Next Page: 10000

          Google назвал нового руководителя Android Open Source Project       Cache   Translate Page   Web Page Cache   
Утверждён новый руководитель проекта AOSP (Android Open Source Project), в рамках которого координируется работа с исходными текстами выпусков платформы Android, открытых компанией Google. Новым техническим лидером проекта стал Джеф Бейли (Jeff Bailey), более двадцати лет участвующий в жизни сообщества разработчиков открытого ПО. Джеф является сооснователем хостинга открытого кода Savannah, 15 лет принимает участие в разработке проекта Debian и входит в число ключевых (core) разработчиков Ubuntu. Работая в Google Джеф входил в команду Google Open Source team и участвовал в открытии кода платформы Android в 2008 году.
          Java Developer - IAM - Codeworks - Milwaukee, WI      Cache   Translate Page   Web Page Cache   
Experience in J2EE web application development and ability to use open source libraries. Our direct client is seeking a Java Developer with experience in...
From Indeed - Thu, 02 Aug 2018 16:23:50 GMT - View all Milwaukee, WI jobs
          React Js: The Best Front-End Technology For Web Applications       Cache   Translate Page   Web Page Cache   

Today React is the best option available to choose for the JavaScript community. It is one of the most popular open source javascript library developed by Facebook in the year 2013 and it is used for creating dynamic web and mobile applications. React use Virtual DOM, (Document Object Model) instead of Real DOM. This helps to create more Fast and Scalable web applications. It is estimated that more than 1,300 developers Read More..
          TEN7 Blog's Drupal Posts: Episode 036: Matthew Tift      Cache   Translate Page   Web Page Cache   
Dr. Matthew Tift, Senior Drupal Developer at Lullabot, musicologist, podcast host and educator, sits down with Ivan Stegic to discuss his fascinating career and passion for those things open source. Discussing: Matthew's midwest ties, Walking meetings, The advantage of working at home, Working with Wisconsin Public Radio, Sea Grant Non-Indigenous Species Project. Dogpile and Metacrawler, Automate that process, C#, ColdFusion, VB6 Discovering Drupal, TTBOOK (To The Best of Our Knowledge), Accessible public information, Teaching kids to code, Finch Robots, Tonka Coder Dojo, "The Open School House", Live coding, Algorithmic Music, Algoraves, Toplap.org, Syncthing.
          Mediacurrent: Marketer’s Guide to Drupal 8: Healthcare Marketing Q&A      Cache   Translate Page   Web Page Cache   

Alan Onnen is the Associate Director of Marketing for the Shirley Ryan AbilityLab. Recognized as #1 in rehabilitation for 27 years in a row. AbilityLab introduces its revolutionary care through 5 Innovation Centers - state-of-the-art hospital facilities and equipment for exceptional patient care provided by the best medical and nursing support.

With 15 years of experience in the marketing industry, the past 5 being with SRA and being a part of the team that helped adopt Drupal, Onnen has seen firsthand how Drupal 8 powers digital strategy. 

Mediacurrent Interview with Alan Onnen 

Mediacurrent: What does “digital transformation” mean for you? 

Alan Onnen: Digital transformation means a constant evolution. There’s no single transformation; it’s a constant state of change, staying on top of trends at once. As a digital marketer, you need to know a little bit about everything, UI, UX, nerdy stuff, best practices, changes in the digital environment, what people expect from websites in your vertical, etc. Some people think transformation is a binary term - something new - but it's not.

Mediacurrent: How does open source fit into the equation?

AO: Open source is something that’s not new but it’s getting so mainstream its part of that digital transformation. It’s about adjusting to the new worlds where open source doesn't mean unsecure - it means that it’s open and honest. We had to get buy-in from stakeholders. They dismissed it at the beginning of the RFP bc they thought you needed a Sitecore or an AEM. It took a long time and a lot of agency people to show how safe it is to help make them believe that open source isn’t a dirty word.

Mediacurrent: What current challenges are you trying to solve for?

AO: It is a constant struggle to keep up with Google - making sure our content is optimized for search algorithms. Our overall challenge is to keep our content fresh, navigating innovative best practices for our website while keeping up with legal and social constructs.

Mediacurrent: How are you using Drupal 8 to solve those problems? 

AO: One of the big reasons we chose Drupal was because of its customization ability. Our knowledge base is spread across so many people so Drupal’s ability to customize the backend experience and offer the fields and plain English way we need to talk about things is really important. Even just the simple need for content creators to be able to edit things and be able to customize that experience.

Another big reason was the fact that its open source and the community surrounding Drupal. If you have an idea you can find someone who has half baked or full-baked into that particular module or idea to help give your devs a headstart solution. With Drupal, you don’t have to start from scratch when you need something new to move the website forward. Chances are, someone has had a similar idea you can pull from.

Mediacurrent: Has this been your first experience with Drupal or have you worked with previous versions of Drupal in the past? What did Drupal 8 give you from a marketers/content editors perspective?

AO: I came to SRA on a proprietary healthcare based CMS. It was designed to serve mid to small hospital systems and we didn’t have access to the backend part of the site before. SRA put out an RFP for a replatforming and redesign of our website . We talked to different agencies, and Drupal kept coming up - there were no licensing fees with open source. The spin up on Drupal is more robust than most paid CMS experiences. The cost point of view is having it be free and open was very appetizing and Drupal had other features that appealed to us. 

Mediacurrent: Since launching on Drupal 8 have you noticed an increase in website conversions?  What would you attribute to that success (or lack of success)? By use of marketing automation strategies? Bc of easy integration?

AO: Drupal can be leveraged any which way you want it to be. We take advantage of the extensive list of modules. We have seen nice conversions off the YAML module & the webform module. It’s true of the module philosophy to be able to build how you want them too. 

With Drupal, our web traffic has been up. We have 3 very different facets of our site - rehab measures database, research educational platform, home site - and Drupal can support them all very well. It’s a testament to Drupal - with a flexible CMS, reporting, user interfaces, and a back end that can be robust enough to bring things together in an organic and seamless way. 

Mediacurrent: What are 3 factors you look at when evaluating an agency? Cost? Reputation? Their own web design? Logos they've sold? 

AO: With our RFP out, we began evaluating the superficial - books, examples, case studies, white papers, if their leadership had given talks and what they had talked about, the look and feel for brand consciousness, - exploring that space of ability. We didn’t want someone who was making cookie cutter websites and we didn’t want to stay looking just in the healthcare vertical. Our list was narrowed down to those whose work we respected and admired. 

In the RFP, the CMS wasn’t a consideration. We didn’t tell people which platform you needed to be on. We asked for the cost, their preferred CMS and why, and we never cared about where the agency was located. It’s important to know the the people are the agency - communication is critical. For instance, in their responses to those RFP’s are there timelines? Are they realistic? Do they make sense? It’s easy to see how much effort they did.

No one else did research like you guys [Mediacurrent] did before they got there for a face to face meeting. Your team said “oh, well we’ve already talked to discharge managers, nurses, planners.” They went through example personas, guessing on journeys, patients - and they were smart with how they handled it and took the initiative that early in the process. That showed us a lot about them. It wasn’t a giant new business budget and they didn’t ask for money up front. 

In all, the RFP process was about 4 months.

Mediacurrent: As a marketer using Drupal, what are some of the hot topics you'd like to know more about today? Personalization, marketing automation, etc.

AO: I’d like to know more about:

  • Integrations with personalization
  • Integrating with Google Analytics, tracking to AEM, adwords, & api that moves page data to backend sites
  • Marketing Automation capabilities

Mediacurrent: What advice would you give other CMO’s/VP’s/Director’s who are hesitant to move to Drupal 8?

AO: I would say it depends on what their hesitation is. You have to be committed to the build of your site. You need to be able to really understand your content creators, the users of your CMS, the scope of what they want to be doing, and understand what they could be doing on the front end. It’s important to know the ingredients - you can muck up Drupal and waste dev hours if you don’t know how the workflows to go and to know your taxonomy and pathing modules. 

Drupal requires a Digital Marketer to have a vision for what they want it to be before they start developing - or else they risk having to go back and retrofit into their CMS environment that they could have efficiently put in the first time.

The journey of CMS and Drupal needs to be a thoughtful one.

______________________________________________________

We want to extend a big THANK YOU to Alan for participating in this interview. In the next part of the blog series, we will dig into the top reasons for Drupal 8 and why enterprise marketers choose Drupal.


          Mediacurrent: Break it Down For Me, Shrop: Tackling Drupal Security Update SA-CORE-2018-005      Cache   Translate Page   Web Page Cache   

Security maintenance — and the ability to apply security updates quickly — is part and parcel to open source project success. 

Updating is typically done as part of the normal software release cycle, however, there are times when a security advisory needs to be released ASAP. A strong incident response plan builds a first defense line to mitigate and patch vulnerabilities. 

But what does a successful security response look like in action?

On the heels of a recent Drupal security update on August 1, 2018, Mediacurrent’s Senior Project Manager Christine Flynn had the same question. To find out, she interviewed our Open Source Security Lead, Mark “shrop” Shropshire, to get a layperson’s perspective on the security team’s approach.

Christine and Shrop on a call

 

“An off-cycle Drupal security advisory dropped on August 1, 2018. What does that mean for folks who aren’t developers?”

Flynn: I was watching the Slack channel as our team fixed sites, and I got some idea of what was happening. I’m not going to jiggle anybody’s elbows while they’re applying a security update, but I’m really curious now that the fixes are all in. 

Shrop: The official Drupal Security Advisory came out late in the day, after Symphony published their announcement in the morning. There was also one from Zend.

Flynn: I read all of those links while the team was applying the security update, but I feel like I didn’t totally understand the implications. I’d love to get a better picture from you of what they mean.

Shrop: You bet! I hope you can hear me, I’m at a coffee shop right now.

Flynn: Are you on their unsecured WiFi?

Shrop: Nope! I’m on a hotspot and on VPN. It’s funny, the more you know about security, the more it changes what you do. Other people think you’re paranoid. But you’re not! You just understand the realities. 

Flynn: Ha! Why am I not surprised? All right, let’s dig in.

“What was the security update for?”

Shrop: Drupal Core was updated because there were some security releases for Symfony. We call those “upstream” in the biz, which means that Drupal depends on them, and they are actively worked on outside of Drupal. I understand the Symfony project worked closely with the Drupal Security Team to make sure Symfony and Drupal were both updated and ready to be announced publicly at the same time. Drupal version 8.5.6 pulls in the Symfony updates as part of the Drupal update process. 

Flynn: Was that the only update?

Shrop: No, at the same time, there was also an update to Zend Framework, but that was only an issue for users who were making use of modules or sites that used Zend Feed or Daictoros. There is a core issue to update the related Zend libraries for those who require or need the updates. 

“If not updated, what could a malicious user do to a site?”

Shrop: This is a hard one to answer this soon after the release of the security advisory. I’m going to do some checking to see if I can get more information on this for academic purposes, but the Drupal Security Team is not going to make any statements that could help someone attack a site. It is up to security teams and researchers to dig into the code and determine more about the risks involved.

Based on the Symfony project’s blog post, it appears that a specially crafted request could allow a user access to a URL they do not have access to, bypassing access control provided by web servers and caching mechanisms. That’s a fancy-pants way of saying that a website visitor could gain access to pages you don’t want them to see.

“When will we know more?”

Shrop: Within days - sometimes hours - we might start to see exploit methods posted on the Internet. Taking security seriously and responding quickly once a drupal.org security advisory is announced is a way to stay ahead of these concerns.

Mediacurrent doesn’t want to fearmonger, but it is better to be safe than sorry. That’s why I always push to update as soon as possible while weighing in on mitigating factors that may lessen the severity of the issue for a particular application. But I will keep digging. I’m curious! 

“If you had to tell a CEO or CFO the value that implementing this security update swiftly provided, what would you say? Let’s say this CEO does not have a strong background in technology or security.”

Flynn: I could see an executive with a strong public safety or physical security background being pretty understanding of why you want to apply a security update for a potential vulnerability quickly, but what if it’s someone who doesn’t have that experience, and isn’t a technologist?

Shrop: Check out this link from Acquia about the security update. This helped me so much. They published this shortly after the PSA came out, and although they’ve updated the text since then, they said at the time, “It is advised that customers set aside time for a core upgrade immediately following.” When I read, “immediately,” I knew that we had to get the update out within hours. If I was asked to get on a call with the executives from any company, at that point, I am confident. If Acquia is saying it, we need to do it. That’s enough to stand on with anybody. I’m not saying that the Acquia team has more information, but they have a very robust security team. They always dig in quickly. They have to, to know if they can mitigate the issue by adding web application firewall rules.

Flynn: Firewall rules? How does that work? 

Shrop: The last few core updates, Pantheon and Acquia put mitigations into their WAF - that’s Web Application Firewall. Pantheon confirmed the night of the security advisory release that they were blocking attempts on their platform, and Acquia did the same thing. So if someone tried to exploit a site that was hosted there before Drupal was updated, they were there, helping to prevent that site from being attacked successfully. It’s a great extra layer of protection. Now, me and Acquia and Pantheon will always still want to update Core on each site, because WAF-level mitigation might not catch everything. But I am super happy when I see it because there’s a good chance that it will catch anything that happens while a team is still implementing a security update.

Security is all risk assessment and mitigation. You want to layer defenses. And something like this, we are going to make sure we deal with this problem. That’s why Acquia, Pantheon, Platform.sh, and others in the community immediately add those extra mitigations to their firewalls. It’s to buy time so that people can get their updates in. That’s not where mitigation ends, but it helps. 

“What type of sites were affected by this? Does everyone use Symfony?”

Flynn: When I first read about the upcoming security advisory, I saw that it affected “third party libraries.” That made me think that some of our clients might not be affected because it would only affect certain modules. Can you tell me what types of sites were affected?

Shrop: Got a link for you, but basically, anything on Drupal 8 was affected. Drupal 8 uses components from the Symfony project. The Drupal community made the decision to use Symfony so that we didn’t have to maintain everything ourselves. So this is a great example of the power of open source, with the Symfony and Drupal security teams working together to release this fix. We all end up benefiting from having a larger community to fix issues. There’s no way an internal team working by themselves can write as secure applications on their own compared to open source software, in my opinion. It has nothing to do with how good you are, it’s the nature of development. With open source, you have a greater team with Drupal and then again, with Symfony, an even greater team to lean on. With each community that is included you are expanding your team and your ability to detect and prevent threats. 

“How was the security vulnerability discovered?”

Shrop: That’s generally never disclosed because you never want to tell malicious users how you found an opening. 

But we do have a few people to thank: Michael Cullum and @chaosversum were thanked by Symfony for separately reporting the two issues addressed in Symfony security releases. They also thanked Nicolas Grekas for implementing the fix. I would also give a huge thanks to Symfony and the Drupal Security Team for coming together to implement the fix and for coordinating the announcements. It’s hard work, and it shows the community at its best.

“So when we have an off-cycle security release, first the PSA comes out. Can you tell me a bit about what Mediacurrent does from the time the PSA comes out to just before the security advisory drops?”

Flynn: As someone on the team at Mediacurrent, I can see some of the things you do. But I’m wondering what else happens behind the scenes? 

Shrop: The first thing that happens is that I’m notified about the PSA coming out. I’m signed up for updates via email, Twitter, and RSS feeds from https://www.drupal.org/security, and so are a lot of other folks at Mediacurrent. Internally, we have some processes that we have standardized over time for how to deal with security updates that we follow across the company. We centralize information we have on the security PSA/advisory, recommend client communications, and talk about how to prepare as a team. We have multiple communication threads internally, as well, so no one can miss it. I send an email to the staff and I post in our Slack in a few places to get us ready.

Flynn: I know that we often clear time in advance for the team to implement the security updates.

Shrop: Yep. All of us share more information as a team as official information is released or as our own investigations reveal information. For example, early on the day the security advisory was released, our DevOps Lead, Joe Stewart, noticed that Symfony had put out a notice that they were also going to be releasing a security update that day, so that gave us a heads up that it might be related. We couldn’t know for sure until the security advisory actually came out, though. No one can do it by themselves, which is why we have a whole team working on it - it’s the only way to handle these things. ​​​​​​

Christine and Shrop on another call

“So then the security advisory drops. How did we go about fixing the issue?” 

Shrop: First, we reviewed the advisory to assess risk and for any mitigations that help determine how quickly we need to perform updates. With this advisory, it was needed pretty much immediately, so we started to update Drupal core for our clients and pushed to test environments. Our QA team performed regression testing related to the update. Once QA approved each update for each client, we worked with folks to approve the updates and release them to the live environments. 

The important points are to line everyone and everything up in advance, have the talent in-house who can work on clients of all shapes and sizes and needs, and then to work as a team to resolve the issue on every client site as quickly as possible. 

“Were there any sites that were trickier to update? Why?”

Shrop: Clients that were on older versions of Drupal Core, who had delayed upgrading, were harder to update. Every site was updated within a short time, regardless, but even though they started at the same time, those clients did not finish first, because there was more development and testing needed on each site.

Flynn: What was different about the process to update those sites? 

Shrop: If a client wasn’t on version 8.5.x, the lead technologist on the project had to work on an alternative update to secure the site or application, since there wasn’t a security update released for it. Figuring out an alternative process on the fly always introduces risk. It’s part of the value that we bring, that we have team members that have the expertise to evaluate that sort of thing. For example, we had one new client that was on an older version of Drupal 8 core. So one of our Senior Drupal Developers, Ryan Gibson, had to go in and determine what to do. He ended up updating Symfony itself to mitigate the risk. 

Flynn: I’m guessing that we are going to recommend to that client that we update Drupal core for them very soon?

Shrop: Yes. The big takeaway is you’re lowering your risk of problems by staying on the most recent, up-to-date minor version of Drupal 8. Version 8.5.x is current and stable right now, so you should be on that.

Flynn: Why would a client not update?

Shrop: There are always dynamics. I hear lots of good excuses, and I’m not exaggerating, they are good, real reasons! The client is busy, the client has multiple workstreams, it’s hard - but it is getting to a point where I want to recommend even more strongly to clients that it is more expensive to not upgrade. It is going to cost them more when there is an update because we have these additional evaluation and update tasks. The whole point of Drupal 8’s release cycle is to spread the maintenance cost over years rather than getting hit all at once. 

Flynn: And it introduces greater risk. A security breach is an order of magnitude more expensive than extra mitigation steps.

Shrop: Definitely.

“When is the next version of Drupal Core coming out?”

Shrop: Version 8.6.0 will be released in September. Our teams are already starting to test the early versions of this release on some of our projects. If a security update comes out in September, we want all of our clients to be prepared by being on the currently supported version of Drupal core. That way, they will receive security updates.

Flynn: One of the nice things about the Drupal development community is that they provide the betas of the next version of Drupal core so you can get ahead of the next release, right?

Shrop: Yes. When the community starts releasing betas or release candidates, especially release candidates, you want to start testing ahead of time. If you have a Drupal site, you can get your developers to test. If you find a problem, it may not be with your site, it might be an issue with Drupal core and this is a great opportunity to contribute your findings back to drupal.org and help the greater community. There might be a security release weeks after a version comes out and you want to be prepared to implement it.

Flynn: It goes back to risk mitigation.

Shrop: If you are on, say, an 8.2 site right now, you’re on the higher risk side, unfortunately. We advise our clients that it is in their best interest to be on the current, stable version. It costs our clients more in the long run if they don’t update on a steady basis.

Flynn: So if you’re on an older version of Drupal Core, you might not get an easy-to-implement security update when a vulnerability is discovered?

Shrop: The quotes from the Drupal Security team I really want to emphasize are, “Previous minor releases will become unsupported when a new minor release is published,” and, “Any additional security updates for officially unsupported branches are at the sole discretion of the security team.” This is important to understand. For the SA Core 2018-002 fix earlier this year they provided release updates for older versions of Drupal… but they didn’t have to. In the case of the fix last week, they did not.

“What was the best gif exchange of the Drupal core security update process?”

Flynn: I nominate this one, from mid-afternoon:

Slack Gif Example

Shrop: Definitely! 

“What story didn’t we tell yet?”

Shrop: I think we covered most of it. The last thing I’d put out there is for the technical folks reading this. You need to read the security advisories, join Drupal Slack, read what Acquia, Pantheon, and others are saying about each announcement. Then, you take all of that in and make your assessment of what actions you are going to recommend your organization take. This should lead your organization to a documented security plan that you follow. But, you know… 

Flynn: “Update all the things”?

Shrop: Exactly!

Other Resources
7 Ways to Evaluate the Security and Stability of Drupal Contrib Modules | Mediacurrent Pantheon Guest Blog 
Security by Design: An Introduction to Drupal Security | Mediacurrent Webinar


          Ixis.co.uk - Thoughts: Last month in Drupal - July 2018      Cache   Translate Page   Web Page Cache   
July has been and gone so here we take a look back at all the best bits of news that have hit the Drupal community over the last month. Drupal Development Dries Buytaert discussed why more and more large corporations are beginning to contribute to Drupal. He shares an extended interview with Pfizer Director Mike Lamb who explains why his development team over there has ingrained open source contribution into the way they work. Drupal 8.5.5 was released in July, this patch release for Drupal 8 contained a number of bug fixes, along with documentation and testing improvements.  It was announced that Drupal 8.6.0 will be released on September 5th and the Alpha version was released the week beginning July 16th. The beta was also recently released, the week of July 29th. This release will bring with it a number of new features, Drupal released a roadmap of all the fixes and features they aim to have ready for the new release.  Events Drupal Europe announced 162 hours of sessions and 9 workshops for the event on Tuesday, Wednesday and Thursday. They also urge anyone with any ideas for social events at this year's event to submit your ideas to help fill out the social calendar with community led ideas.  On August 17-19, New York will play host to the second Decoupled Drupal days. For those that don’t know Decoupled Drupal Days gathers technologists, marketers and content professionals who build and use Drupal as a Content Service -- for decoupled front ends, content APIs, IoT, and more.  DrupalCamp Colorado recently took place. The event proved popular as per usual and this year's Keynote “The Do-ocracy Dilemma and Compassionate Contribution”, was delivered by Acquia Director of research and innovation, Preston So. Preston discusses why a more compassionate approach to contribution is so critical when it comes to managing open-source projects, crafting conference lineups, enabling a successful team, and building a winning business. New Modules New modules, updates and projects were of course released throughout July, the pick of the bunch includes: Commerce 8.x-2.8 - E-commerce suite sees a number of bug fixes google_analytics 8.x-2.3 - Module sees a number of bug fixes Drupal 8.5.5 - Patch release that sees a number of bug fixes and testing improvements That is the end of this months round up. Keep an eye out for next months where we cover all the latest developments in the Drupal community and all the important news affecting the wider Drupal community. Miss last months round up? Check it out on the Ixis site now.
          Mediacurrent: The Marketer’s Guide to Drupal 8: Why Open Source is the Right Fit for your Organization      Cache   Translate Page   Web Page Cache   

We all have heard the debate about Open Source Software and Closed or Proprietary; but what is the real difference?

Simply: 

Open source software is available for the general public to use and modify from its original design free of charge. 

versus

Closed source where the source code is not shared with the public for anyone to look at or change. 

One of the main advantages of open source software is the cost; however, when applied to OSS, the term "free" has less to do with overall cost and more to do with freedom from restrictions. 

90% 
According to Forrester Research 90% the code in a typical application is Open Source.  

For a Closed Source CMS, depending on the choice of software, the cost can vary between a few thousand to a few hundred thousand dollars, which includes a base fee for software, integration and services, and annual licensing/support fees. 

Open Source Software vs Proprietary Graphic

In a 2017 report by Black Duck Software by Synopsys, nearly 60% of respondents said their organizations’ use of open source increased in the last year citing: 

  • cost savings, easy access, and no vendor lock-in (84%)
  • ability to customize code and fix defects directly (67%)
  • better features and technical capabilities (55%)
  • the rate of open source evolution and innovation (55%).

 

1M+ 

Websites across every industry vertical —from Georgia.gov to Harvard— trust Drupal as a secure open source CMS platform. 

Open Source Software has a long-term viability and is always on the cutting edge of technology.  Selecting technologies means committing to solutions that will support an active, growing business over the long term, so it requires careful consideration and foresight.  Here are some of the benefits of open-source to consider:

1. Value for cost 
       Worried about your marketing budget when looking at changing your CMS? Open source software has no licensing fees! It’s free, which means room to spend your $ on other initiatives.
2. Added Security
       Open source - means community. The more people (developers) looking at the source code, the more fixes and regular updates will be available. What can sometimes takes weeks or months to resolve with proprietary software takes just hours or days with open source. This will help give your marketing team a piece of mind knowing that if you don’t have time to look at the code of your site - or you don’t know how - then there are developers all over the world continuously checking for bugs & fixes.
3. Customizability
       Have a really customized idea for your site that you’ve never seen elsewhere? Open Source can help. By customizing the code to fit your needs, it provides a competitive advantage for your business.
4. Flexibility
       Open-source technology naturally provides flexibility to solve business problems. Your team and organization can be more innovative, and it gives you the ability to stay on the cutting edge of latest trends & designs.
5. Integrations
       With open source, especially Drupal, you can Integrate the best-of-breed marketing technology. It is architected for easy integration with your tools - Marketing automation, email service providers, CRM, etc… Drupal 8 gives you the foundation for your digital experience ecosystem.
6. Speed
       This isn’t just about site speed, but the ability to get your site up and running - with full marketing capabilities - on time & within budget. Open source allows you to deliver value right away.
7. Scalability 
       Drupal and other open source platforms give you the advantage of being able to scale your digital presence for the future. You're not confined to stick with what you already have. You can continue to evolve and build long-term with open source.

The Benefits of Open Source can go on for pages but it’s important when evaluating your options to think about your business and its goals. Once consistent need we see is having access to a CMS that is easy for you and your team to manage on a day-to-day basis.

In the next blog of the series - we’ll hear from the Associate Director of Digital Marketing at Shirley Ryan Abilitylab, about how he is leveraging open source - particularly Drupal - to achieve his business goals. 


          RESPONSABILE UFFICIO PREVENTIVI - OSM open source management - Mapello, Lombardia      Cache   Translate Page   Web Page Cache   
Contratto a tempo determinato con reale opportunità di trasformarlo in indeterminato, possibilità di crescita e di sviluppo della propria professionalità,...
Da Indeed - Fri, 20 Jul 2018 12:02:05 GMT - Visualizza tutte le offerte di lavoro a Mapello, Lombardia
          Create a new Crypto Currency       Cache   Translate Page   Web Page Cache   
Create a new Crypto Currency by Improving open source existing codes and ensure its reliability to connect to external environments, and implement sepcific specs and deliverables and high level security. (Budget: €3000 - €5000 EUR, Jobs: Bitcoin, Blockchain, Ethereum, Software Architecture, Software Development)
          How open source is fuelling an explosion in fintech innovation      Cache   Translate Page   Web Page Cache   

The open nature of fintech is a clear break with traditional financial services. Where incumbent businesses have complex legacy IT systems – often developed over decades – the new fintech companies are small and agile, using open services to build their applications.

As consumers have continued to embrace digitisation in every part of their lives, they are driving the digitisation of the financial services they use, with payments leading the way.

The open technologies that fintech services are built upon are new and speak to the new age of financial services in the palm of consumers' hands.

"Fintech firms are establishing themselves not only as significant players in the industry, but also as the benchmark for financial services," states Ernst & Young in its Fintech Adoption Index.

Read more


          Citizens of Tech 012 – Biofuel Pyramid Cables      Cache   Translate Page   Web Page Cache   
We start with a discussion of jail time. Jail. Time. And…147 MPH. Yeah. Eric tells the story. And then we hop into our show. Present Doomception: How modders got Doom to run inside of Doom http://arstechnica.com/gaming/2015/07/doomception-how-modders-got-doom-to-run-inside-of-doom/ Doom was open sourced in the 90’s. Folks have gone nuts porting it to all sorts of things. Now, […]
          IMPIEGATA/O RISORSE UMANE a Bibione (VE) - OSM open source management - Bibione, Veneto      Cache   Translate Page   Web Page Cache   
Per la sede a Bibione (VE). Ti piacerebbe essere la persona che si occupa della crescita di un’azienda di successo partendo dai collaboratori interni e... €1.400 - €2.000 al mese
Da Indeed - Fri, 27 Jul 2018 08:32:01 GMT - Visualizza tutte le offerte di lavoro a Bibione, Veneto
          EasyStack Closes Series C++ Financing Round      Cache   Translate Page   Web Page Cache   

EasyStack, a Beijing, China-based open source cloud computing market leader, completed its Series C++ round financing. The amount of the deal was not disclosed. The round was led by JD.com. As part of it, EasyStack and JD Cloud will form a strategic partnership in enterprise cloud services to provide enterprise users a comprehensive cloud services […]

The post EasyStack Closes Series C++ Financing Round appeared first on FinSMEs.


          Появилось лайв-демо редактора Gutenberg для Drupal 8      Cache   Translate Page   Web Page Cache   
Drupal Europe на днях объявили о своей программе предстоящего мероприятия в Дармштадте (Германия), запланированного на 10-14 сентября. В конференции примут участие более 1600 профессионалов и энтузиастов Drupal. Automattic спонсирует пространство для нетворкинга Open Web Lounge. Мэтт Мулленвег присоединится к Дрису Бёйтарту и Барбу Пэлсеру для обсуждения будущего открытой сети и open source. Одно из интересных выступлений, связанных с WordPress, посвящено редактору Gutenberg для Drupal 8. Новый модуль позволяет портировать WordPress-редактор...
          Open Source Tool DevOps - Ericsson Canada - Saint-Laurent, QC      Cache   Translate Page   Web Page Cache   
Your ideas and innovations can turn into achievements that impact society and change the world, creating new connections, new possibilities, and new...
From Indeed - Wed, 08 Aug 2018 20:55:33 GMT - View all Saint-Laurent, QC jobs
          11 Best Linux Desktop Environments And Their Comparison | 2018 Edition      Cache   Translate Page   Web Page Cache   

inux is all about what you want and having it from the ocean of free and open source software. The same applies while performing a comparison of desktop environments as they comprise of different applications and a GUI via which the user interacts with the operating system. Just like a plethora of Linux-based free operating […]

The post 11 Best Linux Desktop Environments And Their Comparison | 2018 Edition appeared first on Fossbytes.


          Chinsurah—The Ancient Dutch Settlement       Cache   Translate Page   Web Page Cache   

If one wanders into Chinsurah today, it would be hard to imagine that this small town which is just a suburb of Kolkata and part of Bengal’s Hooghly district, was a prosperous Dutch trading post between the 17th and 19th centuries.  But what was it that drew the Dutch to the area?  It is believed that they considered the location as an ideal location for a settlement:“Perfect for pleasure gardens and mansions, with steps leading down to the river.” These play houses were referred to as ‘bangelaers’ — a word possibly derived from its place of origin —Bengal.”

Travelling by car with two friends, we reached Chinsurah at 1.30pm on a rather warm and rainless day. We were hot and bothered and ready for lunch.  I had been informed that the best place for a meal in Chinsurah was the Welcome Restaurant and after a couple of enquires we reached the restaurant. So far Chinsura looked like any other small town in Bengal. 

However, entering the restaurant we discovered a rather posh looking interior that could well have been a restaurant in Kolkata. It had a well designed menu that offered us a lunch of tandoori, popular western, quite a few curries with rice and also a couple of Chinese dishes.  We were not the only ones at the restaurant and as we waited for our lunch, more families came in. Service was not too quick, but the fresh lime was nice and cold. After a satisfying lunch of fish curry and rice and some ice cream, we were ready to step out armed with ice cold bottles of mineral water.

We had learnt that an architectural project referred to as ‘Dutch in Chinsurah’, is presently underway. It has been initiated and funded by the Netherlands government, to revive and create a link with the Chinsurah’s heritage. Since it is historically confirmed that the Dutch had lived in this small town for almost two hundred and fifty years, the project which is in collaboration with the Presidency University Kolkata, requires considerable research on  the surviving architecture of 18th and 19th centuries.

The architectural team involved in the project is led by project leader Aishwarya Tipnis who appears to be confident of putting together a major part of the legacy that remains. In her report she says, “Approximately 95 structures of heritage value have been plotted in real time Google maps by open source Geographic Information System mapping.” Through this it has been possible to collect information on history, architecture and even the lifestyle of those who inhabited this small town. Of great help are links to other online sources, as well as maps and images from   archives in Netherlands.  Tipnis perceives this as ‘The starting point for urban planning and development to freeze Chinsurah in time and make it like Amsterdam or Jakarta. What will be most important is to ensure that the town’s individual identity is maintained, in all future developments.”

Chinsurah, once a busy Dutch trading port, still seems to have enough architectural features to work on. To begin with there is a plaque with a logo that reads VOC 1687. In Dutch, VOC stands for Vereenigde Oostindische Compagnie – or the Dutch East India Company.  Standing above a staircase in the bungalow of the Commissioner of Burdwan, we are told that this was earlier the office of the Dutch East India Company. In fact the Dutch trading was considered amongst the largest commercial activity in the region.  The town is said to have been inhabited by Dutch, Armenian and Bengali merchants, who ran a brisk trade in spices, cotton and indigo.

Chinsura remains a town that vaguely reflects the forgotten history of the Dutch and an artillery wall is the only surviving feature of ‘Fort Gustavus’, the primary Dutch settlement at Chinsurah. Today, the wall is part of the Hooghly Madrasah, a 19th century structure built on the remains of the fortification. Four Dutch cannons scattered on the site are reminders of its bygone days. The area is now a park where children can be seen playing.

The ‘Ghorir More’, is an intersection of four important roads where a clock tower was installed by the British in memory of King Edward VI. This was in the 19th century, well after the British had captured Chinsurah from the Dutch. This iconic landmark is made out of cast iron and amazingly, the clock is still working. 

Among the existing architecture, is the ‘Bara Seal Bari’— the large house of the Seal family.  This rather grand mansion designed in the Indo-Dutch style was built in 1743 by Nilambar Seal, a rich and influential merchant of Chinsurah.

The house has multiple courtyards and solid Grecian columns. Columns also support the arches of the ‘Thakurdalan’, the courtyard where the pujas and festivals are celebrated. On the upper floor, the carved wood-panelled doors lead to the charming semi-circular balconies with decorative wrought iron grilles.

There is also the ‘Mandal Bari’, which is a large house built around a central courtyard. It earlier belonged to one of the most important merchant families in Chinsurah and is now the home of the Mandal family.

The Shamdeshwar Temple dates back to 500 year ago. It is said that a local fisherman found the image of Shandeshwar (Shiva) from the waters of the Ganga and a local landlord built a temple for the deity. Thereafter, the last Dutch governor, Daniel Overbeck presented two brass drums for the temple, which are still in use.

The Dutch Cemetery was built by Louis Taillefert, then director of the VOC in Bengal and was in use during the 18th–19th centuries. It houses about 45 graves of Dutch citizens who died between 1743 and 1846. The oldest tomb belongs to Sir Cornelius Jonge who died in Chinsurah in 1743.

Other prominent people buried here are Daniel Overbeck, Gregorious Herklots, a high official in the VOC, and George Vernet, another VOC director. There is also the tomb of Susanna Anna Marina, who is believed to have had seven husbands. She is said to be the inspiration behind Ruskin Bond’s famous novel, ‘Susanna’s Seven Husbands’. 

Columnist: 
Shona Adhikari
Chinsurah—The Ancient Dutch Settlement

          Software Developer - Varian Medical Systems - Winnipeg, MB      Cache   Translate Page   Web Page Cache   
Java, JavaScript/TypeScript, Angular, Python. Specialization in Java or other open source Web Application stack....
From Varian Medical Systems - Fri, 03 Aug 2018 06:07:59 GMT - View all Winnipeg, MB jobs
          Datawarehouse administrator      Cache   Translate Page   Web Page Cache   
Cloud9 is per direct op zoek naar een ervaren Datawarehouse administrator. In deze rol krijg je te maken met een zeer dynamische en veranderlijke omgeving. De klant heeft meerdere projecten parallel lopen binnen de huidige Datawarehouse omgeving. Daarnaast zijn zij ook bezig met een open source implementatie waarmee je direct te maken krijgt...
          Sr Software Engineer - Hadoop / Spark Big Data - Uber - Seattle, WA      Cache   Translate Page   Web Page Cache   
Under the hood experience with open source big data analytics projects such as Apache Hadoop (HDFS and YARN), Spark, Hive, Parquet, Knox, Sentry, Presto is a...
From Uber - Sun, 13 May 2018 06:08:42 GMT - View all Seattle, WA jobs
          492: The Legacy of Linux Outlaws      Cache   Translate Page   Web Page Cache   
Dan Lynch and Fabian Scherschel hosted a weekly podcast called Linux Outlaws from the fall of 2007 until the end of 2014. In that time they produced 370 episodes (most of them 2 hours long) and won numerous votes for "most popular Linux podcast" in popular magazines like Linux Format. They attracted around 50k weekly listeners at their peak and quickly seemed to become established as a fixture on the scene, despite not having any real plans for world domination. Host: Randal Schwartz Guests: Fabian A. Scherschel and Dan Lynch Download or subscribe to this show at https://twit.tv/shows/floss-weekly Here's what's coming up for FLOSS in the future. Think your open source project should be on FLOSS Weekly? Email Randal at merlyn@stonehenge.com Thanks to Lullabot's Jeff Robbins, web designer and musician, for our theme music.
          What Is HAPI FHIR Server? How Do We Deploy It?      Cache   Translate Page   Web Page Cache   

HAPI FHIR Server

HAPI-FHIR is a Java software library, facilitating a built-in mechanism for adding FHIR's RESTful Server functionalities to a software application. The HAPI FHIR Java library is open source. The HAPI RESTful (Representation State Transfer) Server is based on a Servlet, so it should be deployed with ease to any compliant containers that can be provided. Simple annotations could be used to set up the server on the large part. Conclusively, it should be possible to create an FHIR compliant server in a short time span.

The first step in the creation of an FHIR RESTful Server is the determination of one or more resource providers. A “resource provider” is a Java programming class that is capable of supplying exactly one type of resource to which the service can be provided. For instance, if you need to enable your server to deal with resources like Patient, Observation, Medicines, Location, blood group, it will require you to use five resource providers.


          How To Bake Sweet Android 9 Pie Into Your Google Pixel Or Pixel 2 Phone      Cache   Translate Page   Web Page Cache   
How To Bake Sweet Android 9 Pie Into Your Google Pixel Or Pixel 2 Phone Google decided to take Android 9 Pie out of the oven a little early, and while there are certain parts that could use a bit more baking, it is out of beta and ready to install on Pixel and Pixel 2 handsets. Well, sort of. Google is not pushing Android 9 Pie out to the masses yet, but has made available the source code to the Android Open Source
          (USA-NJ-Franklin Lakes) Sr. Network Engineer Architect      Cache   Translate Page   Web Page Cache   
**POSITION SUMMARY** We are seeking a world\-class Network Architect to join the team responsible designing, implementing and running Express Scripts network\. **ESSENTIAL FUNCTIONS** + Designing, developing and building the next generation of Express Scripts data center, campus and colocation networks with a view to enterprise grade security, stability, resilience, application delivery, and automation\. + Network capacity planning, provisioning and lifecycle management\. + Working directly with our users to gather ideas and requirements to build a world\-class Network environment, using leading\-edge techniques and tools\. + Building out our SDN strategy in both Data Center and Enterprise to take Express Scripts network to the next level\. + Leveraging both off the shelf and open source systems and utilities to rapidly provision production networks in a variety of domains\. + Being the technical reference point for escalations and design discussions **QUALIFICATIONS** + Bachelor’s degree in related field or 11 years of experience\. + 5 years relevant experience with Bachelor’s Degree or Master’s degree and 3 years of relevant experience + 8\-12 years relevant experience, designing, implementing, and maintaining a multi\-site Corporate network, with emphasis on high availability, performance and security\. + Robust theoretical and practical experience with BGP, OSPF, EIGRP and MPLS VPN technologies utilizing Cisco completed product suite \(Catalyst 3800 – 9300, ISR 4000’s, ASR1000’s and 9000’s, Nexus 5k,7k and 9k in ACI mode\)\. + Detailed knowledge of transport \(TCP/UDP\) and application layer protocols \(HTTP/S, FTP, DNS\.\) + Strong knowledge of F5, Infoblox\. + Knowledge of Cisco ACI and how to automate utilizing its open API’s\. + Expert in secure network design using firewalls, access controls, and client authentication mechanisms\. + Familiarity with data encryption practices, concepts and products as pertains to network and application protocols\. + Experience with enterprise authentication infrastructure \(radius, dot1x, Kerberos\) utilizing Cisco ISE\. + Experience with enterprise search tools \(Splunk, Elk\) + Experience with enterprise class wireless solutions\. + Ability to manage large scale Engineering projects independently\. + Great communication skills and an ability to work collaboratively with other Infrastructure Teams and Developers across the firm\. + Strong technical documentation skills\. + Excellent and rapid network troubleshooting and repair skills\. + Scripting ability utilizing Python and experience with configuration management tools like Ansible\. + Exposure to SDWAN and SD\-Access technologies a plus \(ex\. Viptella, Cisco DNA\) **ABOUT THE DEPARTMENT** Information Security prioritizes the protection and security of all client, patient and company information and data\. They do this by proactively identifying the sophisticated landscape of threat actors and environmental risks associated with unauthorized access and service disruptions\. This vital group focuses on preserving system reliability and business continuity, protecting the strong brand Express Scripts has in the marketplace, and maximizing the company’s defenses against external and internal threats\. **ABOUT EXPRESS SCRIPTS** Advance your career with the company that makes it easier for people to choose better health\. Express Scripts is a leading healthcare company serving tens of millions of consumers\. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes\. Join the company that Fortune magazine ranked as one of the 'Most Admired Companies' in the pharmacy category\. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services\. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401\(k\) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan\. Express Scripts is committed to hiring and retaining a diverse workforce\. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class\. Applicants must be able to pass a drug test and background investigation\. Express Scripts is a VEVRAA Federal Contractor\. \*LI\-EV1
          iOS usa lo standard aperto FHIR per la formalizzazione dei dati clinici      Cache   Translate Page   Web Page Cache   

Salute iOS

Apple consente di sfruttare la Cartella clinica di iOS per salvare varie informazioni importanti sulla salute dell'utente. Da tempo Apple mira a creare un sistema per accedere in modo sicuro e condividere con altri sistemi una cartella clinica elettronica, un meccanismo che ora è ufficialmente supportato da oltre 75 istituzioni sanitarie, in aumento rispetto alle 12 dello scorso anno.

La Casa di Cupertino ha aggiornato l'elenco dei partner medici in occasione di un intervento del Dr. Ricky Bloomfield - figure di spicco nel settore della salute digitale assunto nel 2016 da Apple - e che ora guida la divisione Clinical and Health Informatics.

Parlando nel corso del 2° Interoperability Forum dell'Office of the National Coordinator for Health IT (ONC), Bloomfield ha spiegato che Apple ha deciso di supportare FHIR (Fast Healthcare Interoperability Resources), standard emergente utilizzato per la formalizzazione dei dati clinici in risorse da scambiare tra sistemi informativi differenti. L'FHIR è pensato per semplificare lo scambio di dati e particolarmente adatto al contesto mobile; è adottato nell'ambito della cartella clinica elettronica e offre vari vantaggi: il medico prescrive o raccomanda, attraverso la cartella clinica, attività̀ domiciliari e obiettivi per il paziente; successivamente può monitorare le attività̀ svolte e il soddisfacimento degli obiettivi Questo standard dovrebbe essere finalizzato entro la fine dell'anno e rendere più facile memorizzare, visualizzare e condividere dati in modo sicuro.

"Come utenti avete il controllo completo su chi può accedere ai dati" ha spiegato Bloomfield. "Se non volete condividerli, non saranno condivisi. Rimangono riservati sul vostro dispositivo fino a quando non decidete di condividerli". Bloomfield ha anche spiegato che Apple ha scelto l'implementazione Argonaut che è di più semplice uso e incoraggia l'adozione da parte dei fornitori di presidi medici.

Da iOS 11.3 Apple ha previsto la funzione "Health Records" riunendo ospedali, cliniche e l’attuale app Salute per consentire ai consumatori di vedere i propri dati medici, disponibili da più fonti, ogni volta che lo desiderano. I pazienti degli istituti sanitari che partecipano hanno accesso a informazioni fornite dai vari istituti, organizzate in un'unica vista, e possono ricevere notifiche regolari sui risultati delle loro analisi di laboratorio, sui farmaci, sulle loro condizioni e altro ancora. I dati di Health Records non sono memorizzati sui server Apple ma crittografati e protetti con un codice sul dispositivo.

[caption id="attachment_776648" align="alignnone" width="696"]L'app Medisafe può essere usata come promemoria per farmaci. L'app Medisafe può essere usata come promemoria per farmaci.[/caption]

A giugno di quest'anno Apple ha messo a disposizione le API Health Records per sviluppatori e ricercatori rendendo possibile la creazione di un ecosistema di app che usano questi dati per controllare l'assunzione di farmaci, dei piani nutrizionali, diagnosticare malattie e altro ancora. La funzionalità Health Records è ancora indicata come beta in iOS 12 ma Apple ha promesso il supporto per le app di terze parti in autunno.

Apple ha due piattaforme dedicate alla salute: ResearchKit e CareKit. Le app sviluppate per la prima piattaforma aiutano la ricerca medica a raccogliere dati significativi su larga scala; la saeconda consente di creare app che permettono atutti di conoscere meglio e controllare le proprie condizioni di salute. In poco tempo, le app basate su ResearchKit hanno permesso agli istituti medici di reclutare per i loro studi un numero di partecipanti mai raggiunto in precedenza. E con così tanti dati a disposizione, i ricercatori possono fare scoperte e individuare correlazioni prima impensabili. CareKit è una piattaforma open source per lo sviluppo di app che aiutano a tenere sotto osservazione disturbi e patologie: anziché affidarsi solo a visite e controlli, è possibile monitorare costantemente i sintomi, terapie e condividere le informazioni con specialisti per avere un quadro clinico più completo.

- Click qui per l'articolo originale con commenti >> iOS usa lo standard aperto FHIR per la formalizzazione dei dati clinici


          20180504 - Rapid PBPK modeling with the httk model (Unilever presentation)      Cache   Translate Page   Web Page Cache   
Toxicokinetics (TK) provides a bridge between HTS and HTE by predicting tissue concentrations due to exposure. High Throughput (HTTK) methods developed for pharmaceuticals have been adapted to environmental testing. In order to address greater numbers of chemicals we collect in vitro, high throughput toxicokinetic (HTTK) data. The primary goal of HTTK is to provide a human dose context for bioactive in vitro concentrations from HTS (i.e., in vitro-in vivo extrapolation, or IVIVE). The secondary goal is to provide open source data and models for evaluation and use by the broader scientific community.
          DevOps Engineer - Ritchie Bros. - Vancouver, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Indeed - Wed, 08 Aug 2018 18:36:45 GMT - View all Vancouver, BC jobs
          DevOps Engineer - Ritchie Bros. - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ritchie Bros. - Sat, 30 Jun 2018 02:48:25 GMT - View all Burnaby, BC jobs
          Senior DevOps Engineer - Long Term Contract - Ignite Technical Resources - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ignite Technical Resources - Thu, 21 Jun 2018 08:15:40 GMT - View all Burnaby, BC jobs
          More work on Bolder      Cache   Translate Page   Web Page Cache   

This is a mirror of a post on my blog.

After the birds of a feather session Richard Fairhurst lead at State of the Map, I was motivated to continue some work on bolder, a client-side style I've been working on.

While I was working at the Wikimedia Foundation, I developed brighmed, a CartoCSS style using vector tiles. Wikimedia decided not to flip the switch to deploy the style, but the style is open source, so I can use it elsewhere. Making this decision, I spent a day implementing most of it in Tangram.

Bolder example image

What's next?

I've got some missing features like service roads and some railway values to add, then I can look at new stuff like POIs. For that I'll need to look at icons and where to fit them into colourspace.

There's a bunch of label work that needs to be done, what I have is just a first pass, and some things like motorway names have big issues, and ref tags still need rendering. Label quality is of course a unending quest, but I should be able to get some big gains without much work.

Richard is planning to do some work on writing a schema, and if it works, I'd like to adopt it. At the same time, I don't want to tie myself to an external schema which may have different cartographic aims, so I'll have to see how that works out. Looking at past OpenStreetMap Carto changes to project.mml, I found that what would be breaking schema changes on a vector tile project are less common than I thought, happening about once every 4-6 months. Most of the schema changes that would have happened were compatible and could be handled by regenerating tiles in the background.


          Комментарий к записи Россия массово переходит с Android на отечественную Sailfish OS (Askhat Gubeid)      Cache   Translate Page   Web Page Cache   
Не все компоненты Android открыты. Так что ведро можно считать условно Open Source. Монополия на любом рынке - это плохо. Поэтому Google надо подвинуть. Намерения у чиновников хорошие, но смогут ли они реализовать их? Лучше бы они устроили конкурс для разработчиков и каждый месяц сотне лучших разработчиков раздавали по кругленькой сумме $10К. А в конце года сделать Топ 1000 и топ 10. Лучшей тысяче раздать по $10'000, лучший сотне раздать по $100'000. Это между прочим в 1000 (с лишним) раз дешевле чем 160 млрд руб. Такой конкурс можно будет проводить целых 1000 лет
          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          UX Developer Lead, Themes - Shopify - Montréal, QC      Cache   Translate Page   Web Page Cache   
We champion Slate, an open source development tool, and work with our colleagues across the Online store channel to shape the development of new platform...
From Shopify - Tue, 10 Jul 2018 20:00:27 GMT - View all Montréal, QC jobs
          Sr Software Engineer - Hadoop / Spark Big Data - Uber - Seattle, WA      Cache   Translate Page   Web Page Cache   
Under the hood experience with open source big data analytics projects such as Apache Hadoop (HDFS and YARN), Spark, Hive, Parquet, Knox, Sentry, Presto is a...
From Uber - Sun, 13 May 2018 06:08:42 GMT - View all Seattle, WA jobs
          Android Leftovers      Cache   Translate Page   Web Page Cache   

read more


          Mozilla: San Francisco 2018 All Hands, Reps Council and More      Cache   Translate Page   Web Page Cache   
  • State of Mozilla Support: 2018 Mid-year Update – Part 4

    The San Francisco 2018 All Hands flew by and so did the last two months. I cannot tell you how grateful I am to have been able to attend this event.

    If I were to look back on some of the highlights, they would be pretty nitty gritty detailed. But I will share with you a few of them.

  • Onboarding team for 2nd half of 2018

    As we have entered the second half of the year, the Reps Council has worked on updating the Onboarding Screening Team for 2018-2.

    The scope of this team is to help on evaluating the new applications to the Reps program by helping the Reps Council on this process.

  • Mozilla B-Team: happy bmo push day!
  • DWeb: Social Feeds with Secure Scuttlebutt

    Scuttlebutt is a free and open source social network with unique offline-first and peer-to-peer properties. As a JavaScript open source programmer, I discovered Scuttlebutt two years ago as a promising foundation for a new “social web” that provides an alternative to proprietary platforms. The social metaphor of mainstream platforms is now a more popular way of creating and consuming content than the Web is. Instead of attempting to adapt existing Web technologies for the mobile social era, Scuttlebutt allows us to start from scratch the construction of a new ecosystem.

read more


          Red Hat and Fedora News      Cache   Translate Page   Web Page Cache   
  • Red Hat partners have played an important role in our company journey

    As Red Hat celebrates 25 years, I would be remiss not to mention the role Red Hat partners have played in our company's story. Partners have been an important multiplier for Red Hat and building our customer success. They are important to our future.

    [...]

    In order to continue to scale, Red Hat needed to work with distributors and resellers. The first call I made was to Peter Larocque, from Synnex, who I'd worked with in the channel for more than 20 years. I introduced him to Red Hat's upstream open source model, which at the time probably sounded a lot like asking him to get into the business of selling "free" software. He was a little incredulous, but he said he'd give it a try. We had our first distributor partner on board. Six monthslater, we had our first global reseller. Red Hat was on the map in the channel.

    Not long after, Red Hat began generating interest in the industry and among prospective partners through acquisitions and new technologies. We had a growing base of partners, technologies and customers who realized their IT partners could work with Red Hat to: provide full solutions for their business needs (Global Systems Integrators and Independent Software Vendors); offer consumption or pay-as-you go models (Service Providers); take them to the cloud (Certified Cloudand Service Providers); and provide industry expertise beyond open source (including healthcare, financial andtelecommunications).

  • Cloudification Is Coming, but Service Providers’ Processes and Culture Must Change

    Communications service providers (CSPs) across the world are looking to claim their position at the heart of the digital society, but they first need to become more agile and lean. There are many innovations that can help in this quest: NFV, SDN, the convergence of Networks and IT, cloudification, DevOps, and more. In most cases the required technologies are now available and ready for mission-critical environments. However, the surrounding operational processes and mindset are often in need of a thorough review.

  • Autoscaling the Red Hat Cache Service on OpenShift

    Earlier this year, Red Hat announced the Red Hat Cache Service which is a distributed in-memory caching service that runs on Red Hat OpenShift. Red Hat Data Grid is used as the core of the cache service. The cache service is one of the things you can easily install on OpenShift through the OpenShift Service Catalog. You can find the cache service in the Red Hat OpenShift Online Pro tier.

  • Citizens & Northern Corp Has $923,000 Stake in Red Hat Inc (RHT)
  • 5 applications to manage your to-do list on Fedora

    Effective management of your to-do list can do wonders for your productivity. Some prefer just keeping a to-do list in a text file, or even just using a notepad and pen. For users that want more out of their to-do list, they often turn to an application. In this article we highlight 4 graphical applications and a terminal-based tool for managing your to-do list.

  • Fedora Might Start Dropping Packages With Consistently Bad Security Records

    Fedora's Engineering and Steering Committee is mulling over the idea of dropping software packages from the distribution that have notoriously bad security track records.

read more


          IMPIEGATA/O RISORSE UMANE a Bibione (VE) - OSM open source management - Bibione, Veneto      Cache   Translate Page   Web Page Cache   
Per la sede a Bibione (VE). Ti piacerebbe essere la persona che si occupa della crescita di un’azienda di successo partendo dai collaboratori interni e... €1.400 - €2.000 al mese
Da Indeed - Fri, 27 Jul 2018 08:32:01 GMT - Visualizza tutte le offerte di lavoro a Bibione, Veneto
          Game Programmer - training workshops - École Kamelia - Montréal, QC      Cache   Translate Page   Web Page Cache   
Scratch, Javascript, Java, Php, Html / CSS, Python, Minecraft, Lego Mindstorms, Arduino, Raspberry, Unity, Blender, SketchUp, Open source, ...........
From Indeed - Mon, 23 Apr 2018 23:11:39 GMT - View all Montréal, QC jobs
           Comment on Gutenberg Plugin Garners Mixed Reactions from New Wave of Testers by Craig Simpson       Cache   Translate Page   Web Page Cache   
I think you're onto something here. When this WP mouthpiece's responses have me thinking about alternatives to WP, even as plan B when the future looks worse than the GB issue looks today, that's saying something. As much time and money as I have invested in WP, its biggest draw is its open source nature. When that spirit gets lost, or outright taken away by hubris, I'm gone.
          BigWigs Bossmods (v103)      Cache   Translate Page   Web Page Cache   
Change Log:
--------------------
BigWigs
v103 (2018-08-09)
Full Changelog Previous releases

Bump version
Cleanup library references.
Uldir/Taloc: Add a targetwarning for Sanguine Static and add (rough) timers for Uldir Defensive Beams
update zhCN. (#518)


Description:
--------------------
https://cdn-wow.mmoui.com/preview/pvw68420.png Please support my work on Patreon!

BigWigs is open source and development is done on GitHub. You can contribute code, localization, and report issues there: https://github.com/BigWigsMods/BigWigs

Introduction

BigWigs is a boss encounter add-on. It consists of many individual
encounter scripts, or boss modules; mini add-ons that are designed to
trigger alert messages, timer bars, sounds, and so forth, for one specific raid
encounter.

Looking for functionality that BigWigs doesn't cover? Try these addons:

* LittleWigs is a plugin for BigWigs and covers all forms of 5 man and solo content.
* Capping covers various battleground and world PvP timers.
* oRA3 covers all sorts of raid management functionality including raid cooldowns and Battle Res counting.
* Old content can be installed by looking through the 'Other Files' menu or doing a search on WoWI and installing the appropriate expansion addon.

Feedback

Please remember that we are always interested in hearing directly from you.
About anything you want to share or ask. You can report issues on GitHub
or contact us on Discord.

Our goals

When raiding, a high framerate is important. We understand that every extra
frame matters, so BigWigs aims to be as efficient as possible. The
memory/second and CPU/second footprint of BigWigs is the lowest of all boss m...
          Google appoints new tech lead for Android Open Source Project      Cache   Translate Page   Web Page Cache   

Shortly after the launch of Android 9 Pie earlier this week, Google pushed the source code for its latest mobile operating system to AOSP. Coinciding with the release, the company also named a new tech lead for the Android Open Source Project.

more…


          RESPONSABILE UFFICIO PREVENTIVI - OSM open source management - Mapello, Lombardia      Cache   Translate Page   Web Page Cache   
Contratto a tempo determinato con reale opportunità di trasformarlo in indeterminato, possibilità di crescita e di sviluppo della propria professionalità,...
Da Indeed - Fri, 20 Jul 2018 12:02:05 GMT - Visualizza tutte le offerte di lavoro a Mapello, Lombardia
          Elsevier achète Aries : l'édition scientifique s'interroge sur son avenir      Cache   Translate Page   Web Page Cache   

L'éditeur scientifique Elsevier s'est offert la société Aries Systems, à l'origine d'outils informatiques de publication de documents et d'articles. Autrement dit, Aries Systems permettait aux auteurs de mettre en ligne les résultats de leurs recherches pour permettre leur relecture par des pairs. L'acquisition d'Elsevier soulève plusieurs questions, puisque les solutions d'Aries Systems étaient utilisées par d'autres éditeurs...


Elsevier - London Book Fair 2018
(ActuaLitté, CC BY SA 2.0)


 

Véritable géant de l'édition scientifique — et de l'édition tout court — avec 2,6 milliards € de bénéfices en 2017, Elsevier s'est offert Aries Systems par une transaction bouclée au troisième trimestre 2018, selon un communiqué diffusé la semaine dernière. Les outils d'Aries permettent de publier en ligne, mais aussi de gérer les corrections appliquées sur tel ou tel article, ou encore de récolter et d'analyser des données de lecture.

 

« Aries a mis au point une solution de suivi de processus d'édition de premier ordre pour les éditeurs, les responsables de la publication et les universitaires cherchant à faire progresser la découverte et la diffusion des connaissances », résume Lyndon Holmes, fondateur d'Aries Systems en 1986. Elsevier a d'ailleurs indiqué qu'Holmes resterait en poste chez Aries Systems.

 

Cette acquisition poursuit la stratégie d'achats d'outils utiles à l'édition scientifique d'Elsevier, après Mendeley, SSRN, Plum Analytics ou encore bepress.

 

L'achat d'Aries par Elsevier en rappelle un autre, celui d'Atypon, une plateforme de publication, par l'éditeur scientifique Wiley, concurrent d'Elsevier, en 2016. Dans les deux cas, des éditeurs à la taille déjà conséquente s'offrent des outils de publication utilisés par d'autres éditeurs, souvent de taille plus réduite. Difficile de ne pas penser aux risques en matière d'indépendance, de maîtrise des moyens de publication ou de libre concurrence.

 

Elsevier, dans son communiqué, assure d'ailleurs qu'il « s'investit dans une offre de services constante et de qualité à la fois pour les éditeurs et pour les chercheurs, comme celle qu'Aries fournit aujourd'hui », avec la constitution d'un comité rassemblant des clients d'Aries. Avec cette garantie, l'acquisition des outils d'Aries semble alors relever de la simple diversification des revenus, pour Elsevier.

 

Open Access : “Les demandes d’Elsevier,
inacceptables pour la science”

 

Toutefois, l'édition scientifique s'inquiète de ces achats : Angela Cochran, éditrice associée et directrice des revues de l'American Society of Civil Engineers, estime que la situation pourrait déboucher sur des éditeurs « interdits d'accès » — pour une raison financière ou technique — à un écosystème qui pourrait bientôt appartenir à quelques grands éditeurs. Certes, d'autres solutions existent, parfois open source, mais elles nécessitent souvent une expertise et une masse salariale que des petites sociétés n'ont pas forcément.

 

À l'inverse, comme le suggèrent d'autres, l'acquisition pourrait tout simplement permettre à Aries de bénéficier d'investissements plus conséquents, et ainsi de mieux servir ses clients...

 

Quoi qu'il en soit, l'édition scientifique vient de connaitre un nouveau bouleversement.


          Your Plain English Guide to Gartner Magic Quadrants      Cache   Translate Page   Web Page Cache   

Your Plain English Guide to Gartner Magic Quadrants

A few weeks ago, WPEngine purchased StudioPress. This was a major move in the WordPress space. This also seemed like a simple move. One of the biggest hosting companies was taking over biggest theme developer. More customers, more money, more growth.

But I'm part of a popular Slack channel for WordPress developers and I saw was confusion. WPEngine said they purchased StudioPress to become a "DXP". That was unexpected. Lots of the terminology used to describe the deal was new to the developers:

What is a DXP? A DXP appears inside a magic quadrant?!?

In this guide, I'll try and explain DXPs, magic quadrants, WCMs and more. What does this jargon mean? How do these phrases help explain WPEngine's acquisition of StudioPress, and other big moves made by open source companies?


          Game Programmer - training workshops - École Kamelia - Montréal, QC      Cache   Translate Page   Web Page Cache   
Scratch, Javascript, Java, Php, Html / CSS, Python, Minecraft, Lego Mindstorms, Arduino, Raspberry, Unity, Blender, SketchUp, Open source, ...........
From Indeed - Mon, 23 Apr 2018 23:11:39 GMT - View all Montréal, QC jobs
          Comment on 4 Best Modern Open Source Code Editors For Linux by Benjamin      Cache   Translate Page   Web Page Cache   
Atom
          Comment on 6 Open Source Mobile OS Alternatives To Android in 2018 by Eva Farrelll      Cache   Translate Page   Web Page Cache   
Firefox will not let me log in unless I provide cell#. I do not have a cell phone?
          Comment on Mycroft Mark II: The Open Source Answer to Amazon Echo and Google Home That Doesn’t Spy on You by qwerty      Cache   Translate Page   Web Page Cache   
What I don't understand is, why does voice recognition have to be run by a remote server? I had speech recognition software working really well on a mid-level Dell Inspiron laptop in 2007, 100% local to the machine and ran offline. Nowadays, the Apple Watch has about as much horsepower as that laptop while on battery, but yet devices way more powerful have to rely on a server for voice recognition. Why? You mean to tell me that it is faster to send MP3 snippets to a remote server, process it, and send back a response than to simply process voice input realtime on the device itself? Open source or not, I don't want something that requires a full-time connection to a data center to function.
          VIDEO: Mut4y X Wizkid X Ceeza Milli – Commando      Cache   Translate Page   Web Page Cache   
About UsWelcome to Jaguda (JaH-GooD’-AH), your global open source medium that utilizes credible sources to keep you informed. Utilizing innovative technology, visual documentaries, and blogging
          Game Programmer - training workshops - École Kamelia - Montréal, QC      Cache   Translate Page   Web Page Cache   
Scratch, Javascript, Java, Php, Html / CSS, Python, Minecraft, Lego Mindstorms, Arduino, Raspberry, Unity, Blender, SketchUp, Open source, ...........
From Indeed - Mon, 23 Apr 2018 23:11:39 GMT - View all Montréal, QC jobs
          Full Stack Engineer, Axon Records - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Mon, 06 Aug 2018 23:18:47 GMT - View all Seattle, WA jobs
          Senior Front End Engineer, Intelligent Operating Network - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Fri, 20 Jul 2018 23:17:40 GMT - View all Seattle, WA jobs
          Senior Back End Engineer, Axon Records - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Mon, 16 Jul 2018 05:18:50 GMT - View all Seattle, WA jobs
          Back End Engineer, Axon Records - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Tue, 12 Jun 2018 23:18:07 GMT - View all Seattle, WA jobs
          Software Engineering Manager, Axon Records - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Thu, 31 May 2018 23:18:10 GMT - View all Seattle, WA jobs
          Senior Full Stack Engineer, Axon Records - Axon - Seattle, WA      Cache   Translate Page   Web Page Cache   
You follow the latest in open source technologies and can intuit the fine line between a promising new practice and an overhyped fad....
From Axon - Thu, 24 May 2018 23:18:05 GMT - View all Seattle, WA jobs
          How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7      Cache   Translate Page   Web Page Cache   

HowToForge: Strongswan is an open source multiplatform IPSec implementation.


          How to Install and use Open vSwitch 2.9 with KVM on CentOS 7 / RHEL 7 Server      Cache   Translate Page   Web Page Cache   

LInuxTechi: Open vSwitch is a free and open source multi-layer software switch, which is used to manage the traffic between virtual machines and physical or logical networks.


          Monitor Network Traffic with Ntopng on Ubuntu 18.04 LTS      Cache   Translate Page   Web Page Cache   

HowToForge: Ntopng is a free and open source software for monitoring network traffic that provides a web interface for real-time network monitoring.


          Help me setup a VOIP phone system to replace my physical phone lines and integrate with my customer database for realtime caller information (PHP database). No monthly SAAS like Ring Central.      Cache   Translate Page   Web Page Cache   
I would like advice on what product and coding will be the best for my new VOIP phone system. I want to use ultra high speed internet and a VOIP system to route all my phone traffic over the internet, allowing me to cancel my physical phone line service, have remote users anywhere in the world. The VOIP system needs to include the following features: 1. Have advanced caller ID. (Display caller’s the phone number, and when possible, the caller’s name (according to public records, not my own database) 2. Not be a monthly subscription SAAS like Ring Central or Grasshopper - I want a system that is a one time cost, or an open source system. 3. I need to be able to define rules for routing calls based on the day, the time of day, the number dialed, the caller’s number, etc. 4. I need recommendations on VOIP physical handsets that will be easy for my sales staff to use in coordination with our computer system 5. I need the VOIP system to communicate with my customer database, so that when one of my previuos customers calls, our computer displays the customer information in our database so the operator has realtime access to the customer’s information when they answer the phone. Thank you for your generous consideration in helping me with this project! (Prize: 110)
          Updated LimeSurvey to 3.14.2+      Cache   Translate Page   Web Page Cache   
LimeSurvey (ID : 60) package has been updated to version 3.14.2+. LimeSurvey (formerly PHPSurveyor) is an open source online survey application written in PHP based on a MySQL, PostgreSQL or MSSQL database. It enables users without coding knowledge to develop, publish and collect responses to surveys. Surveys can include branching, custom preferred layout and design … Continue reading "Updated LimeSurvey to 3.14.2+"
          Evaluating Hyperledger Composer      Cache   Translate Page   Web Page Cache   

Key Takeaways Only a very narrow subset of use cases is appropriate for this technology. The way that Hyperledger Fabric uses MVCC (multiversion concurrency control) when validating write batches is safe enough for financial applications in a decentralized ledger but may not scale efficiently enough in order to be attractive to B2C startups. Avoid this technology if you can make all of your transactions idempotent. This technology is still somewhat immature. Even though this is an open-source project, there are currently some limitations in choice of cloud provider when moving to a production environment (that could change).

I have been following the three-year-old Hyperledger Fabric open-source project since its code base moved to GitHub about two years ago. The Hyperledger projects are hosted by the linux Foundation and sponsored mostly by IBM. They promote the use of what are known as private, or permissioned, blockchains. With a public blockchain, the first anonymous miner who solves a cryptographic puzzle gets to commit the next block of ledger entries to the chain. Private blockchains solve the consensus problem among authenticated peers using algorithms such as Raft or Paxos .

With a blockchain, you get CRUD-style access to the ledger. You also get the ability to store mini programs known as smart contracts on the ledger. When a transaction is submitted to a smart contract, all ledger state-mutating operations executed within the chaincode are atomic ― either all operations get committed or none of them do. If the underlying ledger data accessed by the chaincode has been changed by the time that the operations made by the chaincode are to be committed, then the transaction is aborted. This happens automatically and is a big part of the value to writing smart contracts.

The same folks who released Hyperledger Fabric also released another open-source project, Hyperledger Composer , which makes it easy for developers to write chaincode for Hyperledger Fabric and the DApps (decentralized applications) that can call them.

Why now?

Thoughtworks is a technology consulting company (acquired by Apax Partners) that markets itself as "a community of passionate individuals whose purpose is to revolutionize software design, creation and delivery". Twice a year, they release a Technology Radar report that recommends certain technologies be put on hold, assessed, put on trial, or adopted. Volume 18 of this Technology Radar (pdf) , published in May 2018, placed Hyperledger Composer in the trial ring, which they define as "Worth pursuing. It is important to understand how to build up this capability. Enterprises should try this technology on a project that can handle the risk."

In my role as a software architect, I evaluate emerging technology, and Hyperledger Composer made it onto my personal radar. Every time I evaluate an emerging technology, I use it to implement a rudimentary news feed microservice. Each of these microservices are feature identical and are load-tested in the exact same manner. In this way, I can make reasonable statements about the performance characteristics of any specific technology in comparison with the other technologies. I chose the problem domain of a news feed because of its familiarity and ubiquity in social networks and because it is complicated enough to require non-trivial solutions yet simple enough to understand without getting lost in implementation minutiae. I publish the source code for these microservices, along with the source code needed to load-test them and to collect and analyze the performance results, in a freely available repository on GitHub . In the spirit of scientific peer review, I encourage you to clone the repo and reproduce the results for yourself.

Building the test microservice

Hyperledger Composer allows you to write smart contracts in server-side javascript. It makes available a native client library by which Node.js applications can access the ledger and submit transactions to these smart contracts. For the purposes of this experiment, I used an already developed Node.js microservice (see server/feed4 in the repo) as the control. I copied the source code for that microservice to a new folder (see server/feed7/micro-service in the repo) then I replaced all references to mysql, Redis, and Cassandra with calls to the Hyperledger Composer client API. It is the feed7 project that serves as the test in this experiment. Both projects use Elasticsearch because one of the requirements of each news-feed service is a keyword-based search, and a blockchain is not appropriate for that. Like most of the other microservices in this repo, the feed7 microservice uses Swagger to define its REST API. The specification can be found in the server/swagger/news.yaml file.

With Hyperledger Composer, you create a business network that consists of a data model, a set of transactions that manipulate the data model, and a set of queries by which those transactions can access data within the model. Hyperledger Composer works with Hyperledger Fabric, whose basic network consists of CouchDB , the default peer, the business network peer, a certificate authority service, and an orderer. The feed7 microservice accesses Hyperledger Fabric in the context of this business network, which you can find in the server/feed7/business-network folder.


Evaluating Hyperledger Composer

Figure 1: Feed7 components (the test) .

In the model for this business network, the broadcaster is the participant. There are friendship, inbound, and outbound assets. The friendship asset captures the friend relationship between two broadcasters. Each inbound asset is a news-feed item meant for the associated broadcaster. The outbound asset is a news-feed item that was sent by the associated broadcaster. There are two transactions in this business network: broadcasters can friend each other and a broadcaster can broadcast a news-feed item to its friends. The only query needed inside the business network is for the broadcast transaction to access the broadcaster’s friends.

async function broadcastParticipants(tx) {
const factory = getFactory();
const created = Date.now();
const now = new Date();
const k = tx.sender.participantId + '|' + created + '|';
const outboundRegistry = await getAssetRegistry('info.glennengstrand.Outbound');
const ok = 'Outbound:' + k + Math.random();
const inboundRegistry = await getAssetRegistry('info.glennengstrand.Inbound');
var o = factory.newResource('info.glennengstrand', 'Outbound', ok);
o.created = now;
o.subject = tx.subject;
o.story = tx.story;
o.sender = tx.sender;
await outboundRegistry.add(o);
const friends = await query('broadcasterFriends', { broadcaster: 'resource:info.glennengstrand.Broadcaster#' + tx.sender.participantId });
for (i = 0; i < friends.length; i++) {
const friend = friends[i];
const ik = 'Inbound:' + k + Math.random();
var inb = factory.newResource('info.glennengstrand', 'Inbound', ik);
inb.created = now;
inb.subject = tx.subject;
inb.story = tx.story;
inb.recipient = friend.to;
await inboundRegistry.add(inb);
}
}

Code Sample 1: A smart contract.

The Hyperledger Composer API that is intended to be called within a smart contract closely resembles the API that is intended to be called by the Node.js DApp, but there are some interesting differences. Within the smart contract, you must use the async/await mechanism, but within the DApp, you had to use promises. Smart contracts always had to use predefined queries but DApp code could build a query dynamically and run that. When querying or retrieving either a participant or asset from the DApp, you had to include the constant “PID:” as a part of the key but not when accessing the same data from chaincode.

function submitTransaction(bizNetworkConnection, transaction, from, subject, story, callback, retry) {
const elastic = require('../repositories/elastic');
bizNetworkConnection.submitTransaction(transaction)
.then((result) => {
const retVal = {
"from": from,
"occurred": Date.now(),
"subject": subject,
"story": story
};
elastic.index(from, story);
callback(null, retVal);
}).catch(() => {
setTimeout(() => {
submitTransactionRetry(bizNetworkConnection, transaction, from, subject, story, callback, 2 * retry);
}, retry + Math.floor(Math.random() * Math.floor(1000)));
});
}
exports.addOutbound = function(args, callback) {
const BusinessNetworkConnection = require('composer-client').BusinessNetworkConnection;
const bizNetworkConnection = new BusinessNetworkConnection();
bizNetworkConnection.connect(process.env.CARD_NAME)
.then((bizNetworkDefinition) => {
const factory = bizNetworkDefinition.getFactory();
var transaction = factory.newTransaction('info.glennengstrand', 'Broadcast');
transaction.sender = factory.newRelationship('info.glennengstrand', 'Broadcaster', 'PID:' + args.body.value.from);
transaction.subject = args.body.value.subject;
transaction.story = args.body.value.story;
submitTransaction(bizNetworkConnection, transaction, args.body.value.from, args.body.value.subject, args.body.value.story, callback, 2000);
});
}

Code Sample 2: A DApp calling a smart contract.

In the DApp source code, you may notice all this retry logic when submitting a transaction. That is because Hyperledger Fabric uses MVCC (multiversion concurrency control) when validating write batches and will easily throw a read conflict error. What you do to resolve that is to sleep a slightly randomized amount of time then retry the transaction.

Testing the microservice under load

Both the control and the test use the same load-test application, which you can find in the client/load folder of the repo. The load test creates 10 participants in an eternal loop, and gives each participant anywhere from two to four friends. It has each participant broadcast 10 news-feed items, each of which consists of 150 randomly generated numbers. The load-test app spins up three threads, each doing this process 90% of the time. The other 10% is testing the search functionality.

Instead of calling the news-feed microservice directly, the load-test application calls an open-source API gateway called Kong , which proxies each request from the load-test application to the news-feed microservice. Kong is configured to use the http-log plugin in order to send request and response logs for each call to another microservice, which in turn sends the performance-related parts to Elasticsearch in batches. You can find the source code for the Kong logger microservice in the client/perf4 folder.

I used Kibana to visualize the performance data, including throughput, average latency, and percentile latency. Whenever possible, I always collected summaries of performance metrics from two hours of data.


Evaluating Hyperledger Composer

Figure 2: Per-minute throughput of outbound post requests for a test (i.e., Hyperledger Composer and Fabric) experiment.


Evaluating Hyperledger Composer

Figure 3: Per-minute average of latency of outbound post requests for a test (i.e., Hyperledger Composer and Fabric) experiment.

I deployed the control twice, both times in EC2 using m4.xlarge instances; one time when the feed4 service was running in a Docker container and another time when it wasn’t. The Docker version experienced 6% less throughput and almost no difference in latency. I also deployed the test twice, both times in EC2 using m4.xlarge instances for Kong, Cassandra (used by Kong), Elasticsearch, and the load-test application. The first test deployed Hyperledger Fabric, Composer, and the feed7 business network and microservice on an m4.xlarge and the second test used an m4.2xlarge, to see the performance differences in scaling up.


Evaluating Hyperledger Composer

Figure 4: Feed7 deployment (the test).

To allow for valid comparative analysis, and because production configurations were not readily available, both the control and the test used developer configurations for everything. There exists an AWS CloudFormation template for Hyperledger Fabric, but it is deploying the basic network, which is Hyperledger-speak for a developer configuration. The only online documentation for a production configuration that I could find, outside of advertisements for IBM Cloud, were a couple of blogs on H acker N oon by some folks from VMware. Those blogs claimed a production configuration and a diagram indicated that the orderer was backed by Kafka, but the configtx.yaml file in the referenced GitHub repo shows an OrdererType of solo, not Kafka. That suggests a developer configuration. A comment in the source code says, “The solo consensus scheme is very simple, and allows only one consenter for a given chain. It accepts messages being delivered via Order/Configure, orders them, and then uses the blockcutter to form the messages into blocks before writing to the given ledger.”

Performance results

There is both good and bad news for Hyperledger when it comes to performance under load. Here is the bad news: the Hyperledger version of the news feed demonstrated over 300 times less throughput and was three orders of magnitude slower than the traditional version. But the good news is that doubling the hardware capacity for the Hyperledger version yielded a 20% improvement in throughput and almost halved the latency.

The control sustained over 13,000 outbound post requests (i.e., a news-feed broadcast) per minute (RPM). Average latency was 4 ms and the 99th percentile was 9 ms. The test experienced on average 29 outbound post requests per minute for the m4.xlarge and 38 for the m4.2xlarge. The average latency was 4.7 s for the m4.xlarge and 3.2 s for the m4.2xlarge. The 99th percentile latency was 10.2 s for the m4.xlarge and 4.9 s for the m4.2xlarge.


Evaluating Hyperledger Composer

Figure 5: Outbound-post comparative performance summary. Latency numbers are in milliseconds.

There are some other inefficiencies that I need to cover here. The CPU and performance-related metrics on the control quickly reached steady state while the same metrics on the test got worse and worse over time. The biggest offender with CPU was the default peer process in Fabric. This was surprising because the microservice always accessed the news-feed business network whose corresponding peer container was not as CPU intensive. Perhaps the default peer is used to endorse transactions? I could find no way to remove it from the configuration. In a production configuration, you would have multiple peers, otherwise the ledger would not be decentralized.

For both the test and the control, the microservice will eventually crash, once the SSD for the database runs out of available storage. For the control, that happens in the Cassandra database after almost 30 million outbound posts have occurred. For the test, that happens in the CouchDB database after about 4,000 outbound posts have occurred. The SSD storage for both the control and the test have the same capacity, which is 20 GB. Clearly, storage efficiency is not currently a primary concern of the developers contributing to the Hyperledger Fabric project.

Conclusion

Originally, I believed that the news-feed application would be a good use case for a blockchain. The primary action of the load-test application is appending friends and appending news-feed items, which sounds very similar to appending to a ledger. Now, however, I believe that analogy to be superficial. The major concern for blockchains is to prevent what is known as the double-spend problem ― what good is a blockchain that cannot prevent participants from spending the same money twice? For public blockchains, that problem is handled using unspent transaction outputs, or UTXO. Hyperledger Fabric addresses the problem via MVCC on the read sets when validating write batches. Fabric does have inefficiencies that can be addressed as it matures, but I believe that this use of MVCC in order to prevent double spending is an inherent cause for the low throughput and high latency. For all intents and purposes, the news-feed transactions are essentially idempotent. There are no significant consequences if two participants friend themselves in a different order or multiple times, or broadcast items to each other in a different order or multiple times. Fabric is allocating a lot of CPU time and memory to prevent a problem that has no significant impact on a news feed.

This evaluation leads me to believe that the future of software development will not be eaten by blockchains. There is only a very narrow subset of use cases that justify the high computing costs inherent in automatic, guaranteed, distributed concurrency control and validation. Basically, you need to require a consortium marketplace where idempotent transactions are not a possibility. While evaluating Hyperledger Composer at this time has some merit, the current level of maturity makes committing to a production release in the near future highly problematic. The Hyperledger projects are all open source but at the time of this writing there appear to be limitations in choice of cloud provider when progressing to a production environment.

About the Author
Evaluating Hyperledger Composer
Glenn Engstrand is a Software Architect at Adobe Systems, Inc.. His focus is working with engineers in order to deliver scalable, server side, 12 factor compliant application architectures. Glenn was a breakout speaker at Adobe's internal Advertising Cloud developer's conferences in 2018 and 2017 and at the 2012 Lucene Revolution conference in Boston. He specializes in breaking monolithic applications up into micro-services and in deep integration with Real-Time Communications infrastructure.
          Free Open Source Online Dating Software      Cache   Translate Page   Web Page Cache   
pH7 Social Dating CMS The Most Secure, Powerful & Professional Social Dating Web App Builder

pH7 Social Dating CMSis a Professional & Open Source Social Dating CMS, fully responsive design, low-resource-intensive, powerful and very secure.

pH7CMS (now known as pH7Builder) is included with 35 modules and based on its homemade framework (pH7Framework). It is also the first Professional, Free and Open Source Social Dating Site Builder Software and the first choice for creating enterprise level Dating Apps/Service or social networking sites.


Free Open Source Online Dating Software
Software Overview

pH7 Dating CMSis a Social/Dating CMS written in Object-Oriented php ( OOP ), fully compatible and highly optimised for PHP 7+ and based on MVC architecture (Model-View-Controller).

It is designed with the KISS principle in mind, and the all source code can be read and understood in minutes. For a better flexibility, the software uses PDO (PHP Data Objects) abstraction which allows the choice of the database. The principle of development is DRY (Don't Repeat Yourself) aimed at reducing repetition of information of all kinds (no duplicate code).

This Free and Open Source Social Dating Site Builder wants to be low resource-intensive, powerful, stable and secure. The software also comes with 35 system modules and is based on pH7Framework (written specifically for this project) that has over 52 packages.

To summarize, pH7CMS gives you the perfect ingredients to create the best online dating service or social networking website on the World Wide Web!

How Powerful Your Social-Dating App Will Be? :rocket: Best Dating Features Advanced Search Blog Notes Pages Management Friends/Mutual Friends, Visit, Messages, Instant messaging, Views, Like, Rating, Smileys, Geo Map, Avatar, Wallpaper, ... Related Profiles (for better user experience and faster match) Custom Profile (Background profile) Comments Hot or Not Love Calculator Matchmaking System Geo-Location People Nearby Photo Albums Videos (and possibility to upload videos from API v3 YouTube, Vimeo, Metacafe and Dailymotion) Forums Full Moderation of all contents posted by your users Nudity Filter Option for all images uploaded by users Dating Scammer Detector (see if profile photos aren't used by scammers) Anti-Scam Tools Watermark Branding Chat Rooms Chatroulette Games (with high quality and viral games installed) Webcam Shot Affiliate Newsletter Activity Streams User Mentions (using the “@” symbol with the username such as @pH-7 ) Member Approval System Advanced Admin Panel Complete Membership System Payment Gateways Integration for PayPal, Stripe, Braintree, Bitcoin and 2CheckOut Statistics & Analytics System Live Notification System Registration delay (to avoid spam) File Management Dynamic Field Forms Management Privacy Settings Banner/Advertisement Management User Dashboard Dating-Style Profile Page Fake Profile Generator CSV User Importer Support for Multiple Languages, Internationalization and Localization (I18N) European and American Time/Date formats Cache system for the database, pH7Tpl (our template engine), static files (HTML, CSS, JS), string content, ... Maintenance Mode Database Backup Report Abuse SEO-Friendly (Title, Content, Code, ...), Sitemap module, hreflang , possibility to translate each URL, ... Multilingual URLs Check that all UGC (User-Generated Content) are Unique (to avoid spam and malicious users) RSS Feed Block easily any IPs, emails, usernames, affiliated bank accounts, etc. Country Blocker (block easily any countries where you don't want your website to be accessible) Country Restrictions for Member and Affiliate registration forms Fully API for integration from an external app (iOS/Android, ...), website, program, ... Feedback Fully Responsive Templates Memberships/Groups Manager Publishable easily into Android/iPhone/iOS webview mobile app thanks its Mobile-Optimized Templates Multiple-Themes and many customization possible Message templates Multi Themes and many personalizable Includes top html5 features Allow to sign in to your site with Facebook, Google and Twitter thanks pH7CMS's Connect module Invite Friends Social Bookmark (Social Media Sharing Buttons) Powerful Anti-Spam System Full Security system against XSS, CSRF, SQL injection, authentication hacking, session fixation, brute-force, reverse tabnabbing phishing attacks, ... and can even prevent some DDoS attacks! Two-Factor Authentication Option available for Admins, Users and Affiliates Admin Panel - Block Access with IP Restriction Beautiful Code: Very thoroughly commented about what's happening throughout the PHP code, beautiful indentation and very readable, even for non-programmers Anyone can easily contribute to pH7CMS project thanks the GitHub repository

It's not a hazard that pH7CMS is considered to be the first choice for creating an enterprise level dating web app or social networking website

Great features like here and many other unique and exclusive features are waiting for YOU. Already released in pH7CMS!


Free Open Source Online Dating Software
Requirements

Application ServerPHP 5.6 or higher (Recommended Version: PHP 7.0.4 or higher).

Databasemysql/MariaDB 5.0.15 or higher.

Operating Systemlinux/Unix (Red Hat, CentOS, Debian, FreeBSD, Mandrake, Mac OS, etc.), windows.

Web ServerApache with mod_php or with PHP in CGI, FastCGI mode (nginx, LiteSpeed and IIS should also work. You might have to change some pieces of code and change the URL rewriting to make it work).

URL rewriting extension module Apache , nginx, LiteSpeed, IIS (for Web.config, you have a good tutorial here ).

Specific RequirementServer has to be connected to Internet.

Minimum Web Space2.0 GB

pH7CMS's Video Module Requirement (only if enabled) FFmpeg

Installation Github: Clone pH7CMS from Github git clone git@github.com:pH7Software/pH7-Social-Dating-CMS.git Install Composer From a command line opened in the folder, run composer install to install pH7CMS's dependencies. Composer: Install Composer composer create-project ph7software/ph7cms --prefer-dist ph7cms Sourceforge: Directly download the latest stable version from Sourceforge . Softaculous: If your Web host offers Softaculous, you might be able to install pH7CMS in one-click with Softaculous . Nginx Configuration

In order to get pH7CMS working on nginx server, you need to add some custom nginx configuration.

Create /etc/nginx/ph7cms.conf and add the following:

location / { try_files $uri $uri/ /index.php?$args; index index.php; }

Please note that the above code is the strict minimum and obviously you can add more rules by comparing with the main Apache .htaccess file .

Finally, in your nginx server configuration, you will have to include ph7cms.conf file to complete the configuration like below:

In file, e.g., /etc/nginx/sites-enabled/yoursite.conf for Ubuntu and other OS based on Debian or /etc/nginx/conf.d/yoursite.conf for CentOS and other OS based on Red Hat.

server { # Port number. In most cases, 80 for HTTP and 443 for HTTPS listen 80; server_name www.yoursite.com; root /var/www/ph7cms_public_root; index index.php; #you can use index.ph7; for hidding the *.php ... client_max_body_size 50M; error_log /var/log/nginx/yoursite.error.log; access_log /var/log/nginx/yoursite.access.log; # Include ph7cms.conf. You can also directly add the "location" rule instead of including the conf file include /etc/nginx/ph7cms.conf; }

For more information, please refer to the nginx documentation.


Free Open Source Online Dating Software
Translations

You can find and add other languages on the I18N repo .

Author

Coded & Designed with lots of :heart: by Pierre-Henry Soria . A passionate Belgian software engineer :chocolate_bar: :beer:

Hire Me At Your Company?

Do you need someone like me (and willing to relocate) at your company..? Let's chat together !

Official Website

pH7CMS.com

Documentation

pH7CMS Documentation

Contributing
Free Open Source Online Dating Software

Anyone can contribute on pH7CMS GitHub repository!

Finding bugs, improving the CMS/doc or adding translations. Any contribution is welcome and highly appreciated!

Just clone the repository, make your changes and then make a push ;-)

WARNING, your code/modification must be of excellent quality and follow the Code Convention and PSR . I manually validate all the improvements and changes.

You will also become a pH7CMS VIP member and get all exclusive premium contents and upcoming modules.


Free Open Source Online Dating Software
Tools/Software Used to Develop pH7CMS

LAMP on Fedora/Ubuntu (and Windows/Mac with WampServer/MAMP for testing purpose)

Geany & Sublime Textfor coding the whole project. That's it! However, since pH7CMS 5.0, PhpStorm (and sometimes Atom) are used as well.

GIMPfor editing the assets, etc.

Trimage(and ImageOptim when developing on Mac) for compressing & optimizing the images

Poeditfor translating the Gettext files

FileZillafor FTP client

Gitfor the version control system

Sometimes, when working on Mac, Sequel Pro is used to lookup easily at a database.

Contact

You can send me an email for any suggestions or feedback at: hello {AT} ph7cms {D0T} com OR hi {AT} ph7 {D0T} me

pH7CMS; The Eco-Friendly CMS :heart:
Free Open Source Online Dating Software

pH7CMS has been built to reduce the power and CPU usage of your server in order to preserve the nature and help to save our environment.

pH7CMS's templates also use lighter colors since LCD monitors use less electricity to display them.

Finally, please consider using green Web hosting (which use Green Power supply).

-> Other 10 Easy Ways to Green Your Social Community :wink: <-

License

pH7CMSis under Open Source Free License.

License: General Public License 3 or later; See the PH7.LICENSE.txt and PH7.COPYRIGHT.txt files for more details.


Free Open Source Online Dating Software
Free Open Source Online Dating Software

          How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7      Cache   Translate Page   Web Page Cache   

HowToForge: Strongswan is an open source multiplatform IPSec implementation.


          How to Install and use Open vSwitch 2.9 with KVM on CentOS 7 / RHEL 7 Server      Cache   Translate Page   Web Page Cache   

LInuxTechi: Open vSwitch is a free and open source multi-layer software switch, which is used to manage the traffic between virtual machines and physical or logical networks.


          Java Developer - IAM - Codeworks - Milwaukee, WI      Cache   Translate Page   Web Page Cache   
Experience in J2EE web application development and ability to use open source libraries. Our direct client is seeking a Java Developer with experience in...
From Indeed - Thu, 02 Aug 2018 16:23:50 GMT - View all Milwaukee, WI jobs
          Open Source Software Developer - IBM - Markham, ON      Cache   Translate Page   Web Page Cache   
Through several active collaborative academic research projects with professors and graduate students from a number of Canadian and foreign universities....
From IBM - Wed, 18 Jul 2018 10:49:17 GMT - View all Markham, ON jobs
          Open Source Software Developer - IBM - Markham, ON      Cache   Translate Page   Web Page Cache   
Through several active collaborative academic research projects with professors and graduate students from a number of Canadian and foreign universities....
From IBM - Wed, 18 Jul 2018 10:49:17 GMT - View all Markham, ON jobs
          How to Install Laravel PHP Framework on Ubuntu      Cache   Translate Page   Web Page Cache   
Laravel is a free, open source, flexible and lightweight PHP framework with Model-View Controller (MVC) design structure. It has a refined, easy, and readable syntax for developing modern, robust and powerful applications from the...
          Java Developer - IAM - Codeworks - Milwaukee, WI      Cache   Translate Page   Web Page Cache   
Experience in J2EE web application development and ability to use open source libraries. Our direct client is seeking a Java Developer with experience in...
From Indeed - Thu, 02 Aug 2018 16:23:50 GMT - View all Milwaukee, WI jobs
          LibreOffice 6.1 ออกแล้ว เปลี่ยนชุดไอคอนใหม่, แทรกช่องลายเซ็นในเอกสารได้      Cache   Translate Page   Web Page Cache   

LibreOffice ออกเวอร์ชันใหม่ 6.1 มีของใหม่หลายอย่าง โดยเฉพาะในระดับของ user interface ที่มองเห็นได้ชัดเจน

  • เปลี่ยนชุดธีมไอคอนใหม่คือ Colibre ที่เป็นดีฟอลต์สำหรับวินโดวส์ และ Karasa Jaga โดยถอดธีมไอคอนเก่าๆ บางตัวที่ไม่มีเวอร์ชัน SVG ออก
  • ปรับดีไซน์ของไอคอนแอพแต่ละตัวเล็กน้อย แบนราบขึ้น สีสันสดใสขึ้น ดูเรียบง่ายกว่าของเดิม
  • Writer เพิ่มช่องลายเซ็น (signature line) เพื่อความสะดวกในเอกสารที่ต้องมีลายเซ็น แถมยังสามารถเซ็นชื่อแบบ digital signature ได้ด้วย
  • Calc เรียงเซลล์ตามภาพที่ฝังในเซลล์ได้แล้ว และเพิ่มชนิดของการฝังภาพในเซลล์ (anchor) อีก 3 แบบ
  • Base เปลี่ยนเอนจินฐานข้อมูลใหม่ จาก HSQLDB มาเป็น Firebird

ที่มา - LibreOffice

No Description

No Description


          Visual Studio & TFS 2013 – List of extensions and tools (Part 2)      Cache   Translate Page   Web Page Cache   

Originally posted on: http://maxblogson.net/archive/2014/09/19/visual-studio-amp-tfs-2013-ndash-list-of-extensions-and-again.aspx

Go to Part 1 – List of Product Updates for information on Visual Studio and TFS 2013 updates

Looking for the VS 2012 product updates and extensions ?  Go to Visual Studio 2012 Product and updates (Part 1)  and Visual Studio 2012 extensions (Part 2)

Looking for the VS 2010 extensions ? Go to Visual Studio 2010 - List of Product Updates (Part 1) + Extensions (Part 2).

Looking for links to the test adapters, go to this blog post.

Update Sep 19th 2014:  Updated ReSharper3 , NDepend3LinqPad, TFS Team Project Manager,    Code Contracts1

See earlier update notes

Update April 12th 2014:  Updated TypeScript, ReSharper3 , TFS Power Tools , NDepend3 .  Added Devart T4 editor
Update Feb 8th 2014:  Added File Nesting  and AutoHistory, new pre-release R# version fix for NUnit/Nuget/Chutzpah issue here.
 
 

This post is a list of the extensions I recommend for use with Visual Studio 2013. It’s coming up all the time – what to install, where are the download sites, last version, etc etc, and thus I thought it better to post it here and keep it updated. The basics are Visual Studio 2013 connected to a Team Foundation Server 2013, although most also works with earlier versions. 

Many live in a side-by-side environment with Visual Studio 2010 and 2012. The side-by-side is supported by VS 2013. However, if you installed a component supporting VS2013 before you installed VS2013, then you need to reinstall it. (Components marked with Note 3 below) The VSIX installer will understand that it is to apply those only for VS2013, and will not touch – nor remove – the same for VS2010 and VS 2012. A good example here is the Power Commands.

The list is more or less in priority order.

The focus is to get a setup which can be used for a complete coding experience for the whole ALM process.

The list of course reflects what I use for my work , so it is by no means complete, and for some of the tools there are equally useful alternatives. 

The components directly associated with Visual Studio from Microsoft should be common, see the Microsoft column.

For components that are updated through the gallery, I will no longer update the latest version numbers, as they are easily controlled through the Tools/Extensions and Updates dialogue. In the version column I will just write Auto.

If you want to use the same set of extensions on multiple computers, you might like to share them easily. Lars Wilhelmsen has a great blog post about how to use Dropbox to share extensions and common settings.

Extensions ready for VS 2013, both upgrades and new ones

Product Notes Latest Version License Applicable to Microsoft
File Nesting Awesome and convenient Auto Free Visual Studio MSFT
AutoHistory Awesome, local history Auto Free Visual Studio MS Devlabs
EF Power Tools Beta 41 See blog post Auto Free Visual Studio Yes
MyHistory1 See MSDN Article Auto Free TFS Integration No
Inmeta AssociateRecentWorkItems1 Fast way to associate recent work items to a checkin, reduce need to search around.  See Jakobs blogpost for more info Auto Free TFS Integration No

Unit Test Generator1

Get back the ability to generate unit tests from code, also works for NUnit and XUnit. Auto Free Unit Testing (VS) ALM Rangers
Codelens Code Health Indicator  12 Awesome !  See this post (Norwegian), and this and this. Auto Free Coding & Quality Yes
Runsettings1 Item template to create default runsettings file Auto Free Unit Testing (VS & TFS) No
TypeScript See info here, and B.Harry’s blogpost. Codeplex here
Release notes
Now part of VS 2013, installs with that 
See http://www.typescriptlang.org/
1.0 Free Coding Yes
ReSharper3 Note:Version 8.1.23.546 and earlier have an issue with Nuget/NUnit/Chutzpah, see here.  Download version 8.2 to get this resolved.
Version 8.2.1 have an issue with nuget, see this post 
8.2.2000.5120 Licensed Coding & Quality No
NuGet Manager   3 New initial install included with VS 2013. Updates through extension gallery Auto Free Visual Studio Yes
TFS Power Tools
See Brian Harry’s blog post for more info

12.1.00402.0 Free TFS integration Yes
NDepend3 Info on updates here. Trial available.

5.4.1.8430

Licensed Quality No
Build Manager1 Community Build Manager. Info here from Jakob Auto Free TFS Integration No
Visual Studio 2013 SDK Required for using Wix Published 11.Oct.2013 Free Visual Studio Yes
Wix Toolset 3.8 Free Coding/Installers No
Productivity Power Tools1 Awesome package. A must have! Auto Free Visual Studio Yes
Code Contracts1 3 Now on gallery too. Info here and follow the forum here
See new blog here
1.7.10908.11 Free Coding Yes
Code Contract Editor Extensions1   1.5.60813.10 Free Coding Yes
Visualization and Modeling SDK Requires VS 2013 SDK
Nov 10th 2013 Free now, otherwise Part of MSDN Subscription Modeling, DSL, UML extensions Yes
Slow Cheetah1 3 Tool for transforming XML files, like config files. Auto Free Coding No
Web Essentials1 Auto Free Coding Yes
Devart T4 editor Nice T4 editor, using this now instead of tangible. Auto Free Coding (T4 templates) No
tangible T4 editor1 Lite version is free and more than enough for T4 editing. 2.2.3 Lite version Free (Good enough) Coding (T4 templates) No
ASP.Net and Web Tools 2013 Free Coding Yes

#1 Get via Visual Studio’s Tools | Extension Manager (or The Code Gallery). (From Adam : All these are auto updated by the Extension Manager in Visual Studio)

#2 Works with ultimate only

#3 Also works with VS 2010 and VS 2012

 

Tools (outside Visual Studio)

Product Notes Latest Version License Applicable to Microsoft
ILSpy Decompiler –open source. Can also export assembly as C# project 2.2.0.1706 Free Coding/Investigation No
DotPeek Decompiler from Jetbrains. Can also export as C# project 1.2.1.226 Free Coding/Investigation No
LinqPad Info here 4.51.03 Free and licensed versions Coding No
           
TFS Team Project Manager Extremely valuable. Handle maintenance of work items, process, and much more across multiple team projects at once.  No more batch files with witadmin! See it at Codeplex  1.7.5119 Free TFS No
TFS Administration Tool Handling security and permissions in TFS, Sharepoint and reporting services. Open source tool at Codeplex
Version 2.3 is fully 2013 compatible. If you don’t have VS installed, download and install the TFS 2013 Object model
Version 2.2 works on 2013 but requires the 2012 Object model to be installed.
2.3 Free TFS No

 

Extensions we wait for, not yet in a VS 2013 version

Product Notes Latest Version License Applicable to Microsoft
Inmeta Build Explorer     Free TFS integration No
           


          Fixing up Visual Studio’s gitignore , using IFix      Cache   Translate Page   Web Page Cache   

Originally posted on: http://maxblogson.net/archive/2014/06/13/fixing-up-visual-studiorsquos-gitignore--using-ifix.aspx

Download tool

Updated 3.July 2014:  Corrected pattern for NuGet, details in this blogpost. (IFix is in progress to be updated too, version 1.1 will have these fixes)

Is there anything wrong with the built-in Visual Studio gitignore ????

Yes, there is ! 

First, some background:

When you set up a git repo, it should be small and not contain anything not really needed.  One thing you should not have in your git repo is binary files.

These binary files may come from two sources, one is the output files, in the bin and obj folders.  If you have a  gitignore file present, which you should always have (!!), these folders are excluded by the standard included file (the one included when you choose Team Explorer/Settings/GitIgnore – Add.)

The other source are the packages folder coming from your NuGet setup.  You do use NuGet, right ?  Of course you do !  But, that gitignore file doesn’t have any exclude clause for those folders.  You have to add that manually.  (It will very probably be included in some upcoming update or release).  This is one thing that is missing from the built-in gitignore.

To add those few lines is a no-brainer, you just include this:

# NuGet Packages
packages/*
**/packages/*
*.nupkg
# Enable "build/" folder in the NuGet Packages folder since
# NuGet packages use it for MSBuild targets.
# These two line needs to be after the ignore of the build folder
# (and the packages folder if the lines above has been uncommented)
!packages/build/
!**/packages/build/
Now, if you are like me, and you probably are, you add git repo’s faster than you can code, and you end up with a bunch of repo’s, and then start to wonder:
Did I fix up those gitignore files, or did I forget it?

The next thing you learn, for example by reading this blog post, is that the “standard” latest Visual Studio gitignore file exist at https://github.com/github/gitignore, and you locate it under the file name VisualStudio.gitignore.  Here you will find all the new stuff, for example, the exclusion of the roslyn ide folders was commited on May 24th. 

So, you think, all is well, Visual Studio will use this file …..    

I am very sorry, it won’t. Surprised smile

Visual Studio comes with a gitignore file that is baked into the release, and that is by this time “very old”.  The one at github is the latest. 

The included gitignore miss the exclusion of the nuget packages folder, it also miss a lot of new stuff, like the Roslyn stuff.

So, how do you fix this ?  … note .. while we wait for the next version…

You can manually update it for every single repo you create, which works, but it does get boring after a few times, doesn’t it ?

IFix

Enter IFix ,  install it from here.

IFix is a command line utility (and the installer adds it to the system path, you might need to reboot), and one of the commands is gitignore

If you run it from a directory, it will check and optionally fix all gitignores in all git repo’s in that folder or below.  So, start up by running it from your C:/<user>/source/repos folder.

To run it in check mode – which will not change anything, just do a check:

IFix  gitignore --check

What it will do is to check if the gitignore file is present, and if it is, check if the packages folder has been excluded.  If you want to see those that are ok, add the --verbose command too.  The result may look like this:

SNAGHTMLd9e57a9

Fixing missing packages

Let us fix a single repo by adding the missing packages structure,  using

IFix gitignore --fix

image

We first check, then fix, then check again to verify that the gitignore is correct, and that the “packages/” part has been added.

If we open up the .gitignore, we see that the block shown below has been added to the end of the .gitignore file.

image

 

Comparing and fixing with latest standard Visual Studio gitignore (from github)

Now, this tells you if you miss the nuget packages folder, but what about the latest gitignore from github ?

You can check for this too, just add the option –merge (why this is named so will be clear later down)

So,

IFix gitignore --check –merge

The result may come out like this  (sorry no colors, not got that far yet here):

image

As you can see, one repo has the latest gitignore (test1), the others are missing either 57 or 150 lines. 

IFix has three ways to fix this:

--add

--merge

--replace

The options work as follows:

Add:  Used to add standard gitignore in the cases where a .gitignore file is missing, and only that, that means it won’t touch other existing gitignores.

Merge: Used to merge in the missing lines from the standard into the gitignore file.  If gitignore file is missing, the whole standard will be added.

Replace: Used to force a complete replacement of the existing gitignore with the standard one.

The Add and Replace options can be used without Fix, which means they will actually do the action.

If you combine with --check it will otherwise not touch any files, just do a verification.  So a Merge Check will  tell you if there is any difference between the local gitignore and the standard gitignore, a Compare in effect.

When you do a Fix Merge it will combine the local gitignore with the standard, and add what is missing to the end of the local gitignore.

It may mean some things may be doubled up if they are spelled a bit differently.  You might also see some extra comments added, but they do no harm.

Init new repo with standard gitignore

One cool thing is that with a new repo, or a repo that is missing its gitignore, you can grab the latest standard just by using either the Add or the Replace command, both will in effect do the same in this case.

So,

IFix gitignore --add

will add it in, as in the complete example below, where we set up a new git repo and add in the latest standard gitignore:

image

Notes

The project is open sourced at github, and you can also report issues there.


          Visual Studio & TFS 2013 – List of extensions and tools (Part 2)      Cache   Translate Page   Web Page Cache   

Originally posted on: http://maxblogson.net/archive/2013/12/14/visual-studio-amp-tfs-2013-ndash-list-of-extensions-and.aspx


Go to Part 1 – List of Product Updates for information on Visual Studio and TFS 2013 updates

Looking for the VS 2012 product updates and extensions ?  Go to Visual Studio 2012 Product and updates (Part 1)  and Visual Studio 2012 extensions (Part 2)

Looking for the VS 2010 extensions ? Go to Visual Studio 2010 - List of Product Updates (Part 1) + Extensions (Part 2).

Looking for links to the test adapters, go to this blog post.

Update Sep 19th 2014:  Updated ReSharper3 , NDepend3 ,  LinqPadTFS Team Project Manager,    Code Contracts1

See earlier update notes

This post is a list of the extensions I recommend for use with Visual Studio 2013. It’s coming up all the time – what to install, where are the download sites, last version, etc etc, and thus I thought it better to post it here and keep it updated. The basics are Visual Studio 2013 connected to a Team Foundation Server 2013, although most also works with earlier versions. 

Many live in a side-by-side environment with Visual Studio 2010 and 2012. The side-by-side is supported by VS 2013. However, if you installed a component supporting VS2013 before you installed VS2013, then you need to reinstall it. (Components marked with Note 3 below) The VSIX installer will understand that it is to apply those only for VS2013, and will not touch – nor remove – the same for VS2010 and VS 2012. A good example here is the Power Commands.

The list is more or less in priority order.

The focus is to get a setup which can be used for a complete coding experience for the whole ALM process.

The list of course reflects what I use for my work , so it is by no means complete, and for some of the tools there are equally useful alternatives. 

The components directly associated with Visual Studio from Microsoft should be common, see the Microsoft column.

For components that are updated through the gallery, I will no longer update the latest version numbers, as they are easily controlled through the Tools/Extensions and Updates dialogue. In the version column I will just write Auto.

If you want to use the same set of extensions on multiple computers, you might like to share them easily. Lars Wilhelmsen has a great blog post about how to use Dropbox to share extensions and common settings.

Extensions ready for VS 2013, both upgrades and new ones

ProductNotesLatest VersionLicenseApplicable toMicrosoft
File NestingAwesome and convenientAutoFreeVisual StudioMSFT
AutoHistoryAwesome, local historyAutoFreeVisual StudioMS Devlabs
EF Power Tools Beta 41See blog postAutoFreeVisual StudioYes
MyHistory1See MSDN ArticleAutoFreeTFS IntegrationNo
Inmeta AssociateRecentWorkItems1Fast way to associate recent work items to a checkin, reduce need to search around.  See Jakobs blogpost for more infoAutoFreeTFS IntegrationNo

Unit Test Generator1

Get back the ability to generate unit tests from code, also works for NUnit and XUnit.AutoFreeUnit Testing (VS)ALM Rangers
Codelens Code Health Indicator  12Awesome !  See this post (Norwegian), and this and this.AutoFreeCoding & QualityYes
Runsettings1Item template to create default runsettings fileAutoFreeUnit Testing (VS & TFS)No
TypeScriptSee info here, and B.Harry’s blogpost. Codeplex here 
Release notes 
Now part of VS 2013, installs with that  
See http://www.typescriptlang.org/
1.0FreeCodingYes
ReSharper3Note:Version 8.1.23.546 and earlier have an issue with Nuget/NUnit/Chutzpah, see here.  Download version 8.2 to get this resolved. 
Version 8.2.1 have an issue with nuget, see this post  
8.2.2000.5120LicensedCoding & QualityNo
NuGet Manager   3New initial install included with VS 2013. Updates through extension galleryAutoFreeVisual StudioYes
TFS Power Tools 
See Brian Harry’s blog post for more info 

12.1.00402.0FreeTFS integrationYes
NDepend3Info on updates here. Trial available.

5.4.1.8430

LicensedQualityNo
Build Manager1Community Build Manager. Info here from JakobAutoFreeTFS IntegrationNo
Visual Studio 2013 SDKRequired for using WixPublished 11.Oct.2013FreeVisual StudioYes
Wix Toolset3.8FreeCoding/InstallersNo
Productivity Power Tools1Awesome package. A must have!AutoFreeVisual StudioYes
Code Contracts3Now on gallery too. Info here and follow the forum here 
See new blog here
1.7.10908.11FreeCodingYes
Code Contract Editor Extensions1 1.5.60813.10FreeCodingYes
Visualization and Modeling SDKRequires VS 2013 SDK 
Nov 10th 2013Free now, otherwise Part of MSDN SubscriptionModeling, DSL, UML extensionsYes
Slow Cheetah1 3Tool for transforming XML files, like config files.AutoFreeCodingNo
Web Essentials1AutoFreeCodingYes
Devart T4 editorNice T4 editor, using this now instead of tangible.AutoFreeCoding (T4 templates)No
tangible T4 editor1Lite version is free and more than enough for T4 editing.2.2.3Lite version Free (Good enough)Coding (T4 templates)No
ASP.Net and Web Tools 2013FreeCodingYes

#1 Get via Visual Studio’s Tools | Extension Manager (or The Code Gallery). (From Adam : All these are auto updated by the Extension Manager in Visual Studio)

#2 Works with ultimate only

#3 Also works with VS 2010 and VS 2012

 

Tools (outside Visual Studio)

ProductNotesLatest VersionLicenseApplicable toMicrosoft
ILSpyDecompiler –open source. Can also export assembly as C# project2.2.0.1706FreeCoding/InvestigationNo
DotPeekDecompiler from Jetbrains. Can also export as C# project1.2.1.226FreeCoding/InvestigationNo
LinqPadInfo here4.51.03Free and licensed versionsCodingNo
      
TFS Team Project ManagerExtremely valuable. Handle maintenance of work items, process, and much more across multiple team projects at once.  No more batch files with witadmin! See it at Codeplex 1.7.5119FreeTFSNo
TFS Administration ToolHandling security and permissions in TFS, Sharepoint and reporting services. Open source tool at Codeplex 
Version 2.3 is fully 2013 compatible. If you don’t have VS installed, download and install the TFS 2013 Object model 
Version 2.2 works on 2013 but requires the 2012 Object model to be installed.
2.3FreeTFSNo

 

Extensions we wait for, not yet in a VS 2013 version

ProductNotesLatest VersionLicenseApplicable toMicrosoft
Inmeta Build Explorer  FreeTFS integrationNo
      



















          MVVM Light with Laurent Bugnion      Cache   Translate Page   Web Page Cache   
Back at the beginning of WPF, before Silverlight, there was MVVM Light. While on the Modern Web Tour in Zurich, Richard sat down with Laurent Bugnion to talk about his work creating the open source toolkit that helped developers build cross-platform applications using the Model View View-Model pattern. Laurent's story crosses much of the story of XAML itself, from WPF to Silverlight to Windows Phone and Xamarin Forms!

          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          WordPress Coding Standards 1.0.0 uitgebracht      Cache   Translate Page   Web Page Cache   

Goed nieuws voor WordPress ontwikkelaars! Negen jaar nadat het project begon is versie 1.0.0 van de WordPress Coding Standards nu beschikbaar om te downloaden. Wat zijn de WordPress Coding Standards? WordPress Coding Standards is een gratis en open source project dat beschikbaar is gesteld op GitHub. Het is een verzameling van PHP_CodeSniffer regels om stukken code en

Het bericht WordPress Coding Standards 1.0.0 uitgebracht verscheen eerst op WordPress Handleiding.


          OpenEMR vulnerabilities put patients’ info, medical records at risk      Cache   Translate Page   Web Page Cache   

A slew of vulnerabilities in OpenEMR allowed attackers to access random patients’ health records, view data from a target database, escalate their privileges on the server, execute system commands, and more. What is OpenEMR? OpenEMR is a free and open source electronic health records and medical practice management solution. It’s one of the most popular electronic medical records management solutions in use today and it’s estimated that, worldwide, some 15,000 healthcare organizations of varying sizes … More

The post OpenEMR vulnerabilities put patients’ info, medical records at risk appeared first on Help Net Security.


          Google назвал нового руководителя Android Open Source Project      Cache   Translate Page   Web Page Cache   
Утверждён новый руководитель проекта AOSP (Android Open Source Project), в рамках которого координируется работа с исходными текстами выпусков платформы Android, ...
          ML.Net aims to provide machine learning for .Net developers      Cache   Translate Page   Web Page Cache   

A new machine learning framework from Microsoft is aimed at .Net developers who want to run common machine learning tasks using a cross-platform, open source system. The beta Version 0.4 is now available.

The features in ML.Net

ML.Net was first announced in May 2018. It provides ways for .Net developers to create models for specific tasks and to make them available to .Net applications via high-level APIs for model training and prediction serving.

To read this article in full, please click here


          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
8Jan201910:00
to
11:00

          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
2Apr201914:00
to
15:00

          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
28Jan201914:00
to
15:00

          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
1Nov201810:00
to
11:00

          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
20Feb201910:00
to
11:00

          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
27Nov201814:00
to
15:00

          Support Engineer - Microsoft - Las Colinas, TX      Cache   Translate Page   Web Page Cache   
Open Source – Linux, Red Hat, etc. Business Division Specific:. HDInsight/Hadoop, Machine Learning, Azure Stream Analytics....
From Microsoft - Sat, 04 Aug 2018 07:46:54 GMT - View all Las Colinas, TX jobs
          Support Eng - Microsoft - Charlotte, NC      Cache   Translate Page   Web Page Cache   
Open Source – Linux, Red Hat, etc. Business Division Specific:. HDInsight/Hadoop, Machine Learning, Azure Stream Analytics....
From Microsoft - Thu, 19 Jul 2018 08:08:21 GMT - View all Charlotte, NC jobs
          Red-Team-Infrastructure-Wiki/README.md at master · bluscreenofjeff/Red-Team-Infrastructure-Wiki · GitHub      Cache   Translate Page   Web Page Cache   

This wiki is intended to provide a resource for setting up a resilient Red Team infrastructure. It was made to complement Steve Borosh (@424f424f) and Jeff Dimmock's (@bluscreenofjeff) BSides NoVa 2017 talk "Doomsday Preppers: Fortifying Your Red Team Infrastructure" (slides)

If you have an addition you'd like to make, please submit a Pull Request or file an issue on the repo.

THANK YOU to all of the authors of the content referenced in this wiki and to all who contributed!

Functional Segregation

When designing a red team infrastructure that needs to stand up to an active response or last for a long-term engagement (weeks, months, years), it’s important to segregate each asset based on function. This provides resilience and agility against the Blue Team when campaign assets start getting detected. For example, if an assessment’s phishing email is identified, the Red Team would only need to create a new SMTP server and payload hosting server, rather than a whole team server setup.

Consider segregating these functions on different assets:

  • Phishing SMTP
  • Phishing payloads
  • Long-term command and control (C2)
  • Short-term C2

Each of these functions will likely be required for each social engineering campaign. Since active incident response is typical in a Red Team assessment, a new set of infrastructure should be implemented for each campaign.

Using Redirectors

To further resilience and concealment, every back-end asset (i.e. team server) should have a redirector placed in front of it. The goal is to always have a host between our target and our backend servers. Setting up the infrastructure in this manner makes rolling fresh infrastructure much quicker and easier - no need to stand up a new team server, migrate sessions, and reconnect non-burned assets on the backend.

Common redirector types:

  • SMTP
  • Payloads
  • Web Traffic
  • C2 (HTTP(S), DNS, etc)

Each redirector type has multiple implementation options that best fit different scenarios. These options are discussed in further detail in the Redirectors section of the wiki. Redirectors can be VPS hosts, dedicated servers, or even apps running on a Platform-as-a-Service instance.

Sample Design

Here is a sample design, keeping functional segregation and redirector usage in mind:

Sample Infrastructure Setup

Further Resources

Perceived domain reputation will vary greatly depending on the products your target is using, as well as their configuration. As such, choosing a domain that will work on your target is not an exact science. Open source intelligence gathering (OSINT) will be critical in helping make a best guess at the state of controls and which resources to check domains against. Luckily, online advertisers face the same problems and have created some solutions we can leverage.

expireddomains.net is a search engine for recently expired or dropped domains. It provides search and advanced filtering, such as age of expiration, number of backlinks, number of Archive.org snapshots, SimilarWeb score. Using the site, we can register pre-used domains, which will come with domain age, that look similar to our target, look similar to our impersonation, or simply are likely to blend in on our target’s network.

expireddomains.net

When choosing a domain for C2 or data exfiltration, consider choosing a domain categorized as Finance or Healthcare. Many organizations will not perform SSL middling on those categories due to the possibility of legal or data sensitivity issues. It is also important to ensure your chosen domain is not associated with any previous malware or phishing campaigns.

The tool CatMyFish by Charles Hamilton(@MrUn1k0d3r) automates searches and web categorization checking with expireddomains.net and BlueCoat. It can be modified to apply more filters to searches or even perform long term monitoring of assets you register.

Another tool, DomainHunter by Joe Vest (@joevest) & Andrew Chiles (@andrewchiles), returns BlueCoat/WebPulse, IBM X-Force, and Cisco Talos categorization, domain age, alternate available TLDs, Archive.org links, and an HTML report. Additionally, it performs checks for use in known malware and phishing campaigns using Malwaredomains.com and MXToolBox. This tool also includes OCR support for bypassing the BlueCoat/WebPulse captchas. Check out the blog post about the tool's initial release for more details.

Yet another tool, AIRMASTER by Max Harley (@Max_68) uses expireddomains.net and Bluecoat to find categorized domains. This tool uses OCR to bypass the BlueCoat captcha, increasing the search speed.

If a previously-registered domain isn't available or you would prefer a self-registered domain, it's possible to categorize domains yourself. Using the direct links below or a tool like Chameleon by Dominic Chell (@domchell). Most categorization products will overlook redirects or cloned content when determining the domain's categorization. For more information about Chameleon usage, check out Dominic's post Categorisation is not a security boundary.

Finally, make sure your DNS settings have propogated correctly.

Categorization and Blacklist Checking Resources

Easy Web-Based Phishing

The words easy and phishing never really seem to go together. Setting up a proper phishing infrastructure can be a real pain. The following tutorial will provide you with the knowledge and tools to quickly setup a phishing server that passes "most" spam filters to-date and provides you with a RoundCube interface for an easy phishing experience including two-way communications with your target. There are many setup's and posts out there regarding phishing. This is just one method.

Once you have a domain that passes the proper checks listed in the previous section and have your phishing server spun-up, you'll need to create a couple "A" records for your domain as pictured.

DNS Setup

Next, ssh into your phishing server and make sure you have a proper FQDN hostname listed in your /etc/hosts. Example "127.0.0.1 email.yourphishingserver.com email localhost"

Now, you're going to install the web front-end to phish from in just a few easy steps. Start by downloading the latest "BETA" version of iRedMail onto your phishing server. Easy way is to right click the download button, copy the link address, use wget to download directly onto your phishing server. Next, untar it "tar -xvf iRedMail-0.9.8-beta2.tar.bz2". Navigate into the unpacked folder and make the iRedMail.sh script executable (chmod +x iRedMail.sh). Execute the script as root, follow the prompts, and you'll need to reboot to finish everything.

You'll want to make sure you have all the proper DNS records ponting to your mail server. (https://docs.iredmail.org/setup.dns.html). For DKIM, the new command should be "amavisd-new showkeys" to list your DKIM key.

For DMARC we can use (https://www.unlocktheinbox.com/dmarcwizard/) to generate our dmarc entry.

iRedMail Dashboard

Now, create a user to phish with.

iRedMail Create User

Login to the RoundCube interface with your new user and phish responsibly!

RoundCube Login

RoundCube Send Mail

Cobalt Strike Phishing

Cobalt Strike provides customizable spearphishing functionality to support pentest or red team email phishing. It supports templates in HTML and/or plaintext formats, attachments, a bounceback address, URL embedding, remote SMTP server usage, and per-message send delays. Another interesting feature is the ability to add a unique token to each user's embedded URL for click tracking.

Cobalt Strike Spearphishing Popup

For more detailed information, check out these resources:

Phishing Frameworks

Beyond rolling your own phishing setup or using a pentest or red teaming fraework, like Cobalt Strike, there are numerous tools and frameworks dedicated to email phishing. While this wiki won't go into detail about each framework, a few resources for each are collected below:

Gophish

Phishing Frenzy

The Social-Engineer Toolkit

FiercePhish (formerly FirePhish)

SMTP

“Redirector” may not be the best word to describe what we’re going to accomplish, but the goal is the same as with our other redirection. We want to remove any traces of our phishing origination from the final email headers and provide a buffer between the victim and our backend server. Ideally, the SMTP redirector will be quick to setup and easy to decommission.

There are two key actions we want to configure an SMTP redirector to perform:

Sendmail

Remove previous server headers

Add the following line to the end of /etc/mail/sendmail.mc:

define(`confRECEIVED_HEADER',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl

Add to the end of /etc/mail/access:

IP-to-Team-Server *TAB* RELAY
Phish-Domain *TAB* RELAY

Removing Sender’s IP Address From Email’s Received From Header

Removing Headers from Postfix setup

Configure a catch-all address

This will relay any email received to *@phishdomain.com to a chosen email address. This is highly useful to receive any responses or bounce-backs to a phishing email.

echo PHISH-DOMAIN >> /etc/mail/local-host-names

Add the following line right before //Mailer Definitions// (towards the end) of /etc/mail/sendmail.mc:

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl

Add the following line to the end of /etc/mail/virtusertable:

@phishdomain.com  external-relay-address

Note: The two fields should be tab-separated

Postfix

Postfix provides an easier alternative to sendmail with wider compatiblity. Postfix also offers full IMAP support with Dovecot. This allows testers to correspond in real-time with phishing targets who respond to the original message, rather than relying on the catch-all address and having to create a new message using your phishing tool.

A full guide to setting up a Postfix mail server for phishing is available in Julian Catrambone's (@n0pe_sled) post Mail Servers Made Easy.

DNS

Sample DNS Redirector Setup

Note: When using C2 redirectors, a foreign listener should be configured on your post-exploitation framework to send staging traffic through the redirector domain. This will cause the compromised host to stage through the redirector like the C2 traffic itself.

socat for DNS

socat can be used to redirect incoming DNS packets on port 53 to our team server. While this method works, some user’s have reported staging issues with Cobalt Strike and or latency issues using this method. Edit 4/21/2017: The following socat command seems to work well thanks to testing from @xorrior:

socat udp4-recvfrom:53,reuseaddr,fork udp4-sendto:<IPADDRESS>; echo -ne

Redirecting Cobalt Strike DNS Beacons - Steve Borosh

iptables for DNS

iptables DNS forwarding rules have been found to work well with Cobalt Strike. There does not seem to be any of the issues that socat has handling this type of traffic.

An example DNS redirector rule-set is below.

iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to-destination <IP-GOES-HERE>:53
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD -j ACCEPT
iptables -P FORWARD ACCEPT
sysctl net.ipv4.ip_forward=1

Also, change "FORWARD" chain policy to "ACCEPT"

DNS redirection can also be done behind NAT

Some may have the requirement or need to host a c2 server on an internal network. Using a combination of IPTABLES, SOCAT, and reverse ssh tunnels, we can certainly achieve this in the following manner.

Sample DNS NAT Setup

In this scenario we have our volitile redirector using IPTables to forward all DNS traffic using the rule example described earlier in this section. Next, we create an SSH reverse port forward tunnel from our internal c2 server, to our main redirector. This will forward any traffic the main redirector receives on port 6667 to the internal c2 server on port 6667. Now, start socat on our team server to fork any of the incoming TCP traffic on port 6667 to UDP port 53 which, is what our DNS c2 needs to listen on. Finally, we similarly setup a socat instance on the main redirector to redirect any incoming UDP port 53 traffic into our SSH tunnel on port 6667.

HTTP(S)

Note: When using C2 redirectors, a foreign listener should be configured on your post-exploitation framework to send staging traffic through the redirector domain. This will cause the compromised host to stage through the redirector like the C2 traffic itself.

socat vs mod_rewrite

socat provides a ‘dumb pipe’ redirection. Any request socat receives on the specified source interface/port is redirected to the destination IP/port. There is no filtering or conditional redirecting. Apache mod_rewrite, on the other hand, provides a number of methods to strengthen your phishing and increase the resilience of your testing infrastructure. mod_rewrite has the ability to perform conditional redirection based on request attributes, such as URI, user agent, query string, operating system, and IP. Apache mod_rewrite uses htaccess files to configure rulesets for how Apache should handle each incoming request. Using these rules, you could, for instance, redirect requests to your server with the default wget user agent to a legitimate page on your target's website.

In short, if your redirector needs to perform conditional redirection or advanced filtering, use Apache mod_rewrite. Otherwise, socat redirection with optional iptables filtering will suffice.

socat for HTTP

socat can be used to redirect any incoming TCP packets on a specified port to our team server.

The basic syntax to redirect TCP port 80 on localhost to port 80 on another host is:

socat TCP4-LISTEN:80,fork TCP4:<REMOTE-HOST-IP-ADDRESS>:80

If your redirector is configured with more than one network interface, socat can be bound to a specific interface, by IP address, with the following syntax:

socat TCP4-LISTEN:80,bind=10.0.0.2,fork TCP4:1.2.3.4:80

In this example, 10.0.0.2 is one of the redirector's local IP addresses and 1.2.3.4 is the remote team server's IP address.

iptables for HTTP

In addition to socat, iptables can perform 'dumb pipe' redirection via NAT. To forward the redirector's local port 80 to a remote host, use the following syntax:

iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <REMOTE-HOST-IP-ADDRESS>:80
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -I FORWARD -j ACCEPT
iptables -P FORWARD ACCEPT
sysctl net.ipv4.ip_forward=1

SSH for HTTP

We have previously covered using SSH for DNS tunnels. SSH works as a solid, and robust means to break through NAT and obtain a way for the implant to connect to a redirector and into your server environment. Before setting up an SSH redirector, you must add the following lines to /etc/ssh/sshd_config:

# Allow the SSH client to specify which hosts may connect
GatewayPorts yes

# Allow both local and remote port forwards
AllowTcpForwarding yes

To forward the redirector's local port 80 to your internal teamsrver, use the following syntax on the internal server:

tmux new -S redir80
ssh <redirector> -R *:80:localhost:80
Ctrl+B, D

You can also forward more than one port, for example if you want 443 and 80 to be open all at once:

tmux new -S redir80443
ssh <redirector> -R *:80:localhost:80 -R *:443:localhost:443
Ctrl+B, D

Payloads and Web Redirection

When serving payload and web resources, we want to minimize the ability for incident responders to review files and increase the chances of successfully executing the payload, whether to establish C2 or gather intelligence.

Sample Apache Redirector Setup

Apache Mod_Rewrite usage and examples by Jeff Dimmock:

Other Apache mod_rewrite usage and examples:

To automatically set up Apache Mod_Rewrite on a redirector server, check out Julain Catrambone's (@n0pe_sled) blog post Mod_Rewrite Automatic Setup and the accompanying tool.

C2 Redirection

The intention behind redirecting C2 traffic is twofold: obscure the backend team server and appear to be a legitimate website if browsed to by an incident responder. Through the use of Apache mod_rewrite and customized C2 profiles or other proxying (such as with Flask), we can reliably filter the real C2 traffic from investigative traffic.

C2 Redirection with HTTPS

Building on "C2 Redirection" above, another method is to have your redirecting server use Apache's SSL Proxy Engine to accept inbound SSL requests, and proxy those to requests to a reverse-HTTPS listener. Encryption is used at all stages, and you can rotate SSL certificates on your redirector as needed.

To make this work with your mod_rewrite rules, you need to place your rules in "/etc/apache2/sites-available/000-default-le-ssl.conf" assuming you've used LetsEncrypt (aka CertBot) to install your certificate. Also, to enable the SSL ProxyPass engine, you'll need the following lines in that same config file:

# Enable the Proxy Engine
SSLProxyEngine On

# Tell the Proxy Engine where to forward your requests
ProxyPass / https://DESTINATION_C2_URL:443/
ProxyPassReverse / https://DESTINATION_C2_URL:443/

# Disable Cert checking, useful if you're using a self-signed cert
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

Other Apache mod_rewrite Resources

Cobalt Strike

Cobalt Strike modifies its traffic with Malleable C2 profiles. Profiles provide highly-customizable options for modifying how your server’s C2 traffic will look on the wire. Malleable C2 profiles can be used to strengthen incident response evasion, impersonate known adversaries, or masquerade as legitimate internal applications used by the target.

As you begin creating or modifying Malleable C2 profiles, it's important to keep data size limits for the Beacon info placement. For example, configuring the profile to send large amounts of data in a URL parameter will require many requests. For more information about this, check out Raphael Mudge's blog post Beware of Slow Downloads.

If you encounter issues with your Malleable C2 profile and notice the teamserver console outputting errors, refer to Raphael Mudge's blog post Broken Promises and Malleable C2 Profiles for troubleshooting tips.

Empire

Empire uses Communication Profiles, which provide customization options for the GET request URIs, user agent, and headers. The profile consists of each element, separated by the pipe character, and set with the set DefaultProfile option in the listeners context menu.

Here is a sample default profile:

"/CWoNaJLBo/VTNeWw11212/|Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1)|Accept:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*|Accept-Language:en-en"

Alternatively, the DefaultProfile value can be set by modifying the file /setup/setup_database.py before Empire’s initial setup. This will change the default Communication Profile that Empire will use.

In addition to the Communication Profile, consider customizing the Empire server's staging URIs, server headers, and defaut webpage content by following the steps presented in Joe Vest's (@joevest) post Empire - Modifying Server C2 Indicators.

Leveraging trusted, legitimate web services for C2 can provide a valuable leg-up over using domains and infrastructure you've configured yourself. Configuration time and complexity varies based on the technique and service being used. A popular example of leveraging third-party services for C2 redirection is Domain Fronting.

Domain Fronting

Domain Fronting is a technique used by censorship evasion services and apps to route traffic through legitimate and highly-trusted domains. Popular services that support Domain Fronting include Google App Engine, Amazon CloudFront, and Microsoft Azure. It's important to note that many providers, like Google and Amazon have implemented mitigations against Domain Fronting, so some linked resources or information provided in this wiki may be outdated by the time you try to use it.

In a nutshell, traffic uses the DNS and SNI name of the trusted service provider, Google is used in the example below. When the traffic is received by the Edge Server (ex: located at gmail.com), the packet is forwarded to the Origin Server (ex: phish.appspot.com) specified in the packet’s Host header. Depending on the service provider, the Origin Server will either directly forward traffic to a specified domain, which we’ll point to our team server, or a proxy app will be required to perform the final hop forwarding.

Domain Fronting Overview

For more detailed information about how Domain Fronting works, see the whitepaper Blocking-resistant communication through domain fronting and the TOR Project’s meek documentation

In addition to the standard frontable domains, such as any google.com domain, it's possible to leverage other legitimate domains for fronting.

For more information about hunting frontable domains, check out:

Further Resources on Domain Fronting

PaaS Redirectors

Many PaaS and SaaS providers provide a static subdomain or URL for use with a provisioned instance. If the associated domain is generally highly trusted, the instances could provide extra trust to your C2 infrastructure over a purchased domain and VPS.

To set the redirection up, you will need to identify a service that issues a static subdomain or URL as part of an instance. Then, either the instance will need to be configured with network or application-based redirection. The instance will act as a proxy, similar to the other redirectors discussed on this wiki.

Specific implementation can vary greatly based on the service; however, for an example using Heroku, check out the blog post Expand Your Horizon Red Team – Modern SaaS C2 by Alex Rymdeko-Harvey (@Killswitch_GUI).

Another interesting technique that merits further research is the use of overly-permissive Amazon S3 buckets for C2. Check out the post S3 Buckets for Good and Evil by Andrew Luke (@Sw4mp_f0x) for more details on how S3 buckets could be used for C2. This technique could be combined with the third-party C2 capabilities of Empire to use the target's legitimate S3 buckets against them.

For another example of using PaaS for C2, check out Databases and Clouds: SQL Server as a C2 by Scott Sutherland (@_nullbind).

Other Third-Party C2

Other third-party services have been used in the wild for C2 in the past. Leveraging third-party websites that allow for the rapid posting or modification of user-generated content can help you evade reputation-based controls, especially if the third-party site is generally trusted.

Check out these resources for other third-party C2 options:

Attack infrastructure is often easy to identify, appearing like a shell of a legitimate server. We will need to take additional steps with our infrastructure to increase the likelihood of blending in with real servers amongst either the target organization or services the target may conceivably use.

Redirectors can help blend in by redirecting invalid URIs, expiring phishing payload links, or blocking common incident responder techniques; however, attention should also be paid to the underlying host and its indicators.

For example, in the post Fall of an Empire, John Menerick (@Lord_SQL) covers methods to detect Empire servers on the internet.

To combat these and similar indicators, it's a good idea to modify C2 traffic patterns, modify server landing pages, restrict open ports, and modify default response headers.

For more details about how to do these and other tactics for multiple attack frameworks, check out these posts:

Attack infrastructure can be attacked just the same as any other internet-connected host, and it should be considered HIGHLY sensitive due to the data in use and connections into target environments.

In 2016, remote code execution vulnerabilities were disclosed on the most common attack tools:

iptables should be used to filter unwanted traffic and restrict traffic between required infrastructure elements. For example, if a Cobalt Strike team server will only serve assets to an Apache redirector, iptables rules should only allow port 80 from the redirector’s source IP. This is especially important for any management interfaces, such as SSH or Cobalt Strike’s default port 50050. Also consider blocking non-target country IPs. As an alternative, consider using hypervisor firewalls provided by your VPS providers. For example, Digital Ocean offers Cloud Firewalls that can protect one or multiple droplets.

chattr can be used on team servers to prevent cron directories from being modified. Using chattr, you can restrict any user, including root, from modifying a file until the chattr attribute is removed.

SSH should be limited to public-key authentication only and configured to use limited-rights users for initial login. For added security, consider adding multi-factor authentication to SSH.

Update! No securing list is complete without a reminder to regularly update systems and apply hot-fixes as needed to remediate vulnerabilities.

Of course, this list is not exhaustive of what you can do to secure a team server. Follow common hardening practices on all infrastructure:

Specific Hardening Resources

There are a number of resources available online discussing the secure setup and design of infrastructures. Not every design consideration will be appropriate for every attack infrastructure, but it's useful to know what options are available and what other testers are doing.

Here are some of those resoources:

The topics covered in this wiki strengthen attack infrastrctures, but generally require a good deal of time to design and implement. Automation can be used to greatly reduce deployment times, allowing you to deploy more complex setups in less time.

Check out these resources about attack infrastructure automation:

  • Document everything - Running a complex Red Team infrastructure means many moving parts. Be sure to document each asset’s function and where its traffic is sent.

  • Split assets among different service providers and regions - Infrastructure assets should be spread across multiple service providers and geographic regions. Blue Team members may raise monitoring thresholds against providers identified as actively performing an attack and may even outright block a given service provider. Note: keep international privacy laws in mind if sending encrypted or sensitive data across borders.

  • Don't go overboard - It's easy to get excited about advanced techniques and want to throw the kitchen sink at a target. If you are emulating a specific adversarial threat, only leverage techniques the real threat actor used or techniques within the skillset of the threat actor. If your red team testing will attack the same target long-term, consider starting "easy" and working through the more advanced tradecraft as your assessments go on. Evolving the red team's technique alongside the blue team's will consistenly push the organization forward, whereas hitting the blue team with everything at once may overwhelm the blue team and slow the learning process.

  • Monitor logs - All logs should be monitored throughout the engagement: SMTP logs, Apache logs, tcpdump on socat redirectors, iptables logs (specific to traffic forwarding or targeted filtering), weblogs, Cobalt Strike/Empire/MSF logs. Forward logs to a central location, such as with rsyslog, for easier monitoring. Operator terminal data retention may come in handy for going over an historical command useage during an operation. @Killswitch_GUI created an easy-to-use program named lTerm that will log all bash terminal commands to a central location. Log all terminal output with lTerm. Check out Vincent Yiu's post CobaltSplunk for an example of how to send Cobalt Strike logs to Splunk for advanced infrastructure monitoring and analysis.

  • Implement high-value event alerting - Configure the attack infrastructure to generate alerts for high-value events, such as new C2 sessions or credential capture hits. One popular way of implementing alerting is via a chat platform's API, such as Slack. Check out the following posts about Slack alerting: Slack Shell Bot - Russel Van Tuyl (@Ne0nd0g), Slack Notifications for Cobalt Strike - Andrew Chiles (@AndrewChiles), Slack Bots for Trolls and Work - Jeff Dimmock (@bluscreenfojeff)

  • Fingerprint incident response - If possible, try to passively or actively fingerprint IR actions before the assessment starts. For example, send a mediocre phishing email to the target (using unrelated infrastructure) and monitor traffic that infrastructure receives. IR team investigations can disclose a good deal of information about how the team operates and what infrastructure they use. If this can be determined ahead of the assessment, it can be filtered or redirected outright.

A BIG THANK YOU to all the following people (listed alphabetically) who contributed tools, tips, or links to include in the wiki, and another THANK YOU to anyone who wrote a tool or post referenced in this wiki!


          JFrog Artifactory Open Source 6.2.0-0      Cache   Translate Page   Web Page Cache   
Released on Aug 08, 2018
          React and jQuery give people lung cancer      Cache   Translate Page   Web Page Cache   

Is it ethical to work for a tobacco company? Most people would probably say no but if you’ve ever contributed code to React, Webpack, jQuery, Bootstrap or Modernizr, you have done exactly that.

Philip Morris International’s website uses jQuery and Bootstrap.

British American Tobacco’s site uses jQuery and Modernizr.

Altadis uses React + Webpack.

I personally feel pretty uncomfortable about the idea that any improvements I contribute to open source projects might go towards giving people lung cancer. For that reason, I was thrilled to come across the Just World License (JWL)* today.

The idea of JWL is to prevent software from being used by unethical industries, including tobacco, gambling, people trafficking, slavery, purveyors of hate speech and more . It’s an extension on the BSD 3 license with restrictions on the activities of people/organisations who can legally use the software.

Chris Jensen has written a great article that aims to clear up misconceptions around the intent and likely effectiveness of ethical open source licenses.

I would love to see major open source projects adopt JWL (or a similar ethical open source license). Otherwise, the work we contribute is going towards organisations that we probably don’t support.

One concern that may arise is that it could fragment the development community and lead to unethical organisations developing a counter-license that bans renewable energy companies, vegetarians and Democrat voters from using their software. I would be interested to see the proportion of developers who would side with that license.

*JWL name potentially being changed to Ethical World License


React and jQuery give people lung cancer

          Open Source Software Market to 2025 - Intel, Epson, IBM, Transcend, Oracle, Acquia, Actuate, Alfresco Software Inc, Astaro Corp      Cache   Translate Page   Web Page Cache   
(EMAILWIRE.COM, August 09, 2018 ) Research N Reports published a new industry research that focuses on Open Source Software market and delivers in-depth market analysis and future prospects of Global Open Source Software market. The study covers significant data which makes the research document...
          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          Facial recognition tool helps penetration testing      Cache   Translate Page   Web Page Cache   
Using fake social media profiles is a common technique among hackers in order to gain the confidence of targets and direct them to credential stealing sites. For security and penetration testing teams to replicate this is time consuming as often people have profiles across multiple sites. Ethical hacking specialist Trustwave is using a new tool called Social Mapper that can correlate profiles across multiple sites and make analyzing a person's online presence easier. Social Mapper is an open source tool that takes an automated approach to searching popular social media sites for names and pictures of individuals to accurately detect… [Continue Reading]

          DevOps Engineer - Ritchie Bros. - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ritchie Bros. - Sat, 30 Jun 2018 02:48:25 GMT - View all Burnaby, BC jobs
          Senior DevOps Engineer - Long Term Contract - Ignite Technical Resources - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ignite Technical Resources - Thu, 21 Jun 2018 08:15:40 GMT - View all Burnaby, BC jobs
          DevOps Engineer - Ritchie Bros. - Vancouver, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Indeed - Wed, 08 Aug 2018 18:36:45 GMT - View all Vancouver, BC jobs
          Telecommute Field Software Engineer      Cache   Translate Page   Web Page Cache   
A technology company has a current position open for a Telecommute Field Software Engineer. Core Responsibilities of this position include: Engaging in the pre-sales process and remaining engaged throughout the delivery phase Building customized solutions for our customers Designing complex solutions and guiding customers to successful infrastructure operations Applicants must meet the following qualifications: 50% travel time 3 years of Linux development experience BA/BS degree in Computer Science or related technical field Strong background contributing code in Python and Go to open source projects in the cloud or devices area Must be able to speak English fluently
          LF Deep Learning Foundation Advances Open Source Artificial Intelligence With Major …      Cache   Translate Page   Web Page Cache   
"The progression of artificial intelligence and machine learning technologies calls for a shift in how we design and implement networks and services," ...
          Drupal Association blog: A more sustainable framework for fiscal sponsorship of Drupal camps      Cache   Translate Page   Web Page Cache   

Camps are Drupal’s growth engine and they take place all over the world. They attract local developers, connect them with resources to learn how to use Drupal, and most importantly, they provide on-ramps into the community. We are incredibly thankful and amazed at the level of commitment and contribution that organizers invest in their events. This is a very important way to contribute back to the project.

The Drupal Association supports camps as we can. We provide grants to new events through Community Cultivation Grants (check out this GoaCamp story). We also provide fiscal sponsorship to camps. This means we let organizers deposit their camp income into the Drupal Association bank account, taking advantage of our non-profit  status. Then, they work with our operations team to pay bills out of the account.

It’s been an honor to help several camps this way. However, this program has two major challenges. 1) We are not able to support camps globally because we can’t work in every currency, so most of the camps we support are in the U.S. 2) As we became a smaller organization, we have fewer staff to support this program. We haven’t been as fast at processing funds as we would like or our camps need.

Knowing how important camps are to Drupal, how organizers need their work made easier, and that we need to provide global support, we decided that the best way to provide better fiscal sponsorship is by referring community groups to organizations whose business is set up to provide this service. Over the years, we have watched several organizations get very good at providing fiscal sponsorship to open source projects.

We therefore have been looking at best practice models across many open source communities and we are happy to partner with Open Collective, a company specializing in fiscal sponsorships and other open source funding opportunities. They have the ability to scale and offer the level of service to meet a camp’s needs. In the US, Open Collective Foundation has recently obtained their 501(c)(3) status, and will be able to sign for and represent your camp as we have done in the past. Their platform, itself an open source project just like Drupal, gives camp organizers full transparency, and on-demand reporting so they can manage a camp effectively.  Additional details about Open Collective can be found here.

Because of this opportunity, we have made the choice to sunset our internal program as of August 31, 2018.

While we have chosen to partner with Open Collective to assist in this transition, we strongly believe in choice and there are other fiscal sponsorship opportunities that you can choose to roll your funds to, such as Software In The Public Interest and the Software Freedom Conservancy.

We know that each camp is in a different stage of planning, and we are dedicated to making sure that the transition is smooth and will not affect the activities and success of camps. We will be reaching out to camp contacts to schedule time to talk through the transition. From there, we will roll the funds to a legal entity that you have chosen.

We are thankful for all the camps we were able to help get launched, and continue to watch their growth year after year. We hope this transition will help our camps grow and scale with no limitations.


          Open Collective's new tool helps you "Back Your Stack"      Cache   Translate Page   Web Page Cache   

Pia Mancini, CEO of Open Collective:

BackYourStack is the first step to help companies discover the dependencies in their stack that are seeking to become sustainable and a way to start subscriptions to them. Each collective can set up different tiers for their subscriptions such us brand visibility, support or in-house training.

Just input your GitHub org and BackYourStack will generate a list of supportable projects by analyzing your dependencies. This is a great idea and a good first step toward making it easier for organizations to put their money where their source is.

(YMMV as the results are a bit limited (and maybe buggy?) at the moment. Our report is saying we only rely upon 1 open source project, which definitely doesn't cover it.)


          The Changelog 309: Rebuilding Exercism from the ground up      Cache   Translate Page   Web Page Cache   

Adam and Jerod invite back Katrina Owen after years away focusing on Exercism—a 100% free platform for code practice and mentorship with over 2500 exercises and 48 different language tracks. They talk to Katrina about how the platform has changed, the direction it's taken, the backstory on the recently launched version 2, and how she plans to turn Exercism into a sustainable business. Also, what happens if that doesn't work?!

Sponsors

  • Hired –  Salary and benefits upfront? Yes please. Our listeners get a double hiring bonus of $600! Or, refer a friend and get a check for $1,337 when they accept a job. On Hired companies send you offers with salary, benefits, and even equity upfront. You are in full control of the process. Learn more at hired.com/changelog.
  • DigitalOcean –  DigitalOcean is simplicity at scale. Whether your business is running one virtual machine or ten thousand, DigitalOcean gets out of your way so your team can build, deploy, and scale faster and more efficiently. New accounts get $100 in credit to use in your first 60 days.
  • Algolia –  Our search partner. Algolia's full suite search APIs enable teams to develop unique search and discovery experiences across all platforms and devices. We're using Algolia to power our site search here at Changelog.com. Get started for free and learn more at algolia.com.
  • GoCD –  GoCD is an on-premise open source continuous delivery server created by ThoughtWorks that lets you automate and streamline your build-test-release cycle for reliable, continuous delivery of your product.

Featuring

Notes and Links


          New Azure #CosmosDB JavaScript SDK 2.0 now in public preview      Cache   Translate Page   Web Page Cache   

The Azure Cosmos DB team is excited to announce version 2.0 RC of the JavaScript SDK for SQL API, now in public preview!

We are excited to get feedback through this RC before general availability, so please try it out and let us know what you think. You can get the latest version through npm with:

npm install azure cosmos

What is Azure Cosmos DB?

Azure Cosmos DB is a globally distributed, multi-model database service. It offers turnkey global distribution, guarantees single-digit millisecond latencies at the 99th percentile, and elastic scaling of throughput and storage.

For the SQL API, we support a JavaScript SDK to enable development against Azure Cosmos DB from JavaScript and Node.js projects. Version 2.0 of the SDK is written completely in TypeScript, and we’ve redesigned the object model and added support for promises. Let’s dive into these updates.

New object model

Based on user feedback, we’ve redesigned the object model to make it easier to interact with and perform operations against Cosmos DB. 

If you’re familiar with the previous version of the JavaScript SDK, you’ve likely noticed that the entire API surface hangs off DocumentDBClient. While the previous design makes it easy to find the entry point for methods, it also came at the cost of a cluttered IntelliSense experience, as seen below.

DocumentDBClient

We also got feedback that it was difficult to do operations off databases, collections, or documents since each method needed to reference the URL of that resource. 

To address this, we’ve created a new top level CosmosClient class to replace DocumentDBClient, and split up its methods into modular Database, Container, and Items classes.

For example, in the new SDK, you can create a new database, container, and add an item to it, all in 10 lines of code!

Create a new database

This is called a “builder” pattern, and it allows us to reference resources based on the resource hierarchy of Cosmos DB, which is similar to the way your brain thinks about Cosmos DB. For example, to create an item, we first reference its database and container, and call items.create().

Containers and Items

In addition, because Cosmos DB supports multiple API models, we’ve introduced the concepts of Container and Item into the SDK, which replace the previous Collection and Document concepts. In other words, what was previously known as a “Collection” is now called a “Container.”

An account can have one or more databases, and a database consists of one or more containers. Depending on the API, the container is projected as either a collection (SQL or Mongo API), graph (Gremlin API), or table (Tables API).

Container and Items

Support for promises

Finally, we’ve added full support for promises so you no longer have write custom code to wrap the SDK yourself. Now, you can use async/await directly against the SDK.

To see the difference, to create a new database, collection, and add a document in the previous SDK, you would have to do something like this:

SDK

In the new SDK, you can simply await the calls to Cosmos DB directly from inside an async function, as seen below.

We’ve also added a convenience method createIfNotExists() for databases and containers, which wraps the logic to read the database, check the status code, and create it if it doesn’t exist.

Here’s the same functionality, using the new SDK:

promisesNewImageUseThisOne

Open source model

The Azure Cosmos DB JavaScript SDK is open source, and our team is planning to do all development in the open. To that end, we will be logging issues, tracking feedback, and accepting PR’s in GitHub.

Getting started

We hope this new SDK makes for a better developer experience. To get started, check out our quick start guide. We’d love to hear your feedback! Email cosmosdbsdkfeedback@microsoft.com or log issues in our GitHub repo.

npm install azure cosmos

Stay up-to-date on the latest Azure #CosmosDB news and features by following us on Twitter @AzureCosmosDB. We are really excited to see what you will build with Azure Cosmos DB!


          Ce implică crearea şi dezvoltarea unui magazin online pentru antreprenori?       Cache   Translate Page   Web Page Cache   
Când alegi tipul de management al unui magazin online sau soluţia open source de tip e-commerce trebuie să ai în vedere câteva criterii importante precum: tipul afacerii, numărul produselor şi modalitatea de plată.
          UX Developer Lead, Themes - Shopify - Montréal, QC      Cache   Translate Page   Web Page Cache   
We champion Slate, an open source development tool, and work with our colleagues across the Online store channel to shape the development of new platform...
From Shopify - Tue, 10 Jul 2018 20:00:27 GMT - View all Montréal, QC jobs
          An Open Source Frsky Telemetry Script for the Horus X10,X12 and Taranis X9D,X9E and QX7 radios      Cache   Translate Page   Web Page Cache   

well that was easy work’s great on X12 horus widget version and the Cube with DIY pass through


          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          Audacious 3.10 dla Windows      Cache   Translate Page   Web Page Cache   
Audacious to bezpłatny (open source) odtwarzacz multimedialny, dzięki któremu będziemy mogli posłuchać muzyki z Internetu lub też utworów znajdujących się na płycie kompaktowej. Program jest potomkiem zaawansowanego odtwarzacza multimedialnego…
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          Comentario en Ya es posible tener un smartphone Open Source ( o casi) por M      Cache   Translate Page   Web Page Cache   
Y SI MI SMARTPHONE NO SE ENCUENTRA EN LA LISTA?
          Audacious 3.10      Cache   Translate Page   Web Page Cache   
Audacious is an open source audio player designed to play your music how you want it, without stealing away your computer’s resources from other tasks. [License: Open Source | Requires: Win 10 / 8 / 7 / Vista / XP | Size: 15.2 MB ]
          Mailspring 1.4.0      Cache   Translate Page   Web Page Cache   
Mailspring is an easy-to-use cross-platform IMAP email client. Mailspring is built on the modern web with Electron, React, and Flux. It is designed to be extensible, allowing you to create new experiences and workflows around email. It comes packed with useful features like a Unified Inbox, Snooze, Send Later, Mail Rules, Templates and more. [License: Open Source | Requires: Win 10 / 8 / 7 / Vista / XP | Size: 85.9 MB ]
          Alatka za prepoznavanje lica kao špijun na društvenim mrežama      Cache   Translate Page   Web Page Cache   
Sigurnosni istraživači kompanije Trustwave objavili su novu open source alatku pod imenom Social Mapper, koja koristi tehnologiju za prepoznavanje lica kako bi određenu metu pratila na različitim društvenim mrežama. Nova alatka je dizajnirana za sigurnosna istraživanja i automatski locira [...]
          VRBO Script | Best VRBO Clone | VRBO Clone Open Source      Cache   Translate Page   Web Page Cache   
If you are thinking to kick-start your own Vacation Rental Business just like VRBO, VRBO Clone is the best option that you can choose. We at MintTM have fabricated this VRBO Clone Script in a way that it compresses all the features just like VRBO. Moreover, our VRBO Script is fully featured, robust, flexible, and 100% customizable Vacation Rental Script and that is the reason why it is booming now a days in entire Rental Industry
          [aktualita] FIT ČVUT na počítače a servery nasadí Linux, rozjíždí velkou spolupráci se SUSE      Cache   Translate Page   Web Page Cache   
Linuxová a open source společnost SUSE v Česku získala významného akademického partnera. Fakulta informačních technologií ČVUT (FIT ČVUT) rozjela migraci většiny infrastruktury na technologie této firmy. Nepůjde pouze o back-end, škola od letošního zimního semestru rozjede na 320 osobních počítačích v učebnách fakulty operační systém openSUSE Leap. Serverová infrastruktura FIT ČVUT přechází na SUSE Linux Enterprise Server s možností aktualizací jádra bez restartu systému (Live Patching). Na…
          How to Neatly View Cooking Recipes From Any Food Blog in Chrome      Cache   Translate Page   Web Page Cache   

Passionate home cooks know the feeling. You are surrounded by the best recipes, but recipe search often comes with a small problem. You have to rummage around the words (and ads) that get in the way you get to the actual step-by-step recipe instructions. If you hate that, these three Chrome extensions can help you view the recipe neatly without the clutter. 1. RecipeFilter Go to any food blog and this Open Source Chrome extension will identify the recipe on the page. It then extracts a copy of the recipe card and displays it front and center. You don’t have...

Read the full article: How to Neatly View Cooking Recipes From Any Food Blog in Chrome


          GitHubがオープンソースのソフトウェアロードバランサー「GLB Director」を公開      Cache   Translate Page   Web Page Cache   
#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
GitHubが、従来のソフトウェアロードバランサーに存在していた問題点を改善した、オープンソースのロードバランサー「GLB Director」を公開しました。GLB: GitHub’s open source load balancer | GitHub Engineeringhttps://githubengineering.com/glb-director-open-source-load-balancer/GitHub looses load-balancing open-source code on netops world • The Registerhttps://www.theregister.co.uk/2018/08/09/github_load_balancing_director/「ロードバランサー(負荷分 全文
GIGAZINE(ギガジン) 08月09日 17時13分


          Cidade do Futebol vai ser palco do Open Source Lisbon 2018      Cache   Translate Page   Web Page Cache   
A 16ª edição do maior evento de Open Source do país vai assentar no tema “Open Source: driving Innovation”.
          5 open source role-playing games for Linux      Cache   Translate Page   Web Page Cache   
Gaming has traditionally been one of Linux's weak points. That has changed somewhat in recent years thanks to Steam, GOG, and other efforts to bring commercial games to multiple operating systems, but ... - Source: opensource.com
          Sharing open source alternatives to Google's online tools      Cache   Translate Page   Web Page Cache   
In an earlier article , the crew from French non-profit Framasoft discussed their mission to help people slip the bonds of internet giants and take control of their own data. While promoting free and ... - Source: opensource.com
          UX Developer Lead, Themes - Shopify - Montréal, QC      Cache   Translate Page   Web Page Cache   
We champion Slate, an open source development tool, and work with our colleagues across the Online store channel to shape the development of new platform...
From Shopify - Tue, 10 Jul 2018 20:00:27 GMT - View all Montréal, QC jobs
          Alatka za prepoznavanje lica kao špijun na društvenim mrežama      Cache   Translate Page   Web Page Cache   
Sigurnosni istraživači kompanije Trustwave objavili su novu open source alatku pod imenom Social Mapper, koja koristi tehnologiju za prepoznavanje lica
          Linux Foundation and Kernel Development      Cache   Translate Page   Web Page Cache   
  • Containers Microconference Accepted into 2018 Linux Plumbers Conference

    The Containers Micro-conference at Linux Plumbers is the yearly gathering of container runtime developers, kernel developers and container users. It is the one opportunity to have everyone in the same room to both look back at the past year in the container space and discuss the year ahead.

    In the past, topics such as use of cgroups by containers, system call filtering and interception (Seccomp), improvements/additions of kernel namespaces, interaction with the Linux Security Modules (AppArmor, SELinux, SMACK), TPM based validation (IMA), mount propagation and mount API changes, uevent isolation, unprivileged filesystem mounts and more have been discussed in this micro-conference.

  • LF Deep Learning Foundation Advances Open Source Artificial Intelligence With Major Membership Growth

    The LF Deep Learning Foundation, an umbrella organization of The Linux Foundation that supports and sustains open source innovation in artificial intelligence, machine learning, and deep learning, today announced five new members: Ciena, DiDi, Intel, Orange and Red Hat. The support of these new members will provide additional resources to the community to develop and expand open source AI, ML and DL projects, such as the Acumos AI Project, the foundation's comprehensive platform for AI model discovery, development and sharing.

  • A quick history of early-boot memory allocators

    One might think that memory allocation during system startup should not be difficult: almost all of memory is free, there is no concurrency, and there are no background tasks that will compete for memory. Even so, boot-time memory management is a tricky task. Physical memory is not necessarily contiguous, its extents change from system to system, and the detection of those extents may be not trivial. With NUMA things are even more complex because, in order to satisfy allocation locality, the exact memory topology must be determined. To cope with this, sophisticated mechanisms for memory management are required even during the earliest stages of the boot process.

    One could ask: "so why not use the same allocator that Linux uses normally from the very beginning?" The problem is that the primary Linux page allocator is a complex beast and it, too, needs to allocate memory to initialize itself. Moreover, the page-allocator data structures should be allocated in a NUMA-aware way. So another solution is required to get to the point where the memory-management subsystem can become fully operational.

    In the early days, Linux didn't have an early memory allocator; in the 1.0 kernel, memory initialization was not as robust and versatile as it is today. Every subsystem initialization call, or simply any function called from start_kernel(), had access to the starting address of the single block of free memory via the global memory_start variable. If a function needed to allocate memory it just increased memory_start by the desired amount. By the time v2.0 was released, Linux was already ported to five more architectures, but boot-time memory management remained as simple as in v1.0, with the only difference being that the extents of the physical memory were detected by the architecture-specific code. It should be noted, though, that hardware in those days was much simpler and memory configurations could be detected more easily.

  • Teaching the OOM killer about control groups

    The kernel's out-of-memory (OOM) killer is summoned when the system runs short of free memory and is unable to proceed without killing one or more processes. As might be expected, the policy decisions around which processes should be targeted have engendered controversy for as long as the OOM killer has existed. The 4.19 development cycle is likely to include a new OOM-killer implementation that targets control groups rather than individual processes, but it turns out that there is significant disagreement over how the OOM killer and control groups should interact.

    To simplify a bit: when the OOM killer is invoked, it tries to pick the process whose demise will free the most memory while causing the least misery for users of the system. The heuristics used to make this selection have varied considerably over time — it was once remarked that each developer who changes the heuristics makes them work for their use case while ruining things for everybody else. In current kernels, the heuristics implemented in oom_badness() are relatively simple: sum up the amount of memory used by a process, then scale it by the process's oom_score_adj value. That value, found in the process's /proc directory, can be tweaked by system administrators to make specific processes more or less attractive as an OOM-killer target.

    No OOM-killer implementation is perfect, and this one is no exception. One problem is that it does not pay attention to how much memory a particular user has allocated; it only looks at specific processes. If user A has a single large process while user B has 100 smaller ones, the OOM killer will invariably target A's process, even if B is using far more memory overall. That behavior is tolerable on a single-user system, but it is less than optimal on a large system running containers on behalf of multiple users.

read more


          More Android Leftovers      Cache   Translate Page   Web Page Cache   
  • Google Pixel 3 Complete Leak Reveals A Massive Notch And Full Specs
  • Android Pie: 5 features to check out first

    Google has just launched Android Pie, aka Android 9.0. As usual, the latest and greatest version of Android will only be on a short list of devices at first—Pixels, and a handful of Android One and Project Treble phones—but the release signals big things for Android. Here are the five new Android features you should check out first once your phone gets a piece of the pie.

  • Jeff Bailey Takes Over As Head Of Android Open Source Project
  • Google appoints Jeff Bailey as new head of AOSP

    Android P was officially given a version number and tasty nickname this week. To go along with the big announcement of Android 9 Pie, Google pushed the source code to the Android Open Source Project (AOSP). That wasn’t the only new thing in AOSP this week. Google also named Jeff Bailey as the new lead for AOSP.

  • Android 9.0 Pie Officially Released, Rolling Out Now to Google Pixel Devices

    Google released today the final release of the Android 9.0 Linux-based mobile operating system for all supported Google Pixel devices, finally revealing the codename of the Android P release as Pie.

    Tailored for long-time and new Android users alike, the Android 9 Pie operating system release adapts to your needs every single day, learning your preferences and providing you with the best Android mobile experience possible. It comes with numerous new features and improvements that you can discover in the next paragraphs.

    "Android 9 adapts to you and how you use your phone, learning your preferences as you go. Your experience gets better and better over time, and it keeps things running smoother, longer," says Google. Android 9 harnesses the power of artificial intelligence to give you more. It’s smarter, faster and adjusts as you go for a better fit."

read more


          OSS Leftovers      Cache   Translate Page   Web Page Cache   
  • Guest View: In praise of open source

    When you think of little social movements that bring about big societal shifts, the first thing that comes to mind probably isn’t open source. But maybe it should be.

    The technological revolution that is steadily digitizing every nook and cranny of human activity obviously relies on code, and open-source code underpins much of the recent surge in innovation. Streaming movies? Digital Assistants? Autonomous cars? All made possible to some degree by the open-source movement and the rapid evolution it has enabled. Access to open-source code lets us reversion, refine, enhance, and scale programs quickly and exponentially — it’s a font of collective knowledge that fuels a whirlwind of computational advancement.

  • OpenStack and Open Source MANO: Technologies for NFV Deployment

    We have experienced how open source software technologies revolutionized the application development process, which ultimately resulted in digital transformation across various industry verticals. Open source technologies now are disrupting the telecom sector for building 5G internet, which will be powered by network functions virtualization (NFV) and software defined networking (SDN). With NFV and SDN, multiple network functions and control and management operations in telecom networks will be software-driven; enabling the cloud-native and DevOps approach.

  • 5 golden rules for working openly with difficult people

    Sometimes these personalities can rub each other the wrong way, generate conflict, and be difficult to work with. Some of these people can be unclear in their expectations, overreact to relatively benign scenarios, and be unreliable. They can be your founders, executives, team-mates, other team members, or people who report to you. In many cases, people handle these challenging personalities in a sub-optimal way. They get distracted by the ego and emotion in the situation as opposed to focusing on clear, productive outcomes and building lasting trust.

  • Engaging young people: How to include positive youth participation in our free software community
  • OSCON's 20th anniversary and more

    The O'Reilly Open Source Conference (OSCON) returned to Portland, Oregon this July for the 20th convocation of this venerable gathering. While some of the program focused on retrospectives, there were also talks and tutorials on multiple technical topics and open-source community management. To give you a feel for the whole conference, we will explore it in a two-part article. This installment will cover a retrospective of open source and some presentations on releasing projects as open source at your organization. A second article will include a few of the technical topics at the conference.

  • Open Source Visual Studio Code Extension Helps Create Alexa Skills [Ed: Microsoft propagandist (for at least a decade)  David Ramel does openwashing for Microsoft and surveillance in the listening device (bug) sense]
  • Guy Martin: Open Source Strategy at Autodesk [Ed: You know that Autodesk, a proprietary software giant, has paid some 'slush funds' to Zemlin's LF. Why else would Swapnil Bhartiya do an openwashing piece for them? Using the money they funnel to Zemlin?]

read more


          Getting started with Postfix, an open source mail transfer agent      Cache   Translate Page   Web Page Cache   

Postfix is a great program that routes and delivers email to accounts that are external to the system. It is currently used by approximately 33% of internet mail servers. In this article, I'll explain how you can use Postfix to send mail using Gmail with two-factor authentication enabled.

Before you get Postfix up and running, however, you need to have some items lined up. Following are instructions on how to get it working on a number of distros.

Read more

read more


           Best Mobile apps, Hybrid app Development Company in Ahmedabad, India      Cache   Translate Page   Web Page Cache   
Imfitech, a Best Cross Platform, iPhone, Android, iPad, Apple Watch App Development Company in India, USA, Offers PHP, CMS, Open Source Web Development Services and iBeacon App Development Services.
          MVVM Light with Laurent Bugnion      Cache   Translate Page   Web Page Cache   
Back at the beginning of WPF, before Silverlight, there was MVVM Light. While on the Modern Web Tour in Zurich, Richard sat down with Laurent Bugnion to talk about his work creating the open source toolkit that helped developers build cross-platform applications using the Model View View-Model pattern. Laurent's story crosses much of the story of XAML itself, from WPF to Silverlight to Windows Phone and Xamarin Forms!
          Coding for Solidworks - IDE alternative to Visual Studio      Cache   Translate Page   Web Page Cache   

Hello everyone

 

Quick question - looking for an alternative IDE to Visual studio, one which I can use at work. Currently I use Visual studio community 2017 at home to learn the Solidworks API, but due to software licensing terms I cannot use it here at work without paying for the full package (Visual studio code). Seeing as I would be the only person using it, I don't think my company would be happy to provide it.

 

Is there a good free alternative which I can use? (Possibly something open source?) Everything I see on help.solidworks.com references using Visual studio for everything, so firstly, I don't know whether other editors would work properly, and secondly I know of no other editors. On another note - what software does everyone else use on a regular basis?

 

Thanks


          Freeware / Open Source Roundup      Cache   Translate Page   Web Page Cache   

I spend quite a lot of time on these forums and every now and then I like to give a little something back to the community. So here is a (long) list of freeware and open source games that are actually good;

FreeOrion

Vega Strike

Lin Warrior 3D

Battle for Wesnoth

Warzone 2100

LinCity-NG

Open Transport Tycoon Deluxe

FreeCiv

netPanzer

Stone Soup Dungeon Crawl

Lost Labyrinth

Egoboo

Soulfu

 

Barkley: Shut Up and Jam Gaiden

Frozen Bubble

XMoto

Secret Maryo Chronicles

Open Sonic

Zelda Classic

Alien Arena

 

Nexiuz

Tremulous

Warsow

World of Padman



TeeWorlds

 

Gunroar

rRootage

Titanion

Passage

And that's all for now. Feel free to add to this list if you find anything that you think we should know about.

 


          LibreOffice 6.1 Released with ‘Major Changes’      Cache   Translate Page   Web Page Cache   
You can now download LibreOffice 6.1, the lateststablerelease of the super popular open source office suite.

LibreOffice 6.1 is billed as “a major release” in the ‘fresh’ series and features numerous user interface tweaks , improved documentation and help , and is said to be more compatible with Microsoft Office files than ever before.

A major open-source project, LibreOffice is the product of communitycode contributors collaborating together, some employed by well-known linux companies like Red Hat and Collabora, others just working off their own individual initiative.

For more details on what’s new in this release, read on.

6 Key Changes in LibreOffice 6.1

Announced by The Document Foundation, the non-profit organisation which oversees development of the open source office suite, LibreOffice 6.1 brings a number of major changes to users desktops.

Among them are the following key changes

1. New icon Themes

The LibreOffice 6.0 release earlier this year included theelementary icon set, but not as the default.

LibreOffice 6.1 uses the elementary icon set by default GNOME-based Linux distros like Ubuntu, Fedora, Linux Mint, etc.


LibreOffice 6.1 Released with ‘Major Changes’

LibreOffice 6.1 icons

Although in keeping with the Tango set they replace, elementary’s gentle, soft coloured icons lend the suite subtle consistencyin its toolbars, dialogs and menus.

Use LibreOffice on windows? You’ll notice a change too as a new icon set called “Colibre” is used by default on Windows 10 desktops.

The new icon set is called ‘Colibre’ and is designed based on Microsoft’s icon design guidelines. As well as adding a bit of modernity Colibre also helps the suite better integrate on Windows enviornments:


LibreOffice 6.1 Released with ‘Major Changes’

The icon changes don’t end there, either.

LibreOffice 6.1 also includes the Karasa Jaga icon theme . This set is the perfect match for anyone on macOS or KDE desktops who want glossy KDE Oxygen style glyphs in menus and toolbars.

To change icon theme in LibreOffice just head to Tools > Options > View > Icon Style .

2. New App Icons Along with new in-app icons LibreOffice 6.1 also spots a set of new app icons. App icons are the ones you see in your application launcher or pinned to your dock:
LibreOffice 6.1 Released with ‘Major Changes’

As you can see, the new icons retain the folded-corner-document-page motif that the productivity software has used since its inception, but makes each icon’s file type flatter and more colourful, and improves the contrast.

3. Better Image Handling

Libreoffice 6.1 features “reworked image handling” using a new graphic manager. This change means adding, managing and editing images in documents should be faster, smoother, and more reliable.

It also helps improves the “on demand loading” of images in documents saved in Microsoft Office formats.

4. Notebook Bar Now “Complete” for Writer

It might still be “hidden” as an experimental feature, but works to improve the LibreOffice notebook bar continues apace.

In LibreOffice 6.1 the Notebookbar has been “significantly improved”, say The Document Foundation, and is now considered ‘complete’ in Writer!

For other apps things remain a work in progress, but the aim to eventually replicatea tabbed experience that is both as powerful and as simple as default toolbar-based GUI.

5. Write Amazon’s next best-seller

One of the headline features in the LibreOffice 6.x series is the ability to export documents to ePub, the ubiquitous ebook format.

LibreOffice 6.1 improves this further with a greatly improved EPUB export filter:


LibreOffice 6.1 Released with ‘Major Changes’

It also handles link, tables, and images better; supports font embedding and footnote support; and expands on the range of metadata you can add/edit to an ePub export, e.g, ‘author’, ‘title’, ‘ISBN’.

There’s also support for fixed layouts, the option to set a cover image , and, should you need it, the ability to usevertical writing!

6. Little thingsthat make life easier

There are also two somewhat minor features shipping in this release, but both will save you headache of menu surfing.


LibreOffice 6.1 Released with ‘Major Changes’

Image: The Document Foundation

A new option in header/footer menus lets you effortlessly insert page numbers in LibreOffice documents.

And a new “cog” button in the “customize” dialog makes it much to customize, rearrange, rename, and reorder toolbars and top level menus to suit your tastes/needs/workflow.

Other notable changes

A major improvement for Base, only available in experimental mode: the old HSQLDB database engine has been deprecated, though still available, and the new Firebird database engine is now the default option (users are encouraged to migrate files using the migration assistant from HSQLDB to Firebird, or by exporting them to an external HSQLDB server);

New fill backgrounds, gradients, etc Improvements to Excel 2003 XML import Various macOS-specific fixes DOCX export/import New “spell out” chapter numbering styles in Writer Draw menus have been reorganized New set of default gradients Generate a signature line usingInsert > Signature Line GTK3 dialog windows now used on Linux Improved online help

For more details on these and other changes do check out the full release notes for LibreOffice 6.1 over on The Document Foundation wiki.

Download LibreOffice 6.1

You can download LibreOffice 6.1 for Windows, macOS and Linux from the official LibreOffice website.

Download LibreOffice

Ubuntu 18.10, due in October, will ship with LibreOffice 6.1 as part of the default install ― but you don’t have to wait until then to get it!

As well the official LibreOffice downloads available on the website (as above) you can also opt to try the official LibreOffice Flatpak or Snap versions.

LibreOffice on Flathub

You will be able to upgrade to LibreOffice 6.1 on Ubuntu 16.04 LTS or later byadding the official LibreOffice ‘Fresh’ PPA to your software sources. At the time of writing 6.1 hasn’t been uploaded, but it should appear in the new week or two.


          Linux tops the list of in-demand IT skills      Cache   Translate Page   Web Page Cache   

Linux tops the list of in-demand IT skills

linux has been around for about as long as what most of us would call the modern computing era. Linux has traditionally been an underdog, an ascendant usurper, or a fatal failure ― depending on who you ask. In the last few years, its identity has firmed up as a peer competitor, even if it’s not an OS market share leader.

Recent jobs reports, business surveys, and IT analyses confirm that IT professionals with open source skills ― notably Linux ― are among the most in-demand and highest-paid. We’re going to take a look at those numbers and explore why so many firms are hungry for Linux-trained professionals.

Your supply meets their demand

The Linux Foundation itself is going to interpret trends in favor of their product. But their Open Source Jobs Report is an industry-leading analysis for data about IT jobs on the open source market. Their reports from the last several years are promising: 80 percent of hiring managers seek IT managers with Linux expertise.

It’s not only Linux expertise that they’re seeking. In the same report, Linux revealed that 55 percent of IT companies are willing to pay to train their current employees to receive a Linux certification.

The percentage of IT hiring managers seeking Linux-qualified professionals is and has been growing. From an industry standard, that’s a good thing (within reason). When demand is high, those who can supply the goods earn rewards.

Right now, that means that people familiar with open source systems and possessing Linux certifications are at a premium. In 2016, only 34 percent of hiring managers said that they considered Linux professionals at a premium. In 2017, that number was 47 percent. Today, it’s 80 percent.

If you have Linux certifications and familiarity with the OS, the time to capitalize on your worth is now. If you don’t have them, it’s the time to get them.

Open source is the way of the future, and the future is now

The crucial problem for companies right now is cutting down the time it takes to get a product to market. As companies race their products to the end zone, the bottleneck is IT professionals with open-source expertise and Linux certifications.

That’s why in late 2017, the online publication LinuxInsider reported that 67 percent of managers are anticipating the number of open source-related professionals will increase more than any other ― in all areas of their businesses. Let’s rephrase that: Two-thirds of companies with a stake in the future of IT said that finding open-source professionals was more important than any other position.

Linux’s most recent Open Source Jobs Report is a snapshot of the current health of the industry. The chief analyst at a leading IT consulting firm told LinuxInsider that hiring managers are seeking workers with higher-level open source skills like app development, DevOps, cloud, and big data. He added that acquiring those skill sets is achievable for many IT professionals.

Right now, the fastest path to market for development companies is with open source technologies. As companies realize open source is the way to go, their need for Linux experts increases.

Think about Linux’s huge toolbox

The increasing demand for Linux-trained and Linux-certified IT professionals is a small wonder, considering the many capabilities that Linux and open source systems bring to the table for all companies ― not only IT firms. No matter what stage the company is at, or where it’s headed, it’s useful to think about the capabilities your Linux skills can offer .

Linux’s Consistent Operating Model means that Linux operators recognize and understand the system no matter where they find it. Across versions or hardware configurations, everything works the same ― whether that’s the command line syntax, process management, or network administration. That level of comprehensive inter-familiarity is huge for companies in a hurry to expand, produce or speed things up.

Linux’s scalability guarantees that when a company picks up an employee with Linux experience, they’re able to plug them in wherever the company needs them. They’re not restricted to the scale limitations of the employee’s familiarity or comfort.

For companies transitioning, planning a transition, or recently recovering from one, having Linux experts means the people using the command line tools, configuration, and automation don’t get lost in new processes because of scaling differences.

Linux’s Open Source Community is another, somewhat more surprising, source of appeal to many companies. Gone are the days when companies perceived their success to be dependent on hoarding their code’s functionality from the prying eyes of everyone else. Most companies acknowledge that because the technology world is advancing at a breakneck pace, it’s not realistic to maintain a system that doesn’t have the benefit of hundreds of thousands of brilliant contributors from around the world. Tapping into that world requires employees who understand the Linux ecosystem.

Specialists experienced in Package Management can save time finding, installing, and troubleshooting new services and applications from one easy interface. This functionality resounds like an echo chamber inside Linux’s open-source community.

Not only can a system find and set up new applications for their network, security, or infrastructure, but the community is reworking, reimagining, and discovering new ways to do it better. Companies are dependent on IT experts who can swim the waters of Linux’s available packages, and can optimize them on the fly.

However, it’s not specific attributes that attract companies to Linux. It’s also the operating system’s broad capabilities. Companies are always looking for ways to use automation, orchestration, server virtualization, private clouds, big data, and containers. These are all aspects of data centers that Linux is linked with and leading the industry in managing. Hence the demand for IT pros with Linux skills.

Linux’s success in the enterprise

There’s never been a better time to be an IT professional with Linux expertise (or be an IT professional gaining that expertise). Let’s look at a couple of case studies.

In each case, the company integrated some form of Linux open-source technology to optimize their operations. The underlying power of these examples is that the upgrades themselves were impossible without the presence (or acquisition) of Linux-trained IT professionals.

An Argentinian cooperative bank, Banco Credicoop Cooperativo Limitado (BCCL) , responded to the increased complexity of the industry and regulations by upgrad
          Software Developer - Varian Medical Systems - Winnipeg, MB      Cache   Translate Page   Web Page Cache   
Java, JavaScript/TypeScript, Angular, Python. Specialization in Java or other open source Web Application stack....
From Varian Medical Systems - Fri, 03 Aug 2018 06:07:59 GMT - View all Winnipeg, MB jobs
          Linus Torvalds Net Worth      Cache   Translate Page   Web Page Cache   

Finnish-American software engineer and hacker Linus Torvalds has as estimated net worth of $150 million and an estimated annual salary of $10 million. Linus earned his net worth as the principal force behind the creation of the Linux kernel. Linus held a place at Transmeta, Open Source Development Labs and Free Standards Group that later …

The post Linus Torvalds Net Worth appeared first on Celebrity Net Worth.


          Article: Evaluating Hyperledger Composer      Cache   Translate Page   Web Page Cache   

Hyperledger Composer is a new open source project which makes it easy for developers to write chaincode for Hyperledger Fabric and the decentralized applications (DApps) that can call them. This article summarizes a technical evaluation of the performance characteristics of using Composer in a test application.

By Glenn Engstrand
          /ORAO EMULATOR OPEN SOURCE/OraoDotNet.zip      Cache   Translate Page   Web Page Cache   
none
          WhiteSource Unveils Free to Use Vulnerability Checker to Combat Most Critical Open Source Vulnerabilities      Cache   Translate Page   Web Page Cache   

TEL AVIV, Israel, Aug. 9, 2018 /PRNewswire/ -- WhiteSource, the leader in open source security and license compliance management, announced today the release of its Vulnerability Checker, a free tool that can detect if your products contain any of the 50 most critical open source...


          Getting started with Postfix, an open source mail transfer agent      Cache   Translate Page   Web Page Cache   
Mail arriving to a mailbox, email

Postfix is a great program that routes and delivers email to accounts that are external to the system. It is currently used by approximately 33% of internet mail servers. In this article, I'll explain how you can use Postfix to send mail using Gmail with two-factor authentication enabled.


read more
          Google nomina Jeff Bailey responsabile tecnico AOSP      Cache   Translate Page   Web Page Cache   

Google ha nominato un nuovo responsabile tecnico per l'Android Open Source Project: si tratta di Jeff Bailey, Scopriamo quali saranno i suoi compiti

L'articolo Google nomina Jeff Bailey responsabile tecnico AOSP proviene da TuttoAndroid.


          WhiteSource Unveils Free To Use Vulnerability Checker To Combat Most Critical Open Source Vulnerabilities      Cache   Translate Page   Web Page Cache   


          Web Technical Support for Adblock Plus      Cache   Translate Page   Web Page Cache   
Get to know us We create open source software that puts users in control over their online browsing experience. Our desktop and mobile products, such as Adblock Plus, Adblock Browser and Flattr, help sustain... (Budget: €12 - €18 EUR, Jobs: CSS, Finnish, HTML, Norwegian, Swedish)
          Back Your Stack: Discover the Open Source projects you are using and need financial support.      Cache   Translate Page   Web Page Cache   
backyourstack.com
posted by friends:  (2)
@paulmwatson on Twitter
@paulmwatson: backyourstack.com by @opencollect is a nice tool. (It's only for projects on Open Collective and only for JavaScript ones at the moment.) pic.twitter.com/0fJOqVeBd1
@janl on Twitter
@janl: Introducing BackYourStack backyourstack.com! Look for your github org or drag&drop your package.json/composer.json and find your dependencies seeking financial support. <3 ��
posted by friends of friends:  (1)
@xdamman on Twitter
@xdamman: Back your stack is live and looks awesome! Automatically analyze your GitHub org or upload your package.json to see which dependencies need financial support: backyourstack.com ��

          LibreOffice v6.1 released - download from here!      Cache   Translate Page   Web Page Cache   

LibreOffice v6.1 released - download from here!

Free open source alterinative to Microsoft Office, LibreOffice, has been updated to v6.1. The office productivity suite was originally born as a spin-off project from OpenOffice suite. Both, OpenOffice and LibreOffice resembled each other quite a lot for many years, but since then, LibreOffice has become the de facto open source office suite for many users and vendors.

The new LibreOffice v6.1 is mostly a minor improvement over v6.0 branch, but has interesting changes in it. Most importantly, the image management system of the entire suite has been revamped and is now easier and smoother to use, especially when editing files originally created in Microsoft Office.

So, if you're looking for a free Microsoft Office compatible suite, you might want to give LibreOffice a test.

You can download the latest version directly from AfterDawn's software section:

LibreOffice v6.1 for Windows (64-bit)

LibreOffice v6.1 for Windows (32-bit)

LibreOffice v6.1 for Mac OS X

Permalink | Comments



           LF Deep Learning Foundation builds membership      Cache   Translate Page   Web Page Cache   
The LF Deep Learning Foundation, whose mission is to support and sustain open source innovation in artificial intelligence, machine learning, and deep learning, announced five new members: Ciena, DiDi, Intel, Orange and Red Hat.

These companies join founding members Amdocs, AT&T, B.Yond, Baidu, Huawei, Nokia, Tech Mahindra, Tencent, Univa and ZTE.

“We are very pleased to build off the launch momentum of the LF Deep Learning Foundation and welcome new members with vast resources and technical expertise to support our growing community and ecosystem of AI projects,” said Lisbeth McNabb, Chief Operating Officer of The Linux Foundation.

Mazin Gilbert, Vice President of Advanced Technology and Systems at AT&T, has also been elected to the role of Governing Board Chair of LF Deep Learning. This position leads the board in supporting various AI and ML open source projects, including infrastructure and support initiatives related to each project.

“The Deep Learning Foundation is a significant achievement by the open source community to drive harmonization among tools and platforms in deep learning and artificial intelligence,” said Mazin Gilbert, Vice President of Advanced Technology and Systems at AT&T. “This effort will enable an open marketplace of analytics and machine learning capabilities to help expedite adoption and deployments of DL solutions worldwide.”

https://www.deeplearningfoundation.org
          DarkHydrus Uses Open Source Phishery Tool in Middle-East Attacks      Cache   Translate Page   Web Page Cache   

The recently detailed DarkHydrus threat group is leveraging the open-source Phishery tool to create malicious documents used in attacks on government entities in the Middle East, Palo Alto Networks warns.

read more


          Comment on About by Andrew Fawcett      Cache   Translate Page   Web Page Cache   
It is an open source project. It is supported by the community. Post your query in the community Chatter group linked from the readme file in the repo. There are some fine folks always happy to help.
          Honeypot Resurrection - Redesign of CERN's Security Honeypots      Cache   Translate Page   Web Page Cache   
Honeypots are a fake system residing in a companie's or organization's network, attracting attackers by emulating old and vulnerable software. If a Honeypot is accessed, all actions are logged and any submitted files are being stored on the host machine. The current Honeypot at CERN is deprecated and does not provide useful notifications. The task of this summer student project is to identify well maintained and up-to-date open source honeypots, test and configure them and finally deploy them to convincingly resemble a CERN host in order to collect information about potentially malicious activity inside the GPN.
          MVVM Light with Laurent Bugnion      Cache   Translate Page   Web Page Cache   
Back at the beginning of WPF, before Silverlight, there was MVVM Light. While on the Modern Web Tour in Zurich, Richard sat down with Laurent Bugnion to talk about his work creating the open source toolkit that helped developers build cross-platform applications using the Model View View-Model pattern. Laurent's story crosses much of the story of XAML itself, from WPF to Silverlight to Windows Phone and Xamarin Forms!
          Software Developer - Varian Medical Systems - Winnipeg, MB      Cache   Translate Page   Web Page Cache   
Java, JavaScript/TypeScript, Angular, Python. Specialization in Java or other open source Web Application stack....
From Varian Medical Systems - Fri, 03 Aug 2018 06:07:59 GMT - View all Winnipeg, MB jobs
          Every 3rd MOST Popular Open Source CMS Website is Built on Joomla!      Cache   Translate Page   Web Page Cache   

Today we are happy to announce a new subscription type for the Quiz Deluxe component. Meet the Quiz Deluxe Expert subscription, learn its key benefits and enjoy your new expert level of Joomla! quizzes experience!

Expert subscription for Quiz Deluxe component includes all the features of Joomla! Quiz Deluxe for unlimited domains and New! Expert options. They are the following:

4 Puzzle Question Types

The Expert subscription includes 4 remarkable puzzle question types. They will surely entertain your Joomla! site users and easily involve your audience in a quiz. Check it for yourself, taking part in the quiz below!

{quiz id=3}

Adding puzzle questions into your quiz, you will solve two tasks simultaneously:

  • Your Joomla! site users will have a good time. Creating impressive interactive questions, your users will be easily engaged in the quiz. Their fun is assured. There’s nothing like pleased users.
  • Your audience will pass the quiz at ease. Allow your audience to combine the useful with the pleasant. You will surely achieve the desirable results: the quiz questions will be answered, the users will be happy.

Come to think of it, you don’t need to make extra efforts to inspire your site users to take part and pass the quiz! Moreover, you don’t have to spend additional time to create such a quiz. The extension is easy-to-use.

Puzzle question types are appropriate both for work and for entertainment quizzes.

Use Quiz Deluxe to create unforgettable quizzes!

2 Mobile Adaptive Templates

Now mobile phones and smartphones users can also enjoy your quizzes. The Expert subscription for the Quiz Deluxe extension includes two new templates adaptive to mobile devices. Thanks to them it’s possible to pass a quiz from mobile phones and smartphones saving usability and a piece of joy from the process itself. Make mobile devices holders’ day with new opportunity!

Free Installation Service

Dreams come true. You don’t have to spend your time and energy to install the component and associated plugins any more.

JoomPlace Support team will do it! They will install the entire package quickly and make sure it works smoothly on your Joomla! site. Everything will be great!

Save your time and enjoy using the Joomla! quiz extension!

Quize Deluxe

It’s very easy to become a true quiz expert with the new Expert subscription for Quiz Deluxe. Start doing it right now!

buy now!

If you have already subscribed to Quiz Deluxe you can upgrade the component to the Expert Subscription in your Member’s area.

We are always searching new opportunities to improve our extensions and to joy our customers.

Feel free to leave your feedback in the comments below.


Sincerely yours,
JoomPlace Team


          5 open source role-playing games for Linux      Cache   Translate Page   Web Page Cache   

Adopt a new identity and explore new dimensions with these open role-playing games.


          Open Sources Voices From The Open Source Revolution       Cache   Translate Page   Web Page Cache   
Dcument Of Open Sources Voices From The Open Source Revolution
          #altc Meet our Sponsors      Cache   Translate Page   Web Page Cache   
A warm welcome and thank you the Annual Conference 2018 sponsors: Headline sponsor Catalyst IT Europe Ltd Twitter @Catalyst_IT_EU Catalyst are a global team of learning technology specialists. We unleash the power of Open Source solutions such as Moodle LMS to deliver enterprise grade systems for university, public and not-for-profit customers. Catalyst empower our clients […]
          Compensation Consultant - Elastic - Seattle, WA      Cache   Translate Page   Web Page Cache   
At Elastic, we have a simple goal: to take on the world's data problems with products that delight and inspire. As the company behind the popular open source...
From Elastic - Mon, 23 Jul 2018 18:41:03 GMT - View all Seattle, WA jobs
          PHP Training and Internship      Cache   Translate Page   Web Page Cache   
Bangalore, Karnataka - 100% Guaranteed JOB Support.Learn Programming language Courses from Highly Experienced Trainers in our Institute. PHP (recursive acronym... for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development...
          LogicalDOC 8.0.0      Cache   Translate Page   Web Page Cache   
An open source document management system with a nice interface
          Julia 1.0 Released, 2018 State of Rust Survey, Samsung Galaxy Note 9 Launches Today, Margaret Dawson of Red Hat Named Business Role Model of the Year in Women in IT Awards and Creative Commons Awarded $800,000 from Arcadia       Cache   Translate Page   Web Page Cache   

News briefs for August 9, 2018.

Julia 1.0 made its debut yesterday—the "culmination of nearly a decade of work to build a language for greedy programmers". The language's goal: "We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled." You can download it here.

The Rust Community announced the 2018 State of Rust Survey, and they want your opinions to help them establish future development priorities. The survey should take 10–15 minutes to complete, and is available here. And, you can see last year's results here.

Samsung Galaxy Note 9 launches today at 11am ET. You can watch the spectacle via Android Central, which will be streaming the live event.

Margaret Dawson, Vice President, Portfolio Product Marketing at Red Hat, was named Business Role Model of the Year at the inaugural Women in IT Awards USA. The awards were organized by Information Age to "redress the gender imbalance by showcasing the achievements of women in the sector and identifying new role models".

Creative Commons was awarded $800,000 from Arcadia (a charitable fund of Lisbet Rausing and Peter Baldwin) to support CC Search, which is "a Creative Commons technology project designed to maximize discovery and use of openly licensed content in the Commons". CC Search, along with Commons Metadata Library and the Commons API, plans to form the Commons Collaborative Archive and Library, a suite of tools that will "make the global commons of openly licensed content more searchable, usable, and resilient, and to provide essential infrastructure for collaborative online communities".


          How SELinux helps mitigate risk while facilitating compliance      Cache   Translate Page   Web Page Cache   
English

Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStackⓇ Platform.

In this blog post, we use PCI-DSS to highlight some of the benefits of SELinux. Though there are many other security standards that affect our customers, we selected PCI-DSS based on a review of customer support cases, feedback, and general inquiries we received. The items we selected from this standard are also accepted industry practices, such as:

  • Limiting user access to data based on job roles.
  • Limiting access to system components.
  • Configuring software behavior, functions, and access.

What is SELinux?

SELinux is an advanced access control mechanism originally created by the United States National Security Agency. It was released under an open source license in 2000, and integrated into the Linux kernel in 2003. As part of the Linux kernel, it is built into the core of Red Hat Enterprise Linux. SELinux works by layering additional access controls on top of the traditional discretionary access controls that have been the basis of UNIX and Linux security for decades. SELinux access controls provide both increased granularity as well as a single security policy that is applied across the entire system and enforced by the RHEL kernel. SELinux enforces the security policy on applications bundled with Red Hat Enterprise Linux as well as any custom, third-party, and independent software vendor (ISV) applications. In addition to applications on the host system, SELinux access controls provide separation and controlled sharing between RHEL-hosted virtual machines and containers.

SELinux’s access controls are driven by a configurable security policy, which is loaded into the kernel at boot. The SELinux security policy functions as a whitelist for user and application behavior. The policy allows administrators and policy developers to isolate applications into specific SELinux domains that are tailored to the application’s permitted behaviors. Access to files, local interprocess communications (IPC) mechanisms, the network, and various other system resources can all be restricted on a per-domain basis. SELinux also allows the administrator to put individual SELinux domains, as well as the entire system, into permissive mode where SELinux-based access denials are logged, but the access is still permitted. This eases policy development and troubleshooting.

While SELinux is an important part of Red Hat Enterprise Linux security capabilities, there are many other security technologies and widely accepted practices that should also be employed. Data encryption, malware scanning, firewalls, and other network security mechanisms remain an important part of an overall security strategy. SELinux is a way to augment existing security solutions, and is not a replacement for current security measures that may be in place.

Mapping to compliance requirements

With the above understanding of how SELinux can help reduce risk and harden a Red Hat Enterprise Linux system, let’s see how it maps to a few PCI-DSS compliance requirements. When reviewing PCI-DSS 3.2 requirements, it is easy to see how RHEL with SELinux can help address requirements that fall under the section Implement Strong Access Control Measures Requirement. Let’s look at some lesser-known requirements in sections two and three instead.

PCI-DSS requirement 2.2:

“[d]evelop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.”

Given that, by default, it denies access to any resource rather than permits access, SELinux immediately meets industry-accepted system hardening standards, and may help mitigate certain classes of security vulnerabilities. It also helps meet the more granular requirements under 2.2 by ensuring a greater level of security restrictions and more fine-grained access control.

PCI-DSS requirement 3.6.7:

“Prevention of unauthorized substitution of cryptographic keys”

At a system-configuration level, SELinux can prevent unauthorized overwriting of files—even when a specific user or role would normally be authorized to write to the directory containing cryptographic keys.

SELinux can also help customers meet other well-known PCI-DSS 3.2 requirements by:
Limiting access to system components and cardholder data to only those individuals whose job requires such access. (meets 7.1.1 - 7.1.3)
Establishing an access control system(s) for systems components that restricts access based on a user’s need to know, and is set to ‘deny all’ unless specifically allowed. (meets 7.2.1 - 7.2.3)

Restricting malicious actor read, write, and pivoting

When SELinux is in enforcing mode, the default policy used in Red Hat Enterprise Linux is the targeted policy. In the default targeted policy, some applications run in a confined SELinux domain where SELinux policy restricts those applications to a particular set of behaviors. All other applications run in special unconfined domains; while they are still SELinux security domains, there is little to no restriction to their permitted behavior.

Almost every service that listens on a network is confined in RHEL, such as httpd and sshd. Also, most processes that run as the root user and perform tasks for users, such as the passwd utility, are confined. When a process is confined, it runs in its own domain. Depending on the SELinux policy configuration for a confined process, an attacker's access to resources, ability to pivot, read, and write, and the possible damage they can do may be limited.

We have listed below a few of the common processes and daemons that run confined by default in their own domain. If you have a question regarding a process that is not listed here, send your inquiry to Red Hat Customer Service.

  • dhcpd is a dynamic host control protocol used in Red Hat Enterprise Linux to dynamically deliver and configure Layer 3 TCP/IP details for clients.
  • smbd is a Samba server that provides file and print services between clients across various operating systems.
  • httpd (Apache HTTP Server) provides a web server.
  • Squid is a high-performance proxy caching server for web clients supporting FTP, Gopher, and HTTP data objects. It reduces bandwidth and improves response times by caching and reusing frequently requested web pages.
  • mysqld is a multi-user, multi-threaded SQL database server that consists of the MariaDB server daemon (mysqld) and many client programs and libraries.
  • PostgreSQL is an Object-Relational database management system (DBMS).
  • Postfix is an open-source Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.

For more information on how the Red Hat portfolio can help customers with PCI-DSS compliance, review Red Hat’s 2015 paper on PCI and DSS compliance and our 2016-2017 blog series.

Vulnerabilities

SELinux can also help mitigate many risks posed from privilege escalation attacks. SELinux policy rules define how processes access files and other processes. If a process is compromised, the attacker can only access resources granted to it through the associated SELinux domain. Exploiting an application does not change what SELinux allows the process to access. For example, if the Apache HTTP Server is compromised, an attacker cannot use that process to read files in user home directories by default, unless a specific SELinux policy rule was added or configured to allow such access.

Based on our review of data from the 2017 calendar year, we selected three vulnerabilities publicly released during that time which were mitigated by default Red Hat Enterprise Linux SELinux policies.

CVE-2016-9962 targeted containers, and it became public just 11 days into the new year. On Red Hat systems with SELinux enabled, the dangers of even privileged containers are mitigated. SELinux prevents container processes from accessing host content even if those container processes manage to gain access to the actual file descriptors. With SELinux in enforcing mode, and enabling the default SELinux policy (deny_ptrace) which only affects the policy shipped by Fedora or Red Hat, customers can:
- remove all ptrace,
- confine an unconfined domain, and
- retain the flexibility to disable it permanently or temporarily for troubleshooting.

CVE-2017-6074 addressed a flaw in the Datagram Congestion Control Protocol (DCCP). If exploited by a local, unprivileged user, the user could alter the kernel memory and escalate their privileges on the system. With SELinux enabled and using the default policies alone, this flaw is mitigated.

CVE-2017-7494 addressed a vulnerable Samba client. A malicious authenticated Samba client, having write access to the Samba share, could use this flaw to execute arbitrary code as root. When SELinux is enabled by default, our default policy prevents loading of modules from outside of Samba's module directories and therefore mitigates the flaw.

Red Hat and security

At Red Hat we believe that security is a mindset, not a feature. That’s why we work closely with upstream developers and communities to encourage secure coding practices, information sharing, and collaboration. We firmly believe the principles of open source software contribute to transparency and more secure products, benefiting customers and communities alike.

SELinux is shipped enabled by default in Red Hat Enterprise Linux. In addition to providing added security and mitigating a threat actor’s ability to pivot, SELinux also helps customers meet a variety of compliance standards requirements. And although the terms compliant and secure are not directly interchangeable, we understand that both are very important to our customers. We work continuously to support our products and help our customers achieve both business objectives.

For more information on Red Hat Product Security, visit the Product Security Center on the Red Hat Customer Portal. If you have vulnerability information you would like to share with us, please send an email to secalert@redhat.com.

Product

Red Hat Enterprise Linux

Category

Secure

Tags

selinux

Component

dhcp httpd mysql postfix postgresql samba squid

          Open Source Software Developer - IBM - Markham, ON      Cache   Translate Page   Web Page Cache   
Through several active collaborative academic research projects with professors and graduate students from a number of Canadian and foreign universities....
From IBM - Wed, 18 Jul 2018 10:49:17 GMT - View all Markham, ON jobs
          History of Independent Dreamcast Development      Cache   Translate Page   Web Page Cache   
This article is taken from the work-in-progress second issue of the free fanzine, Dream On Magazine.

It's hard to believe that Sega released the Dreamcast twenty years ago! It feels like only yesterday. Luckily, the indie developers have been busy these past decades, so there's lots of dreamy goodness to cover. 

The second issue has taken a long time to come out due to huge mistakes on my part, and I sincerely apologize for that. However, the wait should be worth it, as I've had some awesome help. The DC Evolution crew, the same folks who put together the excellent compilation disc, "The Sandman #1", is helping to make sure that this issue will be the best it can be. 

So, feel free to dive in, and read up on the creation of the independent Dreamcast movement. I hope you find as much enjoyment out of it as we've had creating it. 

Dream On #2, and by extension, this article, would not have been possible without the help of BlueCrab, Christuserloeser, Idarcl, DCDayDreamer, and lyonhrt.

Bernie Stolar opens the floodgates to rumors of Saturn's successor.

On 23 June, 1997, Sega's Chief Operating Officer announced "the Saturn is not our future", publicly revealing for the first time that they were working on a successor. This console would use a
Hitachi SH-4 for its CPU and an ARM processor for sound. The code name for the console was Katana, but it was given the name Dreamcast by the time it hit retail. It was released in Japan on
27 November, 1998, in North America on 9 September, 1999, in Europe on 14 October, 1999, and in Oceania on 30 November, 1999. It was discontinued just a scant few years later when
Sega announced that it was discontinuing the console on 23 January, 2001. Production of new
games continued in North America until spring 2002, in Europe and Oceania until winter 2002,
and in Japan until 2007. However, it continues to have an active commercial life among
independent game developers.

A collection of official MIL-CD enhanced music discs.

The Dreamcast continues to be attractive to indies because the games can be sold on CD without having to obtain a license from Sega, which drastically reduces the overhead that is usually present in commercial game development for consoles. This ability actually stems from a vulnerability discovered early on in the lifespan of the Dreamcast. Sega of Japan developed a multimedia system called the MIL-CD, or Music Interactive Live-CD.


The purpose of this format was to allow music companies to release music CDs with multimedia
functions that could be played on a Dreamcast. However, it soon became apparent that it could
be used to allow the Dreamcast to boot code on a standard CD-ROM, without needing to use the proprietary GD-ROM format that Sega used for Dreamcast games (as well as some arcade
games with hardware based on the Sega Dreamcast and Microsoft Xbox).

The Gameshark CDX CD-ROM, memory card, and instructional VHS tape.

The independent game development community soon discovered the Mil-CD releases, and adapted them for their own code. The first demonstration of independently developed software intended for commercial sale was the GameShark CDX. This was the localized version of Datel's Action Replay CDX, as Interact had acquired the rights for release in North America. It was shown at the Consumer Electronics Show, which ran from 6 January to 9 January, 2000.

Hitmen's A.G.E. demo utilised a serial port device called the Dreamcast Debug Handler.

The first non-commercial independent code to successfully run on the Dreamcast was achieved by the demo group Hitmen. Their A.G.E. demo, a technical demo for the Dreamcast that displayed stylized text, graphics, and music, premiered at the Mekka & Symposium 2000 convention in Fallingbostel, Germany on 23 April, 2000. This demo was never released publicly, as it was developed using a custom coding library and required the Dreamcast to be connected to a host computer using a custom serial port adapter known as the Dreamcast Debug Handler.

The cover of bleemcast! for Metal Gear Solid.

The commercial PlayStation emulator, bleemcast!, was then demonstrated at the Electronics Entertainment Expo, or E3, which ran from 11 May to 13 May, 2000. The Action Replay CDX became the first independent commercial release when it was released to retail on 2 June, 2000. Marcus Comstedt, who would later become known for his Dreamcast ports of the Super Nintendo emulator SNES9x and the adventure game interpreter ScummVM, reverse engineered this disc and
built his own library for the Dreamcast using the open source GNU C compiler for the SH-4 processor. He wrote documentation detailing the process of booting code directly on the Dreamcast, and released a simple "Hello World" demo on 20 June, 2000.

Utopia's Boot CD, modified from the Teapot Demo in the Sega Katana library.

Unfortunately, at the same time the indie developers were reverse engineering the Mil-CD format,
software crackers discovered the loophole that was employed by the Action Replay CDX. A pirate
group known as Utopia released a CD image intended to boot illegal game rips on 22 June, 2000.
This bootloader was quickly followed by a rip of the game Dead or Alive 2 on 23 June, 2000. Due
to the inability of their game rips to boot on their own, all of the early pirate releases required the
use of their bootloader, which became known as the Utopia Boot CD. The bootloader itself was
created by modifying the teapot demo that was included with the official Sega Katana library.

Other pirate groups soon released game rips in the form of self-booting images which would run on a Dreamcast directly after being burnt to a CD-R, eliminating the limitations of the Utopia Boot CD. Sega's much-touted GD-ROM (Gigabyte Disc) format, which was meant to be a hindrance to piracy, was soon obsolete, as the only restriction towards playing illegal copies of Dreamcast games was now the slow connection speeds of most internet modems of the time.
The DC Tonic demo disc, distributed at E3 2001.

Thankfully, the legal independent development scene thrived, even as the pirate releases continued to pour out. HeroZero improved upon Marcus Comstedt's code with hzlib. Mr. Comstedt continued working on his library, libronin. Cryptic Allusion, a coding group which would later become known
for their Dreamcast dancing game Feet of Fury, developed a new library known as KallistiOS, or KOS, initially known as the libdream library, and then expanding beyond its forbearer. Independent developers created a CD of software running on the Dreamcast, called DC Tonic. This disc was handed out to attendees at E3 2001, which ran from 17 May to 19 May, 2001.

Feet of Fury, the first indie commercial game for Dreamcast.

The first indie commercial game was the aforementioned Feet of Fury. It was developed by Cryptic Allusion, and published by The GOAT Store on 7 July, 2003. It was developed with KOS, which is the most used library for indie Dreamcast development. Libronin continues to be used as well, such as with ScummVM and the Dreamcast port of Cave Story. Both libraries continue to be supported and updated by their respective developers, and commercial and freeware Dreamcast software continues to be released, even to this day.



          First open smart speaker Volareo to launch, backed by blockchain      Cache   Translate Page   Web Page Cache   
Volareo is the first open source smart speaker that is backed by blockchain technology. It is expected to officially launch in six days.
          Domoticz - open source domotica systeem - deel 3      Cache   Translate Page   Web Page Cache   
Replies: 10327 Last poster: Drardollan at 09-08-2018 16:47 Topic is Open quote:tsjoender schreef op donderdag 9 augustus 2018 @ 16:27: [...] Jouw schema ziet er op zich goed uit. Ik heb geen ervaring met het dimmen van 12V verlichting met een trafo ertussen, dus weet niet of die trafo nog aan speciale eisen moet voldoen. Twee draden in de aansluiting van de Dimmer 2 module steken zou ik niet proberen. Je kunt dan toch beter een lasdop gebruiken daarvoor, want de aansluitingen op de module zelf zijn niet zo heel erg groot dat er goed twee draden in passen. Als je de Dimmer 2 met een nuldraad aan kan sluiten, dan heb je geen bypass module nodig. Die is alleen nodig als je geen nul aan kan sluiten op de module en zorgt dan voor een kleine lekstroom om toch de module te kunnen voeden. Ik heb het niet nagemeten maar ik denk niet dat er 230VAC op de S1,2,X contacten staat. Volgens mij is het een lage spanning en dan zou die bestaande pulsdrukker wel moeten werken. Mogelijk staat op die pulsdrukker ook wel het maximum vermogen wat je ermee mag schakelen.Helemaal duidelijk, dank je wel. Zelf helemaal niet aan gedacht dat ik het ook zou kunnen meten, dom dom dom. De pulsdrukker zal ik eens van de keukenkastjes halen en openen. Ik weet wel dat de kabel niet volstaat voor meer dan 12v (van die hele dunne kabel die je normaal voor speakers ziet), maar als we lage voltages hebben dan is dat natuurlijk geen probleem. De trafo cq. driver is speciaal voor LED geschikt (en ook voor halogeen) en dimbaar aan de 230v kant. Speciaal gekocht enige tijd terug toen de vorige trafo het begaf. Dus dat zou goed moeten werken. De bypass is zoals @DjAntoon aangeeft voor de lage belasting. Nu zit er 4x20watt halogeen achter, en dat wordt 4x3watt LED. Dat maakt 12watt en de dimmer heeft 25watt nodig om zijn werk te kunnen doen. Jij ook bedankt @DjAntoon! Dan zou dit de uiteindelijke situatie dus worden als de metingen goed zijn:
          Open Source Development Services in India | Skysoftglobal - Ghaziabad, India      Cache   Translate Page   Web Page Cache   
Skysoft global is one of the leading Open Source Development Company in India, USA & UK. We offers open-source development services and solutions to companies looking for to achieve high performance.
          The Zephyr Project Grows IoT Ecosystem with Support for More Than 100 Developer Boards and New Members      Cache   Translate Page   Web Page Cache   

SAN FRANCISCO, Aug. 9, 2018 /PRNewswire/ -- The Zephyr™ Project, an open source project to build a real-time operating system (RTOS) for the Internet of Things (IoT), today announced growth of its IoT ecosystem with support for more than 100 developer boards and the addition of six new...


          Mid-level International Trade Associate Attorney - District of Columbia-Washington      Cache   Translate Page   Web Page Cache   
Washington, D.C. office of our client seeks mid-level associate attorney with 3-6 years of substantial experience with regard to the Committee on Foreign Investment in the United States (CFIUS), including familiarity with the Foreign Investment Risk Review Modernization Act (FIRRMA). The candidate should preferably have some experience in one or more of the following areas: anti-money laundering, sanctions, export controls, government contracts, or international trade. Chinese language skills also would be helpful.With offices across the United States, Europe and Asia, this premier legal advising firm specializes in communications & networking, electronics & computer hardware, energy, financial institutions, information service providers, life sciences, media & entertainment, open source, retail & consumer products & services, semiconductors, software and venture capital. Their reputed clients span a wide variety of industries and are found internationally. These industries include information technology, life sciences, energy and clean technology, media and entertainment, communications, retail, and financial services.
          Junior Government Associate Attorney - District of Columbia-Washington      Cache   Translate Page   Web Page Cache   
Washington, D.C. office of our client seeks junior associate attorney with 1-3 years of experience. The candidate should have interest in national security matters, particularly the Committee on Foreign Investment in the United States, and familiarity with CFIUS and/or one or more of the following areas: anti-money laundering, sanctions, export controls, government contracts, or international trade. Chinese language skills also would be helpful.With offices across the United States, Europe and Asia, this premier legal advising firm specializes in communications & networking, electronics & computer hardware, energy, financial institutions, information service providers, life sciences, media & entertainment, open source, retail & consumer products & services, semiconductors, software and venture capital. Their reputed clients span a wide variety of industries and are found internationally. These industries include information technology, life sciences, energy and clean technology, media and entertainment, communications, retail, and financial services.
          Homebrew Pancreas Gets 30 Minutes of Fame      Cache   Translate Page   Web Page Cache   

It is pretty unusual to be reading Bloomberg Businessweek and see an article with the main picture featuring a purple PCB (the picture above, in fact). But that’s just what we saw this morning. The story is about an open source modification to an insulin pump known as the RileyLink. This takes advantage of older Medtronic brand insulin pumps and allows you to control the BLE device from a smartphone remotely and use more sophisticated software to control blood sugar levels.

Of course, the FDA isn’t involved. If they were, the electronics would cost $7,000 instead of $250 — although, …read more


          How to install Fork CMS on Ubuntu 18.04 LTS      Cache   Translate Page   Web Page Cache   
Fork CMS is a free and open source content management CMS that comes with an intuitive and user-friendly web interface. In this tutorial, we will explain how to install Fork CMS on Ubuntu 18.04 LTS (Bionic Beaver) server.
          Amazon announces open source Alexa Auto SDK, available on GitHub, to let automakers integrate Alexa into cars and infotainment systems (Khari Johnson/VentureBeat)      Cache   Translate Page   Web Page Cache   

Khari Johnson / VentureBeat:
Amazon announces open source Alexa Auto SDK, available on GitHub, to let automakers integrate Alexa into cars and infotainment systems  —  Amazon today announced an open source release of the Alexa Automotive Core (AAC) SDK, or Auto SDK, to help automakers integrate Alexa voice control …


          ¿Quiénes serán los protagonistas de la próxima Open Source Summit Europe?      Cache   Translate Page   Web Page Cache   
Tendrá lugar en Edimburgo entre el 22 y el 24 de octubre y contará, entre otros, con la participación de Linus Torvalds.
           Job Posting: Senior Cryptography Engineer       Cache   Translate Page   Web Page Cache   

Job Posting: Senior Cryptography Engineer
Promise Protocols

Who we are?

Promise Protocols is one of the fastest growing FinTech companies in Silicon Valley. Promise delivers cash analytics and cash access to thousands of small businesses, that operate with volatile cash balances. We are a platform company whose aim is to automate the hardest parts of small business financial management. We are sometimes the last company many small business merchants come to when no one else will help their businesses stay alive.

Why work at Promise?

We are a high-energy, innovation-focused team of engineers and technologists who want to make running a small business less painful for owners all over the world. Promise’s environment is highly collaborative, and the ideal candidate will have an eye for detail and be a team player who enjoys working with others to find cutting-edge solutions to tricky problems. Come join us!

What we are looking for in the Senior Software Engineer?

Promise Protocols is looking for a passionate and experienced developer with cryptography experience to help develop, build and deploy a distributed, fault-tolerant P2P payments and exchange platform.

This role is ideal for cryptography scientists or software engineers with deep experience and familiarity with evolving and established cryptographic protocols and their implementation.

What you will be responsible doing?

1. Develop, build and deploy crypto protocols in distributed p2p systems

2. Work with core internal team and external open source community

3. Collaborate with teammates to produce protocol specifications

4. Collaborate and support other teams in developing crypto economic consensus protocol

5. Develop and maintain interfaces for platform API

6. Identify and recommend technologies to solve technical challenges

Closing date for applications:

Contact: Please send a request to jobs (at) promiseprotocols.com

More information: https://aquila-1.workable.com/jobs/772792


          GitHub 也 open source 自家的 Load Balancer 了...      Cache   Translate Page   Web Page Cache   
GitHub 也 open source 自家的 load balancer 了:「GLB: GitHub's open source load balancer」。 如果翻一下歷史就會發現,夠大的單位都會遇到不同的 balancing 問題,然後都會開發自己的 load balancer,像是 Google 放出來的 Seesaw,eBay 放出來的 Neutrino (程式的 repository 在 eBay/Neutrino),Facebook 放出來的 Katran。 經濟規模夠大就能夠自己搞,然後針對自家的問題客製化去解... open source 能對社群帶來多大好處就未必了,主要還是做名聲而已,實際上大家還是繼續用 nginx 跟 HAProxy,或是買商業方案來先撐著。
          Java Developer - IAM - Codeworks - Milwaukee, WI      Cache   Translate Page   Web Page Cache   
Experience in J2EE web application development and ability to use open source libraries. Our direct client is seeking a Java Developer with experience in...
From Indeed - Thu, 02 Aug 2018 16:23:50 GMT - View all Milwaukee, WI jobs
          Node Best Practices, Machine Learning in Node with TensorFlow.js and more      Cache   Translate Page   Web Page Cache   

#250 — August 9, 2018

Read on the Web

Node Weekly

Dumper.js: A Pretty Variable Inspector for Node — If you’re one for ‘print-style’ debugging, this could prove very handy for you. You can either dump out the object of your choice (including nested objects) and keep running or terminate the process.

Zeeshan Ahmed

A Curated Compilation of Node Best Practices — Curated from numerous popular articles, this in-development list of best practices covers topics from error handling to memory use and, most recently, security.

Yoni Goldberg

Move Fast and Fix Stuff. Over 500K Developers Fix Errors with Sentry — Relying on users to report errors? Use Sentry to resolve errors right in your workflow. Route alerts to the right person based on the commit and cut remediation time to 5 minutes. Sentry is open source and loved by 500K developers. Sign up for free.

Sentry sponsor

Got 9.0: A Powerful HTTP Request Library for Node.js — Got is a popular HTTP request library from one-man package powerhouse Sindre Sorhus. Version 9 is a significant release that uses the latest Node 8+ features and has a significantly smaller install size.

Sindre Sorhus

Machine Learning in Node with TensorFlow.js — TensorFlow.js brings TensorFlow’s machine learning capabilities to JavaScript, and while it’s been browser-focused so far, experimental support for Node has now been introduced. Here’s how it works.

James Thomas

Community Questions Following the ESLint Security Incident — Almost a month ago, there was an incident where a heavily used module was hijacked. This post answers a few outstanding questions about what happened and what measures are being taken to avoid similar incidents.

The npm Blog

💻 Jobs

NodeJS Development in Beautiful Norway — We are adding to our team building low latency back-ends for awesome developer experience and scalable software. Check us out.

Snowball Digital

Join Our Career Marketplace & Get Matched With a Job You Love — Through Hired, software engineers have transparency into salary offers, competing opportunities and job details.

Hired

📘 Tutorials

Deploying a Stateful Application on Azure Kubernetes Service — Guides you through the process of deploying a stateful, Dockerized Node app (the Ghost blogging platform) on the Azure Kubernetes Service.

Kristof Ivancza

How to Create a Serverless Twitter Bot on Google Cloud — Google Cloud Functions went GA last week, so why not take it for a spin?

William Saar

▶  An Introduction to Web Scraping with Node and CheerioCheerio provides jQuery-style DOM manipulation server-side.

Traversy Media

The Three Types of Node Profilers You Should Know About — A look at standard profilers, tracing profilers and APM tools.

Ben Putano

Squeeze Node Performance with Flame Graphs — Investigating and optimizing a Node API using flame graphs.

Alexandru Olaru

▶  How to Approach Security with Node.js — A conversation with Google Engineer Mike Samuel.

Node.js Foundation

Best in Class Video Infrastructure in Two API Requests

MUX sponsor

🔧 Code and Tools

PrettyError: See Node.js Errors with Less Clutter and Better Formatting

Aria Minaei

chromium-headless-remote: Dockerized Chromium in Headless Remote Debugging Mode — Ideal to use with Puppeteer.

Kir Belevich

Be the First to Try Powerful CI/CD Pipelines in Semaphore 2.0 — Model your workflow from commit to deploy the simple way with powerful pipelines. Get your invite to try it.

Semaphore sponsor

Camaro: A High Performance XML to JSON Converter — Uses bindings to pugixml, a fast C++ XML parser.

Tuan Anh Tran

Kakapo.js: A 'Next Gen' HTTP Mocking Framework

DevLucky

Fiora: A Chat App Powered by Socket.io, Koa, MongoDB and React

碎碎酱

fast-memoize: The 'Fastest Possible' JS Memoization Library

Caio Gondim


          Lucid Planet Radio with Dr. Kelly: Open Source Reality: The Emergence of a Meta-Myth, with Mitch Schultz      Cache   Translate Page   Web Page Cache   
Episode      Ascomplexity continues grow, the evolution of consciousness imparts newrelationships to our understanding of reality, revealing the emergence of a newhuman story. Let’sexplore an open source approach to humanity’s collective knowledge, and remix ournarratives to create deeply layered allegories that re-contextualize reality.How can we imagine an evolving meta-myth that influences systemic changethrough transmedia storytelling? Join renowned producer, writer and dire ...
          Free eBook "Enterprise Open Source: A Practical Introduction" Teaches Enterprises How to Accelerate Open Source Efforts      Cache   Translate Page   Web Page Cache   

SAN FRANCISCO, Aug. 9, 2018 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today released a free eBook entitled Enterprise Open Source: A Practical Introduction. The book is written for software engineering executives,...


          Free EBook "Enterprise Open Source: A Practical Introduction" Teaches Enterprises How To Accelerate Open Source Efforts      Cache   Translate Page   Web Page Cache   


          1. MonoGame - Why MonoGame?      Cache   Translate Page   Web Page Cache   

Originally posted on: http://blog.sumon.net/cwilliams/archive/2017/02/06/232975.aspx

Why MonoGame?

You’re thinking about getting into game development, and you’re trying to decide how to get started. There are a number of great reasons to go with MonoGame.

  • Maybe you found Unity to be confusing and even a bit overwhelming.
  • Maybe you prefer to “live in the code.”
  • Maybe you’ve used XNA in the past, and want to work with something similar.
  • Maybe you want to create a game that can run on Macs, Windows PCs, Android phones or tablets, iPhones and iPads, or even Xbox & Playstation… with minimal alterations or rewrites to your existing code base.

MonoGame offers game developers an opportunity to write their game once, and target MANY different platforms.

MonoGame is the open source “spiritual successor” to XNA, which was a great game development framework that is no longer supported by Microsoft.

There have been a number of quite successful games created in XNA and MonoGame. You can see a few here.

In the next post, I’ll cover what you will need, and where to find it. If you came directly to this page, you can find the complete list of articles here.


          Are you using cryptocurrencies? Request for info.      Cache   Translate Page   Web Page Cache   

Originally posted on: http://blog.sumon.net/cwilliams/archive/2014/03/13/155671.aspx

Hey everyone,

I'm working on an open source library involving Bitcoin and I was wondering how many (if any) of you are currently working with cryptocurrencies in your apps & games?
 
Whether you are buying/selling them, or just accepting them as a form of payment, I'd like to get some idea of what you're doing, what APIs you're hitting, what you think of it overall, and how I can (possibly?) make things like microtransactions and in-app purchases easier for you.
 
Feel free to leave a comment on this post, or message me if you don't want to talk about it publicly.
 
Thanks!
Chris

          Cloud Native Computing Foundation Announces Prometheus Graduation      Cache   Translate Page   Web Page Cache   

SAN FRANCISCO, Aug. 9, 2018 /PRNewswire/ -- The Cloud Native Computing Foundation® (CNCF®), which sustains open source technologies like Kubernetes® and Prometheus™, today announced from PromCon – the annual Prometheus conference dedicated to the monitoring system – that Prometheus is its ...


          (USA-VA-Reston) 249- SecDevOps Software Developer      Cache   Translate Page   Web Page Cache   
249- SecDevOps Software Developer + Full Time + Reston, Virginia + Posted 3 hours ago OVERVIEW We are looking for someone to join our Development Team and work directly with Mission personnel. Our developers use a wide variety of AWS services to deliver critical Mission functions to Production using agile development principles. This position requires a person that can perform within a team but can also work independently with only minimal guidance by the Team Lead when the need arises. GENERAL DUTIES + SecDevOps + “Infrastructure as code” (IaC): Writing and coding in products similar to AWS CloudFormation, Chef, Puppet, and Ansible + Setting up continuous integration, continuous delivery (CI/CD) pipelines + Products similar to Jenkins and GitHub + Code quality scans + AWS Services + Lambda architecture principles + Elastic Container Service (ECS) + CodeCommit, CodePipeline, CodeBuild, CodeDeploy + Networking architecture principles: Virtual Private Cloud (VPC), Subnets, PrivateLink + Application Development + Java, Python, Go, NodeJS or Ruby on Rails + JavaScript and JavaScript libraries to include ExtJs or JQuery + RESTful APIs using JSON or XML messaging such as Grape, Rails, or Sinatra (Ruby) + Interpersonal + Able to communicate technical details to technical and non-technical audiences + Documents code and shares lessons learned through mediums such as team wiki + Experience working within the Open Source Enterprise (OSE) QUALIFICATIONS + 13 years of experience + Experience developing using Commercial Amazon Web Services (AWS) + Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or a scientific or technical field; may be substituted with years of experience as follows: + 16 years of experience and no degree CLEARANCE ActiveTop Secret/SCIwithPolySecurity Clearance
          (USA-VA-Reston) 248- UI Software Developer      Cache   Translate Page   Web Page Cache   
248- UI Software Developer + Full Time + Reston, Virginia + Posted 3 hours ago OVERVIEW We are seeking a Front End Software Developer to develop the user interface for applications that support corporate services, legacy mission services, and cloud-based analytic services. The Developer will be responsible for employing agile development processes and operating in a cloud environment. Development will involve negotiating interfaces with the back-end developers, performing REST calls and rendering data structures. Perform requirements analysis and proof of concept or prototyping as needed for engineering and design of IT applications destined for the cloud. Perform as part of a team but also work independently with minimal guidance by the Team Lead when the need arises. GENERAL DUTIES + Application development using Commercial Amazon Web Services (AWS) + Ability to develop, test, implement and maintain front end applications + JavaScript + NodeJS + Understands concepts like callbacks, asynchronous programming (e.g., Ajax), and promises + JavaScript frameworks such as VueJS or ExtJS + Experience with code frameworks like React (ideal) or Angular, and working knowledge of layout frameworks such as Bootstrap or Foundation + Solid command of HTML5, CSS3, and JSON + Strong oral and written communication and interpersonal skills QUALIFICATIONS + 13 years of experience + Application development using Commercial Amazon Web Services (AWS) + Bachelor’s Degree in Computer Science, Information Systems, Engineering, Business, or a scientific or technical field; may be substituted with years of experience as follows: + 16 years of experience and no degree + RESTful web services + General relational database queries + Cascading Style Sheet (CSS), preferably CSS3 + Document Object Model (DOM) manipulation + Node.js template engines like Pug/Jade + Experience working within the Open Source Enterprise (OSE) CLEARANCE ActiveTop Secret/SCIwithPolySecurity Clearance
          (USA-AL-Huntsville) Software Engineer      Cache   Translate Page   Web Page Cache   
Job Descriptions: GENERAL JOB SUMMARY: Software Engineers are being sought to join an experienced Software Engineering Team that is responsible for the design, development and deployment of multiple software applications and systems in support of the U.S. Army Space and Missile Defense Command. Candidates will work on a suite of tools that includes desktop, web and mobile applications. Candidates will support both enhancements and extensions to the existing software suite as well as the design and implementation of new software applications. Experience with software design, implementation and test, deployment, sustainment, and working in configuration managed, classified, and team environments are beneficial. ESSENTIAL JOB FUNCTIONS: PRIMARY – + Operating in a Microsoft Windows environment + Using Microsoft Visual Studio to develop, debug, test, and deploy applications + Proficient in C# and the .NET Framework + Working with industry standard relational databases (PostgreSQL, MySQL, MS SQL Server) SECONDARY – + Experience with ASP.NET, MVC, Web API, ORM technologies + Experience with HTML5, CSS3, jQuery, any industry standard JavaScript frameworks + Experience with hosting websites in a Microsoft IIS webserver Preferred – + Experience in open source development + Ability to work independently or as part of a team + Experience on iterative, spiral or agile software development teams WORK ENVIRONMENTThe employee will likely be placed in an office. The work environment characteristics are representative of those of an employee encounters while performing essential functions of the job in a typical office/workstation situation. Able to work sitting or standing at desk and operate a computer via standard input devices such as using a keyboard and reading information on a monitor. Required Experience: JOB SKILLS: Required – + Proficient in C# and the .NET Framework + Experience with relational databases (PostgreSQL, MySQL, MS SQL Server) + Build and debug both desktop applications and websites built on .NET technologies EDUCATION AND EXPERIENCE: + BS degree in a technical degree and at least 2 to 9 years of experience Keyword: Microsoft Visual Studio, C#, .NET, PostgreSQL, MySQL, MS SQL Server From: Kratos Defense
          Metabase 0.30.0.0 - Easy data analysis. (Free)      Cache   Translate Page   Web Page Cache   

Metabase is an open source solution for sharing, visualizing, and analyzing data without having to deal with a complex workflow. The utility enables you to filter content via an user-friendly interface, and can transform data into easy to read graphs in no time.

Features
  • Activity: Get a real-time glimpse into what your company is learning about your data. Activity helps people in your company find an answer, jump start their own exploration, or improve existing questions.
  • Dashboards: Let everyone on your team create, organize and share collections of data.
  • Open source and constantly improving: Metabase is built and maintained by a dedicated team, and is open source, so the community can help improve it too. You get new features, interface improvements, and bug fixes for free, and can forget about building or maintaining your own analytics platform.


Version 0.30.0.0:
  • Collections all the way down
  • Pins
  • App wide search
  • Comparisons
  • Conditional formatting
  • Bug Fixes


  • OS X 10.9 or later



More information

Download Now
          Amazon launches Auto SDK to bring Alexa to more cars      Cache   Translate Page   Web Page Cache   

Amazon today announced an open source release of the Alexa Automotive Core (AAC) SDK, or Auto SDK, to help automakers integrate Alexa voice control into cars and their infotainment systems, screens often used for navigation, media, or climate control. The software development kit is free for download on GitHub and is optimized for bringing Alexa to in-car […]


          Open Source Software Developer - IBM - Markham, ON      Cache   Translate Page   Web Page Cache   
Through several active collaborative academic research projects with professors and graduate students from a number of Canadian and foreign universities....
From IBM - Wed, 18 Jul 2018 10:49:17 GMT - View all Markham, ON jobs
          Principal Web Application Full Stack Programmer / Architect      Cache   Translate Page   Web Page Cache   
FL-Tampa, R-54147: We’re looking for a Principal Web Application Full Stack Programmer / Architect that will be responsible for implementing solutions to support our client’s enterprise analytics strategy. The successful candidate will have experience in open source web application development technologies and public cloud development experience using AWS, Google Cloud Platform, or Azure. Responsibilities:
          Continuum Analytics Blog: Deploying Machine Learning Models is Hard, But It Doesn’t Have to Be      Cache   Translate Page   Web Page Cache   

With free, open source tools like Anaconda Distribution, it has never been easier for individual data scientists to analyze data and build machine learning models on their laptops. So why does deriving actual business value from machine learning remain elusive for many organizations? Because while it’s easy for data scientists to build powerful models on …
Read more →

The post Deploying Machine Learning Models is Hard, But It Doesn’t Have to Be appeared first on Anaconda.


          Now a Nearly $1 Billion Blockchain, Tezos Is Slowly Building Up Its Security      Cache   Translate Page   Web Page Cache   

The number of Tezos bakers is on the rise.

The protocol's term for a validator (its equivalent of bitcoin's miners), bakers are crucial to ensuring the nascent network's security. And that's all the more necessary given the value of the funds at stake.

Sinceraising $232 million in 2017, the protocol has hada very bumpy path to getting off the ground. Once live, though, it's become a top 20 blockchain by market capitalization, with a valuation consistently above $1 billion. Furthermore, there's been little out of the ordinary happening on the new blockchain.

Watching the amount of tokens staked to validate and the number of people taking part is probably the best way early on to assess the stability of the new network.

"I've been particularly impressed with the role the community has played in this process," Mike Reinhart of Obsidian Systems, which is building software for bakers, told CoinDesk in an email.

So far, it's been a smooth increase in bakers overall.

There are 108 bakers working on Tezos, as of this writing, besides the nodes run by the Tezos Foundation, according to TzScan.io, a block explorer for the protocol. At launch, all validation was run by the Tezos Foundation, butthat opened up with the seventh cycle (each cycle runs roughly every three days).

This is only the third week that the protocol has been operational. It's difficult to draw any big conclusions from either the limited growth or the limited attrition so far.

But the number seems to be growing as services come along to make it easier for holders of XTZ to participate. It takes 10,000 XTZ to serve as a baker (what the creators call a "roll"), plus a little technical know-how and a good internet connection.

At current prices, that's roughly $15,000 in cryptocurrency, but if the holder has a long position in tezos, then baking gives them a way to earn additional income while they sit on their tokens.

The number of rolls staked for baking has been increasing steadily as well, helped in part by the growth in delegation services. For holders that don't have $15,000 in cryptocurrency to dedicate to baking, the protocol also allows for users to delegate their tokens to a service in order to earn rewards. TzScan lists 36 companies that offer baking services so far.

It also shows three bakers that have already dropped out of providing delegation services: TZ Baker, Tezos MX and, most recently, XTEZ.

Fear of a centralized protocol

Still, two bakers on the platform represent about 20 percent of all the staked XTZ.

On the other hand, the foundation's nodes have already dropped to less than 50 percent of the total network. In the current cycle, the other 107 bakers make up 32.8 percent of the xtz staked for validation.

However, due to the way delegation on Tezos works, there's a delay from when a user decides to delegate tokens and when they really start working. Tzscan makes it possible to look several cycles ahead, and five cycles down the road , at cycle 17, (about 15 days away) those large delegation services are losing market share.

"First, they've shown a strong inclination to bake themselves: 46 percent (202/435) of all potential bakers in cycle 17 have only one-to-two rolls," Obsidian's Reinhart told CoinDesk.

Obsidian Systems makes secure software for secure baking, with support from the Tezos Foundation . It's currently command line only software, but a graphical user interface is in the works.

It's not the only member of the community to do so. Stephen Andrews has also built BakeChain , free software for windows computers available on Github.

Nevertheless, there are those who suspect the current architecture will tend toward centralization. Meltem Demirors of CoinShares, has critiqued the concentration of xtz among the very largest holders.

"There are a number of new services springing up, but we see the trend moving towards consolidation which is concerning," Demirors, who is a partner with a delegation service called Tezzigator, told CoinDesk.

Delegation ain't easy

"What we're seeing is people beginning to grasp the real implications of being an aggregator of proxy votes it's expensive and only works at scale," Demirors argued.

The delegates that have dropped out haven't provided a lot of visibility into their reasoning, but one company providing the service offered its perspective on the challenges of the business.

Awa Sun Yin of Switzerland-based Cryptium Labs has 47 rolls in its baking node, as of this writing. Yin identified three categories of challenges faced by a new delegation service, not all of which might be obvious out the outset. She broke them down into legal, infrastructure and development categories.

Not every new delegator might immediately realize that it's better to establish a legal entity. Once they have, that might persuade some to pull out.

Here in the early days of Tezos, she also pointed out that there's a lot of software updates to the protocol coming quickly that delegation services have to keep up with. Couple this with the fact that there aren't enough open source tools to automate all processes that could be automated for a delegator yet.

"The biggest struggle with maintaining the baking infrastructure is related to software upgrades," she wrote. "These releases are hard to foresee and sometimes the releases are critical, as they might have patched a security vulnerability."

In other words, it's just not as easy as setting up some code on a computer and letting it run.

That said, she added:

"As the technology has been recently launched, there is a lot of room for both development and community contributions. With time, and the right participation, it will get much better."

Building blocks via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies . CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.


          Custom site performance reports with the CrUX Dashboard      Cache   Translate Page   Web Page Cache   

Custom site performance reports with the CrUX Dashboard

Continuous performance monitoring is crucial to identify trends and regressions before they negatively affect your site engagement and bottom line metrics. The Chrome UX Report (CrUX) enables you to track user experience and performance metrics for millions of origins -- and yes, you can even compare competitors' performance head-to-head! Today we're releasing the CrUX Dashboard that you can use to better understand how an origin's performance evolves. It's built on Data Studio and automatically syncs with the latest datasets and can be easily customized and shared with everyone on your team.

The monthly distribution of First Contentful Paints for 
    developers.google.com#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
The monthly distribution of First Contentful Paints for developers.google.com

Go try it out at g.co/chromeuxdash -- it only takes a minute to set it up! There are a few one-time confirmation prompts, so if you have any hesitation refer to this helpful walkthrough video:

https://www.youtube.com/watch?v=DmFWL-O7EwA

There are now three ways to explore the Chrome UX Report dataset, so let's see what makes this one so special.

  1. BigQuery is great for slicing and dicing the raw data at will across any number of origins. You get 1 TB of querying for free each month and a billing account is required to cover any overages.

  2. PageSpeed Insights allows you to explore the latest snapshot of the user experience for a single URL or origin. You can see how the page load performance is distributed in a web interface or API.

  3. The CrUX Dashboard enables you to see how the user experience of an origin changes over time. All of the data querying and visualizing is done for you with unlimited free usage and the data is automatically updated for you.

This dashboard is built on Data Studio , Google's dashboarding and reporting platform that is free to use. Under the hood, the entire data pipeline is managed for you thanks to the Chrome UX Report's community connector. All you need to do is enter an origin and it will load the data and generate the visualizations for you. It's even open source, so you can explore how it works in the GoogleDataStudio/community-connectors repository on GitHub.

The monthly distribution of form factors for 
    developers.google.com#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
The monthly distribution of form factors for developers.google.com

In this release we've set you up with three charts:

  1. First Contentful Paint
  2. Device Distribution
  3. Connection Distribution

Each chart includes historical data so you can see how the distribution changes over time. And this really is a live dashboard; the visualizations will automatically update after each monthly release.

The monthly distribution of effective connection types for 
    developers.google.com#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000
The monthly distribution of effective connection types for developers.google.com

Some features we're exploring for future improvements are more metrics like First Input Delay, better error handling of unrecognized origins, and the ability to compare multiple origins. If you have any suggestions to make the dashboard even better, we'd love to hear from you on the forum or @ChromeUXReport.


          Prometheus monitoring tool joins Kubernetes as CNCF’s latest ‘graduated’ project      Cache   Translate Page   Web Page Cache   
The Cloud Native Computing Foundation (CNCF) may not be a household name, but it houses some important open source projects including Kubernetes, the fast-growing container orchestration tool. Today, CNCF announced that the Prometheus monitoring and alerting tool had joined Kubernetes as the second “graduated” project in the organization’s history. The announcement was made at PromCon, the […]
          Stuff The Internet Says On Scalability For August 10th, 2018      Cache   Translate Page   Web Page Cache   

Hey, it's HighScalability time (out Thur-Fri, so we're going early):

 

London Maker Faire 1851—The Great Exhibition—100,000 objects, displayed along more than 10 miles, by over 15,000 contributors.

 

Do you like this sort of Stuff? Please lend me your support on Patreon. It would mean a great deal to me. And if you know anyone looking for a simple book that uses lots of pictures and lots of examples to explain the cloud, then please recommend my new book: Explain the Cloud Like I'm 10. They'll love you even more.

 

  • 90%: accuracy predicting gender from retinal image; $1 billion: Ebay sales per quarter from AI; $78 billion: global AI software market by 2025; $75m: penalty for botched SAP upgrade; 35 million: m^3 of mud dredged out of the Dutch waterways; 138 terabytes: memory per square inch; 500 million: Uber metrics per second; 22x: new faster JSON Sparser; 

  • Quotable Quotes:
    • @IanColdwater: The JIRA tickets will continue until morale improves
    • @david_perell: Three crazy stats from @mikedariano’s newsletter. 1. People watch more Minecraft hours than the NBA, NHL, NFL, and MLB combined.  2. Only 26 countries have more people than PewDiePie has subscribers.  3. Only 20% of YouTube’s traffic is from the United States. 
    • Charlie Demerjian: Why does SemiAccurate say that Intel knows? We have seen their internal documents that show exactly how frightened the company is. The documents go into specifics we don’t feel are appropriate to discuss publicly but there is one thing we can say, Intel knows their position. One of the documents says in no uncertain terms that the company understands they will not be competitive in the server market until AFTER Sapphire Rapids, the 2022 server part. AMD has a clear run in Intel’s core market for at least 4 years.
    • @ScottMcGready: Can we just take a moment to remember that one company I worked for backed up their stuff on tapes religiously- all tapes sent to a warehouse nightly. Years later someone tested a tape... turns out nothing had been written... ever. We had a (paid) warehouse full of empty tapes
    • Uber: Since 2016, Uber has added several new lines of business to its platform, including Uber Eats, Uber Freight, and Jump Bikes. Now, we complete over 15 million trips a day, with over 75 million monthly active riders. In the last eight years, the company has grown from a small startup to 18,000 employees across the globe.
    • @mims: Here is a super important thing that we don't talk about enough: Almost all of the increase in income inequality from 1978 to the present can be accounted for by the difference in wages between top performing firms and everyone else. And now we have some idea what's driving unequal growth in productivity of top-performing firms -- it's how they build and use *their own, proprietary software and other IT/technology
    • @taotetek: Distributed systems tip: Write your system without any queues first. You might find you don't need queues. If you end up needing queues, the retry and reliability code you wrote in order to function without queues will still make your system more reliable.
    • @theburningmonk: I think the visual flow is sometimes under-appreciated - our app support team can easily look at it and figure out what went wrong without knowing ins & outs of implementation details. I can also show the diagram to a product person and he/she would get it as well
    • John Mark: It’s time to understand something about open source software development: it is not going to save us. Using or developing more open source software is not going to improve anyone’s lives. Developing open source software is not a public good. It’s not going to result in a fairer or more equitable society. In fact, as currently structured, open source development is part of the problem. 
    • There are a few more quotes. Don't miss them.
Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

          Prometheus monitoring tool joins Kubernetes as CNCF’s latest ‘graduated’ project      Cache   Translate Page   Web Page Cache   
The Cloud Native Computing Foundation (CNCF) may not be a household name, but it houses some important open source projects including Kubernetes, the fast-growing container orchestration tool. Today, CNCF announced that the Prometheus monitoring and alerting tool had joined Kubernetes as the second “graduated” project in the organization’s history. The announcement was made at PromCon, the […]
          Honeypot Resurrection - Redesign of CERN's Security Honeypots      Cache   Translate Page   Web Page Cache   
Honeypots are a fake system residing in a companie's or organization's network, attracting attackers by emulating old and vulnerable software. If a Honeypot is accessed, all actions are logged and any submitted files are being stored on the host machine. The current Honeypot at CERN is deprecated and does not provide useful notifications. The task of this summer student project is to identify well maintained and up-to-date open source honeypots, test and configure them and finally deploy them to convincingly resemble a CERN host in order to collect information about potentially malicious activity inside the GPN.
          IMPIEGATA/O RISORSE UMANE a Bibione (VE) - OSM open source management - Bibione, Veneto      Cache   Translate Page   Web Page Cache   
Per la sede a Bibione (VE). Ti piacerebbe essere la persona che si occupa della crescita di un’azienda di successo partendo dai collaboratori interni e... €1.400 - €2.000 al mese
Da Indeed - Fri, 27 Jul 2018 08:32:01 GMT - Visualizza tutte le offerte di lavoro a Bibione, Veneto
          How to install Fork CMS on Ubuntu 18.04 LTS      Cache   Translate Page   Web Page Cache   
Fork CMS is a free and open source content management CMS that comes with an intuitive and user-friendly web interface. In this tutorial, we will explain how to install Fork CMS on Ubuntu 18.04 LTS (Bionic Beaver) server.
          DevOps Engineer - Ritchie Bros. - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ritchie Bros. - Sat, 30 Jun 2018 02:48:25 GMT - View all Burnaby, BC jobs
          Senior DevOps Engineer - Long Term Contract - Ignite Technical Resources - Burnaby, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Ignite Technical Resources - Thu, 21 Jun 2018 08:15:40 GMT - View all Burnaby, BC jobs
          DevOps Engineer - Ritchie Bros. - Vancouver, BC      Cache   Translate Page   Web Page Cache   
Integrate, manage and support a diverse range of Open Source and commercial middleware, tools, platforms and frameworks to enable continuous product delivery....
From Indeed - Wed, 08 Aug 2018 18:36:45 GMT - View all Vancouver, BC jobs
          MVVM Light with Laurent Bugnion      Cache   Translate Page   Web Page Cache   
Back at the beginning of WPF, before Silverlight, there was MVVM Light. While on the Modern Web Tour in Zurich, Richard sat down with Laurent Bugnion to talk about his work creating the open source toolkit that helped developers build cross-platform applications using the Model View View-Model pattern. Laurent's story crosses much of the story of XAML itself, from WPF to Silverlight to Windows Phone and Xamarin Forms!

          #402 - Open Source w/Dirk Hoj      Cache   Translate Page   Web Page Cache   
none
          #vuc523 - Open BTS Book      Cache   Translate Page   Web Page Cache   
"Deploy your own private mobile network with OpenBTS, the open source software project that converts between the GSM and UMTS wireless radio interface and open IP protocols. With this hands-on, step-by-step guide, youâ??ll learn how to use OpenBTS to construct simple, flexible, and inexpensive mobile networks with software."
          #vuc543 - Big Blue Button, revisited      Cache   Translate Page   Web Page Cache   
Big Blue Button is an open source project that weds a number of existing projects to create a high-quality distance learning and collaboration platform. This week project lead Fred Dixon joins us to deliver an update on the state of the project, hot on the heels of their most recent developer conference.
          #VUC603 - Pre-vacation Show & Tell      Cache   Translate Page   Web Page Cache   
James, Andy, Michael & Randy talk about apps and hardware. Also Wire client is open sourced and EFF sues the US government over DCMA 1202
          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          Prometheus Joins Kubernetes on CNCF Graduation Stage      Cache   Translate Page   Web Page Cache   

Prometheus Joins Kubernetes on CNCF Graduation Stage The project is an open source monitoring tool, which is now seen as table stakes for cloud native and container deployments.


          LXer: Getting started with Postfix, an open source mail transfer agent      Cache   Translate Page   Web Page Cache   
Published at LXer: Postfix is a great program that routes and delivers email to accounts that are external to the system. It is currently used by approximately 33% of internet mail servers. In this...
          LXer: How to Install InvoicePlane on Ubuntu 18.04 LTS      Cache   Translate Page   Web Page Cache   
Published at LXer: InvoicePlane is a free, open source and self-hosted application for managing your invoices, clients and payments. In this tutorial, we will explain how to install InvoicePlane on...
          LXer: Sharing open source alternatives to Google's online tools      Cache   Translate Page   Web Page Cache   
Published at LXer: In an earlier article, the crew from French non-profit Framasoft discussed their mission to help people slip the bonds of internet giants and take control of their own data....
          LXer: How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7      Cache   Translate Page   Web Page Cache   
Published at LXer: Strongswan is an open source multiplatform IPSec implementation. It's an IPSec-based VPN solution that focuses on strong authentication mechanisms. In this tutorial, I will show...
          Update: Line 'em Up! (Music)      Cache   Translate Page   Web Page Cache   

Line 'em Up! 2.0.5


Device: iOS iPhone
Category: Music
Price: Free, Version: 2.0.3 -> 2.0.5 (iTunes)

Description:

Besides raving to the greatest headliners at music festivals, you will also discover fun, unknown artists and acts you otherwise would have skipped!

Features:
∙ Listen to snippets and swipe your personal line-up
∙ All of your line-ups in a clear overview
∙ Share your personal line-up with your friends easily
∙ Use the search function to find festivals
∙ Buy tickets from a festival of your choice
∙ Choose from more than 1500 festivals worldwide and discover where you’re going to this summer

We are adding new festivals daily! We already have festivals like: Dour, Lowlands, Tomorrowland, Pukkelpop, Laundry Day, Rock The Park Music, Kaslo Jazz, Heavy Montreal, Area 4, Love Week, Brutal Assault, Metal Magic, Smukfest, Tønder, Lovebox, Citadel, Chagstock, Kaleidoscope, Ilosaarirock, Summer Up, Afropunk Fest, Melt!, Panama Open Air, Open Source, Longitude, Palmesus, SWR Barroselas Metal Fest, NOS Alive!, Hebcelt, Bilbao BBK Live, Cruilla, Barcelona Beach, Paléo, Grassroots, Sloss, Forecastle and Monmouth Festival. Enough festivals to discover!

What's New

Listen to more songs from 1 artist during your swiping!

Line 'em Up!


          20180620 - Advances in High Throughput Toxicokinetics (HTTK) (ICCA-LRI)      Cache   Translate Page   Web Page Cache   
Toxicokinetic (TK) models can describe the link between administered in vivo doses and plasma, blood, or tissue concentrations. High-throughput toxicokinetics (HTTK) uses rapid in vitro measured TK parameters, chemical structure-based properties, and high-throughput models to predict TK parameters. HTTK can be applied for in vitro to in vivo extrapolation, where bioactive concentrations from in vitro screening studies (e.g. Tox21 and ToxCast) are converted to in vivo administered equivalent doses (AED). Predicted AED may then be compared with exposure estimates. HTTK may thereby provide risk based context to in vitro toxicity data. Developments in HTTK include the measurement of data for TK parameters of fraction of unbound chemical in plasma and intrinsic hepatic clearance, defining compartmental and physiologically based TK models (Pearce et al. 2017a), improved estimates of tissue partitioning (Pearce et al. 2017b), and developing a population simulator (Ring et al. 2017). These tools and data for HTTK are published in the open source R software package httk (Pearce et al. 2017a, https://cran.r-project.org/web/packages/httk/), available for use by the broader scientific community. We continue to advance methods for HTTK and are in the process of developing models for inhalation and dermal exposure routes as well as collecting Caco-2 data for estimating fraction of oral absorption. This abstract does not reflect EPA policy.
          Free tool checks for critical open source vulnerabilities      Cache   Translate Page   Web Page Cache   
Every month details emerge of dozens of new security vulnerabilities, and open source software is not immune from these. In order to help companies stay up to date and ensure vulnerabilities are patched quickly, open source security specialist WhiteSource is launching a free tool that provides companies with immediate, real-time alerts on the 50 most critical vulnerabilities published in the open source community. The standalone CLI tool is free to use and available for anyone to download as a desktop application. Once downloaded, the Vulnerability Checker offers users the opportunity to import and scan any library and run a quick check… [Continue Reading]

          appium      Cache   Translate Page   Web Page Cache   
Appium is an open source test automation framework for use with native, hybrid and mobile web apps.
It drives iOS, Android, and Windows apps using the WebDriver protocol.


          PostgreSQL 10.5-1      Cache   Translate Page   Web Page Cache   
A powerful, open source object-relational database system. 2018-08-09
          Metabase 0.30.0      Cache   Translate Page   Web Page Cache   
Open source software designed to manage, analyze, share and learn from large amounts of information in data-centric companies. 2018-08-09
          Audacious 3.10      Cache   Translate Page   Web Page Cache   
A free, open source audio player with plugin support and streaming music. 2018-08-09
          Sr Software Engineer - Hadoop / Spark Big Data - Uber - Seattle, WA      Cache   Translate Page   Web Page Cache   
Under the hood experience with open source big data analytics projects such as Apache Hadoop (HDFS and YARN), Spark, Hive, Parquet, Knox, Sentry, Presto is a...
From Uber - Sun, 13 May 2018 06:08:42 GMT - View all Seattle, WA jobs
          How to Install Laravel PHP Framework on Ubuntu      Cache   Translate Page   Web Page Cache   
Laravel is a free, open source, flexible and lightweight PHP framework with Model-View Controller (MVC) design structure. It has a refined, easy, and readable syntax for developing modern, robust and powerful applications from the...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

          Open source IT automation solution from Red Hat gets an update      Cache   Translate Page   Web Page Cache   
Red+Hat%2C+Inc%2E+announced+the+general+availability+of+Red+Hat+Ansible+Engine+2%2E6%2C+the+latest+r
          Comment on Open Source Meetup Presentation @ FOSDEM 2010 ! by SEO Proxies      Cache   Translate Page   Web Page Cache   
<strong>SEO Proxies</strong> I found a great...
          Comment on Open Source Meetup in Munich- Feb 26 – with Kev Needham and Chris Hofmann by Free Private Proxies      Cache   Translate Page   Web Page Cache   
<strong>Free Private Proxies</strong> I found a great...
          Free tool checks for critical open source vulnerabilities      Cache   Translate Page   Web Page Cache   
Every month details emerge of dozens of new security vulnerabilities, and open source software is not immune from these. In order to help companies stay up to date and ensure vulnerabilities are patched quickly, open source security specialist WhiteSource is launching a free tool that provides companies with immediate, real-time alerts on the 50 most critical vulnerabilities published in the open source community. The standalone CLI tool is free to use and available for anyone to download as a desktop application. Once downloaded, the Vulnerability Checker offers users the opportunity to import and scan any library and run a quick check… [Continue Reading]
          Google appoints Jeff Bailey as new head of AOSP      Cache   Translate Page   Web Page Cache   
Android P was officially given a version number and tasty nickname this week. To go along with the big announcement of Android 9 Pie, Google pushed the source code to the Android Open Source Project ( ... - Source: www.xda-developers.com
          Prometheus monitoring tool joins Kubernetes as CNCF’s latest ‘graduated’ project      Cache   Translate Page   Web Page Cache   
The Cloud Native Computing Foundation (CNCF) may not be a household name, but it houses some important open source projects including Kubernetes, the fast-growing container orchestration tool. Today, CNCF announced that the Prometheus monitoring and alerting tool had joined Kubernetes as the second “graduated” project in the organization’s history. The announcement was made at PromCon, the […]
          10 Useful React Components, Libraries & Tools      Cache   Translate Page   Web Page Cache   

React is an open source JavaScript library developed by Facebook that allows for building advanced UIs. What makes React so interesting is that you can set different views for a...

The post 10 Useful React Components, Libraries & Tools appeared first on Speckyboy Web Design Magazine.


          Sr Software Engineer - Hadoop / Spark Big Data - Uber - Seattle, WA      Cache   Translate Page   Web Page Cache   
Under the hood experience with open source big data analytics projects such as Apache Hadoop (HDFS and YARN), Spark, Hive, Parquet, Knox, Sentry, Presto is a...
From Uber - Sun, 13 May 2018 06:08:42 GMT - View all Seattle, WA jobs
          (USA-DC-WASHINGTON) Deputy Fire Marshall (Operations)      Cache   Translate Page   Web Page Cache   
#### Overview American Security Programs is a premium contract security services company based in Northern Virginia and a wholly owned subsidiary of SecurAmerica. Our mission is to provide legendary and responsive security service solutions to our client, which provides uncompromising value, cost effectiveness, and results to our clients' diverse business needs. The company was founded upon a single guiding principal: The founder's vision of a truly quality-oriented company, the executives of which would remain available, accountable and in touch with every customer. #### Job Skills / Requirements Basic Job Responsibilities: a. Performs scheduled walk through fire and life safety inspections of all WBG owned/leased facilities by interpreting and applying the subject matter of International and National Fire/Sprinkler codes, while also enforcing Bank standards, policies, and procedures. b. Makes notation of any items, practices, or features that would adversely affect staff from a fire/safety standpoint. Actively documents and immediately reports these items, practices, or features. c. Witnesses, documents, and participates in fire and life safety systems testing for new/existing systems and testing of repaired or upgraded systems to ensure that they function to meet the design specification and are code compliant/meet WBG standards. d. Assists in the investigations of safety and fire incidents and prepares reports on same. e. Assists the SFM with plans review of construction projects that affect the protective systems in all WBG-owned, leased, or retrofitted space on current, upgraded, or redesigned fire safety systems. f. Assists the SFM with coordination and escort for visits/inspections of the WBG’s Insurance Underwriters. g. Assists the Chief Fire Marshal (CFM) and SFM in coordinating/executing emergency evacuation/shelter-in-place/daycare drills in all WBG owned & leased buildings as outlined in the Bank Group’s Emergency & Fire Safety Plan QUALIFICATIONS 1. At least 3 years’ work experience in a technical or related field. Experience in a Fire Life Safety discipline preferred but not required. It is also suitable to have experience in building systems engineering and/or building safety. 2. A 4 year degree in a related field of technical study can be used to substitute the experience requirement. 3. A 2 year degree in a related field of technical study can be used to substitute 2 years of the experience requirement. 4. Proficiency in use of Microsoft Office Suite applications (Word, Excel, PowerPoint, etc.) and open source databases 5. Familiarity with modern mobile technologies and other common technologies (standard computer software applications) 6. Effective organizational skills, attention to detail, and strong written and oral communication skills Key Competencies: Accountability, Building Effective Relationships, Client Orientation, Commitment to Continuous Learning, Communication, Creativity, Drive for Results, Emergency Communication Systems, Emergency Management, Fire Alarm Systems, Fire & life Safety Code, Hazard Classification/Identification, Integrity, International Code Council, Inspection Procedure, Learning on the Fly, Life Safety, Mass Notification Systems, National Fire Protection Association, Occupancy Classification, Open Source Databases, Planning and Organizing, Problem Solving, Professionalism, Public Safety, Respect for Diversity, Teamwork, Technological Awareness, Time Management, Timely Decision Making #### Education Requirements (Any) Bachelor’s Degree in education or related field preferred and/or equivalent experience as an instructor with a large private or government organizatio BS and 3 years Experience or Associates and 5 years experience Associates and 3-5 years of work related experience #### Additional Information / Benefits American Security Programs is committed to providing equal employment opportunity without regard to race, color, religion, national origin, sex, age, disability, genetic information, veteran status, or membership in any other protected group. As an affirmative action employer with federal contracts, we are required to report demographic information about our employees and job applicants to various agencies of the United States government. The data requested during the application phase is used to comply with the government's recordkeeping and reporting requirements, and to monitor the progress of our Affirmative Action programs. Your self-identification for the EEO categories is voluntary and the information that you provide will not be used in any employment decisions. If you decide to disclose this data, your employment will not be adversely affected. Benefits: Medical Insurance, Life Insurance, Dental Insurance, Vision Insurance, Paid Vacation Screening Requirements: Motor Vehicle, Drug Screen, Criminal Background Check This job reports to the Chief Fire Marshall This is a **Full and Part-Time** position **1st Shift**, **2nd Shift**, **3rd Shift**, **Weekends**. *Number of Openings for this position:* 2
          (USA-AL-Huntsville) Software Engineer      Cache   Translate Page   Web Page Cache   
**Job Description:** **GENERAL JOB SUMMARY:** Software Engineers are being sought to join an experienced Software Engineering Team that is responsible for the design, development and deployment of multiple software applications and systems in support of the U.S. Army Space and Missile Defense Command. Candidates will work on a suite of tools that includes desktop, web and mobile applications. Candidates will support both enhancements and extensions to the existing software suite as well as the design and implementation of new software applications. Experience with software design, implementation and test, deployment, sustainment, and working in configuration managed, classified, and team environments are beneficial. **ESSENTIAL JOB FUNCTIONS:** **PRIMARY –** * Operating in a Microsoft Windows environment * Using Microsoft Visual Studio to develop, debug, test, and deploy applications * Proficient in C# and the .NET Framework * Working with industry standard relational databases (PostgreSQL, MySQL, MS SQL Server) **SECONDARY –** * Experience with ASP.NET, MVC, Web API, ORM technologies * Experience with HTML5, CSS3, jQuery, any industry standard JavaScript frameworks * Experience with hosting websites in a Microsoft IIS webserver **Preferred –** * Experience in open source development * Ability to work independently or as part of a team * Experience on iterative, spiral or agile software development teams **WORK ENVIRONMENT** ### ### The employee will likely be placed in an office. The work environment characteristics are representative of those of an employee encounters while performing essential functions of the job in a typical office/workstation situation. Able to work sitting or standing at desk and operate a computer via standard input devices such as using a keyboard and reading information on a monitor. **Experience and Skills:** **JOB SKILLS:** **Required –** * Proficient in C# and the .NET Framework * Experience with relational databases (PostgreSQL, MySQL, MS SQL Server) * Build and debug both desktop applications and websites built on .NET technologies **EDUCATION AND EXPERIENCE:** * BS degree in a technical degree and at least 2 to 9 years of experience *Job Tracking ID:* 85347-270436 *Location:* Huntsville, AL *Job Type:* Full-Time/Regular *Date Updated:* August 08, 2018 *Job Level:* Mid Career (2+ years) *Number of Openings:* 4 *Years of Experience:* At least 3 Years *Level of Education:* BA/BS *Starting Date:* ASAP
          Educational Linux distribution Edubuntu has been (just about) discontinued      Cache   Translate Page   Web Page Cache   

A few years ago the developers of Edubuntu that the Ubuntu-based operating system for teachers and students was going to skip the update to Ubuntu 16.04 and stay on Ubuntu 14.04 indefinitely. The two lead developers came to that decision after realizing that after a decade of working on the project, they didn’t have time to devote to keeping the operating system up to date.

As an open source project, the developers were hoping that someone else might be willing to step up and take over leadership of the project, but that hasn’t happened.

You can still download and use Edubuntu 14.04.5 today, but it’s based on a 4-year-old version of Ubuntu. And when Canonical pulls the plug on support for Ubuntu 14.04 in April, 2019 then the latest version of Edubuntu will also be unsupported.

Read more


          Introduction to Zotero      Cache   Translate Page   Web Page Cache   

Zotero is a free and open source software that enables you to organize your research, create bibliographies and insert citations or footnotes in your assignments.

Category: 
Libraries, TLS - SKILLSETS
13Mar201914:00
to
15:00

          Comment on YouTube will now place Wikipedia entries about global warming below videos ‘refuting evidence of rising temperatures’ by Cynicles      Cache   Translate Page   Web Page Cache   
Wikipedia? Open source website to substantiate their claims. Great, now trenchers can go edit Wiki to reflect the truth.
          Who Uses Your Open Source Code Anyway?      Cache   Translate Page   Web Page Cache   

I'm not exaggerating when I say there is a whole world of open-source code out there. This is for good reason, considering open-source code covers most of the functionality currently available to computers. From the tried-and-true libraries you take with you everywhere, to the experimental ones that warn you, "This is experimental stuff! Do not use in production."

Open-source code is so plentiful that most of it is composed of other open-source code, which in turn is itself composed of even more open-source code. It's open-source code all the way down.


          Pitfalls with Open Source Software      Cache   Translate Page   Web Page Cache   

What is the business impact when open source software is not managed correctly? Where does it go wrong and how do you manage the situation?

There is no doubt that the use of open source software is pervasive in software development. The ability to re-use existing open source software components, libraries, and packages means faster time to market in delivering software solutions.


          The Linux Foundation Announces Keynote Speakers for All New Open FinTech Forum to Explore the Intersection of Financial Services and Open Source      Cache   Translate Page   Web Page Cache   

SAN FRANCISCO, Aug. 9, 2018 /PRNewswire/ -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the keynote speakers for Open FinTech Forum, taking place October 10-11 in New York. Focusing on the intersection of financial...


          WhiteSource unveils free open source Vulnerability Checker      Cache   Translate Page   Web Page Cache   

WhiteSource announced the release of its Vulnerability Checker, a free tool that provides companies with immediate, real-time alerts on the 50 most critical open source vulnerabilities published in the open source community. The new standalone CLI tool is free to use and available for anyone to download as a desktop application directly from the WhiteSource website. Once downloaded, the Vulnerability Checker offers users the opportunity to import and scan any library and run a quick … More

The post WhiteSource unveils free open source Vulnerability Checker appeared first on Help Net Security.


          Open Source Software Developer - IBM - Markham, ON      Cache   Translate Page   Web Page Cache   
Through several active collaborative academic research projects with professors and graduate students from a number of Canadian and foreign universities....
From IBM - Wed, 18 Jul 2018 10:49:17 GMT - View all Markham, ON jobs
          The Linux Foundation Announces Keynote Speakers For All New Open FinTech Forum To Explore The Intersection Of Financial Services And Open Source      Cache   Translate Page   Web Page Cache   


          State of Security for Open Source Web Applications 2018      Cache   Translate Page   Web Page Cache   

Infographic highlighting the State of Security for Open Source Web Applications 2018Each year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

Why Do Workplaces Use Open Source Software?

The reason for the rise in popularity of open source software in the business world is financial: your enterprise is getting great software for free. Some enterprises resonate with the open source philosophy of collaboration and giving back. This helps explain why big companies like Twitter, Tumblr, Netflix and Pinterest use and advocate for open source.

Netsparker has a natural interest in the security aspect of open source software, and also a very question; since the source code of open source projects is publically available, does that make these applications more or less secure than proprietary or closed software?

What Happens When Open Source Goes Wrong?

The global average cost of a data breach in 2017 was $3.62 million. In May to July of 2017, Equifax suffered a massive cyber-security breach, with attackers accessing hundreds of millions of customers' personal data. Although they announced this breach in September 2017, Equifax was informed in 2016 that their website was vulnerable, and was even told which vulnerabilities to check.

Hackers exploiting open source Apache Struts vulnerabilities were blamed for the Equifax breach. Although a deserialization vulnerability in the REST plugin of Apache Struts was initially blamed, an OGNL Expression Injection vulnerability in Struts was found to be the cause for the breach.

Even though a vast amount of personal data was being exposed due to the Equifax breach, a significantly higher number of users were potentially affected by another security bug in readily available open source software. ROBOT (Return Of Bleichenbacher's Oracle Threat) is a type of attack that revives a 19-year old vulnerability. Bleichenbacher’s RSA vulnerability is still very prevalent in the Internet and affected top domains like Facebook and Paypal, along with many other vendors and open source projects. In December 2017, Netsparker released a hotfix version of our web application security scanner that included ROBOT security checks.

Why Does Netsparker Care About Open Source?

One of the best ways to demonstrate the effectiveness of Netsparker web application security scanner is to test it against a wide variety of web applications used on the web. So our security researchers scan a great variety of open source web applications including: shopping carts and e-commerce solutions, social networking web applications, forums and blogs. The complexity of the testing environment increases when you consider the big number of languages used to create web applications, such as: PHP, Java, Ruby on Rails, ASP.NET, Node.JS, Python and other frameworks.

The only reason – aside from an awesome team of dedicated Security Researchers – that we are able to scan so many web applications and detect so many vulnerabilities across such a wide range, is because automation is at the heart of the Netsparker's web application security scanning technology.

There are a couple of neat side benefits. Open source applications development teams get free security testing, empowering them to write more secure code. If you'd like to conduct your own, free, automated web application security testing, and read more about how we're huge supporters of the open source community, see our offer of Free Online Web Security Scans For Open Source Projects.

What Did Netsparker Discover About the State of Open Source Security In 2017?

What Is The Most Prolific Vulnerability in Open Source Applications?

The most predominant vulnerability discovered in open source web applications was Reflected XSS. This accounted for almost 70% of the overall number of reported vulnerabilities. All kinds of Cross-site Scripting (XSS) vulnerabilities ranked as number seven in the OWASP Top 10 List for 2017.

How Many Web Applications Did We Scan in 2017?

  • The total number of web applications we tested and scanned in 2017 was 154, an increase of over 48% from our last report
  • The most popular web application frameworks or languages in which scanned apps were developed are PHP (124), .NET (14) and Java (10)
  • The most popular back-end database servers used by these scanned applications were MySQL (86), Microsoft SQL Server (13)

How Many Web Applications Did We Scan in 2017?

What Were the Vulnerability Findings for 2017?

What is of most interest to us is the numbers of vulnerabilities we found in these web applications.

  • The number of vulnerable web applications was 59. This is over 38% of all the web applications we tested.
  • The total number of vulnerabilities Netsparker identified in these open source sites was 346.

Which Vulnerability Types Were Detected?

The web application vulnerabilities Netsparker discovered are listed in the table below.

Vulnerability Name Total Occurrences Severity Level
Reflected Cross-site Scripting (XSS) 240 High Severity
Frame Injection 29 Medium Severity
SQL Injection 24 Critical Severity
Stored Cross-site Scripting (XSS) 15 High Severity
Blind SQL Injection 14 Critical Severity
Code Evaluation 6 Critical Severity
Cross-Site Request Forgery (CSRF) 5 Low Severity
Open Redirection 5 Medium Severity
Boolean SQL Injection 3 Critical Severity
Blind Cross-site Scripting (XSS) 2 High Severity
Cross-site Scripting (XSS) via Remote File Inclusion (RFI) 1 High Severity
Server Side Template Injection (SSTI) 1 High Severity
Document Object Model Cross-site Scripting (DOM XSS) 1 High Severity

Around 88% of the total vulnerabilities were either of Critical or High Severity. For more information on how Netsparker defines severity levels, see Web Application Vulnerabilities Severities Explained.

What Were the Vulnerability Findings for 2017?

How Has the State of Web Application Security Changed Since 2016?

Compared to our findings from last year's open source testing (see our previous Statistics About the Security State of 104 Open Source Web Applications), it's clear that XSS vulnerabilities remain, by far, the most common type of vulnerability to be found in open source web applications. The reason for this is that developers who are keen to provide rich interaction in modern web applications use JavaScript in the client-side.

Whereas last year SQL Injection vulnerabilities came in second place, this year Frame Injection vulnerabilities have replaced them. The top development languages, frameworks and database servers remains the same.

How Has the State of Web Application Security Changed Since 2016?

What Action Did the Open Source Applications Take?

If you consult our Web Application Advisories by Netsparker list, you can see that we published 32 advisories in 2017. In addition, there are 28 in pending mode. Of these 32, 28 vendors were contacted. Out of the 59 reported web applications with vulnerabilities, only six were fixed. The number of advisories with multiple vulnerabilities was three.

Would Your Open Source Project Benefit From Free Web Vulnerability Scans?

Based on our latest statistics, a randomly-selected web application may include an average of 2.25 vulnerabilities. Developers could eliminate many of these by taking security best practice into account during the SDLC.

Does your team have time to conduct penetration testing to find them all? And, do you know what to do, to remove the vulnerability, and determine whether it is gone? Would you like to have access to an automated web application security scanning solution that would detect them all – and offer remediation recommendations?

Netsparker offers Free Online Web Application Security Scans for Open Source Projects. This is our token of appreciation to all the developers in the open source community and Netsparker's way of giving back to you. Open source projects such as OpenCart have already used our free, automated web application security scans with great success. Why not you, too?

Useful Resources

Web Application Vulnerabilities Index
Web Application Advisories by Netsparker
State of Open Source Web Applications


          Embedded Software Developer (Encryption)      Cache   Translate Page   Web Page Cache   
IL-Roselle, Embedded Developer For each open application, there is an open source with code written in the applications in C. It will be this individuals responsibility to go in the applications and modify/add to the code in C. They will not be coding from scratch as most applications are pretty defined. Their are 4 critical applications that this person will be responsible for. All of the code in the hardwar
          Achieve a Perfectly Functioning Microcontainer with micropacker-for-containers      Cache   Translate Page   Web Page Cache   

Micropacker-for-containers is a proof of concept that started in the VMware Product Security team as a hardening exercise. Over time, it has matured to allow you to easily pack a microcontainer starting from a standard container. Don’t be scared of the word “microcontainer”—it works and basically is just like a normal container. It is considered

The post Achieve a Perfectly Functioning Microcontainer with micropacker-for-containers appeared first on VMware Open Source Blog.


          Software Developer - Varian Medical Systems - Winnipeg, MB      Cache   Translate Page   Web Page Cache   
Java, JavaScript/TypeScript, Angular, Python. Specialization in Java or other open source Web Application stack....
From Varian Medical Systems - Fri, 03 Aug 2018 06:07:59 GMT - View all Winnipeg, MB jobs
          AGENTE DI COMMERCIO ENASARCO SETTORE PANETTERIA/PASTICCERIA - OSM open source management - Padova, Veneto      Cache   Translate Page   Web Page Cache   
La figura promuoverà azioni di contatto preliminare con la clientela potenziale (panifici, gelaterie bar e pasticcerie), svilupperà le trattative di vendita,...
Da Indeed - Mon, 23 Jul 2018 14:26:30 GMT - Visualizza tutte le offerte di lavoro a Padova, Veneto
          TECNICO DIMOSTRATORE PANETTIERE PASTICCERE - PADOVA - OSM open source management - Padova, Veneto      Cache   Translate Page   Web Page Cache   
La figura elaborerà ricette in laboratorio ed effettuerà dimostrazioni presso clienti quali pasticcerie, gelaterie, panifici e pizzerie....
Da Indeed - Mon, 23 Jul 2018 14:07:23 GMT - Visualizza tutte le offerte di lavoro a Padova, Veneto
          IT Integration Delivery Manager - Thrivent Financial - Appleton, WI      Cache   Translate Page   Web Page Cache   
Experience in open source technologies such as Atlassian, Camunda, MongoDB, RabbitMQ preferred. Key responsibilities will include:....
From Thrivent Financial - Fri, 25 May 2018 00:17:41 GMT - View all Appleton, WI jobs
          PRIMER ENCUENTRO INTERNACIONAL ECUADOR KOHA OPEN-SOURCE INTEGRATED LYBRARY SYSTEM      Cache   Translate Page   Web Page Cache   

Una delegación del Sistema Bibliotecario de la Universidad Nacional de Loja conformado por la Lic. Goretty Baraja Carrión, Dra. Betty Silva Valarezo, Ing. Greyz Jaramillo Poma y Mg.Sc. Yadira Montaño González, se trasladaron a la ciudad  de Ibarra (San Miguel de Urcuqui), Universidad de Yachay Utech, con el objetivo de participar del I Encuentro Internacional Koha -Ecuador  que se desarrolló el 26 y 27 de julio del 2018.

El propósito de este I Encuentro se fundamentó en  Obtener conocimientos sobre el Sistema Integrado de Bibliotecas KOHA; adquirir experiencias relacionados al software libre, conocer cómo funciona la interoperabilidad entre metabuscadores, open source y KOHA.

Cada vez son las Bibliotecas que van adoptando este Sistema de gestión biblioteca, por lo que surge la necesidad de contar con una comunidad identificada con la cual poder intercambiar experiencias y buscar una estandarización técnica, cuyos retos y problemáticas deben ser absueltos dentro de la comunidad experta en KOHA.

Estas jornadas contaron con conferencistas Luis Ramírez (Perú), Gilberto Henao (Colombia), Giovanny Delgado (Colombia), y Freddy Guerrero (Ecuador).

 

 

 


          See No Evil      Cache   Translate Page   Web Page Cache   
logicmag.io - The Editors
by Miriam Posner Software helps companies coordinate the supply chains that sustain global capitalism. How does the code work—and what does it conceal? The Port of Durban in South Africa, one of the busiest ports in Africa. Photograph by Media Club, August 2010. Trawling a hotel minibar one night while on a work trip to Amsterdam, I found a piece of chocolate with an unusual name: Tony’s Chocolonely. I giggled at how apt the name was—who eats minibar chocolate unless they are, indeed, a li...
posted by friends:  (2)
@kaythaney on Twitter
@kaythaney: Excellent read on the morality of modern supply chains—where we've carefully engineered out the ability to know anything other than price. Feels like strong parallels to open source, where we've trained ourselves to see only licenses. pocket.co/x8z6si
@brandontlocke on Twitter
@brandontlocke: An investigation into how software wires global supply chains, and what code conceals. logicmag.io/04-see-no-evil/
posted by followers of the list:  (0)

          Homebrew Pancreas Gets 30 Minutes of Fame      Cache   Translate Page   Web Page Cache   

It is pretty unusual to be reading Bloomberg Businessweek and see an article with the main picture featuring a purple PCB (the picture above, in fact). But that’s just what we saw this morning. The story is about an open source modification to an insulin pump known as the RileyLink. This takes advantage of older Medtronic brand insulin pumps and allows you to control the BLE device from a smartphone remotely and use more sophisticated software to control blood sugar levels.

Of course, the FDA isn’t involved. If they were, the electronics would cost $7,000 instead of $250 — although, …read more


          Comment on Google EU fine is a double-edged sword that could hurt Android by berlinib      Cache   Translate Page   Web Page Cache   
Even if we admit that for a portion of what Google is doing, then--apart from the rest of Google--what they started with Android has led to more than one large genuine FOSS open source operating system projects run by independent individuals and with large parts of it in GNU spirit.
          Open source Kaa IoT middleware to take on enterprise IoT      Cache   Translate Page   Web Page Cache   
none
          Replace google maps api      Cache   Translate Page   Web Page Cache   
In an 2 android appliations, we use google maps api to calculate fare of rides and estimate time of a ride , now we want to replace google maps api to an other open source maps api. we are for waiting... (Budget: €750 - €1500 EUR, Jobs: Android, Google Maps API, Java, Mobile App Development, PHP)
          Five interesting ways to use Sanity.io for image art direction      Cache   Translate Page   Web Page Cache   

When we saw Chris put up a list of cloud-hosted data-stores, we couldn't resist letting him know that we also had one of those, only ours is a fully featured CMS that come with a rich query language and an open source, real time, collaborative authoring tool that you can tailor to your specific needs using React. It's called Sanity.io.

“Add us to your list!” we asked Chris. “No, your stuff is interesting, can’t you write about you

The post Five interesting ways to use Sanity.io for image art direction appeared first on CSS-Tricks.


          10 Top Tech Trends – Why Open Source is Center Stage – Part 2      Cache   Translate Page   Web Page Cache   

Free and open source software has a long and interesting history. It can trace some of its origins back to Richard Stallman’s annoying issue with a printer or to Linus Torvald’s computer science project while studying at the University of Helsinki. Things have certainly changed since then. Open source software is no longer simply a […]

The post 10 Top Tech Trends – Why Open Source is Center Stage – Part 2 appeared first on SUSE Communities.


          How to Install InvoicePlane on Ubuntu 18.04 LTS      Cache   Translate Page   Web Page Cache   

InvoicePlane is a free, open source and self-hosted application for managing your invoices, clients, and payments.


          (IT) Senior Java Developer      Cache   Translate Page   Web Page Cache   

Location: London   

Senior Java Developer London Contract Lorien's London based Banking client is currently looking for a highly skilled Senior Java Developer to join the London based team on a contract basis. The successful Senior Developer will have the following experience and qualifications: FX Front Office investment banking experience. Proven ability to gather, manage and implement requirements Significant Java development experience of high volume, fault tolerant, low latency, low gc, multi-threaded critical business applications on an enterprise scale. Automated testing of functional and non-functional requirements Strong emphasis on proven experience with core Java, concurrency, and low-latency solutions. Design skills of n-tier distributed architectures Use of open source Java technologies Agile/Lean Development Practices FIX Protocol If this role is of interest please apply and I will call you to discuss further. We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age
 
Type: Contract
Location: London
Country: UK
Contact: Kyle Miller
Advertiser: Lorien
Reference: JS-50192131

          (IT) Machine Learning Backend Java Developer      Cache   Translate Page   Web Page Cache   

Location: New York City, NY   

Software Guidance & Assistance, Inc., (SGA), is searching for a Machine Learning Backend Java Developer for a contract to hire assignment with one of our premier financial services clients in New York, NY. Responsibilities : Common Services focus on providing multiple services, including: Common Software/Reuse Develop and maintain common components, micro-services, and frameworks across multiple technologies (eg, Java, data) Tooling Support tools across multiple disciplines (eg, developer, data, testing, PM) Foundational Services SharePoint, UI, data services (eg, ETL, data masking) Engineering, Platforms and COTS Services Standing-up first time and providing ongoing expertise (eg, Appian, SiteCore, Hadoop big data solutions, Natural language processing) Data Services team, which is subset of a Common Services team is seeking a developer to work on Java and machine learning projects using open source technologies. Primary responsibilities will include working with a team dedicated to the design, development, and delivery of Java applications using open source technologies for the organization's machine learning platform. This solution will eventually be providing services across multiple lines of business within the internal System. Will collaborate closely with J2EE and Data architects for design work and develop secure and scalable machine learning application solutions using Java and open source technologies. Required Skills : 7-8 years of experience working with Java as hands on developer architecting applications 2 to 3 years working with Artificial Intelligence, Machine Learning, or Natural Language Processing open source libraries such as TensorFlow, Theano, scikit-learn, spaCY, Word2Vec, Glove etc. Strong relational and NoSQL database skills Excellent written and communication Skills Experience with Spring framework development and scaling JVM-based systems and services Unit/Integration Testing Web security best practices Restful web communication (AJAX/JSON) Ability to work independently Strong knowledge of the software development life cycle and agile development methodology Experience with Docker and deploying containerized services SGA is a Certified Women's Business Enterprise (WBE) celebrating over thirty years of service to our national client base for both permanent placement and consulting opportunities.
 
Type: Unspecified
Location: New York City, NY
Country: United States of America
Contact: Jeff Higbee
Advertiser: Software Guidance & Assistance
Reference: NT18-02634



Next Page: 10000

Site Map 2018_01_14
Site Map 2018_01_15
Site Map 2018_01_16
Site Map 2018_01_17
Site Map 2018_01_18
Site Map 2018_01_19
Site Map 2018_01_20
Site Map 2018_01_21
Site Map 2018_01_22
Site Map 2018_01_23
Site Map 2018_01_24
Site Map 2018_01_25
Site Map 2018_01_26
Site Map 2018_01_27
Site Map 2018_01_28
Site Map 2018_01_29
Site Map 2018_01_30
Site Map 2018_01_31
Site Map 2018_02_01
Site Map 2018_02_02
Site Map 2018_02_03
Site Map 2018_02_04
Site Map 2018_02_05
Site Map 2018_02_06
Site Map 2018_02_07
Site Map 2018_02_08
Site Map 2018_02_09
Site Map 2018_02_10
Site Map 2018_02_11
Site Map 2018_02_12
Site Map 2018_02_13
Site Map 2018_02_14
Site Map 2018_02_15
Site Map 2018_02_15
Site Map 2018_02_16
Site Map 2018_02_17
Site Map 2018_02_18
Site Map 2018_02_19
Site Map 2018_02_20
Site Map 2018_02_21
Site Map 2018_02_22
Site Map 2018_02_23
Site Map 2018_02_24
Site Map 2018_02_25
Site Map 2018_02_26
Site Map 2018_02_27
Site Map 2018_02_28
Site Map 2018_03_01
Site Map 2018_03_02
Site Map 2018_03_03
Site Map 2018_03_04
Site Map 2018_03_05
Site Map 2018_03_06
Site Map 2018_03_07
Site Map 2018_03_08
Site Map 2018_03_09
Site Map 2018_03_10
Site Map 2018_03_11
Site Map 2018_03_12
Site Map 2018_03_13
Site Map 2018_03_14
Site Map 2018_03_15
Site Map 2018_03_16
Site Map 2018_03_17
Site Map 2018_03_18
Site Map 2018_03_19
Site Map 2018_03_20
Site Map 2018_03_21
Site Map 2018_03_22
Site Map 2018_03_23
Site Map 2018_03_24
Site Map 2018_03_25
Site Map 2018_03_26
Site Map 2018_03_27
Site Map 2018_03_28
Site Map 2018_03_29
Site Map 2018_03_30
Site Map 2018_03_31
Site Map 2018_04_01
Site Map 2018_04_02
Site Map 2018_04_03
Site Map 2018_04_04
Site Map 2018_04_05
Site Map 2018_04_06
Site Map 2018_04_07
Site Map 2018_04_08
Site Map 2018_04_09
Site Map 2018_04_10
Site Map 2018_04_11
Site Map 2018_04_12
Site Map 2018_04_13
Site Map 2018_04_14
Site Map 2018_04_15
Site Map 2018_04_16
Site Map 2018_04_17
Site Map 2018_04_18
Site Map 2018_04_19
Site Map 2018_04_20
Site Map 2018_04_21
Site Map 2018_04_22
Site Map 2018_04_23
Site Map 2018_04_24
Site Map 2018_04_25
Site Map 2018_04_26
Site Map 2018_04_27
Site Map 2018_04_28
Site Map 2018_04_29
Site Map 2018_04_30
Site Map 2018_05_01
Site Map 2018_05_02
Site Map 2018_05_03
Site Map 2018_05_04
Site Map 2018_05_05
Site Map 2018_05_06
Site Map 2018_05_07
Site Map 2018_05_08
Site Map 2018_05_09
Site Map 2018_05_15
Site Map 2018_05_16
Site Map 2018_05_17
Site Map 2018_05_18
Site Map 2018_05_19
Site Map 2018_05_20
Site Map 2018_05_21
Site Map 2018_05_22
Site Map 2018_05_23
Site Map 2018_05_24
Site Map 2018_05_25
Site Map 2018_05_26
Site Map 2018_05_27
Site Map 2018_05_28
Site Map 2018_05_29
Site Map 2018_05_30
Site Map 2018_05_31
Site Map 2018_06_01
Site Map 2018_06_02
Site Map 2018_06_03
Site Map 2018_06_04
Site Map 2018_06_05
Site Map 2018_06_06
Site Map 2018_06_07
Site Map 2018_06_08
Site Map 2018_06_09
Site Map 2018_06_10
Site Map 2018_06_11
Site Map 2018_06_12
Site Map 2018_06_13
Site Map 2018_06_14
Site Map 2018_06_15
Site Map 2018_06_16
Site Map 2018_06_17
Site Map 2018_06_18
Site Map 2018_06_19
Site Map 2018_06_20
Site Map 2018_06_21
Site Map 2018_06_22
Site Map 2018_06_23
Site Map 2018_06_24
Site Map 2018_06_25
Site Map 2018_06_26
Site Map 2018_06_27
Site Map 2018_06_28
Site Map 2018_06_29
Site Map 2018_06_30
Site Map 2018_07_01
Site Map 2018_07_02
Site Map 2018_07_03
Site Map 2018_07_04
Site Map 2018_07_05
Site Map 2018_07_06
Site Map 2018_07_07
Site Map 2018_07_08
Site Map 2018_07_09
Site Map 2018_07_10
Site Map 2018_07_11
Site Map 2018_07_12
Site Map 2018_07_13
Site Map 2018_07_14
Site Map 2018_07_15
Site Map 2018_07_16
Site Map 2018_07_17
Site Map 2018_07_18
Site Map 2018_07_19
Site Map 2018_07_20
Site Map 2018_07_21
Site Map 2018_07_22
Site Map 2018_07_23
Site Map 2018_07_24
Site Map 2018_07_25
Site Map 2018_07_26
Site Map 2018_07_27
Site Map 2018_07_28
Site Map 2018_07_29
Site Map 2018_07_30
Site Map 2018_07_31
Site Map 2018_08_01
Site Map 2018_08_02
Site Map 2018_08_03
Site Map 2018_08_04
Site Map 2018_08_05
Site Map 2018_08_06
Site Map 2018_08_07
Site Map 2018_08_08
Site Map 2018_08_09