b-dayyy quotes Linux Security: As AI becomes more and more ingrained in our daily lives through consumer products, we can't help but be concerned that proprietary software will comprise the market. And we are not talking about a million-dollar market, but a bigger one that may reach US$118.6 billion by 2025. Many industries and end-users would thus benefit from more open-source AI projects and tools for developers' use. That would save tons of individuals and companies money to build their own AI-powered apps.

In this post, we explore five open-source AI projects or tools that are compatible with Linux and delve into the pros and cons of open-source AI and AI in general.
The list includes TensorFlow by Google's AI research team, as well as Microsoft Cognitive Toolkit. The article points out that open-source AI "is also being explored in developing hardware, specifically microprocessors that are more secure," and suggests some other possible transformative uses (including smart farming technologies "that aid in livestock and crop monitoring, irrigation, weather forecasting, and overall farm management... [H]ealthcare becomes more factual than intuitive, increases in revenue can be seen more clearly in marketing efforts, and food security becomes a reality rather than a dream.

"However, we should not discount the fact that AI can also be weaponized, empowering the wrong people. Cybersecurity systems must also be upgraded to counter AI-powered cyberattacks. And when developing AI-powered machines, it is critical to ensure that they are not vulnerable to attacks."

In 2017 Elementary OS built a pay-what-you-want app store -- funded with $10,000 raised on IndieGogo. Now they're trying to raise another $10,000 for a one-week, in-person sprint in Denver, Colorado, Forbes reports, to upgrade the store while bringing an even grander concept to reality: That concept comprises 4 main goals:

- Enable open source developers to monetize their apps on every other Linux distribution

- Empower developers to ship apps with cutting-edge technologies

- Improve privacy, security, and stability

- Streamline the payments process

On the technical side of things, the team plans to rebuild AppCenter's backend from the ground up to enable newer technologies developers are asking for, and they're rallying behind the Flatpak packaging format to get it done. They've already been collaborating with the FlatHub team, and plan to bring in developers from Endless and GNOME to ensure that "our solution can be reused and improved by other Flatpak stores and the greater open source desktop ecosystem."
For a donation of $10, "you'll have your name immortalized in the AppCenter code on GitHub," explains a promotional video. (There's already 70 backers who have claimed this perk.) In fact, "Less than 8 hours ago we launched #AppCenterForEveryone, and we're 50% funded," announced an update Friday on Twitter. The campaign's web page shared this note of appreciation.

"With your support, we'll be able to accelerate the timeline on adopting cutting edge technology and making an even more competitive Open Source operating system and a compelling foundation for all Flatpak stores."

"The WireGuard VPN protocol will be included into the next Linux kernel as Linus Torvalds has merged it into his source tree for version 5.6," reports TechRadar:
While there are many popular VPN protocols such as OpenVPN, WireGuard has made a name for itself by being easy to configure and deploy as SSH... The WireGuard protocol is a project from security researcher and kernel developer Jason Donenfeld who created it as an alternative to both IPsec and OpenVPN. Since the protocol consists of around just 4,000 lines of code as opposed to the 100,000 lines of code that make up OpenVPN, it is much easier for security experts to review and audit for vulnerabilities.

While WireGuard was initially released for the Linux kernel, the protocol is now cross-platform and can be deployed on Windows, macOS, BSD, iOS and Android.
Ars Technica notes that with Linus having merged WireGuard into the source tree, "the likelihood that it will disappear between now and 5.6's final release (expected sometime in May or early June) is vanishingly small." WireGuard's Jason Donenfeld is also contributing AVX crypto optimizations to the kernel outside the WireGuard project itself. Specifically, Donenfeld has optimized the Poly1305 cipher to take advantage of instruction sets present in modern CPUs. Poly1305 is used for WireGuard's own message authentication but can be used outside the project as well — for example, chacha20-poly1305 is one of the highest-performing SSH ciphers, particularly on CPUs without AES-NI hardware acceleration.

Other interesting features new to the 5.6 kernel will include USB4 support, multipath TCP, AMD and Intel power management improvements, and more.

CERN, the European Organization for Nuclear Research, is moving away from Facebook Workplace to instead make use of more open-source software packages. Phoronix reports: Facebook Workplace is Facebook's corporate-focused product for internal real-time communication and related communication needs within organizations. CERN had been making use of Facebook Workplace and in addition to data privacy concerns, they were recently confronted with either paying Facebook or losing administrative rights, no more single sign-on access, and Facebook having access to their internal data. But now they have assembled their own set of software packages to fill the void by abandoning Facebook Workplace.

CERN is now using the Mattermost open-source software for online chat and Discourse for further information exchange. CERN's IT department is working on filling the gaps further left by getting rid of Facebook Workplace. [CERN has published a post with more details about the move.] ZDNet points out that this latest announcement "ends a nearly four-year trial with Facebook Workplace and means CERN will remove its presence from the platform on January 31, 2020."

jrepin writes: Linus Torvalds has announced Linux 5.5 release, codenamed as Kleptomaniac Octopus.The latest version of the open source operating system kernel brings RAID1 with 3- and 4- copies to btrfs filesystem, ext4 gets direct I/O via iomap together with fscrypt supporting smaller block sizes, and you can now use SMB as root filesystem. AMD OverDrive overclocking is now supported on Navi GPUS, wake-on-voice on newer Google Chromebooks is now supported. Added was a Logitech keyboard driver. KUnit is a new unit testing framework for the kernel. There are many more new features which you can read about on Kernel Newbies changelog page. For downloads visit The Linux Kernel Archives.

ProtonVPN open sourced its code this week, ZDNet reports: On Tuesday, the virtual private network (VPN) provider, also known for the ProtonMail secure email service, said that the code backing ProtonVPN applications on every system -- Microsoft Windows, Apple macOS, Android, and iOS -- is now publicly available for review in what Switzerland-based ProtonVPN calls "natural" progression.

"There is a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like GDPR," the company says. "Making all of our applications open source is, therefore, a natural next step." Each application has also undergone a security audit by SEC Consult, which ProtonVPN says builds upon a previous partnership with Mozilla...

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS). "As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible," ProtonVPN says.

"Going open source helps us to do that and serve you better at the same time."
They're also publishing the results of an independent security audit for each app. "As former CERN scientists, publication and peer review are a core part of our ethos..." the company wrote in a blog post. They also point out that Switzerland has some of the world's strongest privacy laws -- and that ProtonVPN observes a strict no-logs policy.

But how do they feel about their competition? "Studies have found that over one-third of Android VPNs actually contain malware, many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties."

Electronic component distributor Digi-Key will be producing a small manufacturing run of the "open hardware" ereader from the Open Book Project, reports Gizmodo: The raw hardware isn't as sleek or pretty as devices like the Kindle, but at the same time there's a certain appeal to the exposed circuit board which features brief descriptions of various components, ports, and connections etched right onto the board itself for those looking to tinker or upgrade the hardware. Users are encouraged to design their own enclosures for the Open Book if they prefer, either through 3D-printed cases made of plastic, or rustic wooden enclosures created using laser cutting machines. With a resolution of just 400x300 pixels on its monochromatic E Ink display, text on the Open Book won't look as pretty as it does on the Amazon Kindle Oasis which boasts a resolution of 1,680x1,264 pixels, but it should barely sip power from its built-in lithium-polymer rechargeable battery -- a key benefit of using electronic paper.

The open source ereader -- powered by an ARM Cortex M4 processor -- will also include a headphone jack for listening to audio books, a dedicated flash chip for storing language files with specific character sets, and even a microphone that leverages a TensorFlow-trained AI model to intelligently process voice commands so you can quietly mutter "next!" to turn the page instead of reaching for one of the ereader's physical buttons like a neanderthal. It can also be upgraded with additional functionality such as Bluetooth or wifi using Adafruit Feather expansion boards, but the most important feature is simply a microSD card slot allowing users to load whatever electronic text and ebook files they want. They won't have to be limited by what a giant corporation approves for its online book store, or be subject to price-fixing schemes which, for some reason, have still resulted in electronic files costing more than printed books.

The maintainer of the popular Rust web framework Actix has quit the project -- though he's backed off threats to make its code private and delete its repository, instead appointing a new maintainer. "Be a maintainer of large open source project is not a fun task," he'd complained last week on GitHub. "You alway face with rude and hate, everyone knows better how to build software, nobody wants to do home work and read docs and think a bit and very few provide any help...

"You felt betrayed after you put so much effort and then to hear all this shit comments, even if you understand that that is usual internet behavior.... Nowadays supporting actix project is not fun, and be[ing] part of rust community is not fun as well."

The Register reports: Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim. The web framework is important to the Rust community partly because it addresses a common use case (development web applications) and partly because of its outstanding performance. For some tests, Actix tops the Techempower benchmarks.

The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code... Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

There is extensive use of unsafe code in Actix, leading to debate about what should be fixed. Kim was not always receptive to proposed changes... Kim said that he did not ignore or delete issues arbitrarily, but only because he felt he had a better or more creative solution than the one proposed -- while also acknowledging that the "removing issue was a stupid idea." He also threatened to "make [Actix] repos private and then delete them...." Since then, matters have improved. The Github repository was restored and Kim said, "I realized, a lot of people depend on actix. And it would be unfair to just delete repos... I hope new community of developers emerge. And good luck!"
The developer news site DevClass wrote that "The apparent 'ragequit' has prompted questions about the dynamics within the open source community." Over 120 GitHub users have now signed a sympathetic letter to Nikolay from "users, contributors, and followers of your work in the Rust community," saying "We are extremely disappointed at the level of abuse directed towards you."

"Working on open source projects should be rewarding, and your work has empowered thousands of developers across the world to build web services with Rust. It's incredibly tragic for someone who has contributed so much to the community, to be made to feel so unwelcome that they feel that they have no other choice than to leave. This is not the kind of community we want."

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. (And then left it this January 2nd.)

But in 2017 Perens was also sued partly over comments made in a Slashdot discussion. He's just shared a video from the 9th Circuit Appeals Court hearing -- along with this update: Open Source Security Inc. and their CEO, Mr. Bradley Spengler, sued me for 3 Million dollars for defamation, because I wrote this blog post, in which I explained why I thought they were in violation of the GPL. They lost in the lower court, and had to file this $300,000 bond to pay for my defense, which will be awarded to my attorneys if the appeals court upholds the lower court's finding.

Because OSS/Spengler are in Pensylvania and I am in California, this was tried before a Magistrate in Federal court, with the laws of California and the evidentiary rules of the Federal Court. Thus, I am now in the 9th Circuit for appeal.

The first attorney to appear is for OSS/Spengler. The second works for EFF, and the third for O'Melveny. In my opinion EFF and O'Melveny did a great job.

If you are interested in the case, I have a partial archive of the case documents from PACER, and a link to PACER where the rest can be found, here.

An anonymous reader quotes a report from BleepingComputer: Wine 5.0 has been released today and contains over 7,400 bug fixes and numerous audio and graphics improvements that will increase performance in gaming on Linux. With the release of Wine 5.0, WineHQ hopes to resolve many of these issues, with the main improvements being:

-Builtin modules in PE format: To make games think Wine is a real Windows environment, most Wine 5.0 modules have been converted into the PE format rather than ELF binaries. It is hoped that this will allow copy-protection and anti-cheat programs to not flag games running under Wine as being modified.
-Multi-monitor support: Multiple displays adapters and multi-monitor configurations are now supported under Wine.
-XAudio2 reimplementation: XAudio2 libraries have been added back to Wine and will use the FAudio library for better compatibility.
-Vulkan 1.1 support: "The Vulkan driver supports up to version 1.1.126 of the Vulkan spec." Here are the release notes, download locations for the binary packages (when available) and source.

Ars Technica recently ran a rebuttal by author, podcaster, coder, and "mercenary sysadmin" Jim Salter to some comments Linus Torvalds made last week about ZFS.

While it's reasonable for Torvalds to oppose integrating the CDDL-licensed ZFS into the kernel, Salter argues, he believes Torvalds' characterization of the filesystem was "inaccurate and damaging."
Torvalds dips into his own impressions of ZFS itself, both as a project and a filesystem. This is where things go badly off the rails, as Torvalds states, "Don't use ZFS. It's that simple. It was always more of a buzzword than anything else, I feel... [the] benchmarks I've seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it any more..."

This jaw-dropping statement makes me wonder whether Torvalds has ever actually used or seriously investigated ZFS. Keep in mind, he's not merely making this statement about ZFS now, he's making it about ZFS for the last 15 years -- and is relegating everything from atomic snapshots to rapid replication to on-disk compression to per-block checksumming to automatic data repair and more to the status of "just buzzwords."

[The 2,300-word article goes on to describe ZFS features like per-block checksumming, automatic data repair, rapid replication and atomic snapshots -- as well as "performance wins" including its Adaptive Replacement caching algorithm and its inline compression (which allows datasets to be live-compressed with algorithms.]

The TL;DR here is that it's not really accurate to make blanket statements about ZFS performance, absent a very particular, well-understood workload to measure that performance on. But more importantly, quibbling about the fastest possible benchmark rather loses the main point of ZFS. This filesystem is meant to provide an eminently scalable filesystem that's extremely resistant to data loss; those are points Torvalds notably never so much as touches on....

Meanwhile, OpenZFS is actively consumed, developed, and in some cases commercially supported by organizations ranging from the Lawrence Livermore National Laboratory (where OpenZFS is the underpinning of some of the world's largest supercomputers) through Datto, Delphix, Joyent, ixSystems, Proxmox, Canonical, and more...

It's possible to not have a personal need for ZFS. But to write it off as "more of a buzzword than anything else" seems to expose massive ignorance on the subject... Torvalds' status within the Linux community grants his words an impact that can be entirely out of proportion to Torvalds' own knowledge of a given topic -- and this was clearly one of those topics.

Slashdot reader northar writes:
Subtitling project Amara closes its repository as focus is shifting... Amara was AGPL up until going private.

While future improvements to the code base from the Participatory Culture Foundation (PCF) will not be public, a copy of the last public code base has been preserved at Gitlab, should anyone be interested in the work done up until now. Note that no support is given from PCF for this code
From Amara's official statement on the move: The Participatory Culture Foundation began as a nonprofit in 2006 with a focus on creating open source software to ensure that emerging video technologies were accessible to all.... For an organization like PCF, which relies on revenue generated from sustainability initiatives to fund social impact work, we believe the risk to these initiatives outweighs the potential or perceived public benefit from maintaining open code.

Releasing software as open source unfortunately does not provide protection against well-funded technology firms that are driven by profit... Without the proper market position and resources, a smaller organization that relies on revenue from software they build can be outmaneuvered or overpowered with the very technology they created (assuming their code is open source). This is not only a threat to smaller organizations, but has also become a bigger debate that much larger companies are also hashing out. For venture-funded or publicly traded firms, the open source approach can be a calculated risk that makes business sense. But for less-capitalized organizations or nonprofits, like PCF, who lack significant market power, making software open source puts other more well-resourced players in position to leverage the technology in ways that may undermine the sustainability and/or the values of the original developer.

With these shifts in the computing landscape, PCF has not seen individuals or communities as the primary beneficiary of releasing Amara code as open source. Instead, we have unfortunately had firsthand experience with a venture-funded organization deploying code we created and using it in ways that we did not think aligned well with our values....

As we undertake this shift in 2020, we are aware that the computing landscape will continue to change and thus we remain open to newer and better strategies for making source code available in the long-term. Future strategies might include data trusts and/or new licenses that better align with our sustainability initiatives and mission.

Tuxedo Computers "has teamed up with Manjaro to tease not one, not two, but several" Linux laptops, Forbes reports:
The Tuxedo Computers InfinityBook Pro 15...can be loaded with up to 64GB of RAM, a 10th-generation Intel Core i7 CPU, and as high as a 2TB Samsung EVO Plus NVMe drive. You can also purchase up to a 5-year warranty, and user-installed upgrades will not void the warranty...

Manjaro Lead Project Developer Philip Müller also teased a forthcoming AMD Ryzen laptop [on Forbes' "Linux For Everyone" podcast]. "Yes, we are currently evaluating which models we want to use because the industry is screaming for that," Müller says. "In the upcoming weeks we might get some of those for internal testing. Once they're certified and the drivers are ready, we'll see when we can launch those." Müller also tells me they're prepping what he describes as a "Dell XPS 13 killer."

"It's 10th-generation Intel based, we will have it in 14-inch with a 180-degree lid, so you can lay it flat on your desk if you like," he says.
The Manjaro/Tuxedo Computers partnership will also offer some intense customization options, Forbes adds.

"Want your company logo laser-etched on the lid? OK. Want to swap out the Manjaro logo with your logo on the Super key? Sure, no problem. Want to show off your knowledge of fictional alien races? Why not get a 100% Klingon keyboard?"

An anonymous reader quotes a report from VentureBeat: The Cloud Native Computing Foundation (CNCF) today announced it is funding a bug bounty program for Kubernetes. Security researchers who find security vulnerabilities in Kubernetes' codebase, as well as the build and release processes, will be rewarded with bounties ranging from $100 to $10,000. Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Originally designed by Google and now run by the CNCF, Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Given the hundreds of startups and enterprises that use Kubernetes in their tech stacks, it's significantly cheaper to proactively plug security holes than to deal with the aftermath of breaches.

Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: [...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.

Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.

"Linux kernel head Linus Torvalds has warned engineers against adding a module for the ZFS filesystem that was designed by Sun Microsystems -- and now owned by Oracle -- due to licensing issues," reports ZDNet: As reported by Phoronix, Torvalds has warned kernel developers against using ZFS on Linux, an implementation of OpenZFS, and refuses to merge any ZFS code until Oracle changes the open-source license it uses.

ZFS has long been licensed under Sun's Common Development and Distribution License as opposed to the Linux kernel, which is licensed under GNU General Public License (GPL). Torvalds aired his opinion on the matter in response to a developer who argued that a recent kernel change "broke an important third-party module: ZFS". The Linux kernel creator says he refuses to merge the ZFS module into the kernel because he can't risk a lawsuit from "litigious" Oracle -- which is still trying to sue Google for copyright violations over its use of Java APIs in Android -- and Torvalds won't do so until Oracle founder Larry Ellison signs off on its use in the Linux kernel.

"If somebody adds a kernel module like ZFS, they are on their own. I can't maintain it and I cannot be bound by other people's kernel changes," explained Torvalds. "And honestly, there is no way I can merge any of the ZFS efforts until I get an official letter from Oracle that is signed by their main legal counsel or preferably by Larry Ellison himself that says that yes, it's OK to do so and treat the end result as GPL'd," Torvalds continued.

"Other people think it can be OK to merge ZFS code into the kernel and that the module interface makes it OK, and that's their decision. But considering Oracle's litigious nature, and the questions over licensing, there's no way I can feel safe in ever doing so."

The source code for acclaimed 2D puzzle platformer VVVVVV has been released by creator Terry Cavanagh to celebrate the title's 10th anniversary. Gamasutra reports: Breaking to news in a blog post, Cavanagh explained the code fro both the desktop and mobile versions of the game can now be grabbed over on Github, and confessed that "even by the standard of self taught indie devs, it's kind of a mess." The desktop code is the version that was ported to C++ by Simon Roth back in 2011 and later updated and maintained by Ethan Lee, while the mobile code is written in Actionscript for Adobe AIR and is based on the original v1.0 flash version of the game.

New submitter profi shares a report from Computing: Huawei has released the source code of openEuler, its distribution of Linux based on CentOS. The operating system was formally launched by Huawei in September 2019 in response to U.S. sanctions, which had briefly affected the company's access to Windows and Android operating systems. The source code has now been published on Gitee, the Chinese version of Github.

OpenEuler comprises two organizations on Gitee, one for source code and one for package sources. The openEuler organization was keen to highlight two particular packages, iSulad and A-Tune, among the openEuler source code. "iSulad is a lightweight gRPC service-based container runtime. Compared to runc, iSulad is written in C, but all interfaces are compatible with OCI. A-Tune is a system software to auto-optimize the system adaptively to multiple scenarios with embedded AI-engine." The announcement continues: "You will also see several infrastructure-supported projects that set up the community's operating systems... these systems are built on the Huawei Cloud through script automation."

Among the package sources, covered by the src-openeuler organization on Gitee, are around 1,000 packages with versions in both ARM64 and X86 architecture packages. Huawei claims its developers have made a number of enhancements to ARM64 openEuler code to improve multi-core efficiency. It is also working on a "green computing" ecosystem with Linaro and the Green Industry Alliance. At the moment, the organization claims, there are more than 50 contributors and just under 600 commits. The openEuler community has around 20 SIGs or project groups.

On Wednesday Phoronix cited a blog post by C++ game developer Malte Skarupke claiming his spinlocks experiments had discovered the Linux kernel had a scheduler issue affecting developers bringing games to Linux for Google Stadia.

Linus Torvalds has now responded: The whole post seems to be just wrong, and is measuring something completely different than what the author thinks and claims it is measuring.

First off, spinlocks can only be used if you actually know you're not being scheduled while using them. But the blog post author seems to be implementing his own spinlocks in user space with no regard for whether the lock user might be scheduled or not. And the code used for the claimed "lock not held" timing is complete garbage.

It basically reads the time before releasing the lock, and then it reads it after acquiring the lock again, and claims that the time difference is the time when no lock was held. Which is just inane and pointless and completely wrong...

[T]he code in question is pure garbage. You can't do spinlocks like that. Or rather, you very much can do them like that, and when you do that you are measuring random latencies and getting nonsensical values, because what you are measuring is "I have a lot of busywork, where all the processes are CPU-bound, and I'm measuring random points of how long the scheduler kept the process in place".

And then you write a blog-post blamings others, not understanding that it's your incorrect code that is garbage, and is giving random garbage values...

You might even see issues like "when I run this as a foreground UI process, I get different numbers than when I run it in the background as a batch process". Cool interesting numbers, aren't they?

No, they aren't cool and interesting at all, you've just created a particularly bad random number generator...

[Y]ou should never ever think that you're clever enough to write your own locking routines.. Because the likelihood is that you aren't (and by that "you" I very much include myself -- we've tweaked all the in-kernel locking over decades, and gone through the simple test-and-set to ticket locks to cacheline-efficient queuing locks, and even people who know what they are doing tend to get it wrong several times).

There's a reason why you can find decades of academic papers on locking. Really. It's hard.
"It really means a lot to me that Linus responded," the blogger wrote later, "even if the response is negative." They replied to Torvalds' 1,500-word post on the same mailing list -- and this time received a 1900-word response arguing "you did locking fundamentally wrong..." The fact is, doing your own locking is hard. You need to really understand the issues, and you need to not over-simplify your model of the world to the point where it isn't actually describing reality any more...

Dealing with reality is hard. It sometimes means that you need to make your mental model for how locking needs to work a lot more complicated...

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. But on Thursday Perens posted "it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn't freedom respecting. Fine, do it without me, please.

"I asked Patrick to cancel my membership, and I would have unsubscribed from OSI lists, including this one, if your server was working..."

The issue is a new software license drafted by lawyer Van Lindberg called the Cryptographic Autonomy License (or CAL). Another open-source-community leader familiar with the debate -- who spoke with The Register on condition of anonymity -- claimed Lindberg lobbied OSI directors privately to green-light the license, contrary to an approval process that's supposed to be carried out in public.

"I don't think that's an appropriate characterization," said Lindberg, of law firm Dykema, in a phone interview with The Register. "I think there are number of people who from the beginning made up their minds about the Cryptographic Autonomy License. You'll see a lot of people jumping onto any pretext they can find in order to oppose it. With regard to this idea of lobbying, there have been procedural-type communications that I think are entirely reasonable," he added. "But all the substantive debate has been on the license review and license discussion forums...."

Perens said he resigned because the OSI appears to have already decided to accept the license. He said he's headed in a different direction, which he called "coherent open source."

"We've gone the wrong way with licensing," he said, citing the proliferation of software licenses. He believes just three are necessary, AGPLv3, the LGPLv3, and Apache v2.
Meanwhile, the Cryptographic Autonomy License is envisioned for use with the distributed development platform Holo, notes the Register: According to Holo co-founder Arthur Brock, distributed peer-to-peer software needs a license that addresses cryptographic key rights, which is why the Cryptographic Autonomy License has been proposed. "We are trying to say: the only valid way to use our code is if that developer's end-users are the sole authors and controllers of their own private crypto keys," he wrote in a post last year.

Lindberg said the Cryptographic Autonomy License is applicable to current web applications but it more meaningful in the context of distributed workloads and distributed computation, which he contends will become more important as people seek alternatives to the centralization of today's cloud-based systems. "A lot of people are very concerned about this concept of owning your data, owning your computer, having the ability to really control your computing experience and have it not be controlled by your cloud provider," said Lindberg.

Perens said, "It's a good goal but it means you now need to have a lawyer to understand the license and to respond to your users."
Slashdot asked Bruce Perens for details on "Coherent Open Source." Here's what he wrote back...