GitHub launches sponsored code repositories

GitHub launches sponsored code repositories

Specializing in open source code repositories, the GitHub platform now offers a feature for developers to sponsor directories. Financial support from partners is just beginning.

If open source doesn’t automatically mean free – far from it – it can also rhyme with sponsorship.

The famous source code repository GitHub, now part of the Microsoft group, has indeed taken its Sponsors feature up a notch. Until now, it gave users the possibility to support others and added the ability for organizations to create and receive sponsorships. Now the company is taking it a step further with the launch of sponsor-only repositories, a feature for developers to interact more effectively with sponsors.

Specifically, developers and companies will now be able to attach a private repository to each of their sponsorship levels. This will allow sponsors to access the repository. Note that these invitations are automatically managed by GitHub and therefore require no manual processing.

The features offered are varied and include Sponsorware (access to projects for your sponsors only), Discussions (communicate with sponsors via messages and report issues) and Early Access (preview code before it is open source). In addition, the platform has added support for custom sponsorship amounts. “You now have more control and can set a minimum custom amount for your referrals in your tier settings.

Also transaction exports will now give you the location and VAT information that many of you need for sales tax calculations,” GitHib says. “You can now write a custom message that will display for each new referrer after creating their referral. This is a great way to welcome your new sponsors and give them more information about how you manage your sponsored projects.”

Pushing the sponsorship slider even further

GithHub also now gives the ability to add metadata to the URLs of a sponsored page to see what brings in new sponsors. For example, the user can include specific metadata in a URL used when tweeting about development work in progress. It is also proposed to display the metadata collected in the transaction export.

GitHub doesn’t plan to stop there: “The next chapter of GitHub Sponsors will open the door for more companies to support the open source projects they depend on. We’re partnering with more companies every week to enhance our beta program,” the platform says. “We’ve also heard that it’s difficult to find projects to sponsor, which affects both sponsors and maintainers.

Stay tuned for future work to improve the discovery experience on GitHub, making it easier for the community to explore dependencies and decide who to support, and helping maintainers who use sponsors grow their audience, community and overall funding.”

Log4j flaw: open source is not the problem

Log4j flaw

At a hearing before a U.S. Senate committee, executives from Cisco, Palo Alto and Apache discussed the industry’s response to the Log4j vulnerability and potential future problems. They were united in refusing to cast aspersions on open source.

After the White House, the U.S. Senate is now questioning the long-term impact of the serious vulnerability discovered late last year in the open source software Apache Log4j. “Open source is not the problem,” said Dr. Trey Herr, director of the Cyber Statecraft Initiative at the U.S. international relations think tank Atlantic Council, at a hearing of the U.S. Senate Committee on Homeland Security & Government Affairs this week. “Software supply chain security issues have been a concern for the cybersecurity community for years,” he said.

Experts say it will take a long time and a lot of work to address the Log4j flaw and its impact. As such, security researchers at Cisco Talos, believe that in the future, Log4j will be heavily exploited, and users should apply patches to affected products and implement mitigation solutions without delay. Java logging software is widely used in services, websites, and enterprise and consumer applications, as it is an easy-to-use tool in client/server application development.

A defense of open source

If exploited, the Log4j flaw gives an unauthenticated remote actor the ability to take control of an affected server system and gain access to corporate information or launch a denial-of-service attack. The Senate committee asked experts to outline industry responses and ways to prevent future software exposures.

Because the Logj4 flaw affects open source software, experts have spent a lot of time advocating for the use of open source software in critical platforms. “The Log4j vulnerability, which can be exploited by typing just 12 characters, is just one example of the serious threat that widespread software vulnerabilities, including those in open source code, or freely available code developed by individuals, can pose to national and economic security,” said committee chairman Senator Gary Peters (D-MI).

“In terms of the amount of online services, sites and devices exposed, the potential impact of this software vulnerability is immeasurable, and it puts all of our critical infrastructure, from banks and power grids, to government agencies, at risk of network breaches,” the senator added.

Cisco security chief Brad Arkin wanted to defend open source software. “I don’t think open source software is at fault, as some have suggested, and it would be wrong to suggest that the Log4j vulnerability is evidence of a unique flaw or that open source software poses an increased risk,” Brad Arkin, Cisco’s senior vice president and chief security officer, told the committee.

“The truth is that all software contains vulnerabilities due to human design, integration and writing errors,” he further argued. “Cisco is a significant user and active contributor to open source security projects. These efforts are essential and necessary to maintain the integrity of shared blocks of code across fundamental elements of the IT infrastructure,” Arkin said. “However, focusing exclusively on the risks posed by open source software could distract us from other important areas where we can address the security risks inherent in all software,” added Cisco’s senior vice president and chief security officer.

Log4j flaw: open source is not the problem

At a hearing before a U.S. Senate committee, executives from Cisco, Palo Alto and Apache discussed the industry’s response to the Log4j vulnerability and potential future problems. They were united in refusing to cast aspersions on open source.

After the White House, the U.S. Senate is now questioning the long-term impact of the serious vulnerability discovered late last year in the open source software Apache Log4j. “Open source is not the problem,” said Dr. Trey Herr, director of the Cyber Statecraft Initiative at the U.S. international relations think tank Atlantic Council, at a hearing of the U.S. Senate Committee on Homeland Security & Government Affairs this week. “Software supply chain security issues have been a concern for the cybersecurity community for years,” he said.

Experts say it will take a long time and a lot of work to address the Log4j flaw and its impact. As such, security researchers at Cisco Talos, believe that in the future, Log4j will be heavily exploited, and users should apply patches to affected products and implement mitigation solutions without delay. Java logging software is widely used in services, websites, and enterprise and consumer applications, as it is an easy-to-use tool in client/server application development.

A defense of open source

If exploited, the Log4j flaw gives an unauthenticated remote actor the ability to take control of an affected server system and gain access to corporate information or launch a denial-of-service attack. The Senate committee asked experts to outline industry responses and ways to prevent future software exposures.

Because the Logj4 flaw affects open source software, experts have spent a lot of time advocating for the use of open source software in critical platforms. “The Log4j vulnerability, which can be exploited by typing just 12 characters, is just one example of the serious threat that widespread software vulnerabilities, including those in open source code, or freely available code developed by individuals, can pose to national and economic security,” said committee chairman Senator Gary Peters (D-MI).

“In terms of the amount of online services, sites and devices exposed, the potential impact of this software vulnerability is immeasurable, and it puts all of our critical infrastructure, from banks and power grids, to government agencies, at risk of network breaches,” the senator added.

Cisco security chief Brad Arkin wanted to defend open source software. “I don’t think open source software is at fault, as some have suggested, and it would be wrong to suggest that the Log4j vulnerability is evidence of a unique flaw or that open source software poses an increased risk,” Brad Arkin, Cisco’s senior vice president and chief security officer, told the committee.

“The truth is that all software contains vulnerabilities due to human design, integration and writing errors,” he further argued. “Cisco is a significant user and active contributor to open source security projects. These efforts are essential and necessary to maintain the integrity of shared blocks of code across fundamental elements of the IT infrastructure,” Arkin said. “However, focusing exclusively on the risks posed by open source software could distract us from other important areas where we can address the security risks inherent in all software,” added Cisco’s senior vice president and chief security officer.

Taking the long view and the means to remediate

According to Dr. Herr of the U.S. think tank Atlantic Council, expect to discover more similar vulnerabilities. “The Log4j logging program is extremely popular, and fixing its flaws has required considerable effort and widespread public attention, but this is not the last time this type of incident will occur,” Herr said. “Among the efforts that federal agencies should undertake to improve open source security, would be to fund what is ordinary, providing resources where industry would not

Version 5.1 of the Linux kernel is available, optimizes asynchronous I/O

In the new version of the Linux kernel, version 5.1, there are new features, many improvements, and some bug fixes. One of the improvements is the default Intel Fast Boot activation in the graphics driver for Skylake and more modern processors.

Fast Boot explained

Fast Boot is a BIOS feature that reduces the computer’s boot time. If Fast Boot is enabled, booting from a network, an optical drive and removable devices are disabled, and video and USB devices (keyboard, mouse, drives) are not available until the operating system is loaded. It means that Fast Boot only loads what is necessary, eliminating the jolts of the image in the process.

Still, on the Intel technology side of this version of the kernel, we note the support of HDCP 2.2 and GVT (Graphics Virtualization Technology) from Coffee Lake. Coffee Lake is Intel’s code name for the second 14 nm process node refinement after Broadwell, Skylake and Kabylake. The graphics integrated on Coffee Lake chips support DP 1.2 to HDMI 2.0 and HDCP 2.2 connectivity. Coffee Lake natively supports DDR4-2666 MHz dual-channel memory when used with Xeon, Core i5, i7, and i9 processors, DDR4-2400 MHz dual-channel memory when used with Celeron, Pentium, and Core i3 and LP DDR3-2133 MHz memory when used with mobile processors.

Linux 5.1 kernel

The Linux 5.1 kernel brings some improvements to the support of ARM platforms, including a new DRM graphics driver for Komeda and support for Bitmain SoC (two A53 cores and a RISC-V core). Only the ARM part is completed for the moment, and RISC-V support is partially progressing. For ARM processors, the default 64-bit configuration in the kernel now recognizes up to 256 cores; a decision following the continuous increase in the number of cores in the Socs. The value can be changed.

In other words, the BM1880 Bitmain SoC includes a dual-core ARM Cortex-A53 processor, a single-core RISC-V subsystem and a Tensor processor subsystem. But with the initial state for Linux 5.1, only the A53 cores are enabled for the moment. The BM1880 is marketed as an “on-board TPU” capable of delivering 1TOPS@INT8 performance, a single-core RISC-V processor capable of up to 1 GHz, and optimized for in-depth learning with a power consumption of only 2.5 Watts. Note that the BM1880 is manufactured by Bitmain, a Chinese company that has started to design ASICs for the extraction of Bitcoins with Antminer and other products. The company has also embarked on artificial intelligence and in-depth learning projects.

There are asynchronous I/Os to accelerate operating systems. It allows applications to perform other tasks until a background writing function is available. The kernel is responsible for notifying the application. A kernel developer, Jens Axboe, is now introducing a new variant called io_uring that aims to increase the speed of asynchronous reading and writing tasks and allow them to evolve better. There is also a userspace library that allows developers to familiarize themselves with the main features of io_uring.

PostmarketOS: free and open source, this system aims to keep our smartphones alive for 10 years

postmarketos-linux-distro

Google is stepping up efforts to ensure that Android smartphones enjoy the latest OS and security updates faster and for a longer time. This requires a better structure of the system itself, programs such as Android One and better collaboration with the various manufacturers.

Despite this, it is still not enough. The vast majority of smartphones benefit from software support for only two years, encouraging users to renew their purchases regularly. This is not good for the portfolio or for the environment.

Increase smartphone’s lifetime up to 10 years

It is to counter this phenomenon that the postmarketOS project was created. It has been in existence since at least 2017, but a recent update of the dedicated website has shed light on it and the subject is very much in vogue at the moment on Reddit.

The concept of postmarketOS is quite simple. The goal of its creators is to allow phones to have a lifespan of 10 years and to ensure that only a hardware failure pushes us to part with a device.

Simplified updates for extended tracking

This free and open system is based on the Alpine Linux distribution which has the advantage of being very light (6 MB for a basic installation) to install in addition to being focused on user safety and ease of execution. The particularity of postmarketOS lies in the fact that each smartphone has only one single package that differentiates it from the others. Absolutely all other packages are shared by all devices running on this OS. In concrete terms, this greatly simplifies the update process since there are far fewer specificities to manage.

Fix the cause instead of the symptoms

This is why postmarketOS claims to be different from solutions like LineageOS where teams of volunteer developers allow old smartphones to have the latest Android innovations. “However, such Android-based projects will always be executed in the shadow of Google and the phone industry, correcting only the symptoms, but never the root cause.

Because yes, postmarketOS is not a version of Android and avoids this whole ecosystem. However, the managers do not rule out the possibility of offering some compatibility with Android applications, but leave it to potential volunteers to take care of this tedious work.

As for the interface, it is specified that postmarketOS allows the user to choose the one that suits him most from an existing catalogue.

100 compatible devices

postmarketOS is only at the Alpha version where even calls don’t work yet (which is not very convenient for a phone). The creators of the system boast that they already have more than 100 compatible devices in which the Google Pixel 3 XL can be found. The latter is undoubtedly the most recent reference in this list where we can also see the following models:

  • Asus Zenfone 5 (the one of 2014)
  • Fairphone 2
  • OnePlus One
  • Samsung Galaxy S5
  • Wiko Lenny 3
  • Xiaomi Mi 5
  • Nokia N900
  • Nextbit Robin

The project is interesting to follow anyway and even if things seem to be moving rather slowly, they are certainly moving forward. To learn more about the practical and technical details, do not hesitate to visit the postmarketOS website.

 

eBay will introduce its own open source server designs

eBay has embarked on a large-scale reconfiguration of its architecture: designing custom hardware and a dedicated artificial intelligence engine, decentralizing the data center cluster, evolving to cutting-edge computing, and developing open source technology solutions.

In the process of completion, as the new servers are already operational; their architecture will be made public, in fact becoming open source. Committed for three years to a project to renew its platforms and modernize its backend infrastructures, eBay announces that it will build its own server designs and offer them in open source by the end of 2018.

Launched by Facebook 7 years ago, the Open Compute Project (OCP) is an initiative to share server designs and make them available in open source.

The latter has grown over the years with the support of leading IT companies such as Apple, Microsoft, Google, HPE, Rackspace and Cisco.

However, some heavyweights are missing, such as eBay, which announced last weekend its intention to develop its own servers and share its open source design so that other companies can use them for their needs. If the U.S. online retail giant has not made any announcements regarding its OCP membership by now, it is very likely that it will end up joining in the coming months.

“As part of an ambitious three years of effort to reconfigure and modernize our back-end infrastructure, eBay announces its own custom servers designed by eBay for eBay. We plan to make eBay servers publicly available through open source in the fourth quarter of this year,” the company said in a post. “The reconfiguration of our core infrastructure included the design of our own hardware and IA engine, the decentralization of our data center cluster, the adoption of a next-generation IT architecture and the use of the latest open source technologies.

Leveraging IA on a Large Scale

Among the technological bricks used by eBay are Kubernetes, Envoy, MongoDB, Docker, and Apache Kafka.

The infrastructure developed by the e-merchant allows it to process 300,000 million daily requests for a data volume of more than 500 petabytes.

“With the transformation, we’ve achieved and the large data flowing through eBay, we’ve used open source to create an internal AI engine that is highly shared among all of our teams and aims to increase productivity, collaboration, and training. It allows our data scientists and engineers to experiment, create products and customer experiences, and leverage IA on a large scale,” eBay said.

What Is Open Source?

Open Source Content

Open source is one of the greatest inventions since sliced bread. We can safely say that it has changed the way we make websites and apps. Thanks to open source code, creating an online presence has become way cheaper than it used to be a while ago when the internet was in its infancy.

Open source is nothing else but code that is free for everybody to access, modify and use as they see fit. WordPress, Drupal, and Joomla! are only three examples of projects that are based on open source code. This is something new. Before the open source project was created, websites and internet applications didn’t offer free access to their code. Everything was encrypted, so website owners had to pay their coder to make changes whenever needed. Besides, even if you had access to the original code, you weren’t allowed to use it for your projects, as it belonged to its creator. Replacing your web developer was a huge problem, as most of them used to write their code, difficult to understand by another coder. Besides, they all encrypted their work before their websites or apps went public so that nobody would steal their code.

Open source code is entirely different.

a galaxy of open source appsYou can reverse engineer projects based on it, and then take whatever code sequences you want and use them to create something new. There are no limits when it comes to tweaking and adjusting the code to suit your needs. You can find open source projects online on GitHub or various blogs, as well as in discussion forums and Facebook groups on IT and coding topics. Everything is accessible and easy to use, hence making the life of web developers so much easier. Furthermore, many people have specialized in developing add-ons and plugins for the most popular open source apps. All these make it very easy for anyone who wants a professional website to build one without too much coding knowledge. Without open source, all these people would have needed to pay expensive developers to build and update their websites.

Strong communities

The most significant advantage of open source projects is that they are developed and maintained by teams of experienced coders. This means that the code is always up to date with the latest technologies and with the latest security features. At the same time, open source projects are also the most exposed to hackers and other cyber criminals out there, as they also have access to the code, just like everyone else. Keeping open source apps secure at all times is one of the most significant challenges for programmers from all over the world.

This is open source in a nutshell. You can easily see that it has made the web a more user-friendly environment. Even beginners can learn how to use this code to create beautiful apps with advanced functionality and professional appearance. Our modern world is more inclined to sharing knowledge and information than ever before. This is good for all of us, coders and consumers.

Microsoft Is Planning To Acquire GitHub For $7.5 Billion.

microsoft buys github

Microsoft is on target to acquire a coding platform that has become very popular with software coders and developers around the world. The tech giant is in the process of buying GitHub for a reported 7.5 billion dollars. At last check, GitHub was currently valued at almost $2 billion.

Once combined, the two companies will help to empower developers to be able to achieve more of their goals at each stage during the development process, bring the developer services and tools of Microsoft to an entirely new audience and speed up enterprise use of the coding platform.

The Purchase Agreement

Microsoft has a long-standing of being a company that focuses on developers first. By deciding to join forces with a coding platform such as GitHub, the tech giant is planning to strengthen its commitment to providing developers freedom, innovation, and openness.

Microsoft is well aware of the responsibility it is undertaking for having community responsibility under the agreement, and the company promises to empower all developers to innovate and build some of the most pressing challenges in the world.

Under the agreement terms, the purchase of GitHub for $7.5 billion will be completed via Microsoft stock. The purchase is also subject to a completion of a regulatory review and customary closing conditions. If everything goes as planned, the acquisition is expected to be completed by the end of the year.

Upcoming Changes For GitHub?

Also under the agreement, the coding platform will also retain a developer first community for developers and will continue to operate independently. By retaining this independence, GitHub will also be able to provide an open source platform for developers in any industry.

This means that developers will still be able to use programming languages, operating systems and tools of their choice for all of their projects. These developers will also be able to still deploy their code for any operating system, device or cloud.

Global Digital Transformation

In today’s global economy, there are more software companies now than ever before. This places software developers at the forefront of the digital transformation that has been taking place since the dawn of the 21st century.

These companies and developers are driving business functions and processes across departments and organizations. This covers areas from HR (Human Resources) to IT to customer service and marketing. The choices that developers make will have an impact on growth and value creation in every industry.

GitHub has become the home for today’s developers, and it is considered to be the top global destination for software innovation and open source projects. The coding platform currently hosts an extensive network of software developers in almost every country in the world. These developers represent over 1 million companies in industries including:

  • Healthcare
  • Technology
  • Retail
  • Manufacturing
  • Financial Services

Microsoft highly expects that the financials of GitHub will be reported as part of the segment known as the Intelligent Cloud. The acquisition will be accrued to the 2020 fiscal year operating income. This will be done on a non-GAAP basis.

Typo3 is available in version 9.2.0

rsz_typo3

Version 9.2 of the open source content manager focuses on-site management and aims to “boost publishers’ productivity, push developers’ creativity and make integrators’ lives easier.”

Site Handling

The most remarkable new feature of TYPO3 version 9.2 is the site management feature. Introduced in version 9.1, the “Site Management” module in the TYPO3 administration space now contains a new “Configuration” sub-module. It allows integrators and site administrators to add and modify a global configuration for one or more sites.

Each site configuration has a unique identifier and configuration values such as root page ID, entry point, language definitions, and so on. The configuration files are stored in a YAML file under “typo3conf/sites/site-identifier/”. It is therefore easy to maintain configuration in a version control system such as Git for example.

The site management functionality already supports configurations such as domains, languages, error handling. According to the development team, this feature will be extended to long-term support version v9 later this year.

Debugging and profiling

typo 3 softwareThe TYPO3 Control Panel now provides a more in-depth overview of TYPO3’s internal processes at runtime. Once enabled, TYPO3 integrators and site administrators can access performance and cache statistics and settings for a specific page. They can also simulate certain front-end access situations. It is possible, for example, to endorse the identity of a specific user group or to simulate a time stamp.

Concerning the administration panel, it will receive a significant revision to conform to the highest standards in future versions. To prepare for this development, it has been moved from the kernel to a dedicated system extension. This step also lays the foundation for other improvements, such as a new modern design and new features such as adding better profiling capabilities and the ability to add custom features via an API.

Changes to anticipate the future.

Although TYPO3 is not new to the open source CMS market, its core code is continually being reworked to adopt contemporary technologies and modern software paradigms. In particular, TYPO3 aims to support PSR-15 middleware ready for use by adopting the eponymous standard. For the development team, this approach will improve interoperability with independent libraries. As one of the first enterprise content management systems on the market, TYPO3 version 9.2 introduces PSR-15 middleware in the frontend, as well as in the backend.

TYPO3 v9 long term support version is scheduled for November 2018. This version will try to avoid constants and global variables if possible. To achieve this, a new “Environment” class has been developed, which acts as a central repository to store commonly used properties throughout the kernel. This class also contains methods relevant for all types of PHP, CLI and Web queries.

Security in Typo3

In the continuous security improvement process of the content manager, the path to the “var/” directory can now be configured as a TYPO3_PATH_APP environment variable. The Apache Web server can use the following configuration directive. This directory usually contains Install Tool session files, caching framework files, lock or log files, Extension Manager data files. Even though a correctly configured web server and a TYPO3 instance prevent access to all sensitive files in the “var/” directory, it is evident that they are non-public files. The development team can now locate these files outside the web root.

Getting TYPO3

TYPO3 can be installed in different ways. For example the traditional way by using the source package on typo3.org or the modern way by configuring a project using compose. More details via get.typo3.org/version/9

Gimp 2.10 is available

The leader of open source image editing software receives a significant and much-anticipated update. The GEGL image editor, in particular, brings the most significant benefit to the adoption of this new version.

For GIMP users, it took patience to receive a significant update of the software. Six years of development, nothing less, were necessary to propose all the new features of version 2.10.

The results are nevertheless up to the expectations: GIMP finally supports the RAW format via the free software Raw Therapee or Darktable. The most important innovation is the new image processing engine, GEGL, in high definition. This non-destructive processing engine offers, among other qualities, a multithreaded approach and hardware acceleration. Over 80 GEGL-based filters are already available.

Other new features of GIMP 2.10 are more visible: interface, more modern visual presentation, extensions via plugins. The software now supports OpenEXR, RGBE, WebP, HGT formats and improves compatibility with Photoshop PSD format on import. Color management becomes a fundamental feature of GIMP: most windows and preview areas offer color management. The preview for all filters is compatible with GEGL. Finally, metadata viewing and editing are available for Exif, XMP, IPTC, and DICOM formats.

GIMP is not yet a 100% Photoshop replacement tool for purists, but for most image editing and processing operations, it no longer has much to envy.