European Commission updates its open source policy

Tags

, , , , , , , , , ,

The European Commission (EC) wants to make it easier for its software developers to submit patches and add new functionalities to open source projects. Contributing to open source communities will be made central to the EC’s new open source policy, expects Pierre Damas, Head of Sector at the Directorate General for IT (DIGIT). “We use a lot of open source components that we adapt and integrate, and it is time that we contribute back.”

Damas and his colleagues aim to remove barriers that hinder code contributions to open source software, he announced yesterday at a conference in Brussels. The Commission wants to clarify legal aspects, including intellectual property rights, copyright, and which author or authors to name when submitting code to the upstream repositories. “It is easier said than done,” Damas warned.

He anticipates that reinvigorating the policy will motivate many of the EC’s software developers and functionaries to promote the use of free and open source software at the EC. “Having a strategy helps them to advance the use of open source.” The policy can help nudge others to consider open source, Damas added. “When a little push is needed.”

On Wednesday, December 3, the Head of Sector gave a preview of the EC’s open source policy at a workshop on open standards for ICT procurement. The update of the EC’s policy is a work in progress, and will be finalized in the first months of 2015.

Priority

EC policy makers recognise that open source reduces their ICT costs, makes possible the modernisation of government services and will strengthen European ICT service providers, Damas said. “Our internal policy is changing, and open source use will be given promoted. When procuring software products, we will consider open source alongside proprietary alternatives, based on value for money. In defined areas, for example Information Systems development distributed externally, we will give open source priority.”

The EC is already using a lot of open source tools, he added, including for servers, for its web solutions and on the EC desktops. “We have over 10,000 Apache web servers, over 1800 hosts running Red Hat Linux and Drupal will be the core engine of the new Europa website. Our developers use a lot of open source tools and code libraries.”

Gently disruptive

DIGIT is not considering the restart of a Linux desktop pilot. A small-scale pilot already took place in 2005, with two hands full of EC volunteers at DG INFSO using Linux and OpenOffice, showing that a Linux desktop was feasible, Damas said. However, the exit costs—to move away from the proprietary system—were too high.

Read more:   http://opensource.com/government/14/12/european-commission-update-its-open-source-policy

Fedora 21 : Video Overview and Screenshot Tours

Tags

, , , , ,

Fedora 21 has been released and announced by fedora project, This release fedora Fedora-21-Desktop21 available in three flavors: Fedora 21 Cloud, Fedora 21 Server, and Fedora 21 Workstation.

Fedora 21 Workstation The Fedora Workstation is a new take on desktop development from the Fedora community. Our goal is to pick the best components, and integrate and polish them. This work results in a more polished and targeted system than you’ve previously seen from the Fedora desktop. We want our desktop operating system to solve your problems, not be your problem.

Fedora 21 Workstation features all of the latest GNOME 3.14 software, is powered by the Linux 3.17 kernel, and has a ton of other improvements and changes.

Fedora 21 Server The Fedora Server flavor is a common base platform that is meant to run featured application stacks, which are produced, tested, and distributed by the Server Working Group. Want to use Fedora as a Web server, file server, database server, or platform for an Infrastructure-as-a-Service? Fedora 21 Server is for you.

Fedora 21 Cloud : The Fedora Cloud Working Group and Special Interest Group (SIG) has been busy leading up to Fedora 21. Cloud is now a top-level deliverable for Fedora 21, and includes images for use in private cloud environments like OpenStack, as well as AMIs for use on Amazon, and a new “Atomic” image streamlined for running Docker containers.

Read more at:   http://linuxscoop.com/video/fedora-21-video-overview-and-screenshot-tours

Stealth “Turla” Malware Infects Unknown Number of Linux Systems

Tags

, , , , , , ,

The Linux Turla is a new piece of malware designed to infect only Linux computers, which has managed to remain relatively hidden until now and has the potential of doing a lot of harm. Unfortunately, very little is known about it or how to fix it.

During the course of almost a year, the guys at Kaspersky Lab discovered a cyber-espionage operation which they called the “Epic Turla.” According to their research, more than 45 countries have been affected and that includes government institutions, embassies, military, education, research, pharmaceutical companies, and a lot more domains. It seems to be an organized effort, probably with a nation backing it up.

These problems were Windows-only and it looked like it will remain that way, but it turns out that “Turla” did not affect Windows systems exclusively. In fact, Linux systems are also vulnerable, to a different kind of code, which seems to be a part of the same organized effort to compromise computers on a global scale.

I don’t know when. I don’t know where. But something bad is going to happen

This could be something Donald Rumsfeld might say, but the truth is that is almost the conclusion Kaspersky researchers posted on securelist.com. Until now they have only become aware that this problem exists, but it will be hard to fix.

“This newly found Turla component supports Linux for broader system support at victim sites. The attack tool takes us further into the set alongside the Snake rootkit and components first associated with this actor a couple years ago. We suspect that this component was running for years at a victim site, but do not have concrete data to support that statement just yet.”

“The Linux Turla module is a C/C++ executable statically linked against multiple libraries, greatly increasing its file size. It was stripped of symbol information, more likely intended to increase analysis effort than to decrease file size. Its functionality includes hidden network communications, arbitrary remote command execution, and remote management. Much of its code is based on public sources,” wrote the Kaspersky researchers.

From what the researchers have managed to put together until now, it looks like it links to three libraries, glibc2.3.2, openssl v0.9.6, and libpcap. The hardcoded C&C that hosts known Turla activities is news-bbc.podzone[.]org (from pDNS IP: 80.248.65.183). Kaspersky Lab is currently sinkholing that address.

It doesn’t need root

One of the most interesting aspects of this Turla cd00r-based malware is that is doesn’t require elevated privileges,

Read more at:    http://news.softpedia.com/news/Breaking-Unknown-and-Stealth-Turla-Malware-Infects-Unknown-Number-of-Linux-Systems-466883.shtml

SeaBED Sub Makes 3D Map of Underwater Antarctic Ice and It’s Powered by Ubuntu 8.04

Tags

, , , , , , , , , , ,

A new study regarding the ice thickness has been published

The SeaBED submersible has just finished a mission under the Antarctic ice and the scientists have concluded that the ice there is much thicker than previously expected. All of this was done with a sub powered by Ubuntu 8.04.

It’s a well-known fact that Linux is the preferred tool for scientists and this operating system is used in numerous scientific endeavors, on land, under water, or in the air.

In fact, Ubuntu has been spotted over the Atlantic during a NASA mission, it’s been seen in the JPL laboratories, and now it’s also powering the small and powerful SeaBED submersible and it’s at the center of a very interesting research.

The new 3D maps of the Antarctic sea ice made with SeaBED are the result of a joint effort between scientists from USA, UK, and Australia. The findings of their study, which revealed the fact that the ice has a much greater thickness than previous thought, has been published in Nature Geoscience.

SeaBED is changing our understanding of climate change

The study will be very helpful to better understand climate change and its effect on the largest concentration of ice on the planet, which is in Antarctica. The study itself is pretty interesting, but the fact that it uses Ubuntu 8.04, which is a rather old system, is the icing on the cake.

“It also has a WHOI MicroModem for acoustic communication and navigation, and a SeaBird CTD sensor for measuring salinity and water temperature. The main computer is a 1.2GHz Pentium processor, running Ubuntu Linux 8.04. The custom vehicle software is primarily written in the C programming language.”

“The objective of the Seabed AUV is to serve as a readily available and operationally simple tool that allows rapid testing of docking methodologies and imaging algorithms. We expect to actively pursue repeat surveys for change detection and quantification in areas such as: sidescan sonar survey, photomosaicking, 3D image reconstruction from a single camera, image based navigation, and multi-sensor fusion of acoustic and optical data,” reads the entry on the Autonomous Undersea Vehicle Applications Center.

Read more at:   http://news.softpedia.com/news/SeaBed-Sub-Makes-3D-Map-of-Underwater-Antarctic-Ice-and-It-s-Powered-by-Ubuntu-8-04-465939.shtml

Who’s Lying About Whisper?

jamesgoode98:

Threats to our Civil Liberties, how Big Brother keeps snooping on us!

Originally posted on Uncrunched:

Separately, Whisper has been following a user claiming to be a sex-obsessed lobbyist in Washington DC. The company’s tracking tools allow staff to monitor which areas of the capital the lobbyist visits. “He’s a guy that we’ll track for the rest of his life and he’ll have no idea we’ll be watching him,” the same Whisper executive said. – The Guardian

As far as I can tell from what The Guardian has alleged, and from Whisper’s denials, what happened is this:

1. When talking to potential partners, Whisper hypes its ability to track users so that those partners will know who the anonymous sources are and then write stories based on the data. The screenshot of the Whispers being written from (or near) the White House supports this (below), as does the quote above.

918b24b2-211b-49d0-b3f0-b26e8d40bce7-620x372-2

2. But when Whisper talks to the public, they say different things and deny that…

View original 98 more words

CAINE Linux Distribution Helps Investigators With Forensic Analysis

034014cainelinux02

There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration testers. There’s also CAINE Linux, which is focused on another area of security. CAINE, an acronym for Computer Aided INvestigative Environment, is a Linux distribution for forensic investigators. Instead of penetration testing tools, CAINE is loaded with applications and tools to help investigators find the clues and data points that are required for computer security forensics. Among the tools included in CAINE are memory, database and network analysis applications. CAINE is built on top of the Ubuntu Linux 14.04 distribution that was released in April. Rather than use the Ubuntu Unity desktop environment, CAINE uses the MATE desktop. The CAINE 6.0 “Dark Matter” operating system was first released on Oct. 7 and includes new and updated applications to help forensics investigators. CAINE can be run as a live image from a CD or USB memory stick and can also be installed onto a user’s hard drive.

034014cainelinux08

Read more at: http://www.eweek.com/security/slideshows/caine-linux-distribution-helps-investigators-with-forensic-analysis.html

Munich Library offers free Ubuntu 12.04 CD’s for Windows Users!

Tags

, , , , , , , , , ,

The city of Munich is now providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs for the citizens of the city, in an effort to increase the adoption of open source software.
Munich has been at the center of a very heated debate this past couple of months, after the media picked up some statements made by a couple of people from the mayor’s office regarding a switch to back to Windows from Linux.

In case you are not up to speed with everything, you have to know that the administration of the city has switched from Windows to a Linux operating system. The implementation of an open source solution took years, but in the end the Munich authorities said that they had managed to save millions of dollars, a sum that has been disputed by Microsoft on a number of occasions.

The latest heated debate regarding this migration was all about nothing. The LiMux project that is now running in Munich is quite successful and it’s safe from any kind of lobbying or political interference from the local government. Its creators made sure that no one could interfere with it, unless there was a good reason to do it.

Now, it looks like Munich is also trying to educate its citizens in the use of open source and the Munich City Library is providing free Ubuntu 12.04 LTS (Precise Pangolin) CDs to anyone who wants one, free of charge. This is not the first time that the Library had this initiative, but it seems that the new one was announced soon after the Microsoft and Windows debacle in the news.

Read more at: http://news.softpedia.com/news/Munich-Library-Now-Offers-Free-Ubuntu-12-04-CDs-for-People-with-Windows-Systems-457939.shtml

Mission to Mars – Powered by Linux

Tags

, , ,

ISRO Control Centre“India’s Mars Orbiter Mission successfully entered Mars’ orbit last Wednesday, becoming the first nation to arrive on its first attempt and the first Asian country to reach the Red Planet.

“We have gone beyond the boundaries of human enterprise and human imagination,” declared India’s Prime Minister Narendra Modi, who watched from the space agency’s nerve center in Bangalore. “We have accurately navigated our spacecraft through a route known to a very few.”

The staff at the Indian Space Research Organization erupted into applause and cheers after learning that the Mars Orbiter Mission, also known as Mangalyaan, reached the planet’s orbit and made history.

Before Wednesday, only the United States, Europe and the Soviets have successfully sent spacecraft to Mars.

“The odds were stacked against us,” Modi said. “Of the 51 missions attempted so far, a mere 21 had succeeded. But we have prevailed.”

And India reached Mars with significantly less money.

With a price tag of $74 million, the Mars Orbiter Mission cost a mere fraction of the $671 million NASA spent on its MAVEN spacecraft, which arrived to Mars earlier this week.

Red_Hat_ISRO screenshot

CNN reports …

Firejail – A Security Sandbox for Mozilla Firefox

jamesgoode98:

Security, a growing problem everywhere ( even on Linux ); but this sandbox for Firefox  looks to be useful!

Originally posted on l3net - a layer 3 networking blog:

We often find ourselves running applications we received in binary format. These include not only traditional software installed on our computers, but also unauthenticated programs received over the network and run in web browsers. Most of the time these applications are too complex to be bug-free, or can come from an adversary trying to get access to our system.

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications. The core technology behind Firejail is Linux Namespaces, a virtualization technology available in Linux kernel. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table, IPC space.

Introducing Firejail

The program is written in C and only needs libc and POSIX threads (libpthreads), available by default on any Linux platform. The

View original 659 more words

Shellshock hits Linux – via bash

Tags

, ,

A “deadly serious” bug potentially affecting hundreds of millions of computers, servers and devices has been discovered.

The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system.

The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.

Some experts said it was more serious than Heartbleed, discovered in April.

“Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system,” Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC.

“The door’s wide open.”

Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.

The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.

Patch immediately

Bash – which stands for Bourne-Again SHell – is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS.

The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches.

However, other security researchers warned that the patches were “incomplete” and would not fully secure systems.

Of particular concern to security experts is the simplicity of carrying out attacks that make use of the bug.

Shellshock rates a 10 on the scale of vulnerabilities. As bugs go, it’s about as bad as it gets.

Except that the last big bad bug, Heartbleed, rated an 11, according to one expert.

That should mean Shellshock isn’t as bad. Right?

Maybe. It’s too early to tell.

With Heartbleed, more work had been done by the folks that found it so it was easier to estimate who was at risk. There were lots of big targets, many of which had large user populations.

With Shellshock, the sheer number of potential victims is higher. And we do know that an exploit has been produced and some folks are scanning sites to see which are vulnerable to attacks based around that code.

So far, what’s keeping servers safe is the fact that cyber thieves are lazy and tend to copy what has already worked. Finding exploits is specialised, hard work so they only tend to pile in once that appears. With that code already in circulation, the early news about Shellshock may just be the first tremor of a much bigger quake.

Read more at:    http://www.bbc.co.uk/news/technology-29361794

Follow

Get every new post delivered to your Inbox.