Google has announced today a $1 million sponsorship for a new pilot program aimed at enhancing the security of critical open source software projects.
Travis-CI published a security bulletin the other day, describing a special condition that would allow to access secrets belonging to a foreign repository in Github or Bitbucket. The condition requires a fork from a public repository. That’s how open source work, and very central functionality. Not a corner case.
Turns out, the cloud service did address the issue, still plenty of secrets have been affected:
While cloud technology is all great economically, this is another sample of why commercial software vendors need to consider third party vendors in their threat profiles.
Today Kubernetes released it’s version 1.17. The software is one of the most popular open source projects ever. It allows managing containerised applications and micro-services. The release arrives at the end of a regular development cycle.
After the project was announced in 2014 by two Google employees, it hit a first 1.0 milestone on July 2015. The project gained massive popularity in the cloud world because it enables scalable infrastructures and service. With the Kubernetes 1.0 release, Google partnered with the Linux Foundation to form the Cloud Native Computing Foundation (CNCF) as a new home for the technology.
Since Kubernetes became publicly available, it gained popularity quickly and today is commonly used as the main way to host microservice-based implementations, mostly because Kubernetes and its associated ecosystem provide a rich choice of tools with all the capabilities that are needed to address key concerns of any modern software architectures.
So, with this announcement you’ll not be able to purchase a regular PC that doesn’t have some *nix on it. Somehow, it’s finally the year of Linux on the Desktop.
That cold air you feel, that’s hell freezing over.
One concept that is under active discussion for the past decade or so but constantly being misunderstood. Open Source is often taken as a label for software downloaded from the internet, packages free of charge, components under a particular license filed under “Creative”. Often enough it’s misused for lower quality software, which reality has proven wrong by 2017, not to mention the issue with intellectual property.
However, there are many much more aspects to the concept, that add substantial value to any software centrist product organisation. And in times of digitalisation and digital transformation, software will move into the value chain of many organisation that don’t anticipate it yet. Whenever a customer offering is complex and / or service based, transparency and documentation are often key to a satisfactory result and efficient processes.
Open source may not be the one single bullet for any organization, but the concept will help becoming more transparent and efficient.
Single Source of Truth
While SharePoint is a powerful tool with many opportunities to improve processes, many organisations use it to maintain a file server. Which has information about any other effort, therefore creating a large spread between the tangible product and the then theoretical documentation. Not to mention the version horror everybody experienced at least once, trying to ask a few people for the latest version.
Reversing this process through Wiki or even Version Control Repositories allows to keep only one version, that is automatically the latest. Software will take care of all versioning, that would go in filenames_v01_final.docx otherwise.
Adding together the product with documentation allows quick reference, pointing back and forth between customer facing and engineering. While this may sound terrible technical, the nasty guts of any product can still be ignored by those who don’t need to see it. However, for those requiring insight, they don’t have to go through a process to see it. Or even have to talk to a colleague first and ask. Oh, and the colleague will be on vacation anyway.
Opening the product internals will remove any barrier to productive work and allow employees for quick insight. Obviously, some may argue an open repository may lead to uncontrollable product results, but that’s actually a different point. Write access or merge credentials are not required for anybody without responsibility.
To shape it all up, the management world has plenty of nice metrics that can be applied to measure the whole thing. Not all of them express quality by themselves, but applied consciously these can carry a product far.
Documentation Coverage is something that will serve as a great basis for the point I’m trying to make here. With closed projects, or engineering only code, it’s often difficult to understand whether a product, feature or bug is actually just badly documented or the colleague just doesn’t want to help.
With a metric to measure percentage of a product being documented, at a minimum the amount of available documentation can be measured. And with the product internals being transparent, any reader can – at least theoretically – see whether the documentation correctly corresponds.
While being a strong supporter of open source software in general, I’m not trying to make a point for open sourcing anything outside an organisation. However, transparency will help any organisation improve the offering and processes. And the concept of open source will help achieve this transparency. It has a hurdle to overcome, in particular management will have to overcome their fear of software and technology to adopt this concept, but the step is worth taking on the way to digital transformation.
Microsoft announced it will be open sourcing Visual Studio Code at it’s connect(); developer conference. Code is available over at github. Alongside, MSFT released a preview extension that will allow debugging Linux applications using GDB, too.
Microsoft doubles down on cross-platform software development.
A huge move forward.
Quelle: Ars Technica
Since Werner Koch announced he’s running out ouf money yesterday, GnuPG collected 60k$ from the Linux Foundation, another 50k$ for the next year from each Facebook and Stripe, and a total of 150k$ from the community. Development should be safe for the next time. The news of the past days shows that security, while heavily discussed, needs proper funding.
Happy 30th Birthday, GNU.
Memcached wird 10 Jahre alt. Schreibt Arstechnica – memcached turns 10 years old