Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Open Source

Getting ready for Google Summer of Code 2017

Google Open Source Blog - Fri, 03/10/2017 - 17:48
Spring is just around the corner here in the Northern Hemisphere and Google Summer of Code is fast approaching. If you are a student interested in participating this year, now is the time to prepare -- read on for tips on how to get ready.

This year we’ve accepted 201 open source organizations into the program, nearly 40 of which are new to the program. The organizations cover a wide range of topics including (but certainly not limited to!):

  • Operating systems
  • Web application frameworks
  • Healthcare and bioinformatics
  • Music and graphic design
  • Machine learning
  • Robotics
  • Security




How should you prepare for Google Summer of Code?While student applications don’t open until March 20th at 16:00 UTC, you need to decide which projects you’re interested in and what you’ll propose. You should also communicate with those projects to learn more before you apply.

Start by looking at the list of participating projects and organizations. You can explore by searching for specific names or technologies, or filtering by topics you are interested in. Follow the “Learn More” link through to each organization’s page for additional information.

Once you’ve identified the organizations that you’re interested in, take a look at their ideas list to get a sense of the specific projects you could work on. Typically, you will choose a project from that list and write a proposal based on that idea, but you could also propose something that’s not on that list.

You should reach out to the organizations after you’ve decided what you want to work on. Doing this can make the difference between a good application and a great application.

Whatever you do, don’t wait until March 20th to begin preparing for Google Summer of Code! History has shown that students who reach out to organizations before the start of the application period have a higher chance of being accepted into the program, as they have had more time to talk to the organizations and understand what they are looking for with the project.

If you have any questions along the way, take a look at the Student Manual, FAQ and Timeline. If you can’t find the answer to your question, try taking your question to the mailing list.

By Josh Simmons, Open Source Programs Office
Categories: Open Source

The Many Ways Open Source Software Give SMBs an Edge over Larger Companies

SourceForge.net: Front page news - Fri, 03/10/2017 - 06:37

Size doesn’t matter. Not when you’ve got open source software on your side.

More and more small to medium-sized businesses (SMBs) are realizing that with open source software, their smaller size is no longer a hindrance. On the contrary, being a small business equipped with open source software may just give them the upper hand over larger companies. How so? It’s because open source is:

Easier on the Budget

Compared to big business proprietary software, open source software is way more budget-friendly. Basic software packages are free and even with paid additional features and services, they would still cost a lot less. This frees SMB budgets for other areas of business development.

Offers More Customization

Being open source means being able to change aspects of the software freely to suit specific business needs. SMBs need to stand out in order to compete with larger companies, and being able to customize their software and consequently their service helps them do exactly that. They are able to provide a more personalized and unique experience or service, gaining clients’ or customers’ attention and loyalty.

Encourages Collaboration that Fosters Faster Development

Open source software development is a highly collaborative effort among projects, developers and users. With such diverse groups involved and working together, the software becomes incredibly easy to improve, build onto existing software and adapt quickly to new technology and changing needs– things that often come at a much slower pace with restrictive big business proprietary software.

Provides Access to Bigger and Better Tools

Open source software provides SMBs with the tools they need to compete on a larger scale and enables them to leverage data from established brands like Twitter and Facebook. And since it also enables small companies to be more agile, it allows them to take advantage of new tools and technology before others, particularly large companies tied to proprietary software.

Allows More Focus on Creativity and Innovation

With more business resources freed from the task of developing software, the focus turns to innovation. Creativity flourishes among SMBs as they are more able to create competitive alternatives to standard technology and proprietary software. They can set themselves up to be more distinctive and forward-thinking than their bigger competitors.

If you’re currently developing or are planning to develop open source software it would be helpful to keep SMBs in mind. With the many benefits your software can offer SMBs, this segment will most likely make up a significant portion of your software’s users.

Categories: Open Source

dbMigration .NET v5 released

PostgreSQL News - Fri, 03/10/2017 - 01:00

dbMigration .NET v5 is a simple, easy and intuitive multiple database migration and sync tool, With it you can easily migrate schema and data between different databases without complicated procedures.

Supported databases: PostgreSQL, SQL Server, SQL Azure, LocalDB, MySQL, Oracle, IBM DB2, Informix, Vertica, NuoDB, Teradata, Sybase ASE, Firebird, SQLite, SQLCe, VistaDB, Access, dBase, FoxPro, Text, Excel, ODBC, OleDB...etc.

Free, All-In-One, Portable, Single executable file and Multi-language.

Major New features from version 3.8 to 5.0 (2016/10/01~2017/03/10):

  • Added support for PostgreSQL <-> VistaDB migration
  • Added support for PostgreSQL error detail message
  • Added support for PostgreSQL (one/two) dimensional arrays
  • Added Multi-Language UI (Options->Language)
  • Added Automatically generate foreign keys (PG)
  • Ability to add custom delimited file extensions
  • Improved Migrating VIEWS/FUNCTIONS/SEQUENCES definitions (PG->PG)
  • Improved Data Synchronization
  • Improved Automatic Mapping Types (UDT)
  • Improved Custom Mapping Types
  • Improved Command-Line
  • Compiled with Visual Studio 2017
  • ...and more
The new version is immediately available for download.
Categories: Database, Open Source

Another option for file sharing

Google Open Source Blog - Wed, 03/08/2017 - 17:59
Originally posted on the Google Security Blog

Existing mechanisms for file sharing are so fragmented that people waste time on multi-step copying and repackaging. With the new open source project Upspin, we aim to improve the situation by providing a global name space to name all your files. Given an Upspin name, a file can be shared securely, copied efficiently without "download" and "upload", and accessed by anyone with permission from anywhere with a network connection.

Our target audience is personal users, families, or groups of friends. Although Upspin might have application in enterprise environments, we think that focusing on the consumer case enables easy-to-understand and easy-to-use sharing.

File names begin with the user's email address followed by a slash-separated Unix-like path name:

ann@example.com/dir/file.
Any user with appropriate permission can access the contents of this file by using Upspin services to evaluate the full path name, typically via a FUSE filesystem so that unmodified applications just work. Upspin names usually identify regular static files and directories, but may point to dynamic content generated by devices such as sensors or services.

If the user wishes to share a directory (the unit at which sharing privileges are granted), she adds a file called Access to that directory. In that file she describes the rights she wishes to grant and the users she wishes to grant them to. For instance,

read: joe@here.com, mae@there.com
allows Joe and Mae to read any of the files in the directory holding the Access file, and also in its subdirectories. As well as limiting who can fetch bytes from the server, this access is enforced end-to-end cryptographically, so cleartext only resides on Upspin clients, and use of cloud storage does not extend the trust boundary.

Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an "app" or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network. Upspin is a layer of infrastructure that other software and services can build on to facilitate secure access and sharing. This is an open source contribution, not a Google product. We have not yet integrated with the Key Transparency server, though we expect to eventually, and for now use a similar technique of securely publishing all key updates. File storage is inherently an archival medium without forward secrecy; loss of the user's encryption keys implies loss of content, though we do provide for key rotation.

It’s early days, but we’re encouraged by the progress and look forward to feedback and contributions. To learn more, see the GitHub repository at Upspin.

By Andrew Gerrand, Eric Grosse, Rob Pike, Eduardo Pinheiro and Dave Presotto, Google Software Engineers
Categories: Open Source

By maintainers, for maintainers: Wontfix_Cabal

Google Open Source Blog - Mon, 03/06/2017 - 19:00
The Google Open Source Programs Office likes to highlight events we support, organize, or speak at. In this case, Google’s own Jess Frazelle was responsible for running a unique event for open source maintainers.

This year I helped organize the first inaugural Wontfix_Cabal. The conference was organized by open source software maintainers for open source software maintainers. Our initial concept was an unconference where attendees could discuss topics candidly with their peers from other open source communities.

The idea for the event stemmed from the response to a blog post I published about closing pull requests. The response was overwhelming, with many maintainers commiserating and sharing lessons they had learned. It seemed like we could all learn a lot from our peers in other projects -- if we had the space to do so -- and it was clear that people needed a place to vent.

Major thanks to Katrina Owen and Brandon Keepers from GitHub who jumped right in and provided the venue we needed to make this happen. Without their support this would’ve never become a reality!

It was an excellent first event and the topics discussed were wide ranging, including:
  • How to deal with unmaintained projects
  • Collecting metrics to judge project health
  • Helping newcomers
  • Dealing with backlogs
  • Coping with, and minimizing, toxic behavior in our communities

Never have I seen so many open source maintainers in one place. Thanks @wontfix_, this is amazing pic.twitter.com/GdYXUjZds3— Gregor (@gr2m) February 15, 2017
The discussion around helping newcomers focused on creating communities with welcoming and productive cultures right from the start. I was fascinated to learn that some projects pre-fill issues before going public so as to set the tone for the future of the project. Another good practice is clearly defining how one becomes a maintainer or gets commit access. There should be clear rules in place so people know what they have to do to succeed.

Another discussion I really liked focused on “saying no.” Close fast and close early was a key takeaway. There’s no sense in letting a contribution sit waiting when you know it will never be accepted. Multiple projects found that having a bot give the hard news was always better than having the maintainer do it. This way it is not personal, just a regular part of the process.

One theme seen in multiple sessions: “Being kind is not the same as being nice.” The distinction here is that being nice comes from a place of fear and leads people to bend over backwards just to please. Being kind comes from a place of strength, from doing the right thing.

Summaries of many of the discussions have been added to the GitHub repo if you would like to read more.

After the event concluded many maintainers got right to work, putting what they had learned into practice. For instance, Rust got help from the Google open source fuzzing team.

Flurry of internal emails following up on ideas from @wontfix_: all sent! Now it's time to start on some PRs.— Rainer Sigwald (@Tashkant) February 22, 2017
Our goal was to put together a community of maintainers that could support and learn from each other. When I saw Linux kernel maintainers talking to people who work on Node and JavaScript, I knew we had achieved that goal. Laura Abbott, one of those kernel developers, wrote a blog post about the experience.

Not only was the event useful, it was also a lot of fun. Meeting maintainers, people who care a great deal about open source software, from such a diverse group of projects was great. Overall, I think our initial run was a success! Follow us on Twitter to find out about future events.

By Jess Frazelle, Software Engineer
Categories: Open Source

Eclipse IoT Day - San Jose 2017

Eclipse News - Mon, 03/06/2017 - 12:10
Seats are filling-up! Register for the Eclipse IoT Day on March 20.
Categories: Open Source

Projects of the Week, March 6, 2017

SourceForge.net: Front page news - Mon, 03/06/2017 - 06:25

Here are the featured projects for the week, which appear on the front page of SourceForge.net:

Linux Lite

By producing an easy to use Linux based Operating System, we hope that people will discover just how simple it can be to use Linux Lite. Linux Lite is free for everyone to use and share, and suitable for people who are new to Linux or for people who want a lightweight environment that is also fully functional. Linux Lite is based on the Ubuntu LTS series giving you 5 years of support per major release. The following software is included: LibreOffice Suite, VLC Media Player, Firefox Web Browser, Thunderbird Email, Gimp Image Editor, Lite Themes, Lite User Manager, Lite Software, Lite Tweaks, Lite Welcome, Lite Manual, Whiskermenu and more. Laptop/Ultrabook/Netbook users: If the screen locks during Live mode, type ‘linux’ into the user box and click on the Login button (no password required) https://www.linuxliteos.com/
[ Download Linux Lite ]


Bodhi Linux

Bodhi is a minimalistic, enlightened, Linux desktop.
[ Download Bodhi Linux ]



Google Apps Manager

Google Apps Manager or GAM is a free and open source command line tool for Google G Suite Administrators that allows them to manage many aspects of their Google Apps Account quickly and easily. With GAM you can create and manage users, groups and domains; manage email, security and calendar settings; manage admins and organizations and many more.

To use GAM Google Apps Business, Education, Partner or Government Edition is required.
[ Download Google Apps Manager ]


digiCamControl

digiCamControl is a free and open source software. This allows you to save time by transferring images directly from your camera to your computer as you take each shot and allow to control camera shooting parameters.
[ Download digiCamControl ]


Super Audio CD Decoder

Super Audio CD Decoder input plugin for foobar2000. Decoder is capable of playing back Super Audio CD ISO images, DSDIFF, DSF and DSD WavPack files. Direct DSD playback for compatible devices.
[ Download Super Audio CD Decoder ]


Skim

Skim is a PDF reader and note-taker for OS X. It is designed to help you read and annotate scientific papers in PDF, but is also great for viewing any PDF file. Skim requires Mac OS X 10.6 or higher.
[ Download Skim ]


MediaPortal

MediaPortal turns your PC into a very advanced MediaCenter / HTPC. It allows you to listen to your favorite music & radio, watch and store your videos and DVDs, view, schedule and record live TV as a digital video recorder and much much more.
[ Download MediaPortal ]


thumbapps

We believe that free/open source software is enough, we don’t need pirated softwares on Windows. But most of these aren’t portables, or provided by PortableApps.com due to .NET dependencies, 64-bit etc. So we provide what’s missing here. Software publisher who wishes their portablized software taken down, can tip us through thumbapps.org or versapps@gmail.com. We promise to take it down without questions, but please be patient—we might not be able to respond promptly, but we eventually *will* …thanks for your patience, and sorry for being such a #naughty uploader

Categories: Open Source

Dojo 1.12.2 and various backports released!

The Dojo Toolkit - Announcements - Sun, 03/05/2017 - 18:37

Today we’ve released Dojo 1.12.2, 1.11.4, 1.10.8, 1.9.11, 1.8.14, 1.7.12, 1.6.5, 1.5.6, and 1.4.8, which consists of bug and regression fixes reported since our last batch of releases in December.

One change has been made, which is that cross-domain support for the Flash version of dojox/storage has been removed due to a reported security vulnerability. If you are using the Flash-based version of dojox/storage, please note this change in behavior. Thanks to Enguerran Gillier for reporting this issue.

New releases are available at download.dojotoolkit.org or via npm.

Releases will also be available via the Google CDN once they’ve had a chance to deploy the updates.

Categories: Open Source, RIA

March 2017, “Staff Pick” Project of the Month – Outlook CalDav Synchronizer

SourceForge.net: Front page news - Fri, 03/03/2017 - 06:05

For our March “Staff Pick” Project of the Month, we selected Outlook CalDav Synchronizer, a free Outlook Plugin that synchronizes events, tasks and contacts between Outlook and Google, SOGo, Horde or any other CalDAV or CardDAV server. Developer Alexander Nimmervoll shared some thoughts about the project’s history, purpose, and direction.

SourceForge (SF): Tell me about the Outlook CalDav Synchronizer project please.
Alexander Nimmervoll (AN): Outlook CalDav Synchronizer is the only open source Outlook plugin that offers two-way sync for CalDAV calendars and tasks, CardDAV contacts and can also handle the Google native Contacts and Tasks API. Supported Outlook versions are 2007-2016. It handles Outlook categories, mapping CalDAV server colors to Outlook category colors and syncing calendars and tasks to the categories. The plugin also handles different timezones and recurring events with exceptions and can deal with Outlook custom properties.

SF: What made you start this?
AN: The first proof of concept of this project was started in 2015 as a master thesis project at the University of Applied Sciences Technikum Wien, Software Engineering Degree program. Motivated by the lack of free sync solutions, the goal was to develop an easy to use tool which can sync almost any CalDAV or CarDDAV server with Outlook with special focus on performance.

SF: Has the original vision been achieved?
AN: Definitely, we get a lot of positive feedback from the community and many reviews which say that our solution is the best CalDAV/CardDAV Outlook plugin on the market.

SF: Who can benefit the most from your project?
AN: Everyone who wants to integrate Outlook with an open groupware service, whether it’s a self-hosted family calendar server for three users or an open source Exchange server replacement for 5000 users in an enterprise deployment.

SF: What core need does Outlook CalDav Synchronizer fulfill?
AN: Outlook CalDav Synchronizer is the missing link in Open Source Exchange Server replacement.

SF: What’s the best way to get the most out of using Outlook CalDav Synchronizer?
AN: Use Outloook 2013 or higher with latest .NET framework and one of the preconfigured server account types of a supported server solution. Fine tune the advanced settings to your needs and read the documentation or use an automatic deployment via Active Directory group policies in an enterprise environment.

SF: What has your project team done to help build and nurture your community?
AN: We try to provide fast responses to questions, bug reports and work closely together with many server vendors.

SF: Have you all found that more frequent releases helps build up your community of users?
AN: Yes, we try to fix reported bugs fast and released quite frequently in the past, but users also have the freedom to turn off automatic search for updates of course. The average release schedule is one release every two weeks at the moment.

SF: What was the first big thing that happened for your project?
AN: When we realized that big German universities recommend our plugin to their Outlook users and more and more positive reviews and press coverage showed up in late 2015 and beginning of 2016.

SF: What helped make that happen?
AN: The project would never been such a success without the experience and passion of Gerhard Zehetbauer, the main developer of the project.

SF: How has SourceForge and its tools helped your project reach that success?
AN: SourceForge helped to make the project known to the community and provides easy ways to ask questions and report issues.

SF: What is the next big thing for Outlook CalDav Synchronizer?
AN: We started a collaboration with Nextcloud in late 2016 and are in contact with more server vendors like SOGo, and plan to offer enterprise support this year.

SF: How long do you think that will take?
AN: It is already work in progress.

SF: Do you have the resources you need to make that happen?
AN: Since we lack full-time contributors it’s always hard to find enough time for all the ideas and feature requests of the project.

SF: If you had to do it over again, what would you do differently for Outlook CalDav Synchronizer?
AN: Nothing really, since the design decisions and the goal of the project were well defined and structured at the beginning.

SF: Is there anything else we should know?
AN: Well, we are asked this a lot, unfortunately there is no Mac OS X version of the project and since C# VSTO Outlook addins aren’t even supported, we also have no plans in that direction.

[ Download Outlook CalDav Synchronizer ]

Categories: Open Source

Google Cloud Tools for Eclipse

Date Created: Thu, 2017-03-02 15:40Date Updated: Wed, 2017-04-12 08:57Google Inc.Submitted by: Elliotte Rusty Harold

Cloud Tools for Eclipse is a Google-sponsored open source plugin that supports the Google Cloud Platform. Cloud Tools for Eclipse enables you to create, import, edit, build, run, debug, and deploy Java servlet applications for the App Engine Standard environment without leaving Eclipse.

Categories: Open Source

Introducing Python Fire, a library for automatically generating command line interfaces

Google Open Source Blog - Thu, 03/02/2017 - 19:00
Today we are pleased to announce the open-sourcing of Python Fire. Python Fire generates command line interfaces (CLIs) from any Python code. Simply call the Fire function in any Python program to automatically turn that program into a CLI. The library is available from pypi via `pip install fire`, and the source is available on GitHub.

Python Fire will automatically turn your code into a CLI without you needing to do any additional work. You don't have to define arguments, set up help information, or write a main function that defines how your code is run. Instead, you simply call the `Fire` function from your main module, and Python Fire takes care of the rest. It uses inspection to turn whatever Python object you give it -- whether it's a class, an object, a dictionary, a function, or even a whole module -- into a command line interface, complete with tab completion and documentation, and the CLI will stay up-to-date even as the code changes.

To illustrate this, let's look at a simple example.

#!/usr/bin/env python
import fire

class Example(object):
def hello(self, name='world'):
"""Says hello to the specified name."""
return 'Hello {name}!'.format(name=name)

def main():
fire.Fire(Example)

if __name__ == '__main__':
main()

When the Fire function is run, our command will be executed. Just by calling Fire, we can now use the Example class as if it were a command line utility.

$ ./example.py hello
Hello world!
$ ./example.py hello David
Hello David!
$ ./example.py hello --name=Google
Hello Google!

Of course, you can continue to use this module like an ordinary Python library, enabling you to use the exact same code both from Bash and Python. If you're writing a Python library, then you no longer need to update your main method or client when experimenting with it; instead you can simply run the piece of your library that you're experimenting with from the command line. Even as the library changes, the command line tool stays up to date.

At Google, engineers use Python Fire to generate command line tools from Python libraries. We have an image manipulation tool built by using Fire with the Python Imaging Library, PIL. In Google Brain, we use an experiment management tool built with Fire, allowing us to manage experiments equally well from Python or from Bash.

Every Fire CLI comes with an interactive mode. Run the CLI with the `--interactive` flag to launch an IPython REPL with the result of your command, as well as other useful variables already defined and ready to use. Be sure to check out Python Fire's documentation for more on this and the other useful features Fire provides.

Between Python Fire's simplicity, generality, and power, we hope you find it a useful library for your own projects.

By David Bieber, Software Engineer on Google Brain
Categories: Open Source

Operation Rosehub

Google Open Source Blog - Thu, 03/02/2017 - 18:19
Twelve months ago, a team of 50 Google employees used GitHub to patch the “Apache Commons Collections Deserialization Vulnerability” (or the “Mad Gadget vulnerability” as we call it) in thousands of open source projects. We recently learned why our efforts were so important.

The San Francisco Municipal Transportation Agency had their software systems encrypted and shut down by an avaricious hacker. The hacker used that very same vulnerability, according to reports of the incident. He demanded a Bitcoin ransom from the government. He threatened to leak the private data he stole from San Francisco’s citizens if his ransom wasn’t paid. This was an attack on our most critical public infrastructure; infrastructure which underpins the economy of a major US city.

Mad Gadget is one of the most pernicious vulnerabilities we’ve seen. By merely existing on the Java classpath, seven “gadget” classes in Apache Commons Collections (versions 3.0, 3.1, 3.2, 3.2.1, and 4.0) make object deserialization for the entire JVM process Turing complete with an exec function. Since many business applications use object deserialization to send messages across the network, it would be like hiring a bank teller who was trained to hand over all the money in the vault if asked to do so politely, and then entrusting that teller with the key. The only thing that would keep a bank safe in such a circumstance is that most people wouldn’t consider asking such a question.

The announcement of Mad Gadget triggered the cambrian explosion of enterprise security disclosures. Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP and SolarWinds all formally disclosed that they had been impacted by this issue.

But unlike big businesses, open source projects don’t have people on staff to read security advisories all day and instead rely on volunteers to keep them informed. It wasn’t until five months later that a Google employee noticed several prominent open source libraries had not yet heard the bad news. Those projects were still depending on vulnerable versions of Collections. So back in March 2016, she started sending pull requests to those projects updating their code. This was easy to do and usually only required a single line change. With the help of GitHub’s GUI, any individual can make such changes to anyone’s codebase in under a minute. Given how relatively easy the changes seemed, she recruited more colleagues at Google to help the cause. As more work was completed, it was apparent that the problem was bigger than we had initially realized.

For instance, when patching projects like the Spring Framework, it was clear we weren’t just patching Spring but also patching every project that depended on Spring. We were furthermore patching all the projects that depended on those projects and so forth. But even once those users upgraded, they could still be impacted by other dependencies introducing the vulnerable version of Collections. To make matters worse, build systems like Maven can not be relied upon to evict old versions.

This was when we realized the particularly viral nature of Mad Gadget. We came to the conclusion that, in order to improve the health of the global software ecosystem, the old version of Collections should be removed from as many codebases as possible.

We used BigQuery to assess the damage. It allowed us to write a SQL query with regular expressions that searched all the public code on GitHub in a couple minutes.


#standardSQL
SELECT pop, repo_name, path
FROM (
SELECT id, repo_name, path
FROM `bigquery-public-data.github_repos.files` AS files
WHERE path LIKE '%pom.xml' AND
EXISTS (
SELECT 1
FROM `bigquery-public-data.github_repos.contents`
WHERE NOT binary AND
content LIKE '%commons-collections<%' AND
content LIKE '%>3.2.1<%' AND
id = files.id
)
)
JOIN (
SELECT
difference.new_sha1 AS id,
ARRAY_LENGTH(repo_name) AS pop
FROM `bigquery-public-data.github_repos.commits`
CROSS JOIN UNNEST(difference) AS difference
)
USING (id)
ORDER BY pop DESC;


We were alarmed when we discovered 2,600 unique open source projects that still directly referenced insecure versions of Collections. Internally at Google, we have a tool called Rosie that allows developers to make large scale changes to codebases owned by hundreds of different teams. But no such tool existed for GitHub. So we recruited even more engineers from around Google to patch the world’s code the hard way.

Ultimately, security rests within the hands of each developer. However we felt that the severity of the vulnerability and its presence in thousands of open source projects were extenuating circumstances. We recognized that the industry best practices had failed. Action was needed to keep the open source community safe. So rather than simply posting a security advisory asking everyone to address the vulnerability, we formed a task force to update their code for them. That initiative was called Operation Rosehub.

Operation Rosehub was organized from the bottom-up on company-wide mailing lists. Employees volunteered and patches were sent out in a matter of weeks. There was no mandate from management to do this—yet management was supportive. They were happy to see employees spontaneously self-organizing to put their 20% time to good use. Some of those managers even participated themselves.

Patches were sent to many projects, avoiding threats to public security for years to come. However, we were only able to patch open source projects on GitHub that directly referenced vulnerable versions of Collections. Perhaps if the SF Muni software systems had been open source, we would have been able to bring Mad Gadget to their attention too.

Going forward, we believe the best thing to do is to build awareness. We want to draw attention to the fact that the tools now exist for fixing software on a massive scale, and that it works best when that software is open.

In this case, the open source dataset on BigQuery allowed us to identify projects that still needed to be patched. When a vulnerability is discovered, any motivated team or individual who wants to help improve the security of our infrastructure can use these tools to do just that.

By Justine Tunney, Software Engineer on TensorFlow

We’d like to recognize the following people for their contributions to Operation Rosehub: Laetitia Baudoin, Chris Blume, Sven Blumenstein, James Bogosian, Phil Bordelon, Andrew Brampton, Joshua Bruning, Sergio Campamá, Kasey Carrothers, Martin Cochran, Ian Flanigan, Frank Fort, Joshua French, Christian Gils, Christian Gruber, Erik Haugen, Andrew Heiderscheit, David Kernan, Glenn Lewis, Roberto Lublinerman, Stefano Maggiolo, Remigiusz Modrzejewski, Kristian Monsen, Will Morrison, Bharadwaj Parthasarathy, Shawn Pearce, Sebastian Porst, Rodrigo Queiro, Parth Shukla, Max Sills, Josh Simmons, Stephan Somogyi, Benjamin Specht, Ben Stewart, Pascal Terjan, Justine Tunney, Daniel Van Derveer, Shannon VanWagner, and Jennifer Winer.
Categories: Open Source

Eclipse Converge & Devoxx US are three weeks away - register now

Eclipse News - Wed, 03/01/2017 - 17:31
Join us March 20-24 in San Jose for an amazing developer conference.
Categories: Open Source

March 2017, “Community Choice” Project of the Month – NAS4Free

SourceForge.net: Front page news - Wed, 03/01/2017 - 06:04

For our March “Community Choice” Project of the Month, the community elected NAS4Free, an embedded Storage distribution for Windows, Mac, & UNIX-like systems.

‘NAS’ stands for “Network-Attached Storage” and it is ‘4Free’ since it is free and open source. It is the simplest and fastest way to create a centralized and easily-accessible server for all kinds of data.

The NAS4Free operating system can be installed on virtually any hardware platform to share computer data storage over a computer network. It supports sharing across Windows, Apple, and UNIX-like systems and includes ZFS, Software RAID (0,1,5), disk encryption, S.M.A.R.T / email reports with several different protocols/ services. All this is easily managed by a configurable web interface.

NAS4Free was previously elected “Community Choice” Project of the Month in August of 2015 and the NAS4Free team spoke about the project’s developments and direction. Recently we caught up with the owner, developer and project leader of NAS4Free, Michael Zoon to find out how the project has been doing since then.

SourceForge (SF): What significant changes have occurred with your project since you were voted Project of the Month in August 2015?
Michael Zoon (MZ): First we would like to thank all users who voted NAS4Free for project of the month again.
A vote means more than a thousand words to us. Back to the original question:
We are happy to welcome a new pleasant developer in our team. His name is Michael Schneider and he’s currently rewriting parts of the user interface and is adding improvements to the backend of the underlying operating system.

Another change since 2015 is the phase out of 32-bits versions of NAS4Free. We took the decision with the start of the 11.0.0.4 series based on FreeBSD 11.0. We do believe this is a logical step to provide the full potential of the operating system and the system hardware.

SF: Have any of your project goals changed since then?
MZ: No, our project goal has not changed in the past and we don’t have any plans to change them in the future. We would like to provide one of the best NAS software based solutions on planet earth. We do everything to keep its footprint as small as possible. NAS4Free comes with no bloatware or adverts and does not collect and does not submit any user data or statistic information to the internet. Our hardware requirements are low in comparison to other NAS solutions. NAS4Free performs pretty well on nearly every hardware.

SF: What project goals have you achieved so far?
MZ: We are very proud about the fact that our user base is growing constantly although NAS4Free is not sponsored and not actively promoted in the news, magazine or in the web.

SF: What can we look forward to with NAS4Free?
MZ: NAS4Free’s user interface is in the middle of a rewrite with a new framework and improvements in design. Users who upgrade their systems already noticed positive changes with every release we pull out; those changes will keep coming for a while as this task requires a lot of time and testing before they get published.

SF: Is there anything else we should know?
MZ: NAS4Free is an open source project. We have many volunteers who do all the translations on Launchpad, other volunteers who provide support on our forum and on our IRC channel. We would like to invite everyone who is interested to become a member of the NAS4Free team. With you we can make NAS4Free even more successful.

[ Download NAS4Free ]

Categories: Open Source

PL/SQL Enterprise Workbench

Date Created: Mon, 2017-02-27 18:53Date Updated: Tue, 2017-02-28 09:27Jan Richter, Germany, HamburgSubmitted by: Jan Richter

The PL/SQL Enterprise Workbench integrates a powerful editor to edit PL/SQL procedures, functions and packages. All resources are file based and automatically supports the installed team scm system like svn, git etc.

The PL/SQL Connector Builder generates Java access classes. The generated Java code is organized as the JEE base patterns : Implementation classes, transfer object classes, service interfaces and remote call service factories.

Oracle Parameter types of collection tables, collection varrays, object types, typed ref cursors, xml_type, sdo_geometry, inherited objects and more are supported. It simple prepares stored procedure calls for bulk processing and other tuning.

Have a closer look at the documentation at : www.jr-database-tools.de

Categories: Open Source

Introducing the Google Summer of Code 2017 Mentor Organizations

Google Open Source Blog - Mon, 02/27/2017 - 18:19
Today’s the day! We are excited to announce the mentor organizations accepted for this year’s Google Summer of Code (GSoC). Every year we receive more applications than we can accept and 2017 was no exception. After carefully reviewing almost 400 applications, we have chosen 201 open source projects and organizations, 18% of which are new to the program. Please see the program website for a complete list of the accepted organizations.

Interested in participating as a student? We will begin accepting student applications on Monday, March 20, 2017 at 16:00 UTC and the deadline is Monday, April 3, 2017 at 16:00 UTC.

Over the next three weeks, students who’d like to participate in Google Summer of Code should research the organizations and their Ideas Lists to explore which organizations are a good fit for their interests and skills and learn how they might contribute. Some of the most successful proposals have been completely new ideas submitted by students, so if you don’t see a project that appeals to you, don’t hesitate to suggest a new idea to the organization! There are contacts listed for each organization on their Ideas List — students should contact the organization directly to discuss their ideas. We also strongly encourage all interested students to reach out to and become familiar with the organization before applying.

You can find more information on our website, including a full timeline of important dates and program milestones. We also highly recommend all interested students read the Student Manual, FAQ and the Program Rules.

Congratulations to all of our mentor organizations! We look forward to working with all of you during Google Summer of Code 2017.

By Josh Simmons, Open Source Programs Office

Categories: Open Source

Projects of the Week, February 27, 2017

SourceForge.net: Front page news - Mon, 02/27/2017 - 06:36

Here are the featured projects for the week, which appear on the front page of SourceForge.net:

fre:ac – free audio converter

fre:ac is a free audio converter and CD ripper for various formats and encoders. It features MP3, MP4/M4A, WMA, Ogg Vorbis, FLAC, AAC, and Bonk format support, integrates freedb/CDDB, CDText and ID3v2 tagging and is available in several languages.
[ Download fre:ac – free audio converter ]


Free Pascal Compiler

A 32/64/16-bit Pascal compiler for Win32/64/CE, Linux, Mac OS X/iOS, FreeBSD, OS/2, Game Boy Advance, Nintendo NDS and DOS; semantically compatible with Delphi, Borland Pascal and Mac Pascal (partially) with extra features, e.g. operator overloading.
[ Download Free Pascal Compiler ]


WinPython

WinPython is a free open-source portable distribution of the Python programming language for Windows XP/7/8, designed for scientists, supporting both 32bit and 64bit versions of Python 2 and Python 3. Since September 2014, Developpement has moved to https://winpython.github.io/
[ Download WinPython ]


Free Manga Downloader

The Free Manga Downloader (FMD) is an open source application written in Object-Pascal for managing and downloading manga from various websites. This is a mirror of main repository on GitHub. For feedback/bug report visit https://github.com/riderkick/FMD
[ Download Free Manga Downloader ]


Manjaro Testbuilds

Manjaro Linux is a Linux Distribution based on Arch Linux. It is still under development, but an initial testing release is already available. Our aim is to create a light linux distribution, which is simple, up-to-date, fast and user friendly and which follows the K.I.S.S principle. We are using the Desktop Environment Xfce, which is light but powerfull. Arch Linux is a great GNU/Linux distribution, but installing and configuring it, needs some time and experience. So we improved Arch Linux. We created a more user friendly installation process, wrote bash scripts for managing graphic drivers, configured xfce with some useful functions and a GUI settings manager is also planed. Just try it.

Categories: Open Source

“Community Choice” Project of the Month Vote – April 2017

SourceForge.net: Front page news - Fri, 02/24/2017 - 06:00

The vote for April 2017 Community Choice SourceForge Project of the Month is now available, and will run until March 15, 2017 12:00 UTC.


VoIP monitor

VoIPmonitor is open source network packet sniffer with commercial frontend for SIP SKINNY RTP and RTCP VoIP protocols running on linux. VoIPmonitor is designed to analyze quality of VoIP call based on network parameters – delay variation and packet loss according to ITU-T G.107 E-model which predicts quality on MOS scale. Calls with all relevant statistics are saved to MySQL or ODBC database. Optionally each call can be saved to pcap file with either only SIP / SKINNY protocol or SIP/RTP/RTCP/T.38/udptl protocols. VoIPmonitor can also decode audio.
[ Download VoIP monitor ]


arch-openrc

OpenRC, eudev and no-systemd packages for Arch Linux (and, possibly, derivatives). For migrating from existing systemd installations read the guide at http://systemd-free.org, which currently uses the [openrc-eudev] repository and contains both openrc and nosystemd packages. Go to arch-openrc for a clean OpenRC installation with the provided ISO and [arch-openrc] repository. Use the [arch-nosystemd] repository for completely systemd-free installations. Links ~~~~~ Github: https://github.com/cromerc/arch-nosystemd https://github.com/cromerc/arch-openrc Installation guide: http://systemd-free.org/install.php
[ Download arch-openrc ]


Cyberfox

Cyberfox is a Mozilla-based Internet browser designed to take advantage of 64-bit architecture but a 32-bit version is also available. The application provides a higher memory performance when navigating your favorite pages. Compatible Windows Operating Systems: Windows 7/7 SP1 OS x86|x64 Windows 8/8.x OS x86|x64 Windows 10 OS x86|x64 (Windows XP Unsupported, Windows Vista Unsupported) Dedicated support forums. https://8pecxstudios.com/Forums/index.php Dedicated Contact Forms. https://cyberfox.8pecxstudios.com/contact-us Profile Buddy: Transfer your profile from any Mozilla base browser. https://8pecxstudios.com/Forums/viewtopic.php?f=6&t=350 See notifications for critical release information: https://cyberfox.8pecxstudios.com/notifications Tell us what you think and write a review.
[ Download Cyberfox ]


Manjaro Community Torrents

This project is for download the Manjaro Officials and Community releases using a bittorrent client (console or graphical)
[ Download Manjaro Community Torrents ]


Hydrogen

Hydrogen is an advanced drum machine for GNU/Linux, Windows and Mac OS X. It’s main goal is to bring professional yet simple and intuitive pattern-based drum programming.
[ Download Hydrogen ]


Hibernate

Hibernate is an Object/Relational Mapper tool. It’s very popular among Java applications and implements the Java Persistence API. Hibernate ORM enables developers to more easily write applications whose data outlives the application process. As an Object/Relational Mapping (ORM) framework, Hibernate is concerned with data persistence as it applies to relational databases (via JDBC).
[ Download Hibernate ]


FileBot

FileBot is the ultimate tool for renaming your movies, tv shows or anime and downloading subtitles. It’s smart, streamlined for simplicity and just works. FileBot supports Windows, Linux and Mac, plus there’s a full-featured command-line interface for all sorts of automation.
[ Download FileBot ]


gnuplot

A famous scientific plotting package, features include 2D and 3D plotting, a huge number of output formats, interactive input or script-driven options, and a large set of scripted examples.
[ Download gnuplot ]


Liferay Portal

Liferay Portal is the world’s leading enterprise open source portal framework, offering integrated Web publishing and content management, an enterprise service bus and service-oriented architecture, and compatibility with all major IT infrastructure.
[ Download Liferay Portal ]

Categories: Open Source

HPE Security Fortify on Demand Plugin

Date Created: Thu, 2017-02-23 23:23Date Updated: Sun, 2017-02-26 23:12Hewlett Packard EnterpriseSubmitted by: Anna Karyakina

Fortify on Demand is a Software as a Service (SaaS) solution that enables your organization to build and expand a Software Security Assurance program quickly, easily, and affordably. An application submitted to Fortify on Demand undergoes a security assessment where it is analyzed for a variety of software security vulnerabilities. With this Eclipse plugin, you can upload your code to Fortify on Demand for static assessment, also audit and remediate static and dynamic analysis results as soon as they are available.

Categories: Open Source

Google Code-in 2016: even more young developers

Google Open Source Blog - Thu, 02/23/2017 - 20:04
Google Code-in (GCI), our contest introducing 13-17 year olds to open source software development, wrapped up last month with our largest contest to date: 1,340 students from 62 countries completed an impressive 6,379 tasks! Working with 17 open source organizations, students wrote code, created and edited documentation, designed UI elements and logos, conducted research, developed screencasts and videos teaching others about open source software, and helped find (and fix!) hundreds of bugs.
General statistics
  • 56.4% of students completed three or more tasks (earning themselves a fun Google Code-in 2016 t-shirt)
  • 21% of students were female
  • 30% of the participants from the USA were female
  • This was the first Google Code-in for 1,143 students (85.3%)
Student age2017-02-23_07-48-36.png

Participating schoolsStudents from 550 schools competed in this year’s contest. While Google Code-in is a program for individuals, every year some schools emerge as hot spots of participation. This year, these five schools had the most students taking part:

School NameCountryNumber of ParticipantsDunman High SchoolSingapore185Sacred Heart Convent Senior Secondary SchoolIndia29Jayshree Periwal International SchoolIndia26Colegiul National Aurel VlaicuRomania23Ly Tu Trong Specialized High SchoolsVietnam14
CountriesWe are pleased to have a new country participating in GCI this year: Mauritius! The chart below displays the ten countries with the most students completing at least 1 task.




In June we will welcome all 34 grand prize winners (along with a mentor from each participating organization) for a fun-filled trip to the Bay Area. The trip will include meeting with Google engineers to hear about new and exciting projects, tours of the Google campuses and a fun day exploring San Francisco.

Keep an eye on the Google Open Source Blog in coming weeks for more stats on Google Code-in 2016, plus posts from the mentoring organizations describing some of their experiences with the contests and the work done by “their” students.

We are thrilled that Google Code-in was so popular this year. We hope to continue to grow and expand this contest in the future to introduce even more teenagers to the world of open source software development.

By Stephanie Taylor, Google Code-in Program Manager
Categories: Open Source