Star Apps: ‘The Imitation Game’

‘Downton Abbey’ actor Allen Leech and screenwriter Graham Moore chat about unsung WWII hero and computing pioneer Alan Turing.

via CNET Blogs

NSA partners with Apache to release open-source data traffic program

The National Security Agency has released a new open-source program for data network interoperability.

via ZDNet | Linux And Open Source Blog RSS

Netflix Open Sources Sophisticated Messaging Tool

Open cloud computing platforms are on all kinds of radars these days, including leading open source platforms such as OpenStack, but if you ask many folks which companies have top-notch expertise in the open cloud, you won’t often hear Netflix mentioned. The company actually has an admirable history of open sourcing many of its most useful cloud tools and accompanying security tools–and it is a sophisticated user of cloud services.

We’ve reported on Netflix open sourcing a series of interesting "Monkey" cloud tools as part of its "simian army," and its release of three of its internal tools that help protect the security of its platform. Now, the company has announced the release of Message Security Layer protocol (MSL), billed as ‘A Modern Take on Securing Communication.’

The project is found on github under an Apache 2.0 license, with implementations in Java and JavaScript.  According to the company:

"When we first launched the Netflix streaming service we used a combination of HTTPS and a homegrown security mechanism called NTBA to provide that security. However, over time this combination started exhibiting growing pains. With the advent of HTML5 and the Media Source Extensions and Encrypted Media Extensions we needed something new that would be compatible with that platform. We took this as an opportunity to address many of the shortcomings of the earlier technology. The Message Security Layer (MSL) was born from these dual concerns."

"MSL is a plug-in architecture which allows for the easy integration of different device and user authentication schemes, session key negotiation schemes, and cryptographic algorithms…A typical MSL message consists of a header and one or more application payload chunks. Each chunk is individually protected which allows the sender and recipient to process application data as it is transmitted. A message stream may remain open indefinitely, allowing large time gaps between chunks if desired."

You can find a very complete technical discussion of how MSL works here.

"With MSL we have eliminated many of the problems we faced with HTTPS and platform integration," the company reports. "Its flexible and extensible design means it will be able to adapt as Netflix expands and as the cryptographic landscape changes. We are already using MSL on many different platforms including our HTML5 player, game consoles, and upcoming CE devices."

Netflix previously released Janitor Monkey and Chaos Monkey, which are cloud tools. You can peruse Netflix’s overall open source software resource center on GitHub.  The company is steadily releasing proven tools that can be quite useful for administrators. Netflix has also said that it has more tools to be open sourced soon. 


Related Activities

Related Software

Related Blog Posts

via OStatic blogs

Fair Warning: Chrome Team Starts Final Countdown for NPAPI Extensions

As we’ve reported several times, Google is introducing big changes in its Chrome browser, especially when it comes to how the browser handles extensions. If you’ve regularly used either or both of the most popular open source Internet browsers–Google Chrome and Mozilla Firefox–then you’re probably familiar with the performance and security problems that some extensions for them can cause.

In late 2013, Google decreed that the longstanding Netscape Plug-in API (NPAPI), which extensions have worked with for many years, is the source of many of the problems. And, Google decreed that extensions in the Chrome Web Store would be phasing out NPAPI support.  Now, Google has delivered an update on its plan to remove NPAPI from Chrome, and the hope is that the move will improve the browser’s speed and stability, and limit complexity in its code base.

Google plans to block all plugins by default in January 2015, remove support entirely in September of 2015.

According to the company:

"Currently Chrome supports NPAPI plugins, but they are blocked by default unless the user chooses to allow them for specific sites (via the page action UI). A small number of the most popular plugins are whitelisted and allowed by default. In January 2015 we will remove the whitelist, meaning all plugins will be blocked by default."

"In April 2015 NPAPI support will be disabled by default in Chrome and we will unpublish extensions requiring NPAPI plugins from the Chrome Web Store. Although plugin vendors are working hard to move to alternate technologies, a small number of users still rely on plugins that haven’t completed the transition yet…n September 2015 we will remove the override and NPAPI support will be permanently removed from Chrome. Installed extensions that require NPAPI plugins will no longer be able to load those plugins."

Of course, if you’re worried that you won’t be able to use your favorite extensions, Google has been vocal about these moves since 2013. Many extension developers are delivering new solutions and workarounds.

The bottom line is that Google continues to move significant parts of the Chrome ecosystem toward the Chrome Web Store, where it can exert control. These moves are going to make some extension developers unhappy, but will probably result in better raw browser performance over time. 

Related Activities

Related Software

Related Blog Posts

via OStatic blogs

Monitorix – An Open Source, Lightweight System Monitoring Tool For Linux

Introduction Monitorix is a free, Open Source monitoring tool that can be used to monitor as many services and system resources as possible. Unlike other monitoring tools, it is very simple to…

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

via Unixmen

Mint’s the Best, Less Malware, and Debian vs Ubuntu

mintThe Register’s Scott Gilbertson today said that Linux Mint 17.1 was the best distribution "hands down." Elsewhere, Bruce Byfield compares and contrasts Debian and Ubuntu to see which is right for you and Lucian Constantin reports on a new vulnerability found in less programs. There were several reviews in the feeds and Katherine Noyes tallies FOSS Thanksgivings. has Linux gift ideas and Serdar Yegulalp summarizes rebootless kernel patching.

Scott Gilbertson today said, "Linux Mint 17.1 is the first example of what the Mint project team can do when they’re focused on their own system rather than on making the latest Ubuntu work with Mint." Gilbertson said Cinnamon is quickly becoming the best desktop available in Linux and new version 2.4 brings more polish, performance, and refinement. Gilbertson said the MATE desktop is no longer an afterthought and with Compiz now available it’s easy to "trick out." He looked at the other updates as well and concluded, "Having tested the latest releases of most major Linux distros in the past two months – Ubuntu, Fedora, openSUSE, Elementary and Mint, I can say confidently that Mint 17.1 with Cinnamon 2.4 is hands down the best of the bunch."

In other reviews, Jesse Smith had mixed impressions of Scientific Linux 7.0 but believes "the strengths of Scientific exist in its predictability and longevity." recently reviewed PC-BSD 10.1 and said, "PC-BSD obviously brings a lot to the table, but KDE is the best desktop for experiencing all the awesome features that PC-BSD 10.1 has to offer." said of Netrunner Rolling 2014.09, "The installer, plus desktop effects and screenshots, plus the broken package manager, plus half a dozen other woes, and the subpar Flash performance, all of them contribute to the negative feeling about 2014.09." And finally, Linuxed reviewed Ubuntu Mate 14.10 saying, "Overall I am very happy with the performance of the distro. Ubuntu Mate 14.10 is definitely recommended from my side with a score of 9.4/10."

Bruce Byfield said deciding between Ubuntu and Debian depends on the chooser. "Although Ubuntu is derived from Debian, their differences are marked. From installation and desktop to package management and community, what everybody thinks they know about the two may be wrong." He runs down the supported architectures, installer considerations, desktop and software differences as well as administration and package management procedures before getting into the communities. In the end, much like many articles like this, you the reader must ultimately decide, although Byfield added you couldn’t go wrong with either.

In other news:

* Thoughts of Thanksgiving for All That Is FOSS

* Four ways Linux is headed for no-downtime kernel patching

* Top 10 Linux Holiday Gifts for 2014 (Slideshow)

* System76 Sable Touch: The state of touch support in Linux

* ‘Less’ means more to malware authors targeting Linux users

Related Activities

Related Software

Related Blog Posts

via OStatic blogs

SUSE gets live patching

Using SUSE Linux means never having to say ‘reboot’.

via ZDNet | Linux And Open Source Blog RSS


Get every new post delivered to your Inbox.