Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 13 submissions in the queue.
Politics

Log In

Log In

Create Account  |  Retrieve Password


Site News

Join our Folding@Home team:
Main F@H site
Our team page


Funding Goal
For 6-month period:
2022-07-01 to 2022-12-31
(All amounts are estimated)
Base Goal:
$3500.00

Currently:
$438.92

12.5%

Covers transactions:
2022-07-02 10:17:28 ..
2022-10-05 12:33:58 UTC
(SPIDs: [1838..1866])
Last Update:
2022-10-05 14:04:11 UTC --fnord666

Support us: Subscribe Here
and buy SoylentNews Swag


We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.

posted by janrinok on Wednesday September 28 2022, @05:10PM   Printer-friendly
from the homespun-security dept.

US Senators Gary Peters (D-MI) and Rob Portman (R-OH) introdced S.4913 - Securing Open Source Software Act of 2022 the other day. It has been read twice and referred to the Committee on Homeland Security and Governmental Affairs. Here is the US Senate's press release:

U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation to help protect federal and critical infrastructure systems by strengthening the security of open source software. The legislation comes after a hearing convened by Peters and Portman on the Log4j incident earlier this year, and would direct the Cybersecurity and Infrastructure Security Agency (CISA) to help ensure that open source software is used safely and securely by the federal government, critical infrastructure, and others. A vulnerability discovered in Log4j – which is widely used open source code – affected millions of computers worldwide, including critical infrastructure and federal systems. This led top cybersecurity experts to call it one of the most severe and widespread cybersecurity vulnerabilities ever seen.

[...] The overwhelming majority of computers in the world rely on open source code – freely available code that anyone can contribute to, develop, and use to create websites, applications, and more. It is maintained by a community of individuals and organizations. The federal government, one of the largest users of open source software in the world, must be able to manage its own risk and also help support the security of open source software in the private sector and the rest of the public sector.

The Securing Open Source Software Act would direct CISA to develop a risk framework to evaluate how open source code is used by the federal government. CISA would also evaluate how the same framework could be voluntarily used by critical infrastructure owners and operators. This will identify ways to mitigate risks in systems that use open source software. The legislation also requires CISA to hire professionals with experience developing open source software to ensure that government and the community work hand-in-hand and are prepared to address incidents like the Log4j vulnerability. Additionally, the legislation requires the Office of Management and Budget (OMB) to issue guidance to federal agencies on the secure usage of open source software and establishes a software security subcommittee on the CISA Cybersecurity Advisory Committee.

-- Peters and Portman Introduce Bipartisan Legislation to Help Secure Open Source Software

Software freedom is not named explicitly in their definition as far as their diff^wtext goes. Nor are the free-of-charge, royalty-free aspects mentioned. Yet the text of S.4913 nevertheless seems to be a nod in the direction of Free Software:

(5) OPEN SOURCE SOFTWARE.—The term 'open source software' means software for which the human-readable source code is made available to the public for use, study, re-use, modification, enhancement, and re-distribution.

Behind the scenes, representatives from Microsoft appear to be milking the log4j circus for gain as shown by multiple other articles, not linked to here, and their vastly increased activity and presence in DC.

Overall, the legislative process needs to find a way to use versioning software so that all the "inserting before ...", "inserting after ...", "redesignating paragraphs ...", and other modifications can be easily processed and the current draft easily visible. However, that's not as simple as opening an account on GitLab or Src.ht and letting m$ and the rest of the world hammer at it unauthenticated and uncurated.

Previously:
(2022) The US Military Wants To Understand The Most Important Software On Earth
(2021) 'The Internet's on Fire': Techs Race to Fix Major Cybersecurity Software Flaw


Original Submission

posted by janrinok on Friday July 29 2022, @01:28PM   Printer-friendly
from the ketchup-with-china dept.

Senate passes massive package to boost U.S. computer chip production

[....] The 64-33 vote represents a rare bipartisan victory a little more than three months before the crucial November midterms; 17 Republicans joined all Democrats in voting yes. The package, known as "CHIPS-plus," now heads to the House, which is expected to pass it by the end of the week and send it to President Joe Biden for his signature.

[....] The centerpiece of the package is more than $50 billion in subsidies for domestic semiconductor manufacturing and research.

Supporters on Capitol Hill, as well as key members of Biden's Cabinet, have argued that making microchips at home — rather than relying on chipmakers in China, Taiwan and elsewhere — is critical to U.S. national security, especially when it comes to chips used for weapons and military equipment.

[...] The final chips bill is a slimmed-down version of a much broader China competitiveness package that House and Senate lawmakers had been negotiating. Earlier, the Senate passed its bill, known as USICA, while the House passed its own version, the America COMPETES Act. But lawmakers couldn't resolve their differences, and leading Democrats decided to switch their strategy and scale back the legislation.

The package also includes tens of billions more in authorizations for science and research programs, as well as for regional technology hubs around the country.

If passed, will this be well spent? Will the US actually be globally competitive in chip manufacture?


Original Submission

posted by janrinok on Wednesday July 27 2022, @08:50AM   Printer-friendly
from the we'll-build-our-own-with-blackjack-and-... dept.

Russia Says It Will Quit the International Space Station After 2024

The new head of Russia's space agency announced on Tuesday that Russia will leave the International Space Station after its current commitment expires at the end of 2024.

"The decision to leave the station after 2024 has been made," said Yuri Borisov, who was appointed this month to run Roscosmos, a state-controlled corporation in charge of the country's space program.

The pronouncement came during a meeting between Mr. Borisov and President Vladimir V. Putin of Russia. Mr. Borisov told Mr. Putin that Russia would fulfill its commitments through 2024. "I think that by this time we will begin to form the Russian orbital station," he said.

Mr. Putin's response: "Good."

However:

Russian Space Station to Replace ISS Will Be Built No Earlier Than 2028:

"We propose to build it in two stages. If the decision on its construction is made before the end of the year, then the first stage will begin in 2028 with the launch of the Science Power Module by the Angara-A5M launch vehicle," Solovyov said in an interview with the Russian Space magazine.After that, the node and gateway modules will be launched on the same rocket. The first will be similar to the module that is already part of the International Space Station. The second will be used for spacewalks.

Earlier, it was reported that the launch of the first module could take place in 2027-2028.Earlier in the day, the new head of Roscosmos, Yuri Borisov, reported to President Vladimir Putin that Russia would fulfill all its international obligations and withdraw from the ISS project in 2024.

Commenting on the state of the national space industry, the Roscosmos chief said that the situation is "difficult."Ex-Roscosmos head Dmitry Rogozin said on July 15 that after four years the industry managed "to get out of the system crisis quagmire." The Russian space industry, among other things, has achieved complete accident-free operations over the past four years, carrying out 86 successful launches in a row, completing the construction of the Russian segment of the ISS, and receiving the financing of the multi-satellite orbital grouping Sphere.

Additionally, Rogozin pointed out that Roscosmos managed to successfully implement a range of tasks including creating new Soyuz-5 spacecrafts, developing the preliminary design of the Russian orbital station to replace the ISS, and launch tests of the newest Sarmat intercontinental ballistic missiles have begun, which are expected to start combat duty by the end of 2022.


Original Submission

Original Submission

posted by janrinok on Thursday July 21 2022, @02:24PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

Russia’s Gazprom has told customers in Europe that it cannot guarantee gas supplies because of “extraordinary” circumstances, according to a letter seen by the Reuters news agency, upping the ante in an economic tit-for-tat with the West over Moscow’s invasion of Ukraine.

The Russian state gas monopoly said in a letter dated July 14 that it was retroactively declaring force majeure on supplies from June 14. The news comes as Nord Stream 1 (NS1), the key pipeline delivering Russian gas to Germany and beyond, is undergoing 10 days of annual maintenance scheduled to conclude on Thursday.

The letter added to fears in Europe that Moscow may not restart the pipeline at the end of the maintenance period in retaliation for sanctions imposed on Russia over the war in Ukraine, heightening an energy crisis that risks tipping the region into recession.

Known as an “act of God” clause, force majeure is standard in business contracts and defines extreme circumstances that release a party from their legal obligations. The declaration does not necessarily mean that Gazprom will stop deliveries, rather that it should not be held responsible if it fails to meet contract terms.

[...] Russian gas supplies have been declining via major routes for some months, including via Ukraine and Belarus as well as through the Nord Stream 1 pipeline under the Baltic Sea.

[...] The grace period for payments on two of Gazprom’s international bonds expires on July 19, and if foreign creditors are not paid by then the company will be technically in default.


Original Submission

posted by hubie on Monday July 18 2022, @02:44PM   Printer-friendly
from the wait-until-they-hear-about-NTP dept.

The MIT Technology Review writes in a long form article about how DARPA has rediscovered Free and Open Source Software, or at least the latter, and how it is now found everywhere across the board. As far as the Internet and the World Wide Web goes, its ubiquity has been a given since they were founded on it, but nowadays even at least 70% of closed source, proprietary products also contain lots of it. DARPA is worried about the kernel Linux in particular and the vetting process for adding code to the project specifically.

Now DARPA, the US military's research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it's too late.

DARPA's "SocialCyber" program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It's different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.

"The open-source ecosystem is one of the grandest enterprises in human history," says Sergey Bratus, the DARPA program manager behind the project.

"It's now grown from enthusiasts to a global endeavor forming the basis of global infrastructure, of the internet itself, of critical industries and mission-critical systems pretty much everywhere," he says. "The systems that run our industry, power grids, shipping, transportation."

Recently, software appears to have been occupying a lot of attention over in Washington, DC. Unfortunately occasional lines in mainstream articles indicate that it is M$ and M$ lobbyists are steering the policy discussion there. It appears that they are spending an enormous amount of time in direct contact with politicians and policy makers, all the while log4j is still getting milked by them as a distraction from all the actively exploited vulnerabilities in their own products.


Original Submission