Microsoft Joins the OpenChain Project, Google Open-Sources ClusterFuzz, New Android Vulnerability, FSF Gives the Vikings D8 Mainboard and Workstation Its "Respect Your Freedom" Endorsement, and Fedora Is Redesigning Its Logo
News briefs for February 8, 2019.
Microsoft has joined the OpenChain Project, "which builds trust in open source by making open source license compliance simpler and more consistent". Uber, Google and Facebook joined it last month. According to the announcement, "By joining OpenChain, Microsoft will help create best practices and define standards for open source software compliance, so that its customers have even greater choice and opportunity to bridge Microsoft and other technologies together in heterogeneous environments."
Google today announced it is open-sourcing ClusterFuzz and making it available for anyone to use. Fuzzing is "an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program", and it's "effective at finding memory corruption bugs". ClusterFuzz is "a fuzzing infrastructure running on over 25,000 cores" was written to aid in the Chrome development process. You can check it out at the ClusterFuzz GitHub repository.
A security vulnerability discovered in Android gives attackers access to your phone if you open a .png file. ZDNet reports that "All it takes to trigger the bug is for attackers to send a crafted, malicious Portable Network Graphic (.PNG) file to a victim's device. Should the user open the file, the exploit is triggered." This bug affects Android versions 7.0–9.0.
The Free Software Foundation has certified new hardware with its "Respect Your Freedom" endorsement: the Vikings D8 mainboard and D8 workstation. According to Phoronix, "The Vikings D8 is a re-branded ASUS KCMA-D8 but flashed with Libreboot+Coreboot to free the hardware down to the BIOS." In addition, "the D8 Workstation also ships with the FSF-approved Trisquel operating system that is free of any Linux binary blobs and proprietary software." See also the FSF post on the Respects Your Freedom certification.
Fedora is redesigning its logo due to issues with its current logo, including "the lack of a single colour variant", "the logo not working well on dark backgrounds", "confusion with other well-known brands, and the use of a proprietary font." See this article by Máirín Duffy for more on the history of the Fedora logo and other details on the change, and also see this post to join the discussion on the new options.