Connect with us

Techcrunch

The end of open source?

Published

on

Several weeks ago, the Linux community was rocked by the disturbing news that University of Minnesota researchers had developed (but, as it turned out, not fully executed) a method for introducing what they called “hypocrite commits” to the Linux kernel — the idea being to distribute hard-to-detect behaviors, meaningless in themselves, that could later be aligned by attackers to manifest vulnerabilities.

This was quickly followed by the — in some senses, equally disturbing — announcement that the university had been banned, at least temporarily, from contributing to kernel development. A public apology from the researchers followed.

Though exploit development and disclosure is often messy, running technically complex “red team” programs against the world’s biggest and most important open-source project feels a little extra. It’s hard to imagine researchers and institutions so naive or derelict as not to understand the potentially huge blast radius of such behavior.

Equally certain, maintainers and project governance are duty bound to enforce policy and avoid having their time wasted. Common sense suggests (and users demand) they strive to produce kernel releases that don’t contain exploits. But killing the messenger seems to miss at least some of the point — that this was research rather than pure malice, and that it casts light on a kind of software (and organizational) vulnerability that begs for technical and systemic mitigation.

Projects of the scale and utter criticality of the Linux kernel aren’t prepared to contend with game-changing, hyperscale threat models.

I think the “hypocrite commits” contretemps is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users. That ecosystem has long wrestled with problems of scale, complexity and free and open-source software’s (FOSS) increasingly critical importance to every kind of human undertaking. Let’s look at that complex of problems:

  • The biggest open-source projects now present big targets.
  • Their complexity and pace have grown beyond the scale where traditional “commons” approaches or even more evolved governance models can cope.
  • They are evolving to commodify each other. For example, it’s becoming increasingly hard to state, categorically, whether “Linux” or “Kubernetes” should be treated as the “operating system” for distributed applications. For-profit organizations have taken note of this and have begun reorganizing around “full-stack” portfolios and narratives.
  • In so doing, some for-profit organizations have begun distorting traditional patterns of FOSS participation. Many experiments are underway. Meanwhile, funding, headcount commitments to FOSS and other metrics seem in decline.
  • OSS projects and ecosystems are adapting in diverse ways, sometimes making it difficult for for-profit organizations to feel at home or see benefit from participation.

Meanwhile, the threat landscape keeps evolving:

  • Attackers are bigger, smarter, faster and more patient, leading to long games, supply-chain subversion and so on.
  • Attacks are more financially, economically and politically profitable than ever.
  • Users are more vulnerable, exposed to more vectors than ever before.
  • The increasing use of public clouds creates new layers of technical and organizational monocultures that may enable and justify attacks.
  • Complex commercial off-the-shelf (COTS) solutions assembled partly or wholly from open-source software create elaborate attack surfaces whose components (and interactions) are accessible and well understood by bad actors.
  • Software componentization enables new kinds of supply-chain attacks.
  • Meanwhile, all this is happening as organizations seek to shed nonstrategic expertise, shift capital expenditures to operating expenses and evolve to depend on cloud vendors and other entities to do the hard work of security.

The net result is that projects of the scale and utter criticality of the Linux kernel aren’t prepared to contend with game-changing, hyperscale threat models. In the specific case we’re examining here, the researchers were able to target candidate incursion sites with relatively low effort (using static analysis tools to assess units of code already identified as requiring contributor attention), propose “fixes” informally via email, and leverage many factors, including their own established reputation as reliable and frequent contributors, to bring exploit code to the verge of being committed.

This was a serious betrayal, effectively by “insiders” of a trust system that’s historically worked very well to produce robust and secure kernel releases. The abuse of trust itself changes the game, and the implied follow-on requirement — to bolster mutual human trust with systematic mitigations — looms large.

But how do you contend with threats like this? Formal verification is effectively impossible in most cases. Static analysis may not reveal cleverly engineered incursions. Project paces must be maintained (there are known bugs to fix, after all). And the threat is asymmetrical: As the classic line goes — blue team needs to protect against everything, red team only needs to succeed once.

I see a few opportunities for remediation:

  • Limit the spread of monocultures. Stuff like Alva Linux and AWS’ Open Distribution of ElasticSearch are good, partly because they keep widely used FOSS solutions free and open source, but also because they inject technical diversity.
  • Reevaluate project governance, organization and funding with an eye toward mitigating complete reliance on the human factor, as well as incentivizing for-profit companies to contribute their expertise and other resources. Most for-profit companies would be happy to contribute to open source because of its openness, and not despite it, but within many communities, this may require a culture change for existing contributors.
  • Accelerate commodification by simplifying the stack and verifying the components. Push appropriate responsibility for security up into the application layers.

Basically, what I’m advocating here is that orchestrators like Kubernetes should matter less, and Linux should have less impact. Finally, we should proceed as fast as we can toward formalizing the use of things like unikernels.

Regardless, we need to ensure that both companies and individuals provide the resources open source needs to continue.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/18/the-end-of-open-source/

Techcrunch

Tumblr debuts Post+, a subscription service for Gen Z creators

Published

on

As Twitter launches Super Follows, YouTube adds new monetization tools, and Instagram embraces e-commerce, the social media sphere is heating up with new ways for creators to make a living. Now, Tumblr is joining the fray with Post+, the platform’s first attempt at allowing users to monetize their content. Post+ is debuting today in limited beta for an exclusive selection of creators in the US, who were hand-picked by Tumblr.

Like Twitter’s Super Follows, Tumblr’s Post+ lets creators choose what content they want to put behind a paywall, whether that’s original artwork, personal blog posts, or Destiel fanfic. Creators can set the price for their subscriber-only content starting at $3.99 per month, with additional tiers at $5.99 and $9.99. The process of making content under Post+ is the same as any other Tumblr post — all creators will have to do is check a box to indicate that the post is for paying subscribers only, whether that’s a video, audio clip, text post, image, etc.

Image Credits: Tumblr

“Not reserved only for professionals, or those with 10K followers or higher, Tumblr’s Post+ will push the boundaries of what’s considered money-making content on the internet: Shitposters, memelords, artists, fan fiction writers, all of the above and everyone in between will be able to create content while building their community of supporters, and getting paid with Post+,” a Tumblr spokesperson told TechCrunch.

For millennials who live-blogged their reading of the last Hunger Games” book on its release day in 2010, Tumblr might seem like a relic of the past. Founded in 2007, the platform has gone through plenty of change over the years. In 2013, Tumblr was acquired by Yahoo for $1.1 billion, and then Yahoo was later acquired by Verizon.

But a massive shift came for Tumblr in December 2018, when the platform banned all sexually explicit content and pornography. A month prior, the Tumblr app had been removed from the iOS App Store after child pornography passed through the app’s filtering technology, which led the platform to ban pornography entirely. Four months after the ban, Tumblr’s monthly page views had declined by 151 million, or 29%. Since then, the platform has retained a core userbase, hovering between about 310 million and 377 million page views per month, according to SimilarWeb, though the analytics still indicate a slight downward trend. Tumblr declined to provide its monthly active user numbers, but shared that the platform has over 11 million posts per day and 500 million blogs.

In 2019, the platform was sold to Automattic, the company that owns WordPress. Though Tumblr hasn’t exhibited significant growth since the fateful porn ban, under its new ownership, it’s exploring new ways to generate profit by creating features that appeal to its now younger demographic. According to Tumblr, over 48% of users are Gen Z. These Gen Z users spend 26% more time on the platform than older bloggers, and their average daily usage time is increasing over 100% from year to year.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/21/tumblr-debuts-post-a-subscription-service-for-gen-z-creators/

Continue Reading

Techcrunch

Tumblr debuts Post+, a subscription service for Gen Z creators

Published

on

As Twitter launches Super Follows, YouTube adds new monetization tools, and Instagram embraces e-commerce, the social media sphere is heating up with new ways for creators to make a living. Now, Tumblr is joining the fray with Post+, the platform’s first attempt at allowing users to monetize their content. Post+ is debuting today in limited beta for an exclusive selection of creators in the US, who were hand-picked by Tumblr.

Like Twitter’s Super Follows, Tumblr’s Post+ lets creators choose what content they want to put behind a paywall, whether that’s original artwork, personal blog posts, or Destiel fanfic. Creators can set the price for their subscriber-only content starting at $3.99 per month, with additional tiers at $5.99 and $9.99. The process of making content under Post+ is the same as any other Tumblr post — all creators will have to do is check a box to indicate that the post is for paying subscribers only, whether that’s a video, audio clip, text post, image, etc.

Image Credits: Tumblr

“Not reserved only for professionals, or those with 10K followers or higher, Tumblr’s Post+ will push the boundaries of what’s considered money-making content on the internet: Shitposters, memelords, artists, fan fiction writers, all of the above and everyone in between will be able to create content while building their community of supporters, and getting paid with Post+,” a Tumblr spokesperson told TechCrunch.

For millennials who live-blogged their reading of the last Hunger Games” book on its release day in 2010, Tumblr might seem like a relic of the past. Founded in 2007, the platform has gone through plenty of change over the years. In 2013, Tumblr was acquired by Yahoo for $1.1 billion, and then Yahoo was later acquired by Verizon.

But a massive shift came for Tumblr in December 2018, when the platform banned all sexually explicit content and pornography. A month prior, the Tumblr app had been removed from the iOS App Store after child pornography passed through the app’s filtering technology, which led the platform to ban pornography entirely. Four months after the ban, Tumblr’s monthly page views had declined by 151 million, or 29%. Since then, the platform has retained a core userbase, hovering between about 310 million and 377 million page views per month, according to SimilarWeb, though the analytics still indicate a slight downward trend. Tumblr declined to provide its monthly active user numbers, but shared that the platform has over 11 million posts per day and 500 million blogs.

In 2019, the platform was sold to Automattic, the company that owns WordPress. Though Tumblr hasn’t exhibited significant growth since the fateful porn ban, under its new ownership, it’s exploring new ways to generate profit by creating features that appeal to its now younger demographic. According to Tumblr, over 48% of users are Gen Z. These Gen Z users spend 26% more time on the platform than older bloggers, and their average daily usage time is increasing over 100% from year to year.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/21/tumblr-debuts-post-a-subscription-service-for-gen-z-creators/

Continue Reading

Ecommerce

YouTube to pilot test shopping from livestreams with select creators

Published

on

YouTube will begin pilot testing a new feature that will allow viewers to shop for products directly from livestream videos. The feature will initially launch with just a handful of creators and brands, the company says, and is an expansion of the integrated shopping experience YouTube began beta testing earlier this year.

That feature was designed only for on-demand videos, and allowed viewers to tap into the “credibility and knowledge” of trusted creators in order to make informed purchases, the company explained at the time. It said it would roll out to more creators over the course of 2021.

More recently, YouTube tested livestreamed shopping with a one-day shopping event focused on small businesses.

YouTube’s video platform, for years, has been a powerful tool for product discovery, as its over 2 billion logged-in users per month turn to the service to watch product reviews, demos, unboxings, shopping hauls, and other content that could inspire future purchases. But creators who wanted to sell from their YouTube videos would often have to promote affiliate links to online stores through the video’s description or in-video elements, like cards or end screens.

In more recent years, YouTube also introduced a merch shelf that would allow viewers to shop a set of specific products the creator selected.

The integrated shopping experience, meanwhile, allows viewers to shop the products shown in the video itself by tapping on a “view products” button, which brings up a list of the items being featured.

Image Credits: YouTube

This feature allows YouTube to better compete with the growing number of video shopping experiences becoming available from both startups and competitors, including Facebook, Instagram, TikTok Pinterest, Amazon, and Snapchat. Many of those include support for livestream videos, too.

Over the past year, for example, startups like Bambuser, Popshop Live, Talkshoplive, Whatnot, and others have raised multi-million dollar rounds to invest in their own live video shopping businesses. Meanwhile, Facebook recently launched Live Shopping Fridays to test live shopping within the beauty, fashion and skincare space. And Walmart partnered with TikTok on livestream shopping events on multiple occasions.

YouTube’s own interest in this space has been heating up, as well, as just this week the company announced it was acquiring Indian video shopping app Simsim — an indication of Google’s interest in further integrating video shopping experiences into its own platform. Google also integrated video shopping into its Shopping search business, which included one effort from Shoploop, a video shopping product that graduated from Google’s in-house incubator, Area 120.

The expansion of YouTube’s integrated video shopping experience was announced today alongside other new Google Shopping features, including the addition of new section that organizes deals and sales on Google’s Shopping tab, which will be free for merchants who want to list.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/21/youtube-to-pilot-test-shopping-from-livestreams-with-select-creators/

Continue Reading

Startups

Zebra raises $1.1M in a pre-seed round for messaging that pairs photos with voice chat

Published

on

A new voice-based social app that cites Clubhouse as its biggest inspiration offers a playful new way to stay in touch with close friends and family. Zebra leaves video out of the equation altogether, inviting users to snap on-the-fly photos and send them off paired with casual voice updates.

Zebra focuses on asynchronous sharing, but it also lets users call one another if they’re both already hanging out on the app. The result is a fun and casual way to stay in touch for anyone who doesn’t feel like accidentally getting sucked into Instagram’s endless, ad-strewn feed every time they want to give a friend a quick update.

For now Zebra is a two-person team consisting of CEO Dennis Gecaj, a product designer based in Berlin and Amer Shahnawaz, Zebra’s Head of Engineering, who previously worked on Snap Maps at Snapchat. With the pre-seed funding, led by Alexis Ohanian’s fresh early stage venture firm Seven Seven Six, which the Reddit co-founder announced in June. The app will launch formally in August but is now open for pre-orders through the App Store and as a beta in TestFlight.

“It’s no secret that we are in the midst of an audio revolution, one that has ushered in a series of new audio-first social platforms and content vehicles,” Ohanian said, noting that Zebra’s unique blend of photos and voice is what caught his eye.

Gecaj sees voice-based social networking as a much richer alternative to text-dominant platforms. While products like Instagram allow voice messages and technically let users make voice calls by disabling the camera, voice usually plays second fiddle to video. But video calls are more taxing and require more commitment — it’s no coincidence more and more Zoom cameras blinked offline as the pandemic dragged on.

Unlike Clubhouse, which Gecaj calls a “huge inspiration, Zebra is social audio designed for your inner circle. “With everything opening back up we saw an incredible opportunity for an asynchronous format for that,” he told TechCrunch.

Gecaj hopes that Zebra’s “talking photos” can capture the collective imagination in a way that makes early growth natural. Anyone who downloads Zebra can invite friends individually without needing to share their full contact list (and they’ll need to since you can’t do anything on the app without friends). Because Zebra’s interface is so clean and streamlined, this process is painless and doesn’t necessitate any extra digging through menus.

The idea of a “zebra” — naturally, Zebra is trying to make “zebra” happen — is that people like to see what they are talking about. On a different messaging app, this would require sending a photo and then sending a voice message in quick succession. But on Zebra, sending a photo is the main thing you can do. The app opens right to the camera where you snap a picture. You then hold the photo to record a snippet of voice to go along with it and send it off to friends and family, who appear in a row beneath the camera.

Zebra isn’t worried about the prospect of talking people into downloading another app. Gecaj sees a natural split emerging as creators and audiences increasingly become the focus of social platforms that were initially designed to help friends stay in touch.

“I think the trend is a division between creator platforms where you go to be entertained and platforms you go to hang out with your friends,” Gecaj told TechCrunch.

On top of that, he hopes that Zebra’s dual focus on voice and photos, two aspects of social networking that platforms either don’t prioritize or are actively abandoning, can make it appealing for people who aren’t as interested in video.

“We really also think that text messaging doesn’t have the same emotion as voice… and voice has been really neglected,” Gecaj said. “There’s really a richness to voice, a power to voice that nothing else has.”

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://techcrunch.com/2021/07/21/zebra-voice-messaging-photos-ohanian-seven-seven-six/

Continue Reading
Esports3 days ago

How to reduce lag and increase FPS in Pokémon Unite

Esports4 days ago

Coven skins for Ashe, Evelynn, Ahri, Malphite, Warwick, Cassiopeia revealed for League of Legends

Esports3 days ago

Will New World closed beta progress carry over to the game’s full release?

Aviation4 days ago

And Here’s Yet Another Image Of Russia’s New Fighter Concept That Will Be Officially Unveiled Tomorrow

Esports3 days ago

Can you sprint in New World?

Esports3 days ago

How to add friends and party up in New World

Esports3 days ago

How to claim New World Twitch drops

AR/VR3 days ago

Moth+Flame partners with US Air Force to launch Virtual Reality sexual assault prevention and response training

Esports4 days ago

How to complete FUTTIES Alessandrini’s objectives in FIFA 21 Ultimate Team

Esports3 days ago

Twitch streamer gets banned in New World after milking cow

Esports4 days ago

Everything we know about Seer in Apex Legends

Aerospace4 days ago

Boeing crew capsule mounted on Atlas 5 rocket for unpiloted test flight

HRTech5 days ago

Walmart to pay $125 mn in disability discrimination case?

Esports4 days ago

What Time Does League of Legends Patch 11.15 Go Live?

Esports4 days ago

Evil Geniuses top laner Impact breaks all-time LCS early-game gold record in win over Dignitas

Blockchain4 days ago

Rothschild Investment Purchases Grayscale Bitcoin and Ethereum Trusts Shares

HRTech5 days ago

TCS is UK’s leading software/IT services firm and recruiter

Gaming5 days ago

Pokémon UNITE – 13 Things You Need To Know

Blockchain4 days ago

Uniswap (UNI) and AAVE Technical Analysis: What to Expect?

Blockchain3 days ago

BNY Mellon Joins State Street Into Crypto Trading, Backs Pure Digital Trading Platform

Trending