Open Source

The draft EU Cyber-Resilience Act (CRA), backed by MEPs in July, is intended to reduce the risk of European citizens experiencing data breaches and malicious attacks on their devices. The CRA aims to achieve this by mandating security best practices across Europe’s tech industry. As part of this, it will enforce minimum security standards for end-user tech products sold across the EU, such as IoT devices, desktop computers, and smartphones. 

To realise its goals, the CRA also needs to apply these standards to the software and hardware that make up the supply chains behind end-user products. However, along with commercial solutions within the software supply chain, the CRA is looking to apply these strict security standards to non-commercial open source projects and communities. This could place tens of thousands of volunteers at risk of legal action and do significant harm to the continent’s tech sector. The legislators behind the CRA need to urgently revisit how they treat open source software.

Closed AI products like Bard and ChatGPT (ironically from OpenAI) have already delivered a practical, powerful chatbot experience and are being employed by many businesses.

Open AI by contrast is still in its early stages and has not seen wide adoption. We spoke to Mike Finley, CTO and co-founder of AnswerRocket, to find out the differences between the two and how they're set to develop.

The Solus development team has released version 4.5 of the Linux distribution. Code-named “Resilience,” it marks a significant update in the Solus operating system lineup. This release brings forth a ton of enhancements, including updated applications and kernels, revamped software stacks, a new installation experience, and the introduction of an ISO edition with the XFCE desktop environment.

A standout feature of Solus 4.5 is the implementation of the Calamares installer, replacing the Python 2-based os-installer. This transition not only makes installation more straightforward, particularly with filesystems like BTRFS, but it also represents a strategic move away from Python 2. The installer now allows users to customize their partition layout directly, significantly enhancing the installation process.

Open source software has been around for decades, it's thriving, effective and disrupting in the enterprise more than ever.

We talked to, Cédric Gégout, VP product management at Canonical, to discuss the evolution of open source in the enterprise and protecting its fundamentals for continued success.

You may have come across the term 'root of trust', it’s a source, such as a hardware module, that can always be trusted within a cryptographic system. The system trusts the keys and other cryptographic information it receives from the root of trust module as always authentic and authorized.

Mostly this involves being tied into a specific vendor, but OpenTitan has developed an open source silicon root of trust for use in for use in data center servers, storage, peripherals, and more.

Open-source software (OSS) is now so widely used that it is incredibly difficult to find an organization that doesn’t incorporate OSS in some form or another -- whether that be in a standalone open-source product, or more commonly, in the form of OSS packages. Though its usefulness cannot be doubted, the prevalence of this software is exactly what makes it a major target for cyber-attacks.

A prime example of this is Log4j, a popular logging utility used by scores of organizations for recording events such as status reports and errors. In a situation which came to be known as 'Log4shell', a zero-day vulnerability allowed threat actors to compromise systems using malicious code and take control all while remaining undetected. At the time, its impact was described as "enormous" and the implications of its implementation into countless commercial products underlined the inherent vulnerabilities of some open-source technologies when weak points are exposed.

Many large enterprises still rely heavily on mainframes to offer a reliable and secure basis for their systems.

But as digital transformation efforts gain pace, developers are eyeing frameworks that can boost their modernization efforts. We spoke to Phil Buckellew, president of infrastructure modernization at Rocket Software, to find out how open source software can bridge the divide between modern applications and mission-critical mainframe infrastructure.

"We really should stop getting hung up about what open source means," a statement repeatedly made by those for whom a lack of understanding of open source is advantageous. Generally those who don’t want to meet the standards that are set out in the Open Source Definition (OSD) which all Open Source Initiative approved license must meet, including the requirement that open source software must be usable by anyone for any purpose. And usually they are in denial of the requirement for open source licenses to be usable for any purpose, which includes commercialization. This really sits at the heart of open source.

In a commercial context open source means enabling your competitors with your own innovation. In a world where companies are driven by shareholder value this simply would not happen if it did not come with clear and measurable advantages, like collaboration, creating a defacto standard or building an ecosystem around it, and where equivalent or greater value than the proprietary royalty model is generated.

The sixth annual Call for Code Challenge launched back in February with a focus on developing AI-powered technology projects that address sustainability to help fight climate change.

Today sees IBM, United Nations Human Rights, and the Linux Foundation announce the winners in the challenge's three categories -- Developer, University, and Independent Software Vendor/Startup.

Open Source contributed 27 percent of the UK tech sector's Gross Value Added (GVA) in 2022, according to a new report from OpenUK, the non-profit organization representing the UK’s open technology sector.

The report finds that there are 3.2 million GitHub accounts in the UK and 8,200 UK contributors to open source projects in the past year. There have also been1,700 new contributors to open source projects in the last 12 months, representing 20.7 percent growth.

Many people choose to browse the internet using a VPN because it offers a number of benefits including privacy and safety, and this is true whatever operating system you use.

With the launch of an all new app for Linux, Proton VPN is offering users of the open source OS greater functionality and a more intuitive interface. The Proton VPN Linux app natively supports Proton VPN's core security and privacy features.

A new survey of over 280 developers and technical decision makers finds two-thirds dealing with major flaws in homegrown authorization efficiency, security, and app performance. As a result, most organizations (83 percent) plan to invest more into policy as code as a solution.

In case you're unfamiliar with the concept, policy-as-code is an approach to policy management in which policies are defined, shared, updated and enforced using code rather than relying on manual processes.

The annual Ubuntu Summit is where people who love Linux and open-source software gather to see what’s new. This year, it’s happening in the lovely city of Riga, Latvia, from November 3-5, 2023. And guess what? Microsoft, the big name we often connect with paid software, is joining in. This new partnership hints at more teamwork between big tech companies and open-source communities.

Microsoft being part of the Ubuntu Summit 2023 shows that it's warming up to open-source software. Those attending the summit, in person or online, will get to hear from Microsoft experts. They’ll talk about cool stuff like using Linux on Windows, creating apps with .NET 8 on Ubuntu, and how Microsoft’s Azure can work smoothly with Ubuntu's snapshot service.

Interconnected digital technology advances at a rapid pace, and so do the tactics and strategies employed by malicious individuals, criminal groups, and even nation-states. The World Economic Forum predicts global cybercrime will reach $10.5 trillion by 2025, forcing businesses and governments to look for next-generation solutions against emerging digital threats.

Unfortunately, deliberate criminal activity is only part of the challenge in this data-driven era. Costly leaks of sensitive data might happen due to simple human errors -- in September, Microsoft’s data was leaked two times, not only disclosing the company’s plans for the next-gen Xbox but also exposing private employee data. As we already know, at least one of these events happened due to an accidentally misconfigured URL link.

Do you hate Mondays? Yeah, me too. Thankfully, we have some exciting Linux news on this particular Monday. You see, MX-23.1, the latest update to the MX-23 series, has been released today!

This update to the operating system brings a bunch of fixes, new features, and application updates, making the experience smoother for its users. If you already have MX-23, the good news is you don't need to reinstall anything. The new packages are available through the usual update channels, making the upgrade process a breeze.