How open source software took over the world

It was just 5 years ago that there was an ample dose of skepticism from investors about the viability of open source as a business model. The common thesis was that Redhat was a snowflake and that no other open source company would be significant in the software universe.

Fast forward to today and we’ve witnessed the growing excitement in the space: Redhat is being acquired by IBM for $32 billion (3x times its market cap from 2014); Mulesoft was acquired after going public for $6.5 billion; MongoDB is now worth north of $4 billion; Elastic’s IPO now values the company at $6 billion; and, through the merger of Cloudera and Hortonworks, a new company with a market cap north of $4 billion will emerge. In addition, there’s a growing cohort of impressive OSS companies working their way through the growth stages of their evolution: Confluent, HashiCorp, DataBricks, Kong, Cockroach Labs and many others. Given the relative multiples that Wall Street and private investors are assigning to these open source companies, it seems pretty clear that something special is happening.

So, why did this movement that once represented the bleeding edge of software become the hot place to be? There are a number of fundamental changes that have advanced open source businesses and their prospects in the market.

David Paul Morris/Bloomberg via Getty Images

From Open Source to Open Core to SaaS

The original open source projects were not really businesses, they were revolutions against the unfair profits that closed-source software companies were reaping. Microsoft, Oracle, SAP and others were extracting monopoly-like “rents” for software, which the top developers of the time didn’t believe was world class. So, beginning with the most broadly used components of software – operating systems and databases – progressive developers collaborated, often asynchronously, to author great pieces of software. Everyone could not only see the software in the open, but through a loosely-knit governance model, they added, improved and enhanced it.

The software was originally created by and for developers, which meant that at first it wasn’t the most user-friendly. But it was performant, robust and flexible. These merits gradually percolated across the software world and, over a decade, Linux became the second most popular OS for servers (next to Windows); MySQL mirrored that feat by eating away at Oracle’s dominance.

The first entrepreneurial ventures attempted to capitalize on this adoption by offering “enterprise-grade” support subscriptions for these software distributions. Redhat emerged the winner in the Linux race and MySQL (thecompany) for databases. These businesses had some obvious limitations – it was harder to monetize software with just support services, but the market size for OS’s and databases was so large that, in spite of more challenged business models, sizeable companies could be built.

The successful adoption of Linux and MySQL laid the foundation for the second generation of Open Source companies – the poster children of this generation were Cloudera and Hortonworks. These open source projects and businesses were fundamentally different from the first generation on two dimensions. First, the software was principally developed within an existing company and not by a broad, unaffiliated community (in the case of Hadoop, the software took shape within Yahoo!) . Second, these businesses were based on the model that only parts of software in the project were licensed for free, so they could charge customers for use of some of the software under a commercial license. The commercial aspects were specifically built for enterprise production use and thus easier to monetize. These companies, therefore, had the ability to capture more revenue even if the market for their product didn’t have quite as much appeal as operating systems and databases.

However, there were downsides to this second generation model of open source business. The first was that no company singularly held ‘moral authority’ over the software – and therefore the contenders competed for profits by offering increasing parts of their software for free. Second, these companies often balkanized the evolution of the software in an attempt to differentiate themselves. To make matters more difficult, these businesses were not built with a cloud service in mind. Therefore, cloud providers were able to use the open source software to create SaaS businesses of the same software base. Amazon’s EMR is a great example of this.

The latest evolution came when entrepreneurial developers grasped the business model challenges existent in the first two generations – Gen 1 and Gen 2 – of open source companies, and evolved the projects with two important elements. The first is that the open source software is now developed largely within the confines of businesses. Often, more than 90% of the lines of code in these projects are written by the employees of the company that commercialized the software. Second, these businesses offer their own software as a cloud service from very early on. In a sense, these are Open Core / Cloud service hybrid businesses with multiple pathways to monetize their product. By offering the products as SaaS, these businesses can interweave open source software with commercial software so customers no longer have to worry about which license they should be taking. Companies like Elastic, Mongo, and Confluent with services like Elastic Cloud, Confluent Cloud, and MongoDB Atlas are examples of this Gen 3.  The implications of this evolution are that open source software companies now have the opportunity to become the dominant business model for software infrastructure.

The Role of the Community

While the products of these Gen 3 companies are definitely more tightly controlled by the host companies, the open source community still plays a pivotal role in the creation and development of the open source projects. For one, the community still discovers the most innovative and relevant projects. They star the projects on Github, download the software in order to try it, and evangelize what they perceive to be the better project so that others can benefit from great software. Much like how a good blog post or a tweet spreads virally, great open source software leverages network effects. It is the community that is the source of promotion for that virality.

The community also ends up effectively being the “product manager” for these projects. It asks for enhancements and improvements; it points out the shortcomings of the software. The feature requests are not in a product requirements document, but on Github, comments threads and Hacker News. And, if an open source project diligently responds to the community, it will shape itself to the features and capabilities that developers want.

The community also acts as the QA department for open source software. It will identify bugs and shortcomings in the software; test 0.x versions diligently; and give the companies feedback on what is working or what is not.  The community will also reward great software with positive feedback, which will encourage broader use.

What has changed though, is that the community is not as involved as it used to be in the actual coding of the software projects. While that is a drawback relative to Gen 1 and Gen 2 companies, it is also one of the inevitable realities of the evolving business model.

Linus Torvalds was the designer of the open-source operating system Linux.

Rise of the Developer

It is also important to realize the increasing importance of the developer for these open source projects. The traditional go-to-market model of closed source software targeted IT as the purchasing center of software. While IT still plays a role, the real customers of open source are the developers who often discover the software, and then download and integrate it into the prototype versions of the projects that they are working on. Once “infected”by open source software, these projects work their way through the development cycles of organizations from design, to prototyping, to development, to integration and testing, to staging, and finally to production. By the time the open source software gets to production it is rarely, if ever, displaced. Fundamentally, the software is never “sold”; it is adopted by the developers who appreciate the software more because they can see it and use it themselves rather than being subject to it based on executive decisions.

In other words, open source software permeates itself through the true experts, and makes the selection process much more grassroots than it has ever been historically. The developers basically vote with their feet. This is in stark contrast to how software has traditionally been sold.

Virtues of the Open Source Business Model

The resulting business model of an open source company looks quite different than a traditional software business. First of all, the revenue line is different. Side-by-side, a closed source software company will generally be able to charge more per unit than an open source company. Even today, customers do have some level of resistance to paying a high price per unit for software that is theoretically “free.” But, even though open source software is lower cost per unit, it makes up the total market size by leveraging the elasticity in the market. When something is cheaper, more people buy it. That’s why open source companies have such massive and rapid adoption when they achieve product-market fit.

Another great advantage of open source companies is their far more efficient and viral go-to-market motion. The first and most obvious benefit is that a user is already a “customer” before she even pays for it. Because so much of the initial adoption of open source software comes from developers organically downloading and using the software, the companies themselves can often bypass both the marketing pitch and the proof-of-concept stage of the sales cycle. The sales pitch is more along the lines of, “you already use 500 instances of our software in your environment, wouldn’t you like to upgrade to the enterprise edition and get these additional features?”  This translates to much shorter sales cycles, the need for far fewer sales engineers per account executive, and much quicker payback periods of the cost of selling. In fact, in an ideal situation, open source companies can operate with favorable Account Executives to Systems Engineer ratios and can go from sales qualified lead (SQL) to closed sales within one quarter.

This virality allows for open source software businesses to be far more efficient than traditional software businesses from a cash consumption basis. Some of the best open source companies have been able to grow their business at triple-digit growth rates well into their life while  maintaining moderate of burn rates of cash. This is hard to imagine in a traditional software company. Needless to say, less cash consumption equals less dilution for the founders.

Photo courtesy of Getty Images

Open Source to Freemium

One last aspect of the changing open source business that is worth elaborating on is the gradual movement from true open source to community-assisted freemium. As mentioned above, the early open source projects leveraged the community as key contributors to the software base. In addition, even for slight elements of commercially-licensed software, there was significant pushback from the community. These days the community and the customer base are much more knowledgeable about the open source business model, and there is an appreciation for the fact that open source companies deserve to have a “paywall” so that they can continue to build and innovate.

In fact, from a customer perspective the two value propositions of open source software are that you a) read the code; b) treat it as freemium. The notion of freemium is that you can basically use it for free until it’s deployed in production or in some degree of scale. Companies like Elastic and Cockroach Labs have gone as far as actually open sourcing all their software but applying a commercial license to parts of the software base. The rationale being that real enterprise customers would pay whether the software is open or closed, and they are more incentivized to use commercial software if they can actually read the code. Indeed, there is a risk that someone could read the code, modify it slightly, and fork the distribution. But in developed economies – where much of the rents exist anyway, it’s unlikely that enterprise companies will elect the copycat as a supplier.

A key enabler to this movement has been the more modern software licenses that companies have either originally embraced or migrated to over time. Mongo’s new license, as well as those of Elastic and Cockroach are good examples of these. Unlike the Apache incubated license – which was often the starting point for open source projects a decade ago, these licenses are far more business-friendly and most model open source businesses are adopting them.

The Future

When we originally penned this article on open source four years ago, we aspirationally hoped that we would see the birth of iconic open source companies. At a time where there was only one model – Redhat – we believed that there would be many more. Today, we see a healthy cohort of open source businesses, which is quite exciting. I believe we are just scratching the surface of the kind of iconic companies that we will see emerge from the open source gene pool. From one perspective, these companies valued in the billions are a testament to the power of the model. What is clear is that open source is no longer a fringe approach to software. When top companies around the world are polled, few of them intend to have their core software systems be anything but open source. And if the Fortune 5000 migrate their spend on closed source software to open source, we will see the emergence of a whole new landscape of software companies, with the leaders of this new cohort valued in the tens of billions of dollars.

Clearly, that day is not tomorrow. These open source companies will need to grow and mature and develop their products and organization in the coming decade. But the trend is undeniable and here at Index we’re honored to have been here for the early days of this journey.

Xiaomi’s five-year plan is a $1.5 billion bet on smart homes

Xiaomi, the Chinese company best known for budget phones, is betting big on a future of connected homes. It plans to plough at least 100 billion yuan, or $1.48 billion, into the so-called “AIoT” sector over the next five years, founder and chief operating office Lei Jun announced on Friday.

AIoT, short for “AI + IoT,” is an upgrade from devices connected to the internet, known as the Internet of Things. AIoTs are intelligent, run on automated systems and can learn from users’ habits, like lights that automatically turn on when you get home.

“We see a future where all home devices will be connected to the internet and controlled by voice. A wave of home appliances will be replaced by smart devices. There will be an AIoT network that infiltrates every second and scenario of people’s lives, collecting mountains of users, traffic and data,” said Lei in his annual address to employees.

The plan is to get all sorts of gadgets, not just handsets, onto Xiaomi’s operating system so the company can hawk services through these devices. The move comes as Xiaomi, the world’s fourth-largest smartphone vendor, copes a weakening market. Smartphone shipments in China were down more than 15 percent year-over-year in 2018, according to a government-backed research institute.

Phones remain strategically important to Xiaomi as it looks to lower-end phones for growth. On Thursday, the company announced it has split up (not spin out) its budget phone brand, Redmi, in hope of launching “red rice” — what Redmi means in Chinese — to Xiaomi’s “little rice” stardom. The strategy is similar to how Huawei operates sub-brand Honor for its line of cheaper phones.

Xiaomi’s new billion-dollar pledge is a continuation of a plan in 2013 to back 100 startups over the course of five years. These portfolio companies, in turn, helped make Xiaomi products, which now count 132 million total devices among which 20 million are active daily. Meanwhile, Xiaomi’s voice assistant Xiao Ai has hit 100 million installs.

These gadgets, along with an assortment of lifestyle products like suitcases and umbrellas, became the largest revenue driver for Xiaomi in the second quarter of last year, the company’s earnings report shows.

Xiaomi is in a land grab with other Chinese tech giants like Baidu to enter people’s homes. It’s becoming something akin to a department store, but it can’t make everything itself. Recently, the giant made a big push in TVs through a partnership with a veteran Chinese home appliance manufacturer. It’s also teamed up with IKEA on a 100 million yuan ($14.8 million) fund for third-party developers, which will enrich Xiaomi’s inventory as consumers in China may soon be able to buy many Xiaomi-powered furniture from the Swedish retailer.

In major TV push, China’s Xiaomi buys 0.5% stake in TCL

A veteran TV maker just got a notable refresh as it enters the age of connected devices. Xiaomi, the Beijing-based firm best known for budget smartphones, has bought 65.2 million shares, or 0.48 percent, of Chinese home appliance maker TCL, said TCL in a statement to the Shenzhen Stock Exchange on Sunday.

Shares of TCL, the world’s third-largest LCD TV manufacturer, jumped nearly 4 percent in morning trading on Monday, giving the company a market cap of $36 billion.

The financial gesture deepens an existing alliance between the duo. On December 29, the companies signed a strategic partnership that would see them collaborate on various fronts, including R&D in integrating smart devices with “core, high-end, and basic” electronic parts. To put in layman’s terms, the joint effort focuses on chips and will make it easier for TCL devices to incorporate into Xiaomi’s operating system, where an expanding universe of third-party gadgets reside. The partners may also make co-investments in the hardware field.

The tie-up provides “tremendous help” for Xiaomi as it ups the ante in home appliances, wrote Xiaomi founder and CEO Lei Jun on Weibo, China’s closest answer to Twitter, in a reply to TCL’s CEO Li Dongsheng. During the third quarter of 2018, smart TVs helped drive revenue growth for Xiaomi’s non-smartphone hardware segment, shows the company’s financial results.

“[Our partnership] helps facilitate the transformation and upgrade of China’s manufacturing industry,” wrote Li, whose company started in 1981 as a cassette manufacturer.

Xiaomi has long been keen to team up with manufacturers to make its own branded devices instead of producing them itself. By early 2018, Xiaomi reached nearly 100 such partners, many of which Xiaomi had invested in to harness bargaining power in the supply chain, from what a smartphone should look like to how much it’s priced at. Xiaomi’s retail stores — available online and in physical manifestations — have also opened doors to third-party brands in an effort to broaden product selection.

Xiaomi’s close ties with its ecosystem partners result in an inventory of affordable products rivaling the likes of Fitbit and Apple. During the third quarter of 2018, Xiaomi topped the global chart by shipping 6.9 million units of wearables. Apple and Fitbit came in second and third with 4.2 million units and 3.5 million units, respectively, according to market research firm IDC.

Xiaomi derives most of its revenues from smartphones, though Lei Jun has long envisioned a future in which internet services will be the firm’s main force. This segment, which Xiaomi has marketed as its key financial differentiator against other phone brands, includes sales from mobile games, internet finance, paid content among a slew of services available through Xiaomi’s connected devices.

AWS launches Arm-based servers for EC2

At its re:Invent conference in Las Vegas, AWS today announced the launch of Arm-based servers for its EC2 cloud computing service. These aren’t run-of-the-mill Arm chips, though. AWS took the standard Arm cores and then customized them to fit its needs.The company says that its so-called AWS Graviton Processors have been optimized for performance and cost, with a focus on scale-out workloads that can be spread across a number of smaller instances (think containerized microservices, web servers, caching fleets, etc.).

The first set of instances, called A1, is now available in a number of AWS regions in the U.S. and Europe. They support all of AWS’s standard instance pricing models, including on-demand, reserved instance, spot instance, dedicated instance and dedicated host.

For now, you can only use Amazon Linux 2, RHEL and Ubuntu as operating systems for these machines, but AWS promises that additional operating system support will launch in the future.

Because these are ARM servers, you’ll obviously have to recompile any native code for them before you can run your applications on them. Virtually any application that is written in a scripting language, though, will probably run without any modifications.

Prices for these instances start at $0.0255/hour for an a1.medium machine with 1 CPU and 2 GiB of RAM and go up to $0.4080/hour for machines with 16 CPUs and 32 GiB of RAM. That’s maybe not as cheap as you would’ve expected given that an X86-based t3.nano server starts at $0.0052/hour, but you can always save quite a bit by using spot instances, of course. Until we see some benchmarks, though, it’s hard to compare these different machine types anyway.

As Amazon’s Jeff Barr notes in today’s announcement, the company’s move to its so-called Nitro System now allows it to launch new instance types at a faster clip. Nitro essentially provides the building blocks for creating new instance types that the team can then mix and match as needed.

It’s worth noting that AWS also launched support for AMD EPYC processors earlier this month.

more AWS re:Invent 2018 coverage

6D.ai opens up its beta

After wrestling for more than a decade with the development of a technology that would create a three-dimensional map of the physical world, the team at 6D.ai is finally ready to open up to developers its toolkit that the company says has done exactly that.

When company chief executive Matt Miesnieks announced the launch of 6D in March, he laid out a vision for its growth that had three goals: The company would build APIs to capture the three-dimensional geometry of the world; it would apply that three-dimensional data to build semantic APIs so applications can understand the world; and it would partner and extend those APIs to create an operating system for reality.

Having achieved the first goal, the company is now working on the second.

“The whole purpose of this company wasn’t ‘Hey there’s this new technology!’ It’s what can AR do in its fully realized form and what is a native experience for AR that hadn’t worked in prior mediums and what’s stopping that stuff from being effective and how do you solve those problems,” says Miesnieks.

For Miesnieks the problems confronting augmented reality come down to creating believable visual objects that integrate seamlessly into the world. That act of creation depends on persistence, occlusion and interaction, according to Miesnieks.

Interactivity, to Miesnieks should happen seamlessly rather than requiring a multi-step process that the 6D chief executive calls “just a bridge too far.”

“What needs to happen is you say, ‘Hey join my game.’ And it just works.”

Miesnieks argues that the kind of precision that synchronization requires demands a kind of on-device localization, which is exactly what 6D has claimed it enables.

“Once you have that 3D model then the virtual content can bounce off the 3D model. You can do shadows correctly. Extend that over large areas so that it doesn’t just work in a corner of my living room, but that it can work everywhere,” Miesnieks said. “We need these models and the only way to get there is to use a depth camera or offline photogrammetry.”

6D has already done some work with bands like Massive Attack and Aphex Twin that put its technology through some early paces. And the Victoria and Albert Museum have also used the technology. Soon it will launch a game with an undisclosed Japanese game developer (which has intellectual property similar to Pokémon) and a virtual YouTube-like application with the Japanese social network, Gree.

For Miesnieks perhaps the most interesting application is with a big, undisclosed transportation company that is interested in navigation for terrestrial and other mobility.

“When we set the company up, we are pretty convicted that we want to say to the developers that this is reality. We will give you shared coordinates for multi-player,” said Miesnieks.

Underlying all of this are concerns about security related to who can see what in the space that users map. But Miesnieks said that the company had solved that problem as well.

“You can only get the data for a space if you’re physically in that space,” said Miesnieks. “I hold my phone up, it looks at your living room, based on what it sees it queries the server and if there’s a match it will serve that data up to that location.”

Based on research, the point cloud that 6D generates isn’t directly connected to the geographic structure. It’s slightly randomized so a user can’t look at the point cloud and see what is what.

“It’s unable to be reverse engineered by any known science into a human readable image,” said Miesnieks. “All the image would look like is a whole bunch of dots and blobs. That’s kind of what we’re doing so far.”

As the company builds out its three-dimensional map of the world, it’s encouraging developers to think of it as a new kind of augmented reality platform.

“Our business is web services meet Waze,” said Miesnieks.

Google tweaks Android licensing terms in Europe to allow Google app unbundling — for a fee

Google has announced changes to the licensing model for its Android mobile operating system in Europe,  including introducing a fee for licensing some of its own brand apps, saying it’s doing so to comply with a major European antitrust ruling this summer.

In July the region’s antitrust regulators hit Google with a recordbreaking $5BN fine for violations pertaining to Android, finding the company had abused the dominance of the platform by requiring manufacturers pre-install other Google apps in order to license its popular Play app store. 

Regulators also found Google had made payments to manufacturers and mobile network operators in exchange for exclusively pre-installing Google Search on their devices, and used Play store licensing to prevent manufacturers from selling devices based on Android forks.

Google disputes the Commission’s findings, and last week filed its appeal — a legal process that could take years. But in the meanwhile it’s making changes to how it licenses Android in Europe to avoid the risk of additional penalties heaped on top of the antitrust fine.

Hiroshi Lockheimer, Google’s senior vice president of platforms & ecosystems, revealed the new licensing options in a blog post published today.

Under updated “compatibility agreements”, he writes that mobile device makers will be able to build and sell Android devices intended for the European Economic Area (EEA) both with and without Google mobile apps preloaded — something Google’s same ‘compatibility’ contracts restricted them from doing before, when it was strictly either/or (either you made Android forks, or you made Android devices with Google apps — not both).

“Going forward, Android partners wishing to distribute Google apps may also build non-compatible, or forked, smartphones and tablets for the European Economic Area (EEA),” confirms Lockheimer.

However the company is also changing how it licenses the full Android bundle — which previously required OEMs to load devices with the Google mobile application suite, Google Search and the Chrome browser in order to be able to offer the popular Play Store — by introducing fees for OEMs wanting to pre-load a subset of those same apps under “a new paid licensing agreement for smartphones and tablets shipped into the EEA”.

Though Google stresses there will be no charge for using the Android platform itself. (So a pure fork without any Google services preloaded still wouldn’t require a fee.)

Google also appears to be splitting out Google Search and Chrome from the rest of the Google apps in its mobile suite (which traditionally means stuff like YouTube, the Play Store, Gmail, Google Maps, although Lockheimer’s blog post does not make it clear which exact apps he’s talking about) — letting OEMs selectively unbundle some Google apps, albeit potentially for a fee, depending on the apps in question.

“[D]evice manufacturers will be able to license the Google mobile application suite separately from the Google Search App or the Chrome browser,” is what Lockheimer unilluminatingly writes.

Perhaps Google wants future unbundled Android forks to still be able to have Google Search or Chrome, even if they don’t have the Play store, but it’s really not at all clear which configurations of Google apps will be permitted under the new licensing terms, and which won’t.

“Since the pre-installation of Google Search and Chrome together with our other apps helped us fund the development and free distribution of Android, we will introduce a new paid licensing agreement for smartphones and tablets shipped into the EEA. Android will remain free and open source,” Lockheimer adds, without specifying what the fees will be either. 

“We’ll also offer new commercial agreements to partners for the non-exclusive pre-installation and placement of Google Search and Chrome. As before, competing apps may be pre-installed alongside ours,” he continues to complete his trio of poorly explained licensing changes.

We’ve asked Google to clarify the various permitted and not permitted app configurations, as well as which apps will require a fee (and which won’t), and how much the fees will be, and will update this post with any response.

The devil in all those details should become clear soon though, as Google says the new licensing options will come into effect on October 29 for all new (Android based) smartphones and tablets launched in the EEA.

A new CSS-based web attack will crash and restart your iPhone

A security researcher has found a new way to crash and restart any iPhone — with just a few lines of code.

Sabri Haddouche tweeted a proof-of-concept webpage with just 15 lines of code which, if visited, will crash and restart an iPhone or iPad. Those on macOS may also see Safari freeze when opening the link.

The code exploits a weakness in iOS’ web rendering engine WebKit, which Apple mandates all apps and browsers use, Haddouche told TechCrunch. He explained that nesting a ton of elements — such as <div> tags — inside a backdrop filter property in CSS, you can use up all of the device’s resources and cause a kernel panic, which shuts down and restarts the operating system to prevent damage.

“Anything that renders HTML on iOS is affected,” he said. That means anyone sending you a link on Facebook or Twitter, or if any webpage you visit includes the code, or anyone sending you an email, he warned.

TechCrunch tested the exploit running on the most recent mobile software iOS 11.4.1, and confirm it crashes and restarts the phone. Thomas Reed, director of Mac & Mobile at security firm Malwarebytes confirmed that  the most recent iOS 12 beta also froze when tapping the link.

The lucky whose devices won’t crash may just see their device restart (or “respring”) the user interface instead.

For those curious, you can see how it works without it running the crash-inducing code.

The good news is that as annoying as this attack is, it can’t be used to run malicious code, he said, meaning malware can’t run and data can’t be stolen using this attack. But there’s no easy way to prevent the attack from working. One tap on a booby-trapped link sent in a message or opening an HTML email that renders the code can crash the device instantly.

Haddouche contacted Apple on Friday about the attack, which is said to be investigating. A spokesperson did not immediately respond to a request for comment.

‘Unhackable’ BitFi crypto wallet has been hacked

The BitFi crypto wallet was supposed to be unhackable and none other than famous weirdo John McAfee claimed that the device – essentially an Android-based mini tablet – would withstand any attack. Spoiler alert: it couldn’t.

First, a bit of background. The $120 device launched at the beginning of this month to much fanfare. It consisted of a device that McAfee claimed contained no software or storage and was instead a standalone wallet similar to the Trezor. The website featured a bold claim by McAfee himself, one that would give a normal security researcher pause:

Further, the company offered a bug bounty that seems to be slowly being eroded by outside forces. They asked hackers to pull coins off of a specially prepared $10 wallet, a move that is uncommon in the world of bug bounties. They wrote:

We deposit coins into a Bitfi wallet
If you wish to participate in the bounty program, you will purchase a Bitfi wallet that is preloaded with coins for just an additional $10 (the reason for the charge is because we need to ensure serious inquiries only)
If you successfully extract the coins and empty the wallet, this would be considered a successful hack
You can then keep the coins and Bitfi will make a payment to you of $250,000
Please note that we grant anyone who participates in this bounty permission to use all possible attack vectors, including our servers, nodes, and our infrastructure

Hackers began attacking the device immediately, eventually hacking it to find the passphrase used to move crypto in and out of the the wallet. In a detailed set of tweets, security researchers Andrew Tierney and Alan Woodward began finding holes by attacking the operating system itself. However, this did not match the bounty to the letter, claimed BitFi, even though they did not actually ship any bounty-ready devices.

Then, to add insult to injury, the company earned a Pwnies award at security conference Defcon. The award was given for worst vendor response. As hackers began dismantling the device, BitFi went on the defensive, consistently claiming that their device was secure. And the hackers had a field day. One hacker, 15-year-old Saleem Rashid, was able to play Doom on the device.

The hacks kept coming. McAfee, for his part, kept refusing to accept the hacks as genuine.

Unfortunately, the latest hack may have just fulfilled all of BitFi’s requirements. Rashid and Tierney have been able to pull cash out of the wallet by hacking the passphrase, a primary requirement for the bounty. “We have sent the seed and phrase from the device to another server, it just gets sent using netcat, nothing fancy.” Tierney said. “We believe all conditions have been met.”

The end state of this crypto mess? BitFi did what most hacked crypto companies do: double down on the threats. In a recently deleted Tweet they made it clear that they were not to be messed with:

The researchers, however, may still have the last laugh.

Particle brings an LTE cellular model to market for networked devices working off of 2G and 3G

Particle, a developer of networking hardware and software for connected devices, has released an LTE-enabled module for product developers.

The new device specifically targets folks whose devices were reliant on retiring 2G and 3G networks, according to the company, and include built-in cloud and SIM support.

Even as big telecom companies and vendors move ahead with 4G and now 5G networking equipment, those technologies aren’t necessarily the best for most networked devices, according to Particle .

LTE hardware is cheaper, has better battery life, and ranges that are more appropriate for industrial devices that may need to communicate across distances or through obstacles (like walls, other machines, doors, or floors).

Particularly, Particle sees demand for its devices in hard-to-reach or widely dispersed sensor networks — like industrial factory floors or in an agricultural monitoring setting for a farm or field.

“As US carriers are quickly moving to end 2G and 3G support, and global carriers plan for LTE network rollouts, the timing for an LTE strategy is more critical than ever,” according to a statement Bill Kramer, EVP of IoT Solutions at KORE, which provides managed IoT networks, application enablement, location based services

The new LTE product is part of a suite of offerings from Particle — including a device cloud, operating system, and developer toolkit, the company said.

By providing a pre-integrated solution, Particle said that its hardware represents a faster, far less complicated path to market.

“We launched our cellular development kit, the Electron, to give our developer community access to the power of cellular,” said Zach Supalla, Co-Founder and CEO of Particle, in a statement. “The following industrial E Series line made go-to-market with 2G/3G scalable for enterprises. Now with our LTE module, businesses will evolve alongside the quickly-changing cellular landscape without missing a beat.”

Particle’s new lineup now includes two LTE CAT-M1 models (LTE B13 and LTE B2/4/5/12) and is fully certified, low profile, surface mountable for industrial environments, and powered by Qualcomm’s MDM9206 IoT Modem and u-blox’s Sara-R410-02B module.

The new LTE hardware evaluation kit ships for $89 with an evaluation board, a sample temperature sensor, and accessories to build out a proof of concept, the company said. Individual modules are priced at $69.

Particle counts 8,500 customers and more than 140,000 developers among its customers building networking technologies for consumer and industrial devices. The company says its customers range from global energy provider Engie and design studio Ideo to indoor crops provider Grow Labs and coffee pioneer Keurig .

 

Happy 25th birthday, Linux

Linus Torvalds was the designer of the open-source operating system Linux. Linux will turn 25 years old on August 25, the day Linus Torvalds sent out his fateful message asking for help with a new operating system. “I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I’d like any feedback on things people like/dislike… Read More