Open Source

CERN Is Replacing Facebook Workplace With a Set of Open-Source Software Alternatives (phoronix.com) 18

CERN, the European Organization for Nuclear Research, is moving away from Facebook Workplace to instead make use of more open-source software packages. Phoronix reports: Facebook Workplace is Facebook's corporate-focused product for internal real-time communication and related communication needs within organizations. CERN had been making use of Facebook Workplace and in addition to data privacy concerns, they were recently confronted with either paying Facebook or losing administrative rights, no more single sign-on access, and Facebook having access to their internal data. But now they have assembled their own set of software packages to fill the void by abandoning Facebook Workplace.

CERN is now using the Mattermost open-source software for online chat and Discourse for further information exchange. CERN's IT department is working on filling the gaps further left by getting rid of Facebook Workplace. [CERN has published a post with more details about the move.]
ZDNet points out that this latest announcement "ends a nearly four-year trial with Facebook Workplace and means CERN will remove its presence from the platform on January 31, 2020."
Open Source

Linux 5.5 Released (kernel.org) 32

jrepin writes: Linus Torvalds has announced Linux 5.5 release, codenamed as Kleptomaniac Octopus.The latest version of the open source operating system kernel brings RAID1 with 3- and 4- copies to btrfs filesystem, ext4 gets direct I/O via iomap together with fscrypt supporting smaller block sizes, and you can now use SMB as root filesystem. AMD OverDrive overclocking is now supported on Navi GPUS, wake-on-voice on newer Google Chromebooks is now supported. Added was a Logitech keyboard driver. KUnit is a new unit testing framework for the kernel. There are many more new features which you can read about on Kernel Newbies changelog page. For downloads visit The Linux Kernel Archives.
Privacy

ProtonVPN Open Sources All Its Code (protonvpn.com) 29

ProtonVPN open sourced its code this week, ZDNet reports: On Tuesday, the virtual private network (VPN) provider, also known for the ProtonMail secure email service, said that the code backing ProtonVPN applications on every system -- Microsoft Windows, Apple macOS, Android, and iOS -- is now publicly available for review in what Switzerland-based ProtonVPN calls "natural" progression.

"There is a lack of transparency and accountability regarding who operates VPN services, their security qualifications, and whether they fully conform to privacy laws like GDPR," the company says. "Making all of our applications open source is, therefore, a natural next step." Each application has also undergone a security audit by SEC Consult, which ProtonVPN says builds upon a previous partnership with Mozilla...

The source code for each app is now available on GitHub (Windows, macOS, Android, iOS). "As a community-supported organization, we have a responsibility to be as transparent, accountable, and accessible as possible," ProtonVPN says.

"Going open source helps us to do that and serve you better at the same time."

They're also publishing the results of an independent security audit for each app. "As former CERN scientists, publication and peer review are a core part of our ethos..." the company wrote in a blog post. They also point out that Switzerland has some of the world's strongest privacy laws -- and that ProtonVPN observes a strict no-logs policy.

But how do they feel about their competition? "Studies have found that over one-third of Android VPNs actually contain malware, many VPNs suffered from major security lapses, and many free VPN services that claimed to protect privacy are secretly selling user data to third parties."
Hardware Hacking

Coming Soon: an Open Source eBook Reader (gizmodo.com.au) 46

Electronic component distributor Digi-Key will be producing a small manufacturing run of the "open hardware" ereader from the Open Book Project, reports Gizmodo: The raw hardware isn't as sleek or pretty as devices like the Kindle, but at the same time there's a certain appeal to the exposed circuit board which features brief descriptions of various components, ports, and connections etched right onto the board itself for those looking to tinker or upgrade the hardware. Users are encouraged to design their own enclosures for the Open Book if they prefer, either through 3D-printed cases made of plastic, or rustic wooden enclosures created using laser cutting machines. With a resolution of just 400x300 pixels on its monochromatic E Ink display, text on the Open Book won't look as pretty as it does on the Amazon Kindle Oasis which boasts a resolution of 1,680x1,264 pixels, but it should barely sip power from its built-in lithium-polymer rechargeable battery -- a key benefit of using electronic paper.

The open source ereader -- powered by an ARM Cortex M4 processor -- will also include a headphone jack for listening to audio books, a dedicated flash chip for storing language files with specific character sets, and even a microphone that leverages a TensorFlow-trained AI model to intelligently process voice commands so you can quietly mutter "next!" to turn the page instead of reaching for one of the ereader's physical buttons like a neanderthal. It can also be upgraded with additional functionality such as Bluetooth or wifi using Adafruit Feather expansion boards, but the most important feature is simply a microSD card slot allowing users to load whatever electronic text and ebook files they want. They won't have to be limited by what a giant corporation approves for its online book store, or be subject to price-fixing schemes which, for some reason, have still resulted in electronic files costing more than printed books.

Open Source

Framework Developer 'Ragequits' Open Source Community, Citing Negative Comments, 'Very Few Provide Help' (theregister.co.uk) 122

The maintainer of the popular Rust web framework Actix has quit the project -- though he's backed off threats to make its code private and delete its repository, instead appointing a new maintainer. "Be a maintainer of large open source project is not a fun task," he'd complained last week on GitHub. "You alway face with rude and hate, everyone knows better how to build software, nobody wants to do home work and read docs and think a bit and very few provide any help...

"You felt betrayed after you put so much effort and then to hear all this shit comments, even if you understand that that is usual internet behavior.... Nowadays supporting actix project is not fun, and be[ing] part of rust community is not fun as well."

The Register reports: Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim. The web framework is important to the Rust community partly because it addresses a common use case (development web applications) and partly because of its outstanding performance. For some tests, Actix tops the Techempower benchmarks.

The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code... Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

There is extensive use of unsafe code in Actix, leading to debate about what should be fixed. Kim was not always receptive to proposed changes... Kim said that he did not ignore or delete issues arbitrarily, but only because he felt he had a better or more creative solution than the one proposed -- while also acknowledging that the "removing issue was a stupid idea." He also threatened to "make [Actix] repos private and then delete them...." Since then, matters have improved. The Github repository was restored and Kim said, "I realized, a lot of people depend on actix. And it would be unfair to just delete repos... I hope new community of developers emerge. And good luck!"

The developer news site DevClass wrote that "The apparent 'ragequit' has prompted questions about the dynamics within the open source community." Over 120 GitHub users have now signed a sympathetic letter to Nikolay from "users, contributors, and followers of your work in the Rust community," saying "We are extremely disappointed at the level of abuse directed towards you."

"Working on open source projects should be rewarding, and your work has empowered thousands of developers across the world to build web services with Rust. It's incredibly tragic for someone who has contributed so much to the community, to be made to feel so unwelcome that they feel that they have no other choice than to leave. This is not the kind of community we want."
The Courts

EFF Defends Bruce Perens Victory Against 'Open Source Security' in Appeals Court 30

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. (And then left it this January 2nd.)

But in 2017 Perens was also sued partly over comments made in a Slashdot discussion. He's just shared a video from the 9th Circuit Appeals Court hearing -- along with this update: Open Source Security Inc. and their CEO, Mr. Bradley Spengler, sued me for 3 Million dollars for defamation, because I wrote this blog post, in which I explained why I thought they were in violation of the GPL. They lost in the lower court, and had to file this $300,000 bond to pay for my defense, which will be awarded to my attorneys if the appeals court upholds the lower court's finding.

Because OSS/Spengler are in Pensylvania and I am in California, this was tried before a Magistrate in Federal court, with the laws of California and the evidentiary rules of the Federal Court. Thus, I am now in the 9th Circuit for appeal.

The first attorney to appear is for OSS/Spengler. The second works for EFF, and the third for O'Melveny. In my opinion EFF and O'Melveny did a great job.

If you are interested in the case, I have a partial archive of the case documents from PACER, and a link to PACER where the rest can be found, here.
Wine

Wine 5.0 Released (bleepingcomputer.com) 60

An anonymous reader quotes a report from BleepingComputer: Wine 5.0 has been released today and contains over 7,400 bug fixes and numerous audio and graphics improvements that will increase performance in gaming on Linux. With the release of Wine 5.0, WineHQ hopes to resolve many of these issues, with the main improvements being:

-Builtin modules in PE format: To make games think Wine is a real Windows environment, most Wine 5.0 modules have been converted into the PE format rather than ELF binaries. It is hoped that this will allow copy-protection and anti-cheat programs to not flag games running under Wine as being modified.
-Multi-monitor support: Multiple displays adapters and multi-monitor configurations are now supported under Wine.
-XAudio2 reimplementation: XAudio2 libraries have been added back to Wine and will use the FAudio library for better compatibility.
-Vulkan 1.1 support: "The Vulkan driver supports up to version 1.1.126 of the Vulkan spec."
Here are the release notes, download locations for the binary packages (when available) and source.
Open Source

What Linus Torvalds Gets Wrong About ZFS (arstechnica.com) 279

Ars Technica recently ran a rebuttal by author, podcaster, coder, and "mercenary sysadmin" Jim Salter to some comments Linus Torvalds made last week about ZFS.

While it's reasonable for Torvalds to oppose integrating the CDDL-licensed ZFS into the kernel, Salter argues, he believes Torvalds' characterization of the filesystem was "inaccurate and damaging."
Torvalds dips into his own impressions of ZFS itself, both as a project and a filesystem. This is where things go badly off the rails, as Torvalds states, "Don't use ZFS. It's that simple. It was always more of a buzzword than anything else, I feel... [the] benchmarks I've seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it any more..."

This jaw-dropping statement makes me wonder whether Torvalds has ever actually used or seriously investigated ZFS. Keep in mind, he's not merely making this statement about ZFS now, he's making it about ZFS for the last 15 years -- and is relegating everything from atomic snapshots to rapid replication to on-disk compression to per-block checksumming to automatic data repair and more to the status of "just buzzwords."

[The 2,300-word article goes on to describe ZFS features like per-block checksumming, automatic data repair, rapid replication and atomic snapshots -- as well as "performance wins" including its Adaptive Replacement caching algorithm and its inline compression (which allows datasets to be live-compressed with algorithms.]

The TL;DR here is that it's not really accurate to make blanket statements about ZFS performance, absent a very particular, well-understood workload to measure that performance on. But more importantly, quibbling about the fastest possible benchmark rather loses the main point of ZFS. This filesystem is meant to provide an eminently scalable filesystem that's extremely resistant to data loss; those are points Torvalds notably never so much as touches on....

Meanwhile, OpenZFS is actively consumed, developed, and in some cases commercially supported by organizations ranging from the Lawrence Livermore National Laboratory (where OpenZFS is the underpinning of some of the world's largest supercomputers) through Datto, Delphix, Joyent, ixSystems, Proxmox, Canonical, and more...

It's possible to not have a personal need for ZFS. But to write it off as "more of a buzzword than anything else" seems to expose massive ignorance on the subject... Torvalds' status within the Linux community grants his words an impact that can be entirely out of proportion to Torvalds' own knowledge of a given topic -- and this was clearly one of those topics.

Open Source

Another Project Goes Private: Amara Stops Being Developed As Open Source (amara.org) 61

Slashdot reader northar writes:
Subtitling project Amara closes its repository as focus is shifting... Amara was AGPL up until going private.

While future improvements to the code base from the Participatory Culture Foundation (PCF) will not be public, a copy of the last public code base has been preserved at Gitlab, should anyone be interested in the work done up until now. Note that no support is given from PCF for this code

From Amara's official statement on the move: The Participatory Culture Foundation began as a nonprofit in 2006 with a focus on creating open source software to ensure that emerging video technologies were accessible to all.... For an organization like PCF, which relies on revenue generated from sustainability initiatives to fund social impact work, we believe the risk to these initiatives outweighs the potential or perceived public benefit from maintaining open code.

Releasing software as open source unfortunately does not provide protection against well-funded technology firms that are driven by profit... Without the proper market position and resources, a smaller organization that relies on revenue from software they build can be outmaneuvered or overpowered with the very technology they created (assuming their code is open source). This is not only a threat to smaller organizations, but has also become a bigger debate that much larger companies are also hashing out. For venture-funded or publicly traded firms, the open source approach can be a calculated risk that makes business sense. But for less-capitalized organizations or nonprofits, like PCF, who lack significant market power, making software open source puts other more well-resourced players in position to leverage the technology in ways that may undermine the sustainability and/or the values of the original developer.

With these shifts in the computing landscape, PCF has not seen individuals or communities as the primary beneficiary of releasing Amara code as open source. Instead, we have unfortunately had firsthand experience with a venture-funded organization deploying code we created and using it in ways that we did not think aligned well with our values....

As we undertake this shift in 2020, we are aware that the computing landscape will continue to change and thus we remain open to newer and better strategies for making source code available in the long-term. Future strategies might include data trusts and/or new licenses that better align with our sustainability initiatives and mission.

Open Source

Tuxedo's New Manjaro Linux Laptops Will Include Massive Customization (forbes.com) 17

Tuxedo Computers "has teamed up with Manjaro to tease not one, not two, but several" Linux laptops, Forbes reports:
The Tuxedo Computers InfinityBook Pro 15...can be loaded with up to 64GB of RAM, a 10th-generation Intel Core i7 CPU, and as high as a 2TB Samsung EVO Plus NVMe drive. You can also purchase up to a 5-year warranty, and user-installed upgrades will not void the warranty...

Manjaro Lead Project Developer Philip Müller also teased a forthcoming AMD Ryzen laptop [on Forbes' "Linux For Everyone" podcast]. "Yes, we are currently evaluating which models we want to use because the industry is screaming for that," Müller says. "In the upcoming weeks we might get some of those for internal testing. Once they're certified and the drivers are ready, we'll see when we can launch those." Müller also tells me they're prepping what he describes as a "Dell XPS 13 killer."

"It's 10th-generation Intel based, we will have it in 14-inch with a 180-degree lid, so you can lay it flat on your desk if you like," he says.

The Manjaro/Tuxedo Computers partnership will also offer some intense customization options, Forbes adds.

"Want your company logo laser-etched on the lid? OK. Want to swap out the Manjaro logo with your logo on the Super key? Sure, no problem. Want to show off your knowledge of fictional alien races? Why not get a 100% Klingon keyboard?"
Bug

CNCF, Google, and HackerOne Launch Kubernetes Bug Bounty Program 4

An anonymous reader quotes a report from VentureBeat: The Cloud Native Computing Foundation (CNCF) today announced it is funding a bug bounty program for Kubernetes. Security researchers who find security vulnerabilities in Kubernetes' codebase, as well as the build and release processes, will be rewarded with bounties ranging from $100 to $10,000. Bug bounty programs motivate individuals and hacker groups to not only find flaws but disclose them properly, instead of using them maliciously or selling them to parties that will. Originally designed by Google and now run by the CNCF, Kubernetes is an open source container orchestration system for automating application deployment, scaling, and management. Given the hundreds of startups and enterprises that use Kubernetes in their tech stacks, it's significantly cheaper to proactively plug security holes than to deal with the aftermath of breaches.
Open Source

How Digital Sleuths Unravelled the Mystery of Iran's Plane Crash (wired.co.uk) 172

Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then Iranian officials had to admit the truth. From a report: [...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.

Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.

Open Source

Linus Torvalds: Avoid Oracle's ZFS Kernel Code Until 'Litigious' Larry Signs Off (zdnet.com) 247

"Linux kernel head Linus Torvalds has warned engineers against adding a module for the ZFS filesystem that was designed by Sun Microsystems -- and now owned by Oracle -- due to licensing issues," reports ZDNet: As reported by Phoronix, Torvalds has warned kernel developers against using ZFS on Linux, an implementation of OpenZFS, and refuses to merge any ZFS code until Oracle changes the open-source license it uses.

ZFS has long been licensed under Sun's Common Development and Distribution License as opposed to the Linux kernel, which is licensed under GNU General Public License (GPL). Torvalds aired his opinion on the matter in response to a developer who argued that a recent kernel change "broke an important third-party module: ZFS". The Linux kernel creator says he refuses to merge the ZFS module into the kernel because he can't risk a lawsuit from "litigious" Oracle -- which is still trying to sue Google for copyright violations over its use of Java APIs in Android -- and Torvalds won't do so until Oracle founder Larry Ellison signs off on its use in the Linux kernel.

"If somebody adds a kernel module like ZFS, they are on their own. I can't maintain it and I cannot be bound by other people's kernel changes," explained Torvalds. "And honestly, there is no way I can merge any of the ZFS efforts until I get an official letter from Oracle that is signed by their main legal counsel or preferably by Larry Ellison himself that says that yes, it's OK to do so and treat the end result as GPL'd," Torvalds continued.

"Other people think it can be OK to merge ZFS code into the kernel and that the module interface makes it OK, and that's their decision. But considering Oracle's litigious nature, and the questions over licensing, there's no way I can feel safe in ever doing so."

Open Source

Terry Cavanagh Releases Source Code For VVVVVV On GitHub (gamasutra.com) 47

The source code for acclaimed 2D puzzle platformer VVVVVV has been released by creator Terry Cavanagh to celebrate the title's 10th anniversary. Gamasutra reports: Breaking to news in a blog post, Cavanagh explained the code fro both the desktop and mobile versions of the game can now be grabbed over on Github, and confessed that "even by the standard of self taught indie devs, it's kind of a mess." The desktop code is the version that was ported to C++ by Simon Roth back in 2011 and later updated and maintained by Ethan Lee, while the mobile code is written in Actionscript for Adobe AIR and is based on the original v1.0 flash version of the game.
Operating Systems

Huawei Unveils OpenEuler, CentOS-Based Linux Distribution (computing.co.uk) 53

New submitter profi shares a report from Computing: Huawei has released the source code of openEuler, its distribution of Linux based on CentOS. The operating system was formally launched by Huawei in September 2019 in response to U.S. sanctions, which had briefly affected the company's access to Windows and Android operating systems. The source code has now been published on Gitee, the Chinese version of Github.

OpenEuler comprises two organizations on Gitee, one for source code and one for package sources. The openEuler organization was keen to highlight two particular packages, iSulad and A-Tune, among the openEuler source code. "iSulad is a lightweight gRPC service-based container runtime. Compared to runc, iSulad is written in C, but all interfaces are compatible with OCI. A-Tune is a system software to auto-optimize the system adaptively to multiple scenarios with embedded AI-engine." The announcement continues: "You will also see several infrastructure-supported projects that set up the community's operating systems... these systems are built on the Huawei Cloud through script automation."

Among the package sources, covered by the src-openeuler organization on Gitee, are around 1,000 packages with versions in both ARM64 and X86 architecture packages. Huawei claims its developers have made a number of enhancements to ARM64 openEuler code to improve multi-core efficiency. It is also working on a "green computing" ecosystem with Linaro and the Green Industry Alliance. At the moment, the organization claims, there are more than 50 contributors and just under 600 commits. The openEuler community has around 20 SIGs or project groups.

Open Source

Linus Torvalds Calls Blogger's Linux Scheduler Tests 'Pure Garbage' (phoronix.com) 191

On Wednesday Phoronix cited a blog post by C++ game developer Malte Skarupke claiming his spinlocks experiments had discovered the Linux kernel had a scheduler issue affecting developers bringing games to Linux for Google Stadia.

Linus Torvalds has now responded: The whole post seems to be just wrong, and is measuring something completely different than what the author thinks and claims it is measuring.

First off, spinlocks can only be used if you actually know you're not being scheduled while using them. But the blog post author seems to be implementing his own spinlocks in user space with no regard for whether the lock user might be scheduled or not. And the code used for the claimed "lock not held" timing is complete garbage.

It basically reads the time before releasing the lock, and then it reads it after acquiring the lock again, and claims that the time difference is the time when no lock was held. Which is just inane and pointless and completely wrong...

[T]he code in question is pure garbage. You can't do spinlocks like that. Or rather, you very much can do them like that, and when you do that you are measuring random latencies and getting nonsensical values, because what you are measuring is "I have a lot of busywork, where all the processes are CPU-bound, and I'm measuring random points of how long the scheduler kept the process in place".

And then you write a blog-post blamings others, not understanding that it's your incorrect code that is garbage, and is giving random garbage values...

You might even see issues like "when I run this as a foreground UI process, I get different numbers than when I run it in the background as a batch process". Cool interesting numbers, aren't they?

No, they aren't cool and interesting at all, you've just created a particularly bad random number generator...

[Y]ou should never ever think that you're clever enough to write your own locking routines.. Because the likelihood is that you aren't (and by that "you" I very much include myself -- we've tweaked all the in-kernel locking over decades, and gone through the simple test-and-set to ticket locks to cacheline-efficient queuing locks, and even people who know what they are doing tend to get it wrong several times).

There's a reason why you can find decades of academic papers on locking. Really. It's hard.

"It really means a lot to me that Linus responded," the blogger wrote later, "even if the response is negative." They replied to Torvalds' 1,500-word post on the same mailing list -- and this time received a 1900-word response arguing "you did locking fundamentally wrong..." The fact is, doing your own locking is hard. You need to really understand the issues, and you need to not over-simplify your model of the world to the point where it isn't actually describing reality any more...

Dealing with reality is hard. It sometimes means that you need to make your mental model for how locking needs to work a lot more complicated...

Open Source

Open Source Initiative Co-Founder Bruce Perens Resigns, Citing Move Toward License 'That Isn't Freedom Respecting' (theregister.co.uk) 69

Bruce Perens (Slashdot reader #3872) co-founded the Open Source Initiative with Eric Raymond in 1998. But on Thursday Perens posted "it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn't freedom respecting. Fine, do it without me, please.

"I asked Patrick to cancel my membership, and I would have unsubscribed from OSI lists, including this one, if your server was working..."

The issue is a new software license drafted by lawyer Van Lindberg called the Cryptographic Autonomy License (or CAL). Another open-source-community leader familiar with the debate -- who spoke with The Register on condition of anonymity -- claimed Lindberg lobbied OSI directors privately to green-light the license, contrary to an approval process that's supposed to be carried out in public.

"I don't think that's an appropriate characterization," said Lindberg, of law firm Dykema, in a phone interview with The Register. "I think there are number of people who from the beginning made up their minds about the Cryptographic Autonomy License. You'll see a lot of people jumping onto any pretext they can find in order to oppose it. With regard to this idea of lobbying, there have been procedural-type communications that I think are entirely reasonable," he added. "But all the substantive debate has been on the license review and license discussion forums...."

Perens said he resigned because the OSI appears to have already decided to accept the license. He said he's headed in a different direction, which he called "coherent open source."

"We've gone the wrong way with licensing," he said, citing the proliferation of software licenses. He believes just three are necessary, AGPLv3, the LGPLv3, and Apache v2.

Meanwhile, the Cryptographic Autonomy License is envisioned for use with the distributed development platform Holo, notes the Register: According to Holo co-founder Arthur Brock, distributed peer-to-peer software needs a license that addresses cryptographic key rights, which is why the Cryptographic Autonomy License has been proposed. "We are trying to say: the only valid way to use our code is if that developer's end-users are the sole authors and controllers of their own private crypto keys," he wrote in a post last year.

Lindberg said the Cryptographic Autonomy License is applicable to current web applications but it more meaningful in the context of distributed workloads and distributed computation, which he contends will become more important as people seek alternatives to the centralization of today's cloud-based systems. "A lot of people are very concerned about this concept of owning your data, owning your computer, having the ability to really control your computing experience and have it not be controlled by your cloud provider," said Lindberg.

Perens said, "It's a good goal but it means you now need to have a lawyer to understand the license and to respond to your users."

Slashdot asked Bruce Perens for details on "Coherent Open Source." Here's what he wrote back...
Open Source

Linux Kernel Developers and Commits Dropped in 2019 (phoronix.com) 37

Phoronix reports that on New Year's Day, the Linux kernel's Git source tree showed 27,852,148 lines of code, divided among 66,492 files (including docs, Kconfig files, user-space utilities in-tree, etc).

Over its lifetime there's been 887,925 commits, and around 21,074 different authors: During 2019, the Linux kernel saw 74,754 commits, which is actually the lowest point since 2013. The 74k commits is compares to 80k commits seen in both 2017 and 2018, 77k commits in 2016, and 75k commits in both 2014 and 2015. Besides the commit count being lower, the author count for the year is also lower. 2019 saw around 4,189 different authors to the Linux kernel, which is lower than the 4,362 in 2018 and 4,402 in 2017.

While the commit count is lower for the year, on a line count it's about average with 3,386,347 lines of new code added and 1,696,620 lines removed...

Intel and Red Hat have remained the top companies contributing to the upstream Linux kernel.

Open Source

CNBC Reports Open Source Software Has Essentially 'Taken Over the World' (cnbc.com) 103

Slashdot reader DevNull127 writes: CNBC Explores released a 14-minute documentary this month called "The Rise Of Open-Source Software." It's already racked up 558,802 views on YouTube, arguing that open-source software "has essentially taken over the world. Companies in every industry, from Walmart to Exxon Mobile to Verizon, have open-sourced their projects. Microsoft has completely changed its point of view, and is now seen as a leader in the space. And in 2016 the U.S. government even promised to open-source at least 20% of all its new custom-developed code."

The documentary does mention the 1990s, when Microsoft "even went so far as to call Open Source 'Unamerican' and bad for intellectual property rights." But two and a half minutes in, they also tell the famous story of that 1970s printer jam at MIT which led to the purchase of a proprietary printer that inspired Richard Stallman to quit his job to develop the GNU operating system and spearhead the free software movement. And at three and a half minutes in, they also describe how Linus Torvalds "unceremoniously released" Linux in 1991, and report that "By the turn of the century, NASA, Dell, and IBM were all using it." And at 4:18, they mention "other open source projects" gaining popularity, including MySQL, Perl, and Apache.

"But for the layperson at the turn of the century, the rise of these technologies could have gone unnoticed. After all, hardly anyone ran Linux on their personal computers. But then in 2008, Google released Android devices, which ran on a modified version of Linux. Suddenly the operating system blew up the smartphone market..." (Chen Goldberg, Google's Director of Engineering, cites 2.5 billion active Android devices.) The documentary then traces the open source movement up through our current decade, even mentioning Microsoft's acquisition of GitHub, IBM's acquisition of Red Hat, and various monetization models (including GitHub's new "Sponsors" program). And it ends with the narrator calling open source development "the new norm..."

"After all, the success of Open Source reveals that collaboration and knowledge-sharing are more than just feel-good buzzwords. They're an effective business strategy. And if we're going to solve some of the world's biggest problems, many believe that we can't afford to hoard our resources and learnings."

Here's a list (in order of appearance) of the people interviewed:
  • Nat Friedman, CEO of GitHub
  • Devon Zuegel, Open-Source Product Manager, GitHub
  • Chris Wright, CTO of Red Hat
  • Jim Zemlin, Executive Director of the Linux Foundation
  • Feross Aboukhadijeh, Open-Source Maintainer
  • Chen Goldberg, Google's Director of Engineering

Jim Zemlin, Executive Director of the Linux Foundation, even tells CNBC that 10,000 lines of code are added to Linux every day. "It is by far the highest-velocity, the most effective software development process in the history of computing... As the idea of sharing technology and collaborating collectively expands, we're moving into open hardware initiatives, data-sharing initiatives. And that's really going to be the future...

"The complexity of building these technologies isn't going down, it's only going up. We can get that technology out there faster when everybody works together."


Open Source

FSF-Approved Hyperbola GNU/Linux Forking OpenBSD, Citing 'User Freedom' Concerns (hyperbola.info) 135

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

Slashdot Top Deals