Entries with tag open source projects.

New Security Program Offers Keyless Cloud Security

A vendor has released a new open source security program designed to let users securely access cloud-computing resources without placing their private encryption/decryption keys in the cloud. CloudFlare’s Keyless SSL enables users to secure Web assets in the cloud by storing the private keys on an internal, rather than a public-facing, server. Typically, the private key resides on the same cloud-based server that handles Web traffic. Problems with this were underscored by the Heartbleed bug, which let hackers access private-key information. With CloudFlare’s Keyless SSL system, private SSL keys are maintained on customers’ hardware, not in CloudFlare’s network. Key-signing requests are conveyed—and the signing takes place—via an encrypted tunnel to the customer’s server. The key is thus never seen. CloudFlare CEO Matthew Prince said companies, particularly financial institutions, expressed security concerns about using cloud services. (Bloomberg)(InfoWorld)

 

New Chrome Encryption Extension Promises Better Privacy

Google now offers an extension for its Chrome browser designed to provide easy e-mail encryption to users. The company is touting the End-to-End extension for its simplicity of use compared to similar open source tools such as PGP and GnuPG. Google is basing End-to-End on the OpenPGP standard. The tool is in alpha, meaning the code is available for testing and evaluation now at https://code.google.com/p/end-to-end/source/checkout . Google also is offering bounties for any bugs found in End-to-End through its Vulnerability Reward Program. (Businessweek)(PC Mag)(TIME)(Google Online Security Blog)

HP Announces $1 Billion Investment in Cloud Projects

Hewlett-Packard plans to invest $1 billion within the next two years on cloud-computing products and services. Among its projects is the development of services for the OpenStack open-source platform for public and private clouds, which HP will make available in 20 datacenters within the next 18 months. The company also recently announced a collaboration with contract manufacturer Foxconn Technology Group on creating servers for cloud-computing service providers. Other companies are also investing in cloud computing. For example, Cisco Systems plans to spend $1 billion on a cloud initiative. And Microsoft is making its cloud storage for businesses 40 times larger than it is now. (Reuters)(ZD Net)

Computer Tinkerers Use Raspberry Pi to Resurrect Commodore 64

A group of Commodore computing enthusiasts are developing an emulator able to convert a Raspberry Pi system into a fully functioning Commodore 64. The goal is to create a native Commodore 64 operating system that can run on Raspberry Pi, complete with the ability to connect a joystick. Eventually, the developers want to add new features, including changing the emulation speed and new, modern graphics modes, to the system. The computer competed in the nascent personal computing market of the 1980s with the Apple II and was widely adopted based on its affordability. The project development is being carried out via GitHub. (SlashDot)(International Business Times)(Commodore Pi @ GitHub)

DARPA Goes Open Source

DARPA has placed some of its sponsored research data online and made it available to the public through its Open Catalog, which contains a list of the US Defense Department agency’s available software and peer-reviewed publications. The information has not traditionally been easy for interested researchers to find. The response to this criticism was the creation of this site, which currently includes links to peer-reviewed publications from DARPA’s XDATA open source software library for big data. The agency says it is making the information public to increase “the number of experts who can help quickly develop relevant software for the government” and eventually incorporate some of the software into their own products. Should the R&D community prove interested, DARPA said, it will release additional information from other programs including Broad Operational Language Translation (BOLT) and Visual Media Reasoning (VMR). The DARPA Open Catalog is at www.darpa.mil/OpenCatalog/index.html.  (PC Mag)(WIRED)(The Verge)(DARPA)
 

Microsoft Joins Open Compute Project, Offers Cloud Server Designs

Microsoft has announced that it has joined the Open Compute Project, a global group of companies and independent engineers that share designs to enable development of efficient, scalable server, storage and datacenter hardware designs. Microsoft will contribute its cloud-server specifications to the project. Bill Laing, Microsoft’s corporate vice president for cloud and enterprise, said the company is joining the Open Compute Project “to foster more efficient datacenters and the adoption of cloud computing. (SlashDot)(Data Center Knowledge)(Open Compute Project)(The Official Microsoft Blog 

Oracle Opens to OpenStack

Oracle announced it is supporting the OpenStack Foundation and plans to integrate OpenStack code into its product line. The foundation manages the OpenStack project, which is developing an open source public and private cloud-computing platform. Oracle, best known for its proprietary approach to software, will add OpenStack cloud-management components into its Solaris and Linux products, as well as its cloud-based services. The company says this will provide customers with more choices and flexibility in how they use Oracle products and services. (Information Week)(ZDNet)
 

Open Source Project Tackles Secure Password Storage


A newly launched open source project aims to help users safely store their online security credentials, particularly long, complex passwords. The project aims to combine hardware and software to solve the problems caused by users selecting insecure passwords, according to Mathieu Stephan, an electronics engineer at encryption vendor ID Quantique who will head the as-yet-unnamed project. The goal is to help users generate long, complex random passwords for the different websites they regularly access, which helps protect the user’s information from being compromised. Recent analysis of stolen passwords shows people are not good at selecting their own passwords, which makes them vulnerable to data or identity theft. The project seeks community input throughout the development of the device. As planned, the new technology will include a smart card and a device—able to store Advanced Encryption Standard (AES)-256-encrypted passwords and keys to help users secure their online credentials—that users can connect to a computer via USB. (SlashDot)(Hackaday)(IEEE Computer News Feed – December 2, 2013)

US Government Demands Removal of Online 3D-Gun Blueprints

Defense Distributed, an open source, nonprofit firearms designer, has removed from its website blueprints for a gun that can be made with high-density plastic on an industrial 3D printer, after receiving pressure to do so from the US State Department. However, the plans reportedly have already been downloaded 100,000 times and are being hosted on other servers, including those belonging to The Pirate Bay file-sharing site. US officials indicate that publication of the blueprints so that they would be available internationally may have breached arms-control regulations regarding the shipping of weapons overseas. Defense Distributed claims it is in compliance with the US International Traffic in Arms Regulations. (BBC)(CNET)
 

Study: Quality of Open Source and Proprietary Software Exceeds Industry Standards

A new analysis of software integrity finds that the quality of both open source and proprietary software code surpasses industry quality standards. Coverity, a software-quality testing firm, conducted the analysis, based on code submitted to Coverity Scan, as it has been doing annually for the past seven years. The project originated in 2006 and was initially undertaken with the US Department of Homeland Security. Since then Coverity has analyzed almost 850 million lines of code from open source projects including Apache, Linux, and PHP and found an average defect density—defined as the number of defects found in every 1,000 lines of code—of 0.69. Coverity found that proprietary code’s defect density is 0.68. This is the second year both groups have had a defect density of less than 1.0, which is the industry standard, according to Coverity, which offered no additional details regarding the specific standard on which it bases the claim. (SlashDot)(Help Net Security)(Coverity Scan)
 

Showing 10 results.