Source" when actually 1) it's about APIs, not source and 2) Microsoft is a proprietary software company with back doors and worse things.]

read more

New to the GCC 10 compiler code-base this week is a port for the Texas Instruments Programmable Real-Time Unit (PRU) processor found on various boards, including the likes of the BeagleBone Arm SBCs...

The long-awaited OpenMandriva Lx 4.0 distribution update has set sail this weekend...

Making KDE's Baloo file indexing/searching framework really efficient appears to be a never-ending task. Baloo is already much less bloated recently than it's been hungry for resources in the past and with KDE Frameworks 5.60 will be slightly more fit...

• AT&T, Nokia open up the radio’s edge to third party apps [Ed: Openwashing to dominate the standards and interfaces (with patents) through the "Linux" Foundation]

  AT&T and Nokia have developed a radio edge cloud (REC) appliance that the two companies plan to release into open source via the Linux Foundation. The REC will make it possible for third parties to develop apps and get access to the radio access network (RAN).

  [...]

  Murphy said that it is not easy to predict all the use cases for REC but added that having an open source edge cloud with open interfaces to the RAN control will allow operators to have more options.

• Accord Project to develop open source framework for smart legal contracts [Ed: They're promoting and spreading proprietary software and proprietary formats of Microsoft]

  One of the main purposes of Accord Project is, therefore, to provide a vendor-neutral “.doc” format for smart legal agreements.

• Apple joins the open-source Cloud Native Computing Foundation

  Apple, in typical fashion, isn’t commenting on the announcement, but the CNCF notes that end-user memberships are meant for organizations that are “heavy users of open source cloud native technologies” and that are looking to give back to the community. By becoming a CNCF end-user member, companies also join the Linux Foundation .

• Linux stable tree mirror at github [Ed: Greg Kroah-Hartman giving Microsoft more control over Linux]

  It differs from Linus’s tree at: https://github.com/torvalds/linux in that it contains all of the different stable tree branches and stable releases and tags, which many devices end up building on top of.

  So, mirror away!

  Also note, this is a read-only mirror, any pull requests created on it will be gleefully ignored, just like happens on Linus’s github mirror.

  If people think this is needed on any other git hosting site, just let me know and I will be glad to push to other places as well.

read more

• Industry Watch: Of open source, data breaches and speed [Ed: And proprietary software is a lot less suitable for security and privacy purposes because there are surveillance 'features' disguised and back doors too]

  Open-source software helps developers work faster and smarter, as they don’t have to ‘re-invent the wheel’ every time create an application. They just need to be sure the license attached to that software allows them to use the component the way they want. They also need to stay on top of that application, so if the component changes, or an API changes, their application isn’t affected and they are still in compliance.

  Data protection is also something organizations must get serious about. While the GDPR only affects users in the European Union, it’s only a matter of time before those or similar regulations are in place in the U.S. and elsewhere. Companies should get a jump on that by doing a thorough audit of their data, to know they are prepared to be compliant with whatever comes down from the statehouses or from Washington, D.C.

  On the speed side, the benefits of Agile and DevOps are clear. These methodologies enable companies to bring new software products to market faster, with the result of getting a jump on the competition, working more efficiently and ultimately serving your customers.

  Unfortunately, these efforts are usually done by different teams of developers, database administrators and security experts. If the Equifax and Facebook breaches have taught us anything, it’s that you can’t expect developers to be security experts, and you can’t expect DB admins to understand the ramifications on the business when data is misunderstood.

  It will take a coordinated approach to IT to achieve business goals while not leaving the company — and its IP and PII data — exposed.

• VLC patches critical flaws through EU open source bug bounty program

  More than 30 security issues have been fixed in VLC, the popular open source media player, with developers praising an EU-funded bug bounty program for helping produce its most secure update yet.

  VLC media player, created by the software non-profit VideoLAN, was found to have 33 vulnerabilities within various versions, including two that were considered critical.

  An out-of-bounds write was one of the severe vulnerabilities found to affect all VLC versions, and a stack buffer overflow was also discovered in VLC 4.0.

  Less severe vulnerabilities consisted of out-of-band reads, heap overflows, NULL-dereference, and use-after-free bugs.

  An updated version, VLC 3.0.7, has since been released for users to download.

• VLC Player Gets Patched for Two High Severity Bugs
• Asigra FreeNAS plugin brings open source data protection [Ed: Some openwashing of proprietary software]

  Asigra is trying to capture FreeNAS users with a free-to-try plugin version of its backup software.

  The Asigra FreeNAS plugin released this week allows customers to turn their iXsystems FreeNAS storage systems into backup targets. It encrypts and deduplicates data before it is sent to the FreeNAS system. The plugin also detects and quarantines malware and ransomware so that it doesn't get backed up.

• TrueCommand Brings Single Pane of Glass Management to TrueNAS and FreeNAS Fleets
• WSO2 and Ping Identity Partner to Provide Comprehensive, AI-Powered Cyber-Attack Protection for APIs
• The Open Source Cookbook: A Baker’s Guide to Modern Application Development

  Let’s begin our cookbook by selecting our recipe. I’ve had some phenomenal baked goods, and I’ve had some not-so-phenomenal baked goods (there is rarely a bad baked good). But I’ve been surprised before, by a croissant from a diner that didn’t taste like the one from the local French bakery, or by a buttercream frosting at a supermarket that just didn’t have the same delicate touch as the one I make at home. In each case, I expected the same as I had before – by title – yet encountered a much different experience. When selecting your recipes, it’s important to understand which type of a particular food you are expecting to make, or you may be met with a different taste when you finish than you were hoping for when you began.

  [...]

  As with cooking, when incorporating open source components into applications, it’s important to understand origin and evolution of what you’re baking into your software. Carefully review your open source component versions, and evaluate the community’s activity in order to have the greatest chance possible to predict the possible technical debt you may inherit.

read more

However, as more projects get embedded into profitable business applications, we are beginning to see new trends in the space. Powerful vendors are pushing their own marketing agendas and monetising what should be freely available, leading open source providers to build walls around their code, limiting the extent to which companies can enrich, police and contribute to any given project, in a vicious cycle. This is the case with Amazon, for instance, which was able to profit from Redis Labs’ software without giving back to its open source community. In response, Redis Labs created a new software license that dictated clear restrictions on what could and could not be done with its software.

[...]

With more companies catching on to the ability to monetise open source by selling add-on support and enterprise services, huge technology players are scrambling to get into the scene. To demonstrate just how critical open source is to the software industry, in 2018 alone GitHub was bought for $7.5 billion, Salesforce purchased Mulesoft for $6.5 billion, and — the largest deal of them all — IBM took over Red Hat for $34 billion.

read more