Open source sustainable cities, AI on Arduino, supply chain security, and more | Opensource.com

Open source sustainable cities, AI on Arduino, supply chain security, and more

Get the latest news to know in this open source news roundup.

A map with a route highlighted
x

Subscribe now

Get the highlights in your inbox every week.

Open source made it into a lot of news headlines last month. Read on to learn about some of the major advances.

Stanford unveils open source sustainable cities software

80% of Americans live in cities, and 70% of the world's population is expected to be urban dwellers by 2050. Thanks to the Stanford National Capital Project, city planners and developers have a new open source tool to help improve urban wellbeing.

Urban InVEST is new software that helps users visualize where they might create areas to absorb carbon emissions and encourage public use, such as marshlands and parks.

Such investments will become more crucial as climate change increases and larger swaths of people move to tighter spaces. For example, urban planners could use Urban InVEST to forecast how much money green infrastructure might save cities in the event of a major storm.

The software allows users to upload their own data sets or use open data sets from sources including NASA satellites. Urban InVEST is part of the larger InVEST suite, a set of software to help experts map and model nature's benefits.

Artificial intelligence comes to Arduino

The Arduino project and Fraunhofer IMS have teamed up to release AIfES, a standalone open source artificial intelligence (AI) framework programmed in C.

Users can add AlfES to an Arduino project through Arduino's integrated development environment's library manager. You can also use AlfES to run and train machine learning algorithms on even the smallest microcontrollers (such as the popular 8-bit Arduino Uno).

This allows you to develop edge and Internet of Things (IoT) devices that are cloud-independent and can intelligently process sensors onsite. In addition to its GPLv3 license for open source projects, AlfES provides paid licensing for commercial projects.

New tool aims to save open source from supply chain attacks

Cyberattacks are increasing in size and scope, and software supply chain attacks (where hackers slip malicious code into legit software) are an especially big risk. A new Linux Foundation project led by Google, Red Hat, and Purdue University aims to prevent them.

Sigstore is a public-good service that offers code signing to open source developers who might lack the time, expertise, and resources to implement it themselves. Developers can give all their cryptography work to Sigstore, which automatically produces an open source log of all activity.

Santiago Torres-Arias, a supply chain researcher at Purdue University affiliated with the project, told WIRED that supply chain code signing won't solve every open source security problem, but it does address low-hanging fruit.

At an inaugural key ceremony in June, Torres-Arias and four others become Sigstore's main key holders. If Sigstore gets enough adoption, they hope to rotate keys to other users, which would make it a neutral open source project.

Google rolls out unified security vulnerability schema for open source software

As calls to improve open source security mount, Google is making moves to deliver. The search giant unveiled a vulnerability interchange schema to find security risks across open source solutions.

The Google Open Source Security and Go teams built upon Google's work to produce the Open Source Vulnerabilities (OSV) database and the OSS-Fuzz data set of security risks. This new schema describes vulnerabilities across any open source ecosystem without requiring ecosystem-dependent logic.

That's crucial because, as Steven J. Vaughan-Nichols wrote for ZDNet, the lack of a standard interchange format has been a big barrier to tracking dependencies across vulnerability databases. Instead, Google's new schema shares vulnerability data across several open source projects.

GitLab spins out open source data integration platform Meltano

As of June 30, Meltano is officially a standalone business. The open source extract, transfer, and load (ETL) platform is now independent of GitLab.

Meltano queries databases and software-as-a-service applications, transitions the data into a warehouse or storage system, and restructures it. GitLab debuted Meltano in 2018, and it became open source over the course of several iterations.

Several proprietary ETL tools exist, making Meltano's status as an open source alternative noteworthy. It allows users to host the tool on their devices of choice and access it using their own orchestration tools or Meltano's web-based interface.

"Most solutions right now are pay-to-play, which limits how many companies have access to high-quality tooling," Meltano CEO Douwe Maan told VentureBeat. "Being open source means the long-tail of integrations can be better served by a large community, since vendors typically only support about 150."

In other news:

Get the latest news to know in this open source news roundup.
A map with a route highlighted

Find an adventure in your own backyard with this fun app.
Two diverse hands holding a globe

Celebrate Earth Day by contributing to these projects dedicated to improving our environment.

Topics

About the author

Lauren Maffeo - Lauren Maffeo has reported on and worked within the global technology sector. She started her career as a freelance journalist covering tech trends for The Guardian and The Next Web from London. Today, she works as a service designer for Steampunk, a human-centered design firm building civic tech solutions for government agencies. Prior to Steampunk, Lauren was an associate principal analyst at Gartner, where she covered the impact of emerging tech like AI and blockchain on small and midsize...