Reported last week at the BBC, CNet and IEEE Spectrum is the news that ARM is launching a new OS targeting low power, low footprint devices.
The operating system, called mbed OS, is meant to resolve productivity problems that arise from fragmentation—where different devices in the so-called “Internet of things” (IoT) market run on a hodgepodge of different protocols. ARM is looking to consolidate those devices under a single software layer that's simple, secure, and free for all manufacturers to use.
(Although the IEEE article reports that "this is the first operating system ARM has ever developed", that slightly glosses over the history of RiscOS by Acorn, of which ARM was a subsidiary.)
The software comes as a free "mbed OS" and a licensable "Device server". Although parts of the OS will be open source:
ARM says it wants to retain control of other parts to ensure mbed remains unfragmented
More technical details at the mbed developer site. One oddity is the Online Toolchain, which provides the device IDE and version control online.
(Score: 2) by q.kontinuum on Tuesday October 07 2014, @06:33PM
Open source is no guarantee for safety, but it increases the chances. First of all, the source code has nowadays usually better quality [coverity.com], because people use their contributions to brush up their CVs and second, the maintainer is not necessarily in close contact with all developers, so the code needs to be understandable.
Also, open source does not allow for crude implementations of security by obscurity, and bug-fixes are not dependant on some manager deciding about profitability, weighing in the chance of selling an upgrade instead. There is no reason closed source should be safer, even though open source does not guarantee safety.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by BasilBrush on Tuesday October 07 2014, @07:16PM
Regarding the Coverity report.
1) It says that according to their scans, open source is better quality in 2013 "for the first time". Yet the claim of open source being better quality goes back at least 17 years to The Cathedral and the Bazaar. So is this an admission that the claim was untrue for most of that time?
2) I'm not convinced it's comparing like with like. Systems software is by it's nature more hardened than application software. And software made by a software company selling as a product will be higher than a enterprises bespoke app. Anonymously donated enterprise software is not the same as closed source software as a whole. Valuable closed source software stays closed. None of the closed source software I've worked on would ever find its way into a Coverity report.
Also, open source does not allow for crude implementations of security by obscurity
What do you think port knocking is?
Hurrah! Quoting works now!
(Score: 2) by q.kontinuum on Wednesday October 08 2014, @04:28AM
The generalisation was wrong. But this link [lwn.net] shows that the linux kernel has a long history of good code quality compared to most enterprise software.
I agree. For open source software, the scan is free of charge, so any minor project can sign up without any barrier for proficiency. For closed source projects it is an investment, which will only be done by already quality-conscious development teams with willingness to invest not only time but also money in code quality. That creates a bias for enterprise software. Under these circumstances it is even more surprising that open source quality is higher.
A simple form of password protection. (I assume the ports which need to be knocked are configurable, not hardcoded in software.)
Registered IRC nick on chat.soylentnews.org: qkontinuum