& Do You Know The Ingredients | Using The Rasa Framework
OF Your Software? For Creating Chatbots
ees ONC
EF YGROUP rican
WORK WITH THE RIGHT
OrientDB: A Flexible And
Scalable Multi-Model
NoSQL DBMS
Using BigchainDB:
A Database
With Blockchain
Characteristics
Popular Open
Source Databases:
An Overview
MariaDB And
MySQL: Which One
Should You Use?
Business As A Platform How Open Source Is Helping
To Enable Innovation To Build Smart Citieswww. .com
DO OPEN SOURCE.
All you need to do is
develop expertise in an
Open Source stack, and
then build a team around it!
And, Open Source For You
can be your friend and a
guide through this journey.
- tm
Visit: htips:isubscribe etyindia.com ss
TO/READ OUR EZINE EDITION. visit: ntps:lezinetfymag.com é cat
4 <
Locking for marketing solitons to engage wih outing edge techies? —
Contact us at growmybiz@elyin OR call us at +91-9811155335,Does Your Antivirus Solution Provide
SMe Meera ts
TOP 10 things that your Antivirus solution should provide to tackle today’s threat...
Ransomware File Protection ATP. Advance Threat Protection Deter a nse
Application Blocking eee Leaming, Exploit Prevention RL Blocking
Disk and Boo! Respond Investigate Remove
Record Protection Lomi (Root Cause Analysis)
ValeeoC Sun eRe NC Caa MOM Bl UOMR TIA CuK 0
Contact: Santosh on 9971696319 or Email at santosh gupta@itsipl.com
Ss LT. Solutions India Private Limited + Mumbai ‘SSOPHOS 2920 GEST NEXTGEN PARTNER | Deln NCR
1D-88/5, Okhia Indust Area, Okhla Phase |, New Dehi-110020 + Jaipur ‘SOPHOS 2019 BEST NEXTGEN PARTNER | Delhy NCR
‘nrc Comeew ph Q1-47695000 «Em: ales@ tsipLcom -wwwitsp.cam + Chandigarh ‘SOPHOS 2018 BEST S! PARTNER | DeiCONTENTS eecesecsies soe sirn
FORU &ME
41 Typeset: Taking the rudgery Out of
Formating Academic Papers
FOCUS
53 Top 10 Open Source Databases
How Open Source is Helping Do You Know the Ingredients
58 epuar OpenSource Databases: to Big Smart Cities of Your Software?
\n Overview
60 Using BigchainDB: A Database
with Blockchain Characteristics
DEVELoPeRs_______|_ Building Reusable
Modules
72 Managing Secrets via Amber
74 Simplify Invoicing by Creating a
Template with Python l
COLUMNS —__
Dr Sanjeev Kumar
84 CodeSport ‘Shrivastava
600 an Nationa
Coornat,
ADMIN:
STEM
86 Malboxes: Malware Analysis
Made Easy
92 Docker: The Platform for New Business as a Platform to
Generation Virtualisation in the industry trying to build new Enable Innovation
innovative products
95 First Animal/Bird Language
Translator Enabling you to Tak 07 FossBytes
with Nature
4 | DECEMBER 2021 | OPENSOURCE FOR YOU | www OpenSourceFor com= GROUP
Wanna Support ——
Open Source For You? —
Subscribe to the Magazine—
so that we can Keep
promoting Open Source. (ZA
ES
Eva eae asi we 5 ~\
Pay for = AAW
6 Issues A oxo” we
Get 12! We":
(Buy One Get One Free!) ree
ee eee eres a eee
~~~ Wann nnn EE — ~~: ORDER FORM ~~~~~-~~--~---~---~ Satta
Pay Pay { Pe
Please CS Cd
Tick (v) ey (Buy 24 tsa Free!) 3
Your Choice 1440 2880
SEE
To subscribe online, visit —
https://tinyurl.com/ySkuv4la cous
Mating Aas,
its photocopy to FV Enterprises Put td, 07/1 Ci few Det 110020 | Ph: 019-€059600Shoo CONTENTS
roua,suscurnoNs ABvNG sung um uannngn
cae MariaDB and MySQL: Which One
fe 8 Should You Use?
axis
Ensen
ewss0 stun
ttn
sverseuens
tame
tect
trench
tae
foepiom
Ent eane|
Ethene
pase Installing and OrientDB: A Flexible and
Using MariaDB on Scalable Multi-Model
tendpiitndnteti ontn Ubuntu NoSQL DBMS
‘pittance se
Sietretesetonretarensconr
‘tse eae
‘mantissa
Miennderiatcoates
Transforming Data Using the Rasa Framework for
withR Creating Chatbots
6 | DECEMBER 2021 | OPEN SOURCEFOR YOU | vaw-OpenSourcefatUcamFOSSBYTES
Microsoft launches open Airbnb open sources
serverless public key
source real-time collaboration _ ‘amework ott
i 7 ‘Airbnb has announced open
tool called ‘Loop source Ot, a serverless pul
infrastructure (PK1) framework
developed in-house. Ottr handles end-
tend certificate rotations without
the use of an agent. Its primary
design aims to be a scalable and
configurable serverles framework on
AWS, with litle operational overhead
‘or reliance on enrolment protocols.
Our ean be extended to handle
end-to-end certificate rotations
for any hosts (e.g., network
infrastructure, Linux, Windows)
‘capable of managing their own X.509
certificates from a remote session
(ea. API, SSH, SSM Agent)
While there are a numberof
agent-based solutions to automate
certificate rotations for Linux
key
Microsoft has launched its own version of Google Wave~ Microsoft Loop, anew and Windows distributions, the
Office collaboration app. process to broker certificates for
According to TechCrunch, Loop is a new app — and concept — that takes network infrastructure commonly
the Fluid framework, which provides developers with flexible components to mix involves either manual intervention
and match in order to create real-time editing-based applications, to create a new from engineering teams or use
experience for users to collaborate on documents ‘of enrolment protocols such as
Inmany ways, that was also the promise of Google Wave — real-time collaboration Certificate Management Protocol
plusa developer framework and protocol to bring Wave everywhere, the report sai. (CMP), Simple Certificate Enrolment
Google Wave was a doomed real-time messaging and collaboration platform Protocol (SCEP), or Enrolment over
Google launched in 2009 and prematurely shuttered in 2010. Secure Transport (EST), all of which
There are three elements to Loop — Loop components, which are ‘atomic have security issues.
units of productivity’ like lists, tables, notes and tasks; Loop pages — “flexible
‘canvases where you can organise your components and pull in other useful elements
like files, links, or data to help teams think, connect, and collaborate;" and Loop
‘workspaces. These are shared spaces where you can catch up on what everybody is
working on and track the progress towards shared goals,
(One thing Wave never had that is apparently a core feature of Loop is that the
latter tracks your cursor position in real-time, the report said
Linux Foundation enhances security to its
LFX Community Platform
‘The Linux Foundation, the non-profit organisation enabling mass innovation
through open source, has enhanced its free LEX security offering so that open tr was built to abstract away a
source projects can secure their code and reduce non-inclusive language. numberof challenges associated with
‘The LFX platform hosts community tools for security, fundraising, community certificate provisioning while also
‘growth, project health, mentorship and more. I supports projects and empowers providing additional benefits around
‘open source teams to write better, more secure code, drive engagement and grow
sustainable ecosystems.
‘operations and security
wovs.OpenSaurceFrU.com | OPEN SOUR
FORVOU | DECEMBER 2021 | 7=f FOSSBYTES
Eclipse Foundation
invites tech leaders for
collaboration on software-
defined vehicles
‘The Eclipse Foundation, along with
‘multiple industry leaders including
Bosch, Microsoft and others, has
announced an open invitation for
technology leaders to help define a new
‘working group focused specifically on
the software-defined vehicle.
‘The ultimate goal will be the
creation of a vendor-agnostic, open
source ecosystem with a vivid,
contributing community focused on
building the foundation for a new era
in automotive software development.
This announcement serves as a “call
toaction” forall interested partes to
Join this initiative and help shape the
future of mobility.
‘Today, next-generation vehicle
developers are turning to software-
based solutions for their new designs.
The foundation believes this will
lead to an open source revolution that
results in software-defined vehicles.
‘These vehicles will enable vehicle
manufacturers as well as automotive
suppliers to put software atthe very
centre of vehicle development, with
hardware considerations to follow.
“We're very excited to develop
this new effort here at the Eclipse
Foundation. Although we have
extensive roots withthe automotive
community, a project ofthis scope
and scale has never been attempted
before,” said Mike Milinkovich,
executive director of the Eclipse
Foundation. “This initiative enables
participants to get in at the ‘ground
Jevel’ and ensure they each have an
equal voice in this project.”
‘To support the transformation
to software-defined vehicles, major
players from the technology industry
as well asthe automotive industry are
being encouraged to collaboratively
develop an open source in-vehicle
application runtime stack, cloud-based
vehicle operations, as well as highly
integrated development toolchains.
8 | DECEMBER 2021 | OPEN SOURCE FOR YOU
‘The LEX Security module now includes automatic scanning for secrets-in-
code and non-inclusive language, adding to its existing comprehensive automated
‘vulnerability detection capabilities. Software security firm BluBracket has
contributed this functionality to open source software projects under LFX as part of
its mission of making software safer and more secure. This functionality builds on
contributions from Snyk, making LFX a leading vulnerability detection platform for
the open source community.
LEX Security now
includes vulnerabilities
detection, code secrets
and non-exclusive
Tangioge LEX tacks
LILF bow many kxown
vulneblts have
been found in open
source project,
identifies if those
vulnerabilities have
‘been fixed in code commits, and then reports on the number of fixes per project,
through an intuitive dashboard.
It detects secrets-in-code such as passwords, credentials, keys and access
tokens, both pre-and post-commit, It also detects non-inclusive language used in
project code, which isa barrier in creating a welcoming and inclusive community.
Microsoft's Power Fx is now open source
Microsoft's low-code programming language Power Fx has now been open
sourced under an MIT licence on GitHub repository. The tech giant has open
sourced the documentation of the language with plans to open source the actual
source code by 2021 end.
Microsoft officially announced its Power Fx, an open source formula
language for low code that’s based on Microsoft Excel, in March. This language
is said to allow customers of the Power Platform to build and customise
application logic. Using formulas that are already familiar to hundreds of
millions of users, Power Fx allows a broad range of people to bring skills they
a already know to low
at code solutions. It
becomes a common
AG ground for business
users and professional
developers alike to
express logic and
solve problems.
Power Fx is said
to have the tools a
professional expects,
{including the ability to directly edit apps in text editors like Visual Studio Code
and use source control. This enables developers to go faster and find common
‘ground with millions of makers.
Power Fx doesn't just share the same syntax and functions as Excel, i also
behaves in a familiar way. Like Excel, formulas are declarative and recalculate
instantly just as a spreadsheet does. Makers have the advantage of telling the app
‘what they want it todo without having to describe the how ar when—Power Fx
does that for you, freeing developers from the tedious task of keeping variables and
data tables up to date manually.
|_wrwn-OpenSourceforU.comFOSSBYTES
‘The project welcomes contributions in agreement to Microsoft's Contributor
License Agreement (CLA). NASA and ESA release open
source tool for analysing
Google Research introduces JAX library Earth science data
for computer vision research NASA and ESA (European Space
With new architectures like vision transformers (iTS) taking up day-t0- Agency) have publicly released
day applications, there is a clear demand for software and machine learning an open source science tool for
infrastructure to support analysing Earth science data in the
easy and extensible ‘loud ~ the Multi-Mission Algorithm
neural network and Analysis Platform (MAAP).
architecture research in MAAP enables scientists to
the field of visio. collaboratively develop algorithms
Researchers and code as well as analyse and
from Google Brain have visualise lage data sets acquired
introduced SCENIC, an from sources including satelite
pen source instruments, the International Space
JAX library with a Station, and airborne and ground
focus on transformer ‘campaigns, The large data and high-
based models for computer vision research, It has been successfully used to develop _ performance computing required for
classification, segmentation, and detection models for images, videos, and other MAAP, along with a shared code
‘modalities, including multi-modal setups. repository and catalogue, are stored
‘The SCENIC toolkit aims to facilitate rapid experimentation, prototyping, and and managed in the cloud. MAP
research of new vision architectures and models. It offers optimised implementations capabilities are supported and shared
of state-of-the-art research models spanning a wide range of modalities. between NASA and ESA.
This open source library offers a unified, all-in-one codebase for modelling MAAP is said to provide access
needs and implementations like ViT, DETR, MLP Mixer, ResNet and U-Net. to NASA and ESA Earth science
SCENIC is developed in JAX and uses Flax as the neural network library. JAX ‘data’ and is a model for open source
isa simple-to-use library that allows automatic differentiation of native Python science collaboration and analysis.
and NumPy functions. t can support multi-host and multi-device training on It's the host platform for the first
accelerators such as GPUs and TPUs, making it perfect for large scale machine globally harmonised assessment of
learning research. aboveground carbon — information
that is vital for managing global
DIA integrates its Oracle infrastructure with the NEAR Protocol climate change.
the development of effort. It is fully operational and
The NEAR to tackle a broader range of Earth
developed by the NEAR Foundation, using a proof-of-stake consensus mechanism. of a global effort to determine the
surface, aiming to solve the scalability issue that ledgers like Ethereum are showing Intergovernmental Panel on Climate
vs. OpenSaurceFtU co
(OPEN SOURCE FOR YOU | DECEMBER 2021 | 9=f FOSSBYTES
YADRO joins the Open
Invention Network
community
Open Invention Network (OIN), the
‘organisation formed to safeguard
‘open source software (OSS) and the
patent non-agaression community,
announced that YADRO has joined
as a community member.
According to IDC, YADRO
provides enterprise storage and
high-performance servers in Russia
and Eastern Europe.
“High-performance enterprise
computing and storage is enabled
by Linux and other key open source
software projects. The shared
innovation generated by the open
source community has enabled
previously unimaginable scalability
‘and stability. OSS is essential
to modem on-premises, hybrid
‘and cloud-based environments,”
said Keith Bergelt, CEO of Open
Invention Network.
“Open source platforms
enable the rapid deployment of
advanced computing, storage
‘and communications solutions.
We recognise the value in shared
Innovation, a fundamental
characteristic of open source
“communities,” said Anna Egorova,
chief delivery officer at YADRO.
OIN’s community practices
Patent non-aggression in core
Linux and adjacent open source
technologies by cross-licensing
Linux System patents to one
‘another on a royalty-free basis.
Patents owned by Open Invention
Network are similarly licensed
royalty-free to any organisation
that agrees not to assert its patents
against the Linux System.
‘announced the integrations of its data provision with many of these new networks,
including chains like Moonriver, Arbitrum, Celo, Shiden and many others.
Yugabyte raises US$ 188 million to expand into new markets
‘Yugabyte has raised USS 188 million in oversubscribed Series C funding led by
Sapphire Ventures in support with Alkeon Capital, Mertech Capital, Wells Fargo
Strategic Capital, and others.
= ‘The new funding comes seven
SEARS CU EReRE "months after the company raised USS 48
tetera million in a Series B-1 round that puts the
company's valuation at more than USS
1.3 billion
‘Yugabyte’s open source database
provides both the Apache Cassandra and
PostgreSQL databases with API compatibility.
“This additional funding will enable us to further grow Yugabyte’s field and
engineering teams and fuel the company’s ongoing expansion into new markets
around the world” wrote Bill Cook, CEO of Yugabyte in the company blog
“We built YugabyteDB to address the growing unmet need for a cloud native
transactional RDBMS for modem applications.”
‘YugabyteDB is an open source distributed SQL database that can run anywhere
cloud native applications are deployed, across private, publi, hybrid, and multi
cloud environments
DTC's open source repository is now available on GitHub
Digital Twin Consortium (DTC) said its open source collaboration initiative is
‘now available to the public on GitHub. An open source collaboration community
accelerates the adoption of digital twin-enabling technologies and solutions
Consortium members and non-members can collaborate on open source projects,
code, and collateral and become part of
: the DTC ecosystem.
0 “As a consortium, our collective goal
d igital SAYA AIM 1s to progress dial twin technology
Soren fot ofthe lab and into the marketplace
Digital twins can be difficult to apply
across the entire life cycle, where
efficiency is often stifled by data silos and a lack of interoperability, Integration
with legacy environments can also be challenging,” said Dan Isaacs, CTO, Digital
‘Twin Consortium.
To contribute tothe open source collaboration community, candidates have
to complete a project application, which the DTC Technical Advisory Committee
reviews. If approved, contributors upload their project or related content to the DTC
Open Source Collaboration GitHub site
Eclipse Foundation launches the Oniro project
‘The Eclipse Foundation has launched the Oniro project and working group to create
an independent implementation of the operating system OpenHarmony.
‘The OpenHarmony operating system is based on a HarmonyOS created by
Huawei, It supports multiple kemels and uses the Linux kernel ifa device has
a large memory. Huawei, along with Linaro, Seco, Array, NOITechPark and
Synesthesia, has been contributing to @ continuous integration/continuous delivery
(CUCD) platform that is part of the larger Oniro project.
“Oniro is open source done right,” said Mike Milinkovich, executive director of
the Eclipse Foundation, “It represents a unigue opportunity to develop and host a next-
10 | DECEMBER 2021 | OPEN SOURCE FOR YOU | www OpenSourceFer com‘generation operating system to support the
future of mobile, IoT, machine economy,
‘edge and many other markets.”
‘With the creation of the Oniro
project, the Eclipse Foundation aims
to strengthen the global technology
ecosystem, while bringing a vendor-
neutral, open source OS to the global market.
Discourse fixes critical vulnerability in its forum software
Developers of Discourse, a popular open source forum software, have patched a
critical security flaw that could result
Jinan attack on remote code execution
(RCE) in vulnerable systems.
‘The critical bug (CVE-2021-41163),
CRITICAL which affects Discourse versions 2.7.8
and earlier, is found to have been
triggered through a malicious Amazon
SSNS subscription payload. The root cause was identified from a validation bug in
the upstream aws-sdk-sns gem, Discourse’s AWS notification webhook handle.
This lack of validation in subscribe_url values makes it vulnerable to RCE,
through malicious requests
Huawei donates its open source OS ‘openEuler’
Huawei announced at the Operating System Industry Summit 2021 that i wil be
joining all partners in the community to formally donate its open source operating
system ‘openBuler’ to the Open tom Foundation.
Euler isan open source operating system for digital infrastructure that ean be
deployed in servers, cloud computing, edge computing, embedded and other devices
in various forms. Its applications cover IT, CT (communication technology) and OT
(operational technology). The openE.uler program was intially announced in 2019,
with the new openEuler OS launched back in September this year.
“Huawei will donate the complete OpenEuler open source operating system
code, brand trademarks, community infrastructure, and other related assets to the
OpenAtom Open Source Foundation o build more strong digital infrastructure,” said
Wang Tao, executive director of Huawel
fl and director ofthe ICT infrastructure
eet business management committee.
be stall al Currently, the OpenEuler community
oa, has around 10,000 developers, around a
i hundred special intrest groups, and 300
partner companies This operating system
combines the power of processors, machines, basi software, aplication software,
industry customers, and other partners in the entre industry chain,
Deng Taihua, Huawe’s vice president and president of the computing product
line, said thatthe company will continue to invest in and promote the development
of openEuler in five aspects. This includes technological innovation, ecological
construction, commercial promotion, open source construction, and talent development
Alibaba open sources four RISC-V cores
Alibaba has introduced a range of RISC-V processors with the Xuantie family,
ranging from the E902 microcontroller class core to the C910 core for servers in
data centres, This also includes the Xvantie C906 core found in the Aliwinner D1
single-core RISC-V processor
FOSSBYTES al
‘SETL open sources its
PORTL framework
Enterprise blockchain firm SETL is
‘open sourcing its cove framework
PORTL, in an effort to speed
up adoption of blockchain and
DET solutions. PORTL is said to
provide a robust, permissioned
toolset for financial institutions to
‘build applications that interoperate
between existing infrastrictures
and a range of enterprise ledger
technologies including Corda,
Besu, Fabric, DAML and SETL's
‘own high-performance ledger.
‘The adoption of DLT in
financial services has been slow in
spite ofthe remendous potential
the technology has to offer. Many
of the reasons lead back to a lack of
understanding of secure deployment
procedures for banks, where the
high levels of IT security that banks
expect stands in contrast to the
innovation-frst approach taken by
some blockchain frameworks.
Philippe Morel, SETL CEO
said, “The potential of DLT
solutions is still significantly
underexploited. With our open
source and fully interoperable
PORTL framework, we hope (0
contribute to a wider adoption of
DLT-based solutions.”
SETL provides institutions with
tools they need to take DLT and
blockchain into production, To ease
Integration with existing systems,
SETL has adopted Kafka, the open
source, high volume event engine as
its main backbone for inter-process
‘communication
“Our use of high capacity and
batile-hardened components such as
Kafka and Camunda is in line with
the technology journey financial
institutions are taking, PORTL
bridges the gap berween ledger
innovation and business integration
allowing the tue benefits of DLT
to make the jump from POC to live
operation,” Morel added.
wiv OpenSoureforlcom | OPEN SQURCEFOR YOU | DECEMBER 2021 | 11=f FOSSBYTES
‘While RISC- is an open standard and there’s a fair share of open source
Anaconda partners with RISC-V cores available, many commercial cores are closed source. Zhang
Microsoft to accelerate Jianfeng, president of Alibaba Cloud Intelligence, announced at the 2021 Apsara
open source adoption Conference that'T-Head had open sourced four RISC-V-based Xuantie series
Anaconda, Ine. has announced a processor cores, namely, Xuantie E902, E906, C906, and C910, as well as related
collaboration with Microsoft to enable software and tools
customers to confidently access ‘The RTL for the four cores has been released on T-Head Semiconductor's
‘Anaconda’s curated library of open GitHub account under the Apache 2.0 license. Each repository has its own
source packages within Microsoft instruction and code. Alibaba also highlighted software support for its RISC-V
Cloud hosted products and services, cores with AliOS, RT-Thread, FreeRTOS, Linux, and Android. It claims to have
including Azure services like Azure _ shipped over 2. billion Xuantie cores so far.
machine learning, as well as GitHub
services such as GitHub Codespaces Apiiro’s open source software toolkit to combat
and GitHub Actions, without the dependency confusion attacks
requirement of a separate license. Apiiro, the application risk management provider, has announced the release of the
“We are committed to making it Dependency Combobulator, a modular and extensible open source toolkit to detect,
easy to use Anaconda everywhere, and prevent dependency confusion atacks
and that includes inside Microsoft's “The Dependency Combobulator allows organisations o safeguard against this
cloud,” said Peter Wang, CEO and co-
founder of Anaconda. “By combining
‘Anacondla’s package dependency
manager and curated open source
repository with Microsoft’s cloud
products, data scientists and
‘developers can use tools they know
‘and trust withthe peace of mind
that they do not have to worry about
newly uncovered type of risk, which
has been on the rise this year as a key
vector in supply chain attacks targeting
dependencies within software packages.
‘The company said this new solution
is a critical element in the approach
to securing the software development
lifecycle to prevent both direct and supply
chain attacks.
additional licensing.” Dependency confusion compromises the open source software (OSS)
‘According to the company, ecosystem by tricking end users, developers and automation systems into
organisations that capitalise on installing a malicious dependency instead of the correct one they intended to
the innovation from thousands of install, compromising their software.
makers and Apiito's Dependency Combobulator enables a flexible approach to analyse
contributors in and automate release workflows that can be evaluated against different sources
the open source _such as GitHub packages and can be extended to consider additional registries
community have such as JFrog Artifactory, The Dependency Combobulator, aimed to be used by
a competitive the AppSec practitioner, is a Python based toolkit that supports both the npm and
advantage and are maven package management schemes out-of-the-box, and enables easy extension
able to accelerate into other package management systems. It provides improved extensibility that
projects that would typically take helps organisations to quickly adapt to new types of dependency attacks.
‘years. This collaboration expands the ‘The Dependency Combobulator is pluggable and can be baked into an
availability of key open source data enterprise's application security program and release cycle in an automated way.
science tools across platforms and Itcan be plugged into several interaction junctions within an enterprise software
sets enterprises up for greater success development lifecycle, providing actionable insights to fit multiple use cases.
by making it simpler for users to
focus on end results. Intel open sources ControlFlag to automatically
Anaconda said it has committed detect errors in code
to provide Microsoft with a standard Intel Labs’ Machine Programming Research (MPR) team, working to improve
SBOM, using software package data _software developer productivity and quality, has announced the open source
exchange (SPDX) specifications, availablity of ControlFlag. Designed late last year, ControlFlagis a sef-supervised
which will allow Microsoft to verify idiosyncratic pattern detection system, which learns typical patterns that occur
the components, licensing, and {nthe control structures of high-level programming languages, such as CiC++,
provenance of open source packages _by mining these patterns from open source repositories (on GitHub and other
‘and libraries inthe Anaconda ‘version control systems). It then applies learned pattems to detect anomalous
repository. patterns in the user's code,
12 | DECEMBER 2021 | OPEN SOURCE FOR YOU | www OpenSourceFer com‘The ControlFlag’s pattern anomaly detection system can be used for various
problems such as typographical error detection, and lagging a missing NULL
check, to name a few
Ic follows two main phases: (1) pattern mining phase, and (2) scanning for
anomalous patterns phase. The pattern mining phase isa “training phase” that mines
typical pattems in the user-provided GitHub repositories and then builds a decision-
tree from the mined pattern. The scanning phase, on the other hand, applies the
‘mined patterns to flag anomalous expressions in the user-specified target repositories
Intel said that since its introduction, ControlFlag has been tested on production-
level software and widely used open source software systems. For example, last
year, ControlFlag identified a code anomaly in Client URL (cURL), a computer
software project transferring data using various network protocols over one
billion times a day. The anomaly was reported to the CURL team; it agreed with
ControlFlag’s findings and subsequently patched its code.
‘While ControlFlag cannot yet automatically mitigate the effects it finds, i offers
users suggestions for potential corrections
LOphtCrack password auditing tool is now open source
LophiCrack, the Windows system password auditing tol, has been released as an
open source utility
Christien Rioux (DilDog), one of the original authors of LOphtCrack, had
announced plans to release an open source version of the tool in early August on Titer.
First released in 1997, LophtCrack can be used to test password strength
and recover lost Windows passwords via dictionary, brute-force, and other
types of attacks
Ie was developed originally by Peter Zatko, LOpth then merged with @stake, which
was acquired by Symantec in 2004, It was owned by Symantec berween 2004 and 2008,
‘when it was acquired from the cybersecurity
firm by Zatko and other original authors. By
that time, Symantec had stopped selling the
too}, according to sources.
In July 1, 2021, the company said
LOphiCrack software was no longer owned
by Terahash, LLC. Ithad been repossessed
by the previous owners, formerly known as
LOpht Holdings, LLC.
LOphiCrack is no longer being sold. The current owners have no plans to sell
licences or support subscriptions for the LophtCrack software. However on October
17, they officially announced the open source availability of LOphCrack version
7.2.0. The open sourced project is looking for both maintainers and contributors.
Sentry’s FOSS Fund 155 to financially support
open source community
Sentry, an open source company, announced ithas donated USS 154,999.89 t0 108
individuals under its FOSS Fund 155, The company has invested in the open source
community by donating SaaS credits to open source projects, sponsor conferences
and meetups, and contribute patches to upstream projects.
‘Sentry said the inspiration came from it raising US$ 10,000 from the FOSS
Fund Adopters launched by Indeed, “When Sentry received the investment, it
committed to increasing its own financial giving tothe open source community.”
According to the company, the specific amount was carefully calculated. The
tech companies receive approximately US$ 2,000 of value per engineer on staf
‘Sentry employs 75 engineers, and the fund comes up to USS 150,000 as target
budget. The rest is to meet membership fee thresholds and currency conversions.
FOSSBYTES al
Microsoft reverses
-NET change after open
source community outcry
“Tech giant Microsoft backed off from
the decision to remove a key feature
from its upcoming NET 6 release, after
a serious public outery from the open
source community
Microsoft had reportedly
disappointed the NET open source
‘community by removing a key pat of
Hot Reload in the upcoming release of
NET 6, a feature that allows developers
‘to modify source code while an app is
running and immediately see the results,
The Verge reported,
itis a feature many had been looking
forward to using in Visual Studio Code
and across multiple platforms until
Microsoft made a controversial last-
minute decision to lock to Visual
Studio 2022, which is a paid product
that’s limited to Windows.
Microsoft has now reversed the
change following a backlash, and anger
inside the company from many of
Microsoft's own employees.
Alay
“We made a mistake in executing
‘on our decision and took longer
than expected to respond back to the
community,” said Scott Hunter, director
‘of programme management for .NET.
Microsoft has now approved the
‘community’s pull request to re-enable
this feature and it will be available in
the final version of the NET 6 SDK.
“We have taken steps to address the
issue that some of our OSS community
members have experienced,” said a
Microsoft spokesperson in a statement
to The Verge. “Hot Reload capability
will be in the general availability
build of the NET 6 SDK,” the
spokesperson added.
‘wuwcQpenSourceorllcom | OPEN SOURCEFOR YOU | DECEMBER 2021 | 13WHAT IS
AVAXHOME?ee a
Pe ee Cae ate
De ee a a
eo Cae
Reena ee
Unlimited satisfaction one low price
Cheap constant access to piping hot media
Protect your downloadings from Big brother
Safer, than torrent-trackers
18 years of seamless operation and our users' satisfaction
All languages
Tc lem moo le lla
lolita
AvaxHome - Your End Place
ACM Ta vl ole Lm OL meee ate) lame Nah Mo]=f FOSSBYTES
IBM launches Open Source
Cloud Guide for developers
IBM has released the Open Source
‘Cloud Guide, which highlights various
use cases that are important in hybrid
‘loud environments Ie features the
important open source projects in these
areas, and discusses how various louds
are using open source in their offerings.
“As both the cloud and open
‘source landscapes evolve, we saw a
need fora guide to highlight important
aspects of hybrid cloud and multi-cloud
‘development—and their corresponding,
‘open source services,” IBM said,
According to an O'Reilly survey
that IBM commissioned in 2020,
developers who want to build cloud
applications should work on honing,
their open source skills instead of
‘only focusing on developing skills for
‘a proprietary cloud. Because every
major cloud platform uses open source
software in its infrastructure, developing
skills elated to open technology makes
developers more desirable o potential
‘employers and helps developers
‘compete in hybrid environments.
Todd Moore, vice president, open
tech, and Chris Ferris, CTO, open
tech from IBM noted thatthe survey
highlighted that the most desired of the
‘open source skills are around Linux
(containers), artificial intelligence and
machine learning, and data storage.
“This got us thinking: How
do those skills translate exactly
to developing for hybrid cloud
‘environments, inclusive of the major
loud providers? What open source
technologies are most used? The
purpose of the Open Source Cloud
Guide is to answer those questions,”
reads the IBM developer blog.
Developers can discover more and
contribute to the guide on GitHub,
‘The funds are grouped in three: foundation memberships (52 per cent), long-
tail projects through GitHub Sponsors and Open Collective (36 per cent), and
internships for new contributors through Outreachery (13 per cent).
“All tech companies stand on the shoulders of community-supported open
source giants, and Sentry is no exception. With this fund we prioritised support for
cour dependencies in order to strengthen our supply chain. But, more than that—
Sentry itself was a volunteer-run project for many years. Yes, we took a commercial
route, but we respect the many projects that have chosen a different path
Maintainers should be able to determine their own future, and financially supporting
‘our community-managed dependencies makes that a bit more feasible for them,”
‘wrote Chad Whitacre, senior software engineer at Sentry in a blog post.
‘The company has audited its product architecture and generated a list of
seven major community-Ied open source projects including Python, Django, Rust,
JavaScript, PostgreSQL, Apache, and Linux. “These projects are all backed by
formal non-profit foundations; we added an eighth foundation, the Open Source
Initiative, o represent the open source community as a whole. We decided to
allocate half of our budget (52 per cent) to these eight foundations,” said Whitacre.
CloudQuery raises US$ 3.5M in funding
CloudQuery, a startup giving developers visibility into their cloud infrastructure
assets and configuration, has announced that it has closed a US$ 3.5 million seed
funding round led by Boldstart ventures, with participation from Work-Bench,
Mango Capital and Haystack,
As cloud infrastructure providers and service catalogues have grown, the burden
con developer workllow has been ever more custom scripts, hacking and hassle for
developers to get the insights they need over thei sprawling cloud infrastructure
Each cloud provider has its own proprietary tooling for infrastructure visibility —
AWS Identity and Access Management (LAM), Azure Cloud Discovery, Google
Cloud Asset — each with its own learning
° curve, and each siloed within that single cloud
@° provider environment.
“With cloud infrastructure, developers
too often find themselves blind about what
6 their assets are and what they are managing,”
said Yevgeny Pats, co-founder and CEO at
CloudQuery. “They only get spotlights on small
parts of their infrastructure, and spend a lot of
cycles writing manual scripts for specific APIs,
doing transformations, and managing code. The vision for CloudQuery is “dev-first”
visibility into infrastructure. That means continuous extract, transform, load (ETL)
of your cloud infrastructure assets ito a relational database, a simplified SQL query
‘model that lets you ask all the questions you need to know for your use cases, and a
vibrant community of contributors that les you tap into pre-supported cloud providers
and queries, so you don’t have to build everything from scratch yourself:
CloudQuery integrates with the cloud service providers, including AWS, Azure
and Google Cloud. It fetches read-only data and normalises that data (via ETL)
into a relational database. By exposing cloud infrastructure data as SQL-queryable,
CloudQuery does not require mastering new DSLs. And the project boasts
‘more than 100 pre-written queries forall the cloud providers that it supports, so
developers enjoy a running start forall the common queries they have of their cloud
assets — but CloudQuery makes it easy to build custom queries too.
For more news, visit wwwopensourceforu.com
14 | DECEMBER 2021 | OPEN SOURCE FOR YOU | www OpenSourceFer comInSight
The government of india introduced the National Smart Cities Mission in 2015 to develop
smart cities pan-India, making them citizen friendly and sustainable. It included 100
cities in this mission, to begin with, with the deadline for completion of the projects set
between 2019 and 2023.
But how can smart cities leverage open source technologies, and deploy 5G and loT
to accelerate innovation and reach the ambitious targets set under this mission?
A panel discussion on the subject ‘Deploying “5G, loT and Edge Computing” technologies
for SmartCity and Business Verticals using Open Source Platforms’ among industry
leaders at a Samsung IEEE event offered some answers.
SourceForUcom | OPEN SQUACEFOR YOU | OECEMBE
5S282 he prime objectives
of creating smart city
environments are: optimised
decision-making, building
Infrastructure, and the use of cyber
and physical resources to address the
challenges in urban areas. However,
the large-scale deployment of cyber-
physical-social systems using open
source has its own set of challenges
that require smarter sensing and
computing methods, as well as advanced
networking and communication
technologies to provide better services.
Open source for next-gen
networks.
Gone ae the days when SG, IoT and
exlge computing were just buzzwords.
Intoday's business verticals, these are
quite the reality. Open source is shaping
large areas of technology. For example,
intelecommunications, itis not just a
way to foster collaborative research and
innovation, but an opportunity to make
real change inthe telco ecosystem. Open
source projects are creating technology
that wil drive the evolution of the next-
generation mobile networks, which is vital
as industries move towards the 5G era
“Icis interesting to know that 80 per
cent of telecom data is non-differentiated
and can be used as open source. Instead
of just consuming it, we can use the best
it offers,” says Dr Aloknath De, CTO,
Samsung India
The concept of collaborative
development on networks and new
technologies is not new in telecom.
“Samsung uses the Tizen platform
to build digital appliances, and
Jerryscript from JavaScript is intended
to run on a very constrained kind of
environment. I also supports loT
and Open Connectivity Foundation,”
says Dr De. Moreover, when it comes
to 5G communication, he considers
Open Radio Access Network Software
Community (O-RAN SC) and Open
Networking Automation Platform
(ONAP) as two big elements. Akraino
is also an important element that
16 | DECEMBER 2021
supports high availability of cloud
services, spanning a variety of use cases
for artificial intelligence.
Fundamental shift in architecture
Industries are today focusing on product
consumption, software architecture,
modularity of sofware network
functions, application services, and use
Dr Aloknath De,
(70, Samsung nia
Granapriya Chidambaranatha
AVP and senior principal architect, Infosys
‘Subodh Gojare, ad architect
(6G and oT seeurty, isco R&D
(PEN SOURCE FOR YOU | wwe OpenSourceFotU.com
of open source, all of which indicates a
‘major shift in architecture
Subodh Gajare, lead architect (5G
and IoT security), Cisco R&D, feels that
nowhere between 2G and 4G, did we
witness such major architectural shifts.
“When we look at 5G on a silo compared
to the three previous generations of
mobility, we see a fundamental shift
in architecture in the way network
components are looked at, and the
security element has been blown apart.”
He adds, “We are witnessing three
major architectural shifts, and ths isthe
place where 7 trillion devices, 7 trillion
people and al these economies of scale
will be met. And that’s why it’s both a
huge competitive advantage and a huge
secondary challenge as wel.”
Innovation in the open
network ecosystem
Gnanapriya Chidambaranathan, AVP and
senior principal architect, Infosys, says
that we are looking towards how open
networking is bringing in innovation,
embracing the cloud nativeness as well
as dynamic orchestration and automation
of network slices, bringing closed loop
assurance and exposing open APIs for
ecosystem integration.
For instance, all of us are connected
remotely and enterprise workloads are
‘moving from the data centres tothe
edge. Similarly, when we talk about
the industry verticals, whether itis
manufacturing or Industry 4.0, @ lot
of low latency analyties and insights
are required. And fom a consumer
perspective, users can watch high
definition, video live streaming and other
immersive experiences,
“There are a variety of possibilities
that exist today. Open source brings
in that openness and helps in driving
innovation and cost efficiency,” she says.
RANs enable physical access to
devices and were mostly developed
as complete proprietary solutions.
‘This means that it was difficult for
Innovations to happen at the same pace
as the rest of the market._ GROUP
erase
. “ORDER FORM
PRINT MAGAZINE SUBSCRIBERS GET:
+ Free e-magazine every month
Electronics For You | WITHIN INDIA (IN RUPEES) + Free delivery of print magazine by post
(Rs 100/copy) ls 2900 3000 + And much more (check: subscribe@efy.in)
SAARC COUNTRIES (IN US$ BY AIR) ‘+ For delivery by courier, please add Rs 50 for each copy
00 so | )OUMA
OTHER COUNTRIES (INUSS BY AIR) mean
100 mo Tosubscribe online, visit |. SCAN =
a
J
on ge:
‘emagazine subscriptions within India are available at half the rates mentioned here,
Overseas rates for each e-magazine in USS: 1 year: $12; 3 years: $33; 5 years: $50 only
|
hitts://payment.etyindia.com i
Nave Oranston
iy
Pacote sia Proto No Ena
Sitsrpton No (sensing subsebers 2) would hoo subscribe tothe above (/nurhed mapa) staring with the next ssue. Pas nd ecloved a sun ch
Pe by ODIMOreuad cheque Bearing he No a fn trv ef EF Entries Pat i, pay at Doi
ase mask one (nares lating to your subscription: Jinan Company CIWNC CIRBD orpansaton (lEnginerng institute [}College’choo! ClAny other spect
‘Send this fiedn form or copy to: EFY Enterprises Pvt Lid, 07/1 Osa Indus rea, Phase 1, New Debi 110020 | Ph: O11-40598800 | e mal: suppor@etyin
Terms # These ats apps fr ow subscrrs a5 wl ncn by ening subsites # se
‘Pace ete you pci expo airy et cy.
46 weeks or processing of you ssn“We are looking at the The Linux
Foundation solution set, ORAN
ecosystems, open stack and Kubernetes
solutions. There is also the Open
Networking Foundation (ONF), where
there area set of open source platforms
that exist, We are also looking at how
DLT can be leveraged for smart contracts
as the business models and monetisation
is also important,” Gnanapriya states.
Creating a revolution
Linux and Androtd are a par of our life
already, According to experts, they are
playing a key role in the next phase of
revolutionising the datacentre market.
For instance alot of infrastructure for
hyperscalers like Google and Facebook
runs on open source.
“We may not be aware that there
are companies selling commercial
networking products using open source
to the data centre and cloud market. The
next phase ofthe data centre evolution
is the orchestration with OpenStack and
Kubernetes,” says Abhijit Chaudhary,
founder and CEO, Niral Networks.
Acknowledging the pivotal role of
5G, loT, edge and telecom, Chaudhary
says there are multiple initiatives for
open source disaggregation happening in
5G for RAN, core and transport. “There
have been few smaller commercial 5G
deployments using open source, but I
think 5-6 years down the line, there will
be a huge momentum towards open
source based commercialisation inthe
telecom and private cellular networks
for industrial1oT use cases,” he adds.
Disaggregating components
When 5G came into existence, the
thought process of disaggregating
the components had already begun.
With the arrival of open RAN and the
disaggregated components talking
to each other on open interfaces,
the possibility ofa lot of telecom
applications in the RAN and
transporting domains to become smaller
components (hat could be handled in
isolation), opened up
18 | DECEMBER 2021
Abhijet Chaudhary founder and
CEO, Nr! Networks
‘Marish Gangey,
‘VP and head, RD, Airtel
Dr Inde S. Gopal,
EO, Indian Urban Data Exchange
“These are components that you
can innovate upon and bring alot of
value into before you put them together
to create a larger solution. So, from
the service provider perspective, these
are great developments,” say Manish
Gangey, SVP and head, R&D, Airtel
(PEN SOURCE FOR YOU | wwe OpenSourceFotU.com
He points out that one of the big problems
in India is that we have a low ARPU
(average revenue per user) in comparison
to any other place. “So the way we need
‘o build our own infrastructure has to be
thought about differently for any company
to be profitable.”
pen source fits beautifully in an
association like this by reducing the overall,
cost of ownership, accelerating innovation
and bringing in many more players into
the market. “I look at open source as a
great enabler forthe Indian ecosystem to
develop,” says Gangey.
Transforming industries
Dr Inder S. Gopal, CEO, Indian Urban
Data Exchange, says there is evidence that
‘open source can transform an industry “If
we look at data centre networking atthe
time of SDN and NFY, it was dominated
by proprietary solutions. If we now look
at the data centre and the boxes that are
deployed in it, 80 per cent are white
box solutions running, fo the most part,
open source software. The open source
commercialistion has been driven by the
availability of open white box hardware
alternatives and mature open source
offerings, and that has really transformed
the data centre,” he explains
He expects to see a similar kind of
transformation inthe telco space as well,
though it might take alte bit longer. “T
think telcos always move a litle bit more
slowly than other sectors, but it definitely
will happen and there is evidence that it
can happen,” Dr Gopal says.
Driving factor: Cost-effectiveness
or competitiveness?
O-RAN based deployments are becoming
increasingly popular. For an operator,
the costeffectiveness may be of prime
Importance, but there is also competition
because of the low ARPU; hence, the
infrastructure cost has to be matched in
line with that. The question is: Are the
cost reductions or the vendor lack-ins
driving the popularity of open source?
‘The fact i, reducing infrastructure costs
will also bring in more competitors.Disaggregation is happening; OEM
layers are getting middleware and many
more things. So if we split the monolithic
architecture, systems integrators are
needed to play the role, leading to a lot
more challenges.
“But the driving factor in open source
Js the cost ofthe solution and the diverse
supply chain. They are pretty interrelated.
use open source and it will be cheaper,
because there is nobody to charge me the
royalty or the fees. We are not saying that
the source is going to come cheap. We are
not saying by any means itis fre ori is
not free. Open source isnot free — it isa
very common term that we can clarify all
the time,” explains Gangey.
(Open source isthe method of getting in
more players and fostering innovation. Once
‘you have the vendor lock-in, whatever the
requirement, you are dependent on a set of
engineers who are catering to 15 different
sets of customers across the world having
15 different requirements
Gangey says, “If my solution doesn’t
get priority in my partner’s ecosystem,
Tam really stuck and will not be able to
service my customer, So fundamentally,
‘when you disaggregate, you unlock and
remove this lock-in, opening up for more
innovation. You deploy the features faster
and are able to monetise.”
Cost can be brought down in one way
or the other — in the form of efficiency
in deployment, with optics or by way
of capital expenditures, “It is not as
simple as it sounds, but itis evident that
whenever you open up things, it basically
brings down the overall total cost of
‘ownership (TCO),” he adds.
Gajare says, “The intelligent
programmable infra and the architectural
building blocks with open source, ONAP,
policy, design, creation, dashboarding,
external APIs, otchestration, networking,
‘NS, and infra monitoring — all of this is
now a bundled offering,”
‘While he points out innumerable use
cases of ONAP that can design, create,
orchestrate and automate everything in 5G,
he also tells telco operators to be aware that
code repositories are no longer locked in I's
not just about 10,000 people contributing,
but about how the whole wheel aligns 10
the common cause of the use case.
“think I can see that balance. A lot
of vendors and telcos are working with
Telstra, COX, Orange, Charter, Bell,
AT&T, for example, and have evolved
from lab ONAP networks to ONAP
reference architectures. And that epochal
shift is a very good science,” adds Gajare,
Specifics on leveraging 5G
from core to edge
Various workloads have a variety of use
cases and there is sometimes a doubt about
how end-to-end service orchestration can
happen. These could be wireless networks
or CNF/VNF combinations. Going into
the specifics of slice orchestration, it can
be the core or access. Even inthe case of
access, there has to be some thought on
how RAN automation is going to happen
‘and how to support the real-time or non-
real time scenarios.
“When we talk about the services
being offered, there are other digital
players too apart from the telco specific
services. So there should be an idea about
how 1am going to do the end-to-end
telco-cloud orchestration. Bringing in
‘orchestrations and adding edge factors
into them will till needa lot of thinking
on how orchestration happens from the
‘edge layer and when moving towards the
CPE side," explains Gnanapriya,
Based on the kind of requirements,
different kinds of flavours can be easily
addressed in an automated dynamic
orchestration through these platforms. It
gives enormous facilities and capabilities
‘here these solutions can be leveraged.
Inthe Indian context, not just the
operational efficiencies, but also from
‘a cost perspective, bringing all these
‘concepts together plays a vital role
‘Smart cities stay smart
with open source
‘The smart city concept is gaining
momentum with ll products coming
under a digital shadow. It involves a
functional and structural improvement
of existing cities by captalising on
information and communications
technology to increase the city's
sustainable growth, while ensuring
enhanced quality of life fo its citizens.
Dr Gopal points out to one of the
‘open source platforms, India Urban
Data Exchange, that’s being deployed
across the country for sharing data. Ifthe
solutions that smart cities are deploying
are looked at, there is a layer of software
—a middleware layer, which for the
most partis non-differentiated. It allows
‘you to find data and provide access to
controls, he explains.
“Companies work together to create a
common open source platform. This has
a significant role in the smart cities space.
Everyone understands, and can deploy
and suppor, but one has to focus on
creating value on top,” says Dr Gopal.
Bridge gaps with an
organisational construct
India has a pretty ambitious initiative of
building 100 smart cities, and this project
has been going on for about six years.
However, it has not moved quickly and
the results have not been as dramatic as
expected initially.
“Ivs because a lot of data — records,
videos, etc — are being collected in
these smart cities, but they sit right
at the silos or closed proprietary
platforms without any well-architectured
interfaces," says Dr Gopal.
tis very difficult for someone who
has an innovative idea to get access to
this data or even understand what data is
available, Just suppose you want to build
some kind of emergency response system
within a city and would like to take data
{rom the police and fire departments, as
well as hospital services. Right now, that
Js not possible in these cites as these
departments are working on completely
cifferent systems that have no correlation.
‘Common application programming
{interfaces (APIs) help in bridging this
fap, creating a platform that connects the
systems together and brings the avalable
data into @ common format.
‘wnwcQpenSourceForl.com | OPEN SOURCEFOR YOU | DECEMBER 2021 | 19ForU&Me MUNiens
Dr Gopal explains, “This isa prime
example where open source can play a
role. [believe that anything that is being
created for the public using public funds
should be open source. It should be done
a5 collaborative project where multiple
parties can work together. We have tried to
create a model that is open source and have
also created the organisational construct.
So, different partes can contribute code
and create the governance model for an
‘open source project. This takes a lot of
effort and, very often, itis really difficult
to maintain and manage because there are
always going to be conflicts.”
Collaborate in the middle layer: He
adds, “What we have done is disaggregate
the deployment of smart city system.
Previously, a city would go to a vendor
and the later would build a vertically
integrated system, but we now realise that
this isnot the way forward, We have to
split these systems into horizontal ayers.”
Atthe bottom, there ae the sensors
from different vendors. These can be
mixed and matched as cities now have
the ability to be vendor-agnostic. Sensors
can be purchased, let's say, from Samsung
and then something can be bought from
Philips, and the companies can compete
against each other at that level. The idea
really i innovation below at the data
collection level and then innovation at the
application level. “Create applications and
services on top. Collaborate in the mille
to maximise the availablity and involve
more players,” Dr Gopal adds
Bringing cross-industry solutions
together: The smart city construct is
similar all across the globe, and the focus
is on how cross-industry solutions can
be brought together and automated. “For
example, how can we support factories of
the future and bring in these technologies
together, helping in the automation, in the
right kind of connectivity, and in bringing
insights so thatthe operations efficiency
can be improved,” Gnanapriya opines.
‘Then there are the surveillance, safety
and security solutions. As an example, in
the oil and gas industries, there seem to be
a lot of opportunities for these solutions,
but there are challenges in accessing
20 | DECEMBER 2071 | OPEN SOURCE FOR YOU
or processing them in real-time, “Itis
important to think about how to bring
all the partner ecosystems together in an
operations platform that can help in taking
solutions forward,” she adds
‘Work towards forming a global
registry: Gajare says, “We have a few
‘open source smart city platforms (for
Pune, Jaipur and Navi Mumbai), and we
are also trying to do something for the
digital freight corridor operation now.
But we need a registry for digital public
goods, a place where allthis data can be
exchanged at par withthe right security
levels and context.”
“Having a global registry for smart
Cities, or even just for the 6000 odd cities
in India, would be nice, and that is solely
missing as one of the key agenda items.”
Improve edge computing
‘capabilities: There are two types of
edge — user edge and service provider
edge. And the user edge may be either
the microcontroller based or gateway
systems. There is a focus on creating
network infrastructure that may be a
private network, especially to enable
edge computing. Experts warn that
‘you may be forced to enhance edge
Computing in future solutions.
Chaudhary says, “Smart factories and
rural connectivity need a private network
ina lot of cases. We are trying to build an
‘open network operating system that needs
three components — the radio, transport
‘and the core. We can create a concrete
‘edge upfront core network for 5G using
‘open source. Its all about collaboration,
about more competitors coming and
collaborating,”
Open source drives standards: Dr
Gopal reiterates the relationship between
standards and open source: “The way
standards get developed is by creating open
source reference implementations. There is
‘akind of cycle between formal standards
and implementations. And in many ways,
open source drives those standards.”
Atask force in the Bureau of Indian
Standards is looking atthe feasibility of
5G and open source for 5G, as well as
multiple segments, such as the access
‘and applications space, to check on
wen OpensourceFor.com
the maturity of open source. “But the
objective really is to take it forward and
0 from a paper study to actually do a set
of reference implementations in each of
these areas,” says Dr Gopal
Developing the culture of
contributions: India is known forts
software programming, but when it comes
to open source, the country is still in its
infancy. Gajare feels the time has come
for creating something similar for the
hole 5G ecosystem, where everyone
who isa student, academician or research
scholar can contribute. India has the
mental muscle and now it’s just a matter
of working withthe necessary frameworks
that align to solve something tangible.
“We have huge talent in India, Getting
associated with any open source project of
Interest will help. Students can stat with
bug fixes, and then contribute to features
‘There area variety of opportunities
availabe at any layer” says Gnanapriya,
[Experts believe that we must develop
the culture of contributions rather than
Jooking at reaping immediate benefits. “L
think we need to really grow our thought
process and nurture this culture, also
by busting @ lot of myths around it. If
you are contributing something to open
source, it s not your intellectual property
Let’ build this culture of contributions,”
Gangey concludes. a)
_Ponete e
+ Dr Aloknath De, CTO,
Samsung India (moderator)
+ Drinder S. Gopal, CEO,
Indian Urban Data Exchange
+ Manish Gangey,
SVP and Head, R&D, Aircel
+ Abhijit Chaudhary,
founder and CEO, Niral Networks
+ Gnanapriya Chidambaranathan, AVP
and senior principal architect, Infosys
+ Subodh Gajare, lead architect (5G and
ToT security), Cisco R&D
By: Abbinaya Kuzhanthaivel
“The author works as an assistant editor at EF.Just like food, the software solutions you consume are also made up of different
ingredients. These include third-party software (supplied by vendors outside your
organisation) along with other open source software components and libraries that
collectively form the ingredients of the software application. Organisations must
adopt a compliance strategy to avoid the risks associated with releasing a product
that does not comply with the underlying licences.
ack of awareness about open
source software compliance
and software security
risks can result in various
compliance related issues.
Before itis consumed by an end user,
the product team and stakeholders should
understand their software's composition.
Unless you are aware ofthe potential
risks your software may have, you cannot
remediate that risk. To understand the risk
associated with open source software, it
i essential to know how it enters your
supply chain
What is open source software
and how does it enter your
supply chain?
Open source software is computer
software that is released under a licence
in which the copyright holder grants
users the right to use, study, modify, and
nv. OpenSourceforlcam
distribute the software and its source
‘code to anyone and for any purpose,
Modern applications such as
mobiles, the cloud and loT connected
devices may comprise up to 90 per cent
of open source, according to a report,
by Forrester, Open source components,
‘are malleable in nature because one
can copy, redistribute, and even make
‘changes to the software, for any
purpose. This makes it favourable for
7
FX
OPEN SOURCE FOR YOU | DECEMBER 2021 | 21GitLab
@ python
‘Wnuget
nem]
SO
GitHub
maven
@
favacnt
&
&S} 4S}
supply
conan Cade
Intemaly
Dovolopod
Cove
Ravsed
Cove
Thia-Party
‘Cove
Lega ing
ear {6} (5)
=
Figure 1: Various enry points of opensource components int the supply chain
the developing team to incorporate
this software into its code
Another important aspect with
regard to open source compliance
risks isthe software dependencies.
Dependencies are components and
libraries that are required for the
application to run, and are pulled into
the application at build time
These are categorised into two
types — direct dependencies and
transitive dependencies. Direct,
dependencies are the libraries your
code directly cals and utilises.
‘Transitive dependencies are the
libraries or other software that the
direct dependencies depend on.
‘These dependencies have their
own governing licence, which could
be different from the parent open
source library. It is important to track
the dependencies in your software
because you are still obligated
to comply with the terms of the
licence, even ifthe dependency is
direct o transitive.
22 | DECEMBER 2021
Open source licence risks
and compliance
Each open source software library is
governed by an open source licence.
‘These licences can be categorised
into different risk levels: permissive,
weak copylef, strong copyleft, and
source available, which in turn have
obligations, attributions and varying
severity of risks associated with them.
Figure 2 shows the different licence
types and their associated obligations.
(Open source software licences
obligate the developer or organisation
developing software to comply with
the terms of the licence. Some of the
obligations include keeping the licence
information and copyright notices
Intact, providing attribution notices that
identify the copyright holder, identifying
‘modifications made tothe software, et,
and in some cases to make the source
code of the overall application available
to users of the application. Non-
compliance with the licence obligations
can impact the business in many ways.
(PEN SOURCE FOR YOU | wwe OpenSourceFotU.com
+ Licence infringement
consequences: Development teams
Could lose the right ro use the
component or library, which could
result in a product recall, fixing or
ithe code patch.
+ Loss of intellectual property (IP):
(pen source licence compliance can
result in a requirement to release the
source code of your IP 10 users of
the application.
+ Reputation loss: Press articles and
media coverage can jeopardise a
company’s reputation.
+ Cost consequences: Remediation
processes like removing ot
replacing an open source
component can often be expensive
and time-consuming,
The reality of licence violations
‘Non-compliance with open source
software inthe past has given rise to
rmany disputes, which have made quite
an impact on an organisation’s reputation
and client base