Linux Foundation starts new group to build pandemic-popping software

Decentralised contact-tracing apps from Ireland and Canada are first off the rank

The Linux Foundation has announced a new Public Health initiative (LFPH) that “builds, secures, and sustains open source software to help public health authorities (PHAs) combat COVID-19 and future epidemics.”

The new group has seven “Premier members” - Cisco,, Geometer, IBM, NearForm, Tencent, and VMware – and has given itself the job of helping contact-tracing apps that use the Google Apple Exposure Notification (GAEN) framework. Over time the group plans to “support all aspects of PHA’s testing, tracing, and isolation activities.”

That plan has seen the group pick Canada’s COVID Shield app and Ireland’s COVID Green as the first projects it will back.

The group’s plan is to find code that’s relevant to its mission, make it open source, then building a community of interested and skilled people to work on it.

Map of UK with Coronavirus pin stuck in London admits it has not performed legally required data protection checks for COVID-19 tracing system


“Particularly in the US, PHAs have suffered from decades of underinvestment and urgently need to scale their capabilities to engage with the entire public during the worst pandemic in a century,” the group’s launch announcement states. “Many companies and individuals in the technology industry are eager to assist PHAs in meeting these challenges and LFPH provides a forum and toolset for them to engage in constructive ways.”

“We think our convening function to enable collaboration to battle this pandemic may be our biggest impact,” said LFPH general manager Dan Kohn.

As that’s the general purpose of the Linux Foundation, the group hopes to share its experience fostering other open source projects, and the experience of participants, to accelerate the development of useful pandemic-amelioration tools.

The group will run an introductory webinar on July 30th to explain itself to would-be participants.

The group’s decision to pick Canada’s and Ireland’s projects and the GAEN framework is notable because they use decentralised data storage. Government operators of contact-tracing apps therefore have no single record to work from. While that approach is good for privacy, it means human contact-tracers may not be able to access records. Australia has shied away from previous plans to adopt GAEN because the nation feels human contact-tracing is vital in the nation’;s fight against the novel coronavirus.

GAEN also promises superior performance on smartphones, while Australia has reported that as few as 25 percent of iPhone-to-iPhone encounters are logged by its COVIDSafe app. And despite more than six million downloads and a surging infection rate that has seen residents fined for playing Pokémon Go during a refreshed lockdown, COVIDSafe has not detected a single contact that wasn’t found by human contact-tracers.

The Register last week asked Singapore for data describing the performance of its TraceTogether app and was told the relevant government department is “planning to share more details over the next few weeks.” ®

Other stories you might like

  • Google opens the pod doors on Bay View campus
    A futuristic design won't make people want to come back – just ask Apple

    After nearly a decade of planning and five years of construction, Google is cutting the ribbon on its Bay View campus, the first that Google itself designed.

    The Bay View campus in Mountain View – slated to open this week – consists of two office buildings (one of which, Charleston East, is still under construction), 20 acres of open space, a 1,000-person event center and 240 short-term accommodations for Google employees. The search giant said the buildings at Bay View total 1.1 million square feet. For reference, that's less than half the size of Apple's spaceship. 

    The roofs on the two main buildings, which look like pavilions roofed in sails, were designed that way for a purpose: They're a network of 90,000 scale-like solar panels nicknamed "dragonscales" for their layout and shimmer. By scaling the tiles, Google said the design minimises damage from wind, rain and snow, and the sloped pavilion-like roof improves solar capture by adding additional curves in the roof. 

    Continue reading
  • Pentester pops open Tesla Model 3 using low-cost Bluetooth module
    Anything that uses proximity-based BLE is vulnerable, claim researchers

    Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be hoodwinked by a relay attack, leading to the theft of the flash motor.

    Discovered and demonstrated by researchers at NCC Group, the technique involves relaying the Bluetooth Low Energy (BLE) signals from a smartphone that has been paired with a Tesla back to the vehicle. Far from simply unlocking the door, this hack lets a miscreant start the car and drive away, too.

    Essentially, what happens is this: the paired smartphone should be physically close by the Tesla to unlock it. NCC's technique involves one gadget near the paired phone, and another gadget near the car. The phone-side gadget relays signals from the phone to the car-side gadget, which forwards them to the vehicle to unlock and start it. This shouldn't normally happen because the phone and car are so far apart. The car has a defense mechanism – based on measuring transmission latency to detect that a paired device is too far away – that ideally prevents relayed signals from working, though this can be defeated by simply cutting the latency of the relay process.

    Continue reading
  • Google assuring open-source code to secure software supply chains
    Java and Python packages are the first on the list

    Google has a plan — and a new product plus a partnership with developer-focused security shop Snyk — that attempts to make it easier for enterprises to secure their open source software dependencies.

    The new service, announced today at the Google Cloud Security Summit, is called Assured Open Source Software. We're told it will initially focus on some Java and Python packages that Google's own developers prioritize in their workflows. 

    These two programming languages have "particularly high-risk profiles," Google Cloud Cloud VP and GM Sunil Potti said in response to The Register's questions. "Remember Log4j?" Yes, quite vividly.

    Continue reading

Biting the hand that feeds IT © 1998–2022