-3.7 C
Sunday, January 23, 2022

Get FOSS-happy, China tells its financial institutions

Use it, contribute to it, respect its licences – and plan for security emergencies it creates

China has told its finance sector to embrace free and open source software (FOSS).

An opinion from the People’s Bank of China and the nation’s Central Cyberspace Administration essentially boils down to “go for it”.

The document instructs China’s financial sector players to use FOSS whenever they feel it is apposite, to contribute to FOSS projects, and to respect the licences under which such software is published. Financial institutions are also encouraged to collaborate with tech companies, universities and other institutions on FOSS efforts.

China’s especially keen for its financial institutions to work on operating systems, databases, middleware, cloud computing, big data, artificial intelligence, and blockchain projects.

Organisations are also told to be vigilant, by creating internal committees to assess FOSS security and by reviewing software supply chains.

One of the document’s recommendations is that users need to create emergency plans in case FOSS is found to contain backdoors or security holes. China also appears to be aware of litigation alleging FOSS breaches patents, as the opinion spells out measures users should take to mitigate the risk of IP disputes.

It falls short of mandating FOSS, but strongly recommends participation in global FOSS creation efforts.

China has already had enormous success with FOSS – its telcos and web giants like Baidu and Tencent are among the world’s biggest users of OpenStack and its existence helped them all to achieve extraordinary scale in a very short time.

The Middle Kingdom therefore has a very good example of FOSS bringing immense benefits, making these new edicts for the financial services community unsurprising. ®

Other stories you might like

  • India’s Supreme Court starts probe into use of Pegasus spyware

    Government offered to investigate itself – Court politely declined that kind suggestion

    India’s Supreme Court has taken the unusual step of commissioning a Technical Committee to investigate whether the national government used the NSO Group’s “Pegasus” spyware on its citizens.

    The NSO Group is an Israeli vendor of software that has spyware functions, but the company insists it only deals with governments when they can demonstrate the tools are needed to combat crimes like terrorism or child exploitation. In July 2021, Amnesty International and French journalism advocacy organisation Forbidden Stories revealed evidence that Pegasus had been used for many other purposes – including to monitor activists, journalists, world leaders, and plenty more targets that NSO claimed it would never permit to be surveilled with its wares.

    Amnesty and Forbidden Stories shared some of their evidence with Indian news outlet The Wire, which reported evidence Pegasus had been used to target media and opposition politicians. Indian IT Minister Ashwini Vaishnaw denied illegal use of spyware and insisted that when it is used, due process is followed.

    Continue reading

  • Zuckerberg wants to create a make-believe world in which you can hide from all the damage Facebook has done

    His social network has Meta-stasized

    Comment Facebook the company is being renamed to Meta, and the social network will be a brand within that entity, CEO Mark Zuckerberg said on Thursday.

    You may think that this is just a cheap and cynical rebranding exercise to mitigate the ongoing controversies in which Facebook is mired. But this move goes way beyond that. We’re well beyond an organization renaming itself to simply signal a change in direction or attitude. We’re beyond a company trying to shed its toxic image. This isn’t an antidote to the poison.

    Mark Zuckerberg has gone off the deep end.

    Continue reading

  • In latest DMCA review, US Copyright Office eases rules on computer security research, right to repair

    Game console fixes are limited – and there’s no allowance for exploit tools

    In its latest interpretation of the 1998 Digital Millennium Copyright Act, the US Copyright Office has relaxed the legal restrictions that deter security researchers and enthusiasts from analyzing and tinkering with protected content on digital devices.

    At the same time, the revised rules allow for only limited game console repair and fail to permit the distribution of security vulnerability exploitation tools.

    Two years after the Digital Millennium Copyright Act was enacted, establishing that it is illegal to bypass technical protection measures that control access to copyrighted works, the Librarian of Congress, on the advice of the Register of Copyrights, set up a process for creating exemptions.

    Continue reading

  • Get ready for full holograms and 6G while living in the metaverse, says Samsung

    Even though 5G Advanced isn’t even here yet

    With 5G adoption on the upswing, Samsung provided a detailed glimpse as to what a 6G world would look like.

    “We already started 6G research with the commercialization target around 2030,” said Sunghyun Choi, corporate senior vice president at Samsung Electronics, during a presentation at the Samsung Developer Conference webcast this week.

    6G networks may start going up in 2030, he said, in line with a new network being introduced every 10 years. The first generation network came about in the mid 1980s, and a new generation of communications technology has occurred roughly each decade.

    Continue reading

  • Multimillionaire Activision Blizzard CEO cuts annual pay to $62,000 amid sexual harassment probes

    Bobby Kotick vows zero tolerance on discrimination, will waive forced arbitration, and more

    Activision Blizzard CEO Bobby Kotick is cutting his salary to $62,500 and promised to turn down bonuses and equity packages as the gaming giant continues to be investigated for sexual harassment.

    The mega-studio is facing a string of lawsuits all while various executives have hit the eject button. Activision came under fire in July when California’s Department of Fair Employment and Housing accused bosses of supporting a “frat boy” culture, in which staff endured gender and racial discrimination, and women were paid less than their male colleagues. Employees also told America’s National Labor Relations Board managers had intimidated them when they attempted to speak out against the discrimination and form a union.

    The biz could be facing more litigation as the SEC – the US financial watchdog – launched its own investigation into the video game publisher. Not to mention it just agreed to pay $18m to settle a discrimination case with the US Equal Employment Opportunity Commission.

    Continue reading

  • Yet again, Cream Finance skimmed by crooks: $130m in crypto assets stolen

    Third time’s the unlucky charm for loan outfit

    Decentralized finance biz Cream Finance became further decentralized on Wednesday with the theft of $130m worth of crypto assets from its Ethereum lending protocol.

    Cream (cream.finance and not creamfinance.com) reported the loss via Twitter, the third such incident for the loan platform this year.

    “Our Ethereum C.R.E.A.M. v1 lending markets were exploited and liquidity was removed on October 27, 1354 UTC,” the Taiwan-based biz said. “The attacker removed a total of ~$130m USD worth of tokens from these markets, using this address. No other markets were impacted.”

    Continue reading

  • OpenID-based security features added to GitHub Actions as usage doubles

    Single-use tokens and reusable workflows explained at Universe event

    GitHub Universe GitHub Actions have new security based on OpenID, along with the ability to create reusable workflows, while usage has nearly doubled year on year, according to presentations at the Universe event.

    The Actions service was previewed three years ago at Universe 2018, and made generally available a year later. It was a huge feature, building automation into the GitHub platform for the first time (though rival GitLab already offered DevOps automation).

    It require compute resources, called runners, which can be GitHub-hosted or self-hosted. Actions are commands that execute on runners. Jobs are a sequence of steps that can be Actions or shell commands. Workflows are a set of jobs which can run in parallel or sequentially, with dependencies. For example, that deployment cannot take place unless build and test is successful. Actions make it relatively easy to set up continuous integration or continuous delivery, particularly since they are cloud-hosted and even a free plan offers 2,000 automation minutes per month, and more than that for public repositories.

    Continue reading

  • REvil gang member identified living luxury lifestyle in Russia, says German media

    Die Zeit: He’s got a Beemer, a Bitcoin watch and a swimming pool

    German news outlets claim to have identified a member of the infamous REvil ransomware gang – who reportedly lives the life of Riley off his ill-gotten gains.

    The gang member, nicknamed Nikolay K by Die Zeit newspaper and the Bayerische Rundfunk radio station, reportedly owns a €70,000 watch with a Bitcoin address engraved on its face and rents yachts for €1,300 a day whenever he goes on holiday.

    “He seems to prefer T-shirts from Gucci, luxurious BMW sportscars and large sunglasses,” reported Die Zeit, which partly identified him through social media videos posted by his wife.

    Continue reading

Kaylie Pferten
A pilot of submersible crafts in a former life, now married to my husband David and writing about investment advice.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles