open source

  • LibreOffice & Nextcloud for EU Institutions

    Steve WoodsOpen Source, Politics, Security, Tech

    EU flagEU data protection authorities have negotiated a contract for the use of Nextcloud and LibreOffice Online in EU institutions. They are now testing the solutions, German IT news heise reports.

    Data protection-friendly alternatives

    It was announced last Wednesday that the European Data Protection Supervisor Wojciech Wiewiórowski and his team have begun testing both solutions this month. In coming months they want to examine “how these can tools support EU day-to-day work“. This pilot phase is part of a larger IT reflection process that the EDPS already started last year aimed at encouraging EUIs to consider alternatives to large-scale service providers to ensure better compliance with Regulation (EU) 2018/1725.

    By procuring the Open Source Software from one single entity in the EU, the use of sub-processors is avoided. In doing so, the EDPS avoids data transfers to non-EU countries such as the USA and allows for more effective control over the processing of personal data.

    According to Mr Wiewiórowski, “Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly“.

    Microsoft Office in the sights

    Mr Wiewiórowski has already examined the contracts which EU institutions have with Microsoft and reached the conclusion in 2020 that the data processing purposes when using Windows or Microsoft Office had been defined far too openly. Processing contractors were not adequately audited and data could be transferred too easily by EU institutions to countries outside the Union. At the time, he demanded that Microsoft should only retain user information within the EU. The roles of all those involved with all their rights and obligations must be clearly regulated. Furthermore, Users should look around for alternatives that “enable higher data protection standards“.

    The EDPS started further investigations into the use of Microsoft and Amazon cloud services by EU institutions. These entailed the use Microsoft Office 365 by the EU Commission. According to Wiewiórowski many contracts were concluded prior to the “Schrems II Judgment” and had to be examined in the light of the European Court of Justice case law.

  • German Federal Ministry promotes open source

    Steve WoodsOpen Source, Politics, Tech

    Min. of Economic Affairs and Climate Action sponsorship logoThe German Federal Ministry for Economic Affairs and Climate Action’s Sovereign Tech Fund (STF) is promoting seven open source projects in a pilot round. The Fund shall therefore be increasing safety and data security on the internet, as well as digital sovereignty, according to German IT news site heise.

    A vulnerability in the Log4j open source Java library at the end of last year resulted in millions of potentially endangered systems. A discussion ensued about open source projects, which often represent crucial elements of the digital infrastructure.

    In the pilot round the Fund is supporting the OpenMLS library, which is used for end-to-end encryption, curl, the popular command line data transfer tool and an open implementation of the BGP internet routing protocol, which communicates between network segments and autonomous systems. The Ruby package manager RubyGems and Bundler, which facilitates the integration of Ruby packages in applications will also be supported, as will the WireGuard VPN software. In addition to this, the Fund is supporting GopenPGP, a modern OpenPGP implementation in Go, and OpenPGP.js, which can be executed in the browser. Furthermore, a projects is being promoted with OpenSSH, which is the standard for secure remote connections and is one of an administrator’s most important tools. STF pilot round projects as shown on STF website

    Software must adapt

    The STF characterises the projects as software belonging to digital base technologies and used extensively in business, the public sector and civil society. In a feasibility study (DE, PDF) the STF justifies the need to promote open basic technologies by the fact that although the importance and use of open source software is high, the projects nevertheless do not ‘adapt‘ accordingly and maintenance is often dependent upon committed individuals, thus increasing the risk of safety-critical vulnerabilities.

    In their coalition agreement, the SPD, the Greens and the FDP emphasise the importance of open source software for strengthening digital sovereignty.However, no funds were originally earmarked for the Sovereign Tech Fund in the federal government’s draft budget for 2022. In the end, coalition partners increased the funds provided so that the fund can now get started.

    The STF is promoting the above-mentioned projects until the end of the year with a total of €1 mn. Fiona Krakenbürger, the STF’s joint chief executive said: “This pilot round makes a small contribution to the sustainability of these important projects, which we hope to be able to expand in the years to come.” Projects worth funding will in future be determined in future by a committee of experts and an open application process. The STF intends to publish details of the application process in 2023.

  • French open source market still dynamic

    Steve WoodsOpen Source, Tech

    CNLL logoThe CNLL (France’s Free Software and Open Digital Enterprise Union), Numeum and Systematic Paris-Region commissioned MARKESS to carry out a study of the open source market in France and Europe (PDF), analysing the sector by identifying the main underlying trends since 2019 and anticipating future developments up to 2027.

    At the heart of the most dynamic digital sectors, free and open source software is continuing its progress which started more than 20 years ago and currently accounts for a market of nearly €6bn. in France.

    “Year after year, open source continues to grow, with a very encouraging outlook of almost 8% per year between 2022 and 2027. This strong growth shows the growing influence of open source on the digital economy in France and in Europe”, states Marc Palazon, chairman of Numeum.

    This progress is long-term. After having grown fortyfold in less than 20 years, the turnover of the open source sector in France must is still expected to grow faster than that of the overall software and digital services market over the next 5 years. France is also confirming its European leadership, along with Germany and the UK.

    For Philippe Montargès, chairman of Systematic Paris-Region’s Open Source Hub: “Open source is emerging as the quiet force of the digital sector. The growth of open source remains strong and has been for more than 20 years! France is reinforcing its European leadership with earnings of almost €6 bn. in 2022 and more than 60,000 direct jobs. These are two pieces of good news, especially since this lasting and positive dynamic is reflected in a strong increase in the penetration of free software into many innovative technologies and solutions (cybersecurity, cloud infrastructures, AI/Data, IoT, telecoms, SaaS, etc.) and extends widely throughout Europe.”

    The study therefore confirms the overall dynamism of free software in Europe. Open source is becoming more and more European by being structured around companies, communities and user organisations that make it the core of their development strategies. The main reasons for adopting open source are still costs savings and the strategic leverage effect, but also increasingly the ease of collaboration and skills development. The support of the European Commission, which has been announced since the publication of the last study in 2019, has gone hand in hand with the implementation of national policies in many member states and contributes to the dynamism of the open source sector.

    Furthermore, this growth is giving rise to a massive recruitment within the sector and the entire ecosystem which will have to train and recruit more than 26,000 new full-time equivalents (FTEs) between now and 2027, who will join and swell the ranks of the 64,000 employees currently developing and integrating open source solutions. The skills needed in free software are numerous and varied – developers, DevOps or marketing professionals, architects and consultants – as can be seen by browsing recruitment websites..

    Beyond training, a real industrial policy must be defined and implemented in France and Europe to take full advantage of the contribution of free software to innovation, technological independence and a more ethical and responsible digital sector.

    “Companies in the sector have long been calling for an industrial policy to make it an asset in a strategy to regain European digital sovereignty. Among the measures we expect: a proactive public sector purchasing policy; dedicated funding that takes economic models specific to free software into account; pro-competitive measures that limit the ability of dominants stakeholders to close down the market to the detriment of SMEs; more stringent open standards requirements and a dedicated training policy”, concludes CNLL Joint Chairman Stéfane Fermigier.

  • A good 404

    Steve WoodsOddities, Open Source, Tech

    Those whose fingers get into a tangle will be familiar with the HTML 404 error code page, just one of a number of HHTP status codes, of which the 400 series deals with client errors.

    A moment’s digital dyslexia this morning meant your ‘umble scribe was treated to Shropshire Council‘s 404 error page, as shown below.

    Shropshire's Council 404 page

    Umbraco is the open source content management system (CMS) used by the council to manage its website.

    Your correspondent particularly likes the final line: “This page is intentionally left ugly ;-)”.

    Computer scientist Brett Victor has an artistic 404 page, which pays homage to surrealist artist René Magritte.

    404 page of a pipe reading this is not a page

    However, my favourite 404 page of all time assumes the persona of Marvin the Paranoid Android from Douglas Adams’ Hithchiker’s Guide to the Galaxy and can be seen here in all its glory.

  • Second YH4F launches

    Steve WoodsOpen Source, Tech

    FSFE logoRegistration for for the second edition of “Youth Hacking 4 Freedom “, the Free Software Foundation Europe’s hacking competition for teenagers from all over Europe, has opened. The contest offers young people aged between 14 and 18 the opportunity to challenge themselves, meet like-minded people and win cash prizes of €4,096, €2048 and €1024.

    Registration is open until 31 December, after which the six-month coding phase will start, ending at the end of June 2023.

    YH4F graphic

    YH4F aims to inspire young people by giving them the chance to hack on a software project in a fair and fun way while meeting other young developers from all around Europe. The winners will receive a cash prize and a two-day trip to Brussels with other hackers for the award ceremony.

    The first edition of the competition was a huge success with broad participation and well-coded winning projects. Over a hundred people coming from 25 different countries registered and submitted 35 project at the end of a five-month coding phase. The six winning entries offered sign language transcription, a smart table robot, a personal assistant, a music tutorial, a file sharing program and a homework manager. All the programs are licensed under free software licences, thus granting everybody the right to use, understand, share and improve them.

    Ekaterina, one of the winners of the first edition of the YH4F competition, states: “Taking part in this competition was personally a big step as before it I have never ever programmed something and I did not have knowledge to do so. During the project I learned a lot more about programming concepts, how can I implement the modules and generally the programming language Python“.

    To be eligible to enter participants must be between 14 and 18 years old and live in a European country. The YH4F competition includes an introductory online event in which the FSFE team will present the competition and answer questions about it. Participants are free to use their imagination to the competition as any type of software can be coded as long as it is free software. The projects submitted can therefore be stand-alone programs written from scratch or a modification and combination of existing programs, in addition to which participants will be able to follow each other’s work and exchange ideas.

    Projects will be submitted to the expert jury at the end of June 2023.

  • Chrome’s incognito mode is anything but – allegedly

    Steve WoodsLanguage, Media, Open Source, Privacy, Security, Tech

    Google Chrome iconGoogle Chrome is a cross-platform web browser first introduced in 2008. Based largely on the open source Chromium browser, perhaps the best description for it is proprietary freeware.

    French IT news website Le Monde Informatique reports that a federal judge in California is examining complaints against Google alleging that the company is tricking users into believing that their private life is protected when using the browser’s incognito mode. The lawsuit which was initiated before the North California District Court more than 2 years ago by 5 users is now awaiting a more recent petition from these plaintiff in a class action. One of the complaints concerns Chrome users with a Google account who accessed a non-Google website containing Google tracking or advertising code and who were browsing in incognito mode; a second covers all users of Safari, Edge and Internet Explorer with a Google account who accessed a non-Google website containing Google tracking or advertising code in private browsing mode. According to legal documents first disclosed by Bloomberg, Google employees joked about the browser’s incognito mode and the fact that it was not really private. They also took the company to task for not having done more to provide users with the privacy they though they were enjoying.

    Judge Yvonne Gonzalez Rogers, who presides over the United States District Court for the Northern District of California, will decide whether the tens of thousands of users of Chrome’s incognito mode can be grouped together to seek statutory damages of $100 to $1,000 per violation, which could potentially increase the fine to over $5 bn. The definition of the word incognito is to disguise or conceal one’s identity. The confidentiality settings of web browsers are intended to delete local traces of sites visited by a user, as well as web searches and information provided when filling in online forms. Simply put, private modes such as incognito are not supposed to track and record data from web searches and sites visited by users. Google is also facing proceedings linked to user confidentiality from the justice ministers and public prosecutors of several federal states including Texas, the District of Columbia and Washington. Earlier this month Google settled a lawsuit filed by the attorney general of Arizona for $85 mn. Initially filed in June 2020, the class action was asking for at least $5 bn., accusing Google of surreptitiously collecting data on what people were viewing online and where they were browsing despite using private browsing mode. Lawyers for the plaintiffs say they have a large number of internal Google emails proving that managers have known for years that private browsing mode does not do what it claims. When a user chooses to use this incognito mode, Google’s browser is supposed to delete browsing history and cookies automatically at the end of a session.

    Data sold for advertising purposes in auctions

    The plaintiffs, who are Google Account holders, alleged that the search engine collected their data, distributed it and sold it for targeted advertising through a real-time auction system (RTB). LThe plaintiffs allege that even in incognito mode, Google can see what sites Chrome users are visiting and collect data by means which include Analytics, digital fingerprinting techniques, concurrent applications and processes on a user’s device and AdManager. The latter is a Google service enabling businesses to distribute and create web, mobile and video advertising reports for a company.

    According to one report, more than 70% of all website use one of more of Google’s services. More specifically, the plaintiffs allege that every time a user with private browsing mode active visits a website running Analytics or AdManager, the search giant’s software scripts on the site surreptitiously order the user’s browser to send a secret separate message to its servers in California. “Google learns exactly what content the user’s browser software was asking the website to display, and it also passes a header containing the URL information of what the user viewed and requested online. Device IP address, geolocation data and user ID are all tracked and logged by Google”, according to one report in the lawsuit. “Once collected, this mountain of data is analyzed to build digital records on millions of consumers, in some cases identifying us by name, gender, age, and medical conditions and political issues we researched online”, the lawsuit claims.

    Truly private browsing results in loss of revenue

    In March 2021, a California judge denied 82 motions by Google’s attorneys to end the lawsuit and ruled against the company, allowing it to proceed. In July that year the company was sentenced to pay almost one million dollars in legal fees and expenses as a penalty for not having disclosed evidence concerning the lawsuit in a timely manner.

    This week a spokesperson for Google told the Washington Post it had been frank with users about what its incognito mode offers in terms of privacy and that the plaintiffs “deliberately misrepresented our statements”. Jack Gold, senior analyst at J. Gold Associates, said the company makes the majority of its revenue by tracking everyone and selling ad space. “If they’re really creating a completely private browsing experience, then the revenue stream is gone,” he said. “So, I suspect there is a ‘balancing act’ going on internally as to where the borders are around privacy vs. tracking. No company builds a free browser without being able to generate revenues somehow”. The plaintiffs in the case said they chose “private browsing mode” to prevent others from learning what they’re viewing on the internet. When it comes to using Google Chrome and other browsers, “let the user beware,” Gold said. “You have to trust the maker to take care of your privacy, but it’s not always in their best interest to do so”.

  • Introducing Ubuntu Pro beta

    Steve WoodsLinux, Open Source, Security, Tech

    Ubuntu logoCanonical is currently offering a public beta version of Ubuntu Pro, giving Ubuntu Linux users extended maintenance and security compliance for software packages ranging from the Node.js runtime to Python 2 and Rust. Security cover will be extended for average and high common vulnerabilities and exposures (CVE) for thousands of applications and toolchains including Ansible, Apache Tomcat, Apache Zookeeper, Docker, Drupal, Node.js, Puppet, Python 2, Rust and others.

    A free thirty days trial is available for businesses. Ubuntu Pro is available for data centres and workstations. A free level is being offered for small-scale personal use (up to 5 machines).

    Since the launch of Ubuntu LTS with 5 years support for the main operating system, businesses have asked the supplier to cover a larger area of the open source landscape under private commercial agreements. These benefits are now offered free of charge to anyone with a free personal subscription to Ubuntu Pro. This may also be combined with 24/7 enterprise level for the Ubuntu operating system.

    Ubuntu Pro is available for all Long Term Support (LTS) versions of Ubuntu from version 16.04 LTS upwards. The standard Ubuntu Pro subscription covers security updates for all Ubuntu packages. In addition, Canonical’s Ubuntu Advantage for Infrastructure subscription has been renamed Ubuntu Pro (Infra-only) with no change in its price or range. The Infra-Only subscription covers the base operating system and the private cloud components required for large-scale and bare metal and excludes wider cover for applications. Subscribing to Ubuntu Pro costs US $25 dollars per year excl. tax for one workstation or US $500 dollars per year for a server. On public clouds Ubuntu Pro costs some 3.5% of the average cost of the underlying processing environment.

  • Amazon Workspaces offers Ubuntu virtual desktops

    Steve WoodsLinux, Open Source, Tech

    The AWS blog writes that the company loves to give its customers choices: the choice of infrastructure to deploy their workloads, store their most important data, or the operating systems for their virtual desktops.

    To this end it has started offering Ubuntu virtual desktops, based partly on the premise that “Ubuntu is the most widely used operating system among professional developers (66 percent Ubuntu, 61 percent Windows, and 57 percent macOS)”.

    AWS Ubuntu virtual desktop

    To date your correspondent has seen both Ubuntu’s Unity desktop – as shown above – and the lightweight Xfce desktop as an alternative.

    It has been a quip of open source enthusiasts that next year will be the year of Linux on the desktop (instead of the Beast of Redmond’s ubiquitous operating system.

    AWS is now demonstrating that 2022 is the year of the Linux desktop on someone else’s computer. 😀

  • EU open source repository now online

    Steve WoodsOpen Source, Tech

    EU flagThe EU Commission has launched the code.europa.eu open source repository with over 100 projects to promote open software development, heise reports.

    The EU Commission has started operations of its open source development platform code.europa.eu without much ado. The Director General for Informatics, Veronica Gaffey, announced the launch of the open source repository two weeks ago at an Open Forum Europe conference two weeks ago. The platform should facilitate “the collective development, exchange and reuse of solutions for European public services”.

    In Gaffey’s words: “We created a central code repository, one which I can now announce publicly. You will find our software development platform at code.europa.eu. So, code.europa.eu facilitates the open development of software projects from the Commission as well as the other European Union institutions. We start today with just over 100 projects and 150 developers, but the OSPO is busily onboarding others.”. The focus is on projects by the Commission and other EU institutions, but also “in Bulgaria, the Czech Republic, Estonia, France, Germany, Italy, the Netherlands and elsewhere in the EU”.

    In December last year we got rid of an outdated, complicated, bureaucratic legal process that stopped us sharing open source. Now Commission projects that wish to share their software with others are free to do so,” Gaffey explained.

    The European Public License (EUPL) 1.2 should be used as the main licence for new source code on the platform, according to EU open source news site Joinup. The EUPL has been adapted to European law and is compatible with version 2 of the more well-known GNU General Public License (GPL). Code added to existing projects will use the same license as previously, such as the Dynamic Discovery Client, which uses the GNU Lesser General Public License (LGPL).

  • Audacity 3.2 released

    Steve WoodsLinux, Open Source, Tech

    When it comes to open source audio editing software, Audacity is the software package your ‘umble scribe has been using and recommending to others for over a decade and a half.

    The latest minor point release for the software – to version 3.2 – nevertheless brings some major new features, including real-time effects. Furthermore, the package will now run natively on Apple’s Silicon Macs, according to German IT news website heise, whose headline rates it as ‘Genuine competition for commercial audio software‘.

    Audacity was first released in 22 years ago and since then it has made major strides towards becoming a fully-fledged end-to-end production tool for everyone who works with audio, from multi-track recording and editing to podcast production, i.e. a complete digital audio workstation (DAW).

    The new version press release states that the Audacity team has been working hard to empower audio creators with the following highlights of this release: real time editing capabilities, VST3 plugin support and sharing, the latter via Audacity’s new audio.com sister service.

    For a full list of changes in Audacity 3.2, read the release notes.

    Audacity is available for download for Linux, Mac and Windows and your correspondent is awaiting the new version’s arrival in the Debian GNU/Linux software repositories.

Posts navigation