Good Morning! Do you think the (OSS) ecosystem is facing a "bubble" that will burst. While OSS is not a typical tech hype bubble, this author argues there are concerning trends that threaten the fundamental values and sustainability of the OSS movement. These include the debate over the "open-source AI" definition, the rise of "source-available" licenses, and the EU's cut to open-source funding.

— Forrest Knight & Meghanadh Vasireddy

Entirely New Way For Hackers To Backdoor Into Microsoft Windows

This bad boy, dubbed Backdoor.Msupedge, is employing a rarely-seen technique that's got security experts raising their eyebrows. It's using DNS traffic to chat with its command-and-control (C&C) server, flying under the radar of many traditional security measures.

What's New:

• The backdoor, disguised as a DLL, sets up shop in specific file paths and uses DNS tunneling based on the open-source dnscat2 tool.

• It's got some tricks up its sleeve, including using the resolved IP address of its C&C server as a command switch. Pretty clever, right?

The backdoor supports various commands, from creating processes to downloading files and even taking strategic naps. The initial breach likely exploited a recent PHP vulnerability (CVE-2024-4577), affecting Windows-based PHP installations.

While we're still in the dark about who's behind this or their endgame, it's a reminder that attackers are constantly upping their game. As always, keep your systems patched and your eyes peeled for unusual DNS traffic.

Read More Here

AI-Assisted Code Transformation Saved Us 4,500 Years of Developer Work

Amazon Q's new code transformation capability according to Andy Jassy’s tweet. This AI assistant is turning the tables on Java upgrades:

• Time to upgrade to Java 17? Slashed from 50 developer-days to mere hours.

• 50% of Amazon's production Java systems modernized in under 6 months.

• 79% of auto-generated code reviews shipped without changes.

• Estimated savings: A whopping 4,500 developer-years of work and $260M in annualized efficiency gains.

Read More Here

A new definition of open-source AI could clarify an industry debate

The AI world has been split between those advocating for openness (think Meta and IBM) and those cautioning against it (like OpenAI and Anthropic) for a while actually. The lack of a clear definition for open-source AI hasn't helped matters. But now, the Open Source Initiative (OSI) is stepping in to clear the air.

The OSI has released a draft definition of open-source AI, and it's got some interesting points:

1. Source code for training and running the AI? Open.

2. Model weights and parameters? Also open.

3. Training data? Well, that's where it gets tricky.

Instead of requiring the full dataset release (which could be a legal minefield), the OSI suggests providing enough info for a skilled person to recreate a similar system using comparable data.

This definition could be a game-changer for upcoming AI regulations, providing a concrete metric for what qualifies as "open-source AI." It's not set in stone yet, but it's a solid step towards bringing some order to the Wild West of AI development.

Read More Here

🔥 More Notes

• The 3 Big Mistakes That Almost Cost Me My Promotion (And How You Can Avoid Them): The main mistakes to avoid for a promotion are: 1) assuming current performance is enough, rather than understanding next-level expectations; 2) neglecting current duties while pursuing higher work; and 3) underestimating the importance of a supportive manager. Instead, review leveling criteria, take on slightly less current work, and find a better manager if needed.

• Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is 'the only thing that matters': Linus Torvalds, the creator of Linux, discussed the current state and future of the Linux kernel in a conversation with Dirk Hohndel. Topics included the Linux release process, security, Rust integration, and the role of AI in software development.

• AI's insatiable energy demand is going nuclear: Amazon (AMZN) purchased a $650 million nuclear-powered data center from Talen Energy in Pennsylvania, indicating the company's ambitious expansion plans and the growing energy demands of artificial intelligence.

📹 Youtube Spotlight

SpaceX Completing a Boeing Mission: NASA’s Backup Plan, Explained | WSJ

Was this forwarded to you? Sign Up Here