Open source made a lot of headlines last month. Read on for some of the major developments.
Stanford University releases open source sustainable Cities software
Eighty percent of Americans live in cities, and 70 percent of the world’s population is expected to be urban dwellers by 2050. Thanks to the Stanford National Capital Project, urban planners and developers have a new open source tool to help improve the well-being of cities.
Urban InVEST is a new software that helps users visually understand where they can create areas that absorb carbon emissions and encourage public use, such as marshes and parks.
This investment will become even more important as climate change intensifies and more people move into smaller Spaces. For example, Urban planners could use Urban InVEST to predict how much green infrastructure could save cities in the event of a major storm.
The software allows users to upload their own data sets or use open data sets from sources including NASA satellites. Urban InVEST is part of the larger InVEST suite, a suite of software that helps experts map and model natural benefits.
Artificial intelligence comes to Arduino
The Arduino Project and Fraunhofer IMS have collaborated to release AIfES, a standalone open source artificial intelligence (AI) framework programmed in C.
Users can add AlfES to Arduino projects through the Library manager of Arduino’s INTEGRATED Development environment. You can also use AlfES to run and train machine learning algorithms on the smallest microcontrollers, such as the popular 8-bit Arduino Uno.
This allows you to develop edge and Internet of Things (IoT) devices that are cloud independent and can handle sensors intelligently in the field. In addition to providing GPLv3 licenses for open source projects, AlfES also provides paid licenses for commercial projects.
Cyber attacks are growing in size and scope, and software-supply-chain attacks, in which hackers insert malicious code into legitimate software, are a particularly big risk. A new Linux Foundation project led by Google, Red Hat and Purdue University aims to prevent these attacks.
Sigstore is a public service that provides code signing for open source developers who may lack the time, expertise, and resources. Developers can hand over all their cryptography work to Sigstore, which automatically generates an open source log of all activity.
Santiago Torres-Arias, a purdue University supply chain researcher associated with the project, told WIRED that supply chain code signing won’t solve all open source security issues, but it does address low-risk issues.
At a launch ceremony in June, Ms. Torres-arias and four others became the key holders of Sigstore. If Sigstore gets enough adoption, they hope to rotate the keys to other users, which would make it a neutral open source project.
Google launches a unified security vulnerability model for open source software
As calls for improved open source security grow, Google is taking steps to make it happen. The search giant unveiled a bug swap model to look for security risks across the open source solution.
The Google Open Source security and Go team builds on Google’s work to produce the Open Source Vulnerability (OSV) database and the OS-Fuzz data set for security risks. This new pattern describes the vulnerabilities of any open source ecosystem without relying on the logic of the ecosystem.
This is critical because, as Steven J. Vaughan-Nichols has written for ZDNet, the lack of a standard interchange format has been a major barrier to tracking the dependency of the entire vulnerability database. Instead, Google’s new model shares vulnerability data among several open source projects.
GitLab spun off Meltano, an open source data integration platform
As of June 30, Meltano officially became an independent enterprise. The open source Extract, Transfer, and Load (ETL) platform is now independent of GitLab.
Meltano queries databases and software-as-a-service applications to transition data to a warehouse or storage system and reorganize it. GitLab first launched Meltano in 2018 and it became open source over the course of several iterations.
Several proprietary ETL tools exist, making Meltano’s status as an open source alternative noteworthy. It allows users to host the tool on a device of their choice and access it using their own coordination tool or Meltano’s web interface.
“Most solutions are now paid for, which limits how many companies can access high-quality tools,” Meltano CEO Douwe Maan told VentureBeat. Being open source means that large communities can better serve the integration of the long tail, as vendors typically only support around 150.”
In other news.