open source

322 Articles

FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?

April 3, 2024 by 9 Comments

This week Jonathan Bennett and David Ruggles sit down with Joshua Colp to talk about Asterisk! That’s the Open Source phone system software you already interact with without realizing it. It started as a side project to run the phones for Linux Support Services, and it turned out working on phone systems was more fun than supporting Linux. The project grew, and in the years since has landed at Sangoma, where Joshua holds the title of Asterisk Project Lead.

Asterisk is used in call centers, business phone systems, and telecom appliances around the world. But how does it handle faxes, WebRTC, and stopping spam calls? Just kidding on that last one, still an unsolved problem.

Continue reading “FLOSS Weekly Episode 777: Asterisk — Wait, Faxes?”

Exploit The Stressed-out Package Maintainer, Exploit The Software Package

March 31, 2024 by 11 Comments

A recent security vulnerability — a potential ssh backdoor via the liblzma library in the xz package — is having a lot of analysis done on how the vulnerability was introduced, and [Rob Mensching] felt that it was important to highlight what he saw as step number zero of the whole process: exploit the fact that a stressed package maintainer has burned out. Apply pressure from multiple sources while the attacker is the only one stepping forward to help, then inherit the trust built up by the original maintainer. Sadly, [Rob] sees in these interactions a microcosm of what happens far too frequently in open source.

Maintaining open source projects can be a high stress activity. The pressure and expectations to continually provide timely interaction, support, and updates can easily end up being unhealthy. As [Rob] points out (and other developers have observed in different ways), this kind of behavior just seems more or less normal for some projects.

The xz/liblzma vulnerability itself is a developing story, read about it and find links to the relevant analyses in our earlier coverage here.

Security Alert: Potential SSH Backdoor Via Liblzma

March 29, 2024 by 34 Comments

In breaking news that dropped just after our weekly security column went live, a backdoor has been discovered in the xz package, that could potentially compromise SSH logins on Linux systems. The most detailed analysis so far seems to be by [Andres Freund] on the oss-security list.

The xz release tarballs from 5.6.0 in late February and 5.6.1 on March 9th both contain malicious code. A pair of compressed files in the repository contain the majority of the malicious patch, disguised as test files. In practice, this means that looking at the repository doesn’t reveal anything amiss, but downloading the release tarballs gives you the compromised code.

This was discovered because SSH logins on a Debian sid were taking longer, with more CPU cycles than expected. And interestingly, Valgrind was throwing unexpected errors when running on the liblzma library. That last bit was first discovered on February 24th, immediately after the 5.6.0 release. The xz-utils package failed its tests on Gentoo builds.

Continue reading “Security Alert: Potential SSH Backdoor Via Liblzma”

FLOSS Weekly Episode 776: Dnsmasq, Making The Internet Work Since 1999

March 27, 2024 by 4 Comments

This week Jonathan Bennett and Simon Phipps sit down with Simon Kelley to talk about Dnsmasq! That’s a piece of software that was first built to get a laptop online over LapLink, and now runs on most of the world’s routers and phones. How did we get here, and what does the future of Dnsmasq look like? For now, Dnsmasq has a bus factor of one, which is a bit alarming, given how important it is to keeping all of us online. But the beauty of the project being available under the GPL is that if Simon Kelley walks away, Google, OpenWRT, and other users can fork and continue maintenance as needed. Give the episode a listen to learn more about Dnsmasq, how it’s tied to the Human Genome Project, and more!

Continue reading “FLOSS Weekly Episode 776: Dnsmasq, Making The Internet Work Since 1999”

FLOSS Weekly Episode 775: Meshtastic Central

March 20, 2024 by 4 Comments

This week, Jonathan Bennett and Rob Campbell chat with Ben Meadors and Adam McQuilkin to talk about what’s new with Meshtastic! There’s a lot. To start with, your favorite podcast host has gotten roped into doing development for the project. There’s a new Rust client, there’s a way to run the firmware on Linux Native, and there’s a shiny new web-based flasher tool!

Continue reading “FLOSS Weekly Episode 775: Meshtastic Central”

Open-Source Solar Modules

February 5, 2024 by 13 Comments

As the price of solar panels continues to fall, more and more places find it economical to build solar farms that might not have been able to at higher prices. High latitude locations, places with more clouds than sun, and other challenging build sites all are seeing increased green energy development. The modules being used have one main downside, though, which is that they’re essentially a black box encased in resin and plastic, so if one of the small cells fails a large percentage of the panel may be rendered useless with no way to repair it. A solar development kit like this one from a group called Biosphere Solar is looking to create repairable, DIY modules that are completely open source, to help solve this issue.

The modular solar panel is made from a 3D printed holster which can hold a number of individual solar cells. With the cells placed in the layout and soldered together, they are then sandwiched between a few layers of a clear material like acrylic or glass with a seal around the exterior to prevent water intrusion. Since the project is open-source any number of materials can be used for the solar cell casing, and with the STL file available it’s not strictly necessary to 3D print the case as other manufacturing methods could be used. The only thing left is to hook up a DC/DC converter if you need one, and perhaps also a number of bypass and/or blocking diodes depending on your panel’s electrical layout.

The project is still in active development, and some more information can be found at the project’s website. While the “recyclability” of large-scale solar farms is indeed a problem, it’s arguably one which has been overblown by various interests who are trying to cast doubt on green energy. A small build like this won’t solve either problem anytime soon, so the real utility here would be for home users with small off-grid needs who want an open-source, repairable panel. It’s a great method to make sure solar technology is accessible and repairable for anyone that wants it, and in a way this approach to building hardware reminds us a lot of the Framework laptops.

A General-Purpose PID Controller

January 27, 2024 by 19 Comments

For those new to fields like robotics or aerospace, it can seem at first glance that a problem like moving a robot arm or flying an RC airplane might be simple problems to solve. It turns out, however, that control of systems like these can get complicated quickly; so much so that these types of problems have spawned their own dedicated branch of engineering. As controls engineers delve into this field, one of their initial encounters with a control system is often with the PID controller, and this open source project delivers two of these general-purpose controllers in one box.

The dual-channel PID controller was originally meant as a humidity and temperature controller and was based on existing software for an ATmega328. But after years of tinkering, adding new features, and moving the controller to an ESP32 platform, [knifter] has essentially a brand new piece of software for this controller. Configuring the controller itself is done before the software is compiled, and it includes a GUI since one of the design goals of the project was ease-of-use. He’s used it to control humidity, temperature and CO2 levels in his own work at the University of Amsterdam, but imagines that it could see further use outside of his use cases in things like reflow ovens which need simple on/off control or for motors which can be controlled through an H-bridge.

The PID controller itself seems fairly robust, and includes a number of features that seasoned controls engineers would look for in their PID controllers. There are additionally some other open-source PID controllers to take a look at like this one built for an Arduino, and if you’re still looking for interesting use cases for these types of controllers one of our favorites is this PID controller built into a charcoal grill.