Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

GitHub launches Innovation Graph for interactive development insights

GitHub has unveiled its Innovation Graph, an open data and insights platform for measuring and understanding the global impact of developers.

The ambitious initiative aims to address a longstanding challenge faced by policymakers and researchers: the lack of reliable and comprehensive data on trends in software development.

Understanding the Innovation Graph

The Innovation Graph is a repository of longitudinal metrics that track software development across economies...

Ruby on Rails creator deplores ‘open-source hooliganism’

Ruby on Rails creator David Heinemeier Hansson has expressed his concerns about what he called "open-source hooliganism."

Hansson recounted a recent incident involving the TypeScript community and their reaction to a decision made by the team behind Turbo.

Hansson began by acknowledging the passion that many developers have for their preferred programming languages and tools. He noted that the enthusiasm displayed by these individuals is a testament to their dedication...

Graphcore joins PyTorch Foundation as a general member

The PyTorch Foundation, a home for the deep learning community to collaborate on the open-source PyTorch framework and ecosystem, has announced that Graphcore is joining its ranks.

Graphcore – a Bristol, UK-based company specialising in designing and manufacturing AI accelerators, hardware, and software tailored for AI and machine learning workloads – has joined as a general member of the foundation.

PyTorch has long been a go-to framework for developers in the field...

Software Freedom Conservancy calls on FOSS contributors to ‘exit Zoom’

In the wake of the revelation that Zoom has been repurposing private user data to train machine learning models, the Software Freedom Conservancy (SFC) has taken a stand to emphasise the importance of Free and Open Source Software (FOSS) alternatives.

The SFC, an advocate for software rights and freedom, is extending its efforts to provide ethical technology choices and promote FOSS solutions for various needs.

The pandemic-driven shift towards digital technologies –...

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

Google releases Flutter 3.7 and teases future improvements

Google held its Flutter Forward event this week where it announced version 3.7 of the framework and teased future improvements.

Flutter started life as a framework for developing Android and iOS apps. Over the years, it’s expanded to help developers build apps for not just mobile, but also desktop, web, and more, all from a single Dart codebase.

Google says Flutter has attracted five million developers and over 700,000 apps have been created using it. Based on GitHub...

GitHub is ending Sponsors payments via PayPal

GitHub has announced that it’s ending the ability for Sponsors to make payments via PayPal.

In a statement, GitHub wrote:

“Starting on February 23, 2023, GitHub Sponsors will no longer support PayPal as a payments processor. As such, it will no longer be possible to sponsor individuals or organizations using PayPal.

If you are sponsoring anyone on GitHub using PayPal, please update your GitHub payment method to pay by credit or debit...

Linux Foundation launches Open Metaverse Foundation

The nonprofit Linux Foundation has launched the Open Metaverse Foundation (OMF) to promote an open metaverse.

Current participating organisations of the OMF include the Cloud Native Computing Foundation, Futurewei, GenXP, Hyperledger Foundation, LF AI, LF Edge & Networking, Open Voice Network, Open Wallet, and Veriken.

When discussing the metaverse, it’s important to consider the history of the web.

The original vision for the web was a decentralised...

OpenWallet aims to support Web3 wallet development

The Linux Foundation has announced OpenWallet, an initiative to support the development of Web3 digital wallets.

“We are convinced that digital wallets will play a critical role for digital societies,” said Jim Zemllin, Executive Director of the Linux Foundation.

“Open software is the key to interoperability and security. We are delighted to host the OpenWallet Foundation and excited for its potential.”

OpenWallet aims to develop a secure and...