Cloudflare's random number generator, robotics data visualization, npm token scanning, and more news

In this edition of our open source news roundup, we take a look Cloudflare’s open source random number generator, more open source robotics data, new npm functionality, and more!

Cloudflare announces open source random number generator project

Is there such a thing as a truly random number? Internet security and services provider Cloudflare things so. To prove it, the company has formed The League of Entropy, an open source project to create a generator for random numbers.

The League consists of Cloudflare and “five other organisations — predominantly universities and security companies.” They share random numbers, using an open source tool called Drand (short for Distributed Randomness Beacon Daemon). The numbers are then “composited into one random number” on the basis that “several random numbers are more random than one random number.” While the League’s random number generator isn’t intended “for any kind of password or cryptographic seed generation,” Cloudflare’s CEO Matthew Prince points out that if “you need a way of having a known random source, this is a really valuable tool.”

Cruise open sources robotics data analysis tool

Projects involved in creating self-driving vehicles generate petabytes of data. And with amounts of data that large comes the challenge of quickly and effectively analyzing it. To make the task easier, General Motors subsidiary Cruise has made its Webviz data visualization tool “freely available to developers in need of a modular robotics analysis solution.”

Webviz “takes as input any bag file (the message format used by the popular Robot Operating System) and outputs charts and graphs.” It “contains a collection of general panels (which visualize data) applicable to most robotics developers,” said Esther Weon, a software engineer at Cruise. The company also plans to “release a public API that’ll allow developers to build custom panels themselves.”

The code for Webviz is available on GitHub, where you can download or contribute to the project.

npm provides more security

The team behind npm, the site providing JavaScript package hosting, has a new collaboration with GitHub to automatically scan for exposed tokens that could give hackers access that doesn’t belong to them. The project includes a handy automatic revoke of leaked credentials them if are still valid. This could drastically reduce vulnerabilities in the JavaScript community. For instructions on how to participate, see the original article.

Note that this news was found via the Changelog news.

Better end of life tracking via open source

A new project, endoflife.date, aims to overcome the complexity of end of life (EOL) announcements for software. It’s part tracker, part public announcement on what good documentation looks like for software. As the README states: “The reason this site exists is because this information is very often hidden away. If you’re releasing something on a regular basis:

  1. List only supported releases.
  2. Give EoL dates/policy if possible.
  3. Hide unsupported releases behind a few extra clicks.
  4. Mention security/active release difference if needed.”

Check out the source code for more information.

In other news

Thanks, as always, to Opensource.com staff members and moderators for their help this week.

Posted by Web Monkey