According to the Wall Street Journal, Goldman Sachs is planning to release on GitHub some of the code that its traders and engineers use to price securities and analyze and manage risk. "The bank also is offering $100,000 in annual funding for engineers to build new applications using the bank's code," the report adds. "Goldman will own the resulting intellectual property, plus get an early look to invest in promising technology." From the report: It is Goldman's latest move to shed some of its trademark secrecy and share its once closely guarded technology. It is part of a broader shift at Wall Street firms to emulate Silicon Valley giants like Google and Facebook, which have opened up their technology to a community of enthusiastic developers. By letting outsiders tinker with its code, Goldman hopes to crowdsource new uses for it and earn the loyalty of computer-driven "quant" traders who have taken the investing world by storm.

Goldman's proprietary trading engine, known as SecDB, once made its traders the smartest on Wall Street. It is credited with helping the firm weather the 2008 financial meltdown better than rivals. But a postcrisis ban on proprietary trading has made it more valuable as a service offered to clients than an in-house moneymaker. Over the past five years, Goldman has been building SecDB's capabilities into a web application called Marquee, which now has about 13,000 users roughly split between Goldman employees and clients. The code coming to GitHub will allow users to interact directly with Marquee's data feeds, pricing engines and other tools.

Wednesday CMU announced the open sourcing of its adaptive-learning software platform -- plus analytics and dozens of other related tools for improving college teaching -- as part of a national push "in an unusual move intended to shake up how college teaching is done around the world," writes EdSurge.

Long-time Slashdot reader jyosim shares their report: Officials estimate that developing the software has cost more than $100 million in foundation grants and university dollars. The goal of the software giveaway is to jump-start "learning engineering," the practice of applying findings from learning science to college classrooms. If it takes off, the effort could result in a free, open-source alternative to a growing number of commercial adaptive-learning and learning analytics tools aimed at colleges. One of the biggest concerns by college leaders about buying such tools from commercial vendors is whether colleges will have access to the underlying algorithmic logic -- or whether the systems will be a "black box...."

"We need a scientific revolution in education akin to the one that we had in medicine 150 years ago," said Michael Feldstein, coordinator of the Empirical Educator Project, in a statement. "This isn't a silver bullet, and it isn't charity. It's an invitation to the educators of the world for us all to solve big problems together."
CMU's Nobel prize-winning economics professor Herbert Simon once argued of colleges that "we must step back and view them with Martian eyes, innocent of their history, to appreciate fully how outrageous their operation is... [W]e find no one with a professional knowledge of the laws of learning, or of the techniques of applying them."

Kenneth R. Koedinger, a professor of human computer interaction and psychology at Carnegie Mellon, now argues that "we need to change higher ed from a solo sport to a collaborative research activity."

prpplague writes: Despite Linus Torvald's recent claims ARM won't win in the server space, there are very specific use cases where ARM is making advances into the datacenter. One of those is for use with software-defined storage with open-source projects like CEPH. In a recent The Register article, Softiron's CTO Phil Straw states about their ARM-based CEPH appliances: "It's a totally shitty computer, but what we are trying to do here is storage, and not compute, so when you look at the IO, when you look at the buffering, when you look at the data paths, there's amazing performance -- we can approach something like a quarter of a petabyte, at 200Gbps wireline throughput." Straw claimed that, on average, SoftIron servers run 25C cooler than a comparable system powered by Xeons." So... ARM in the datacenter might be saying, "I'm not quite dead yet!"

After being delayed for the better part of one month, LLVM 8.0 officially is finally available. From a report: LLVM release manager Hans Wennborg announced the release a few minutes ago and summed up this half-year update to LLVM and its sub-project as: "speculative load hardening, concurrent compilation in the ORC JIT API, no longer experimental WebAssembly target, a Clang option to initialize automatic variables, improved pre-compiled header support in clang-cl, the /Zc:dllexportInlines- flag, RISC-V support in lld. And as usual, many bug fixes, optimization and diagnostics improvements, etc."

Stephen O'Grady, co-founder of the industry analyst firm RedMonk, asks whether open source vendors are marching towards an inevitable and damaging war with big cloud providers: In the last twelve to eighteen months...a switch has been flipped. Companies have gone from regarding cloud providers like Amazon, Google or Microsoft as not even worth mentioning as competition to dreadful, existential threat. The fear of these cloud providers has become so overpowering, in fact, that commercial open source vendors have chosen -- against counsel, in many cases -- to walk down strategic paths that violate open source cultural norms, trigger massive and sustained negative PR and jeopardize relationships with developers, partners and customers. Specifically, commercial open source providers have increasingly turned to models that blur the lines between open source and proprietary software in an attempt to access the strengths of both, with the higher probability outcome of ending up with their weaknesses instead.

That commercial open source providers took these actions having been advised of these and other risks in advance says everything about how these businesses view their prospects in a world increasingly dominated by massive providers of cloud infrastructure and an expanding array of services that sit on top of that. The strategic decisions inarguably have major, unavoidable negative consequences, but commercial open source providers -- or their investors, at least -- believe that a lack of action would be even more damaging.

Five candidates now are running to be Debian's project leader for the coming year. But earlier this week, Slashdot reader Seven Spirals shared LWN's story about what a difficult election it's been: This year, the call for nominations was duly sent out by project secretary Kurt Roeckx on March 3. But, as of March 10, no eligible candidates had put their names forward... There is nobody there to do any campaigning.

This being Debian, the constitution naturally describes what is to happen in this situation: the nomination period is extended for another week... Should this deadline also pass without candidates, it will be extended for another week; this loop will repeat indefinitely until somebody gives in and submits their name... In the absence of a project leader, the chair of the technical committee and the project secretary are empowered to make decisions -- as long as they are able to agree on what those decisions should be. Since Debian developers are famously an agreeable and non-argumentative bunch, there should be no problem with that aspect of things...

One might well wonder, though, why there seems to be nobody who wants to take the helm of this project for a year. The fact that it is an unpaid position requiring a lot of time and travel might have something to do with it. If that were indeed to prove to be part of the problem, Debian might eventually have to consider doing what a number of similar organizations have done and create a paid position to do this work.

Long-time Slashdot reader jasenj1 and Striek both shared news of a growing open source controversy. "Amazon Web Services on Monday announced that it's partnering with Netflix and Expedia to champion a new Open Distro for Elasticsearch due to concerns of proprietary code being mixed into the open source Elasticsearch project," reports Datanami.

"Elastic, the company behind Elasticsearch, responded by accusing Amazon of copying code, inserting bugs into the community code, and engaging with the company under false pretenses..." In a blog post, Adrian Cockcroft, the vice president of cloud architecture strategy for AWS, says the new project is a "value added" distribution that's 100% open source, and that developers working on it will contribute any improvements or fixes back to the upstream Elasticsearch project. "The new advanced features of Open Distro for Elasticsearch are all Apache 2.0 licensed," Cockroft writes. "With the first release, our goal is to address many critical features missing from open source Elasticsearch, such as security, event monitoring and alerting, and SQL support...." Cockroft says there's no clear documentation in the Elasticsearch release notes over what's open source and what's proprietary. "Enterprise developers may inadvertently apply a fix or enhancement to the proprietary source code," he wrote. "This is hard to track and govern, could lead to breach of license, and could lead to immediate termination of rights (for both proprietary free and paid)."

Elastic CEO Shay Banon responded Tuesday to AWS in a blog post, in which he leveled a variety of accusations at the cloud giant. "Our products were forked, redistributed and rebundled so many times I lost count," Banon wrote. "There was always a 'reason' [for the forks, redistributions, and rebundling], at times masked with fake altruism or benevolence. None of these have lasted. They were built to serve their own needs, drive confusion, and splinter the community." Elastic's commercial code may have provided an "inspiration" for others to follow, Banon wrote, but that inspiration didn't necessarily make for clean code. "It has been bluntly copied by various companies and even found its way back to certain distributions or forks, like the freshly minted Amazon one, sadly, painfully, with critical bugs," he wrote.

"The Linux Foundation is launching a new platform designed to sustain open-source communities," reports SD Times: CommunityBridge was announced at this week's Open Source Leadership Summit. The Linux Foundation plans to launch a number of tools to the open-source community throughout the next two years.

The platform is currently being released with Community Bridge Funding to help developers raise and spend funding; CommunityBridge Security for potential vulnerabilities and fixes; and CommunityBridge People for networking and making connections with mentors and mentees.
"In making the announcement, Jim Zemlin, executive director of the Linux Foundation, said on stage at the conference that the Linux Foundation would match funding for any organization that donated funds to CommunityBridge projects," reports FierceTelecom.

"Following up on those announcements, Microsoft-owned GitHub said it would donate $100,000 to CommunityBridge and invited maintainers of CommunityBridge projects to take part in GitHub's maintainer program."

The Linux Foundation today unveiled several major collaborative partnerships as it looks to cement the development of various open source projects that power much of the web. From a report: First off, the Node.js Foundation and the JS Foundation, which the Linux Foundation launched in 2016, are merging to form the OpenJS Foundation. The merger between the two chief organizations that focus on JavaScript comes six months after they publicly began to explore such a possibility with their communities. The OpenJS Foundation will focus on hosting and funding activities that support the growth of JavaScript and web technologies, the Linux Foundation said in a press release.

The OpenJS Foundation consists of 29 open source JavaScript projects including jQuery, Node.js, Appium, Dojo, and webpack. The merger is supported by 30 corporate and end user members including Google, Microsoft, IBM, PayPal, GoDaddy, and Joyent that recognize the "interconnected nature of the JavaScript ecosystem, and the importance of providing a neutral home for projects which represent significant shared value," the Linux Foundation said in a prepared statement. Also in the report: The Linux Foundation has created CHIPS Alliance, a project that aims to host and curate open source code relevant to design of chips that power mobile, IoT, and other consumer electronic devices; and the Continuous Delivery Foundation, which aims to serve as a platform for vendors, developers, and users to frequently engage and share insights and best practices to spur the development of open source projects.

It also announced that the GraphQL Foundation is collaborating with Joint Development Foundation to encourage "contributions, stewardship, and a shared investment from a broad group in vendor-neutral events, documentation, tools, and support for the data query language."

Michael Stapelberg, maintains "a bunch" of Debian packages and services, and says the free software Linux distro "has been in my life for well over 10 years at this point."

Today he released a 2,255-word essay explaining why he's "winding down" his involvement in Debian to a minimum, citing numerous complaints including Debian's complicated build stack, waits of up to seven hours before package uploads can be installed, leading to "asynchronous" feedback -- and Debian's lack of tooling for large changes.
The closest to "sending out a change for review" is to open a bug report with an attached patch... Culturally, reviews and reactions are slow. There are no deadlines. I literally sometimes get emails notifying me that a patch I sent out a few years ago (!!) is now merged. This turns projects from a small number of weeks into many years, which is a huge demotivator for me.

Interestingly enough, you can see artifacts of the slow online activity manifest itself in the offline culture as well: I don't want to be discussing systemd's merits 10 years after I first heard about it.

Lastly, changes can easily be slowed down significantly by holdouts who refuse to collaborate. My canonical example for this is rsync, whose maintainer refused my patches to make the package use debhelper purely out of personal preference. Granting so much personal freedom to individual maintainers prevents us as a project from raising the abstraction level for building Debian packages, which in turn makes tooling harder.
There's also several complaints about old infrastructure -- for example, "I dread interacting with the Debian bug tracker. debbugs is a piece of software (from 1994) which is only used by Debian and the GNU project these days." Stapelberg also complains that the "painful" experience of developing using Debian "leaves a lot to be desired," and adds that "It baffles me that in 2019, we still don't have a conveniently browsable threaded archive of mailing list discussions."

"My frustration level ultimately exceeded the threshold," Stapelberg writes in the essay, adding "I hope this post inspires someone, ideally a group of people, to improve the developer experience within Debian." He'll soon transition packages to be team-maintained "where it makes sense," but also "orphan packages where I am the sole maintainer... For all intents and purposes, please treat me as permanently on vacation..."

"I will try to keep up best-effort maintenance of the manpages.debian.org service and the codesearch.debian.net service, but any help would be much appreciated."

"For over a decade, VMware has been accused of illegally using Linux code in its VMware ESX bare-metal virtual machine hypervisor," reports ZDNet, adding that "A German court has dismissed the case, but the struggle may not be over." VMware stood accused of illegally using Linux code in its flagship VMware ESX bare-metal virtual machine (VM) hypervisor... In 2011, the Software Freedom Conservancy, a non-profit organization that promotes open-source software, discovered that VMware had failed to properly license any Linux or BusyBox, a popular embedded Linux toolkit, source code... In 2015, having exhausted all other means, [Linux kernel developer Christoph] Hellweg and the Software Freedom Conservancy sued VMware in the district court of Hamburg in Germany. Besides the general violation of the GPLv2, "Conservancy and Hellwig specifically assert that VMware has combined copyrighted Linux code, licensed under GPLv2, with their own proprietary code called 'vmkernel' and distributed the entire combined work without providing nor offering complete, corresponding source code for that combined work under terms of the GPLv2."

The German court disagreed in November 2018. Helwig appealed and continued the fight, saying "The lower court dismissed the case as a result of evidentiary rules and likely an incomplete understanding of the documentation of the code in question...." [Monday] VMware rather mysteriously announced: "VMware is pleased with the Feb. 28, 2019 decision of the German appellate court in Hamburg to dismiss Mr. Hellwig's appeal and let stand the regional court's decision to dismiss Mr. Hellwig's lawsuit. "
Karen Sandler, attorney and the Conservancy's executive director, told ZDNet that "We strongly believe that litigation is necessary against willful GPL violators, particularly in cases like VMware where this is strong community consensus that their behavior is wrong. Litigation moves slowly. We will continue to discuss this with Christoph and his lawyers and hope to say more about it in the coming weeks -- after the courts provide their rationale for their decision to the parties (which has not yet occurred)."

Meanwhile, VMware stated that it "continues to be a strong supporter of open source software development," adding that it's been "actively" working on removing vmklinux from vSphere in an upcoming release as part of a multi-year project -- "for reasons unrelated to the litigation."

Microsoft said today it has made the source code for its Windows calculator available on GitHub. The company said it hopes to work with contributors to improve the user experience of Windows calculator. In a statement, Dave Grochocki and Howard Wolosky of Microsoft said: Today, we're excited to announce that we are open sourcing Windows Calculator on GitHub under the MIT License. This includes the source code, build system, unit tests, and product roadmap. Our goal is to build an even better user experience in partnership with the community. We are encouraging your fresh perspectives and increased participation to help define the future of Calculator. As developers, if you would like to know how different parts of the Calculator app work, easily integrate Calculator logic or UI into your own applications, or contribute directly to something that ships in Windows, now you can. Calculator will continue to go through all usual testing, compliance, security, quality processes, and Insider flighting, just as we do for our other applications.

Last December, Microsoft announced that it has embraced Google's Chromium open source project for Edge development on the desktop, a move that shocked many. We now have some leaked screenshots of the browser in its current state, and they appear to show a browser resembling Google Chrome. Neowin reports: A lot of the design language and icons have remained similar to what they were like before, but there are definitely many changes that will be familiar to Chrome users. For one, the options to see all your tabs and to set aside the currently open tabs have been removed compared to the current version of Edge. To the right of the address bar, you'll be able to find your extensions, as well as your profile picture similar to what Chrome looks like. Bing is integrated into the browser -- as you'd expect of a Microsoft-made browser -- and the New Tab background can be set to rotate based on Bing's image of the day. Scrolling down will reveal a personalized news feed powered by Microsoft News, similar to the old Edge. The layout of the feed can be customised based on your preference from among a number of options.

The settings options for the browser have also changed. While Edge settings are currently available via a slide-out menu from the right, the new Edge's settings are accessible through a new tab similar to Chrome. It'll show the Microsoft account you're logged into, as well as the usual array of toggles and tidbits you'd expect. Ominously, the about page for the browser now acknowledges the contributions of the Chromium project, as well as other open source software, a stark reminder that this isn't the Microsoft of yesteryear. This is a new browser, and a new Microsoft.

An anonymous reader quotes a report from VentureBeat: Google's AI research division today open-sourced GPipe, a library for "efficiently" training deep neural networks (layered functions modeled after neurons) under Lingvo, a TensorFlow framework for sequence modeling. It's applicable to any network consisting of multiple sequential layers, Google AI software engineer Yanping Huang said in a blog post, and allows researchers to "easily" scale performance. As Huang and colleagues explain in an accompanying paper ("GPipe: Efficient Training of Giant Neural Networks using Pipeline Parallelism"), GPipe implements two nifty AI training techniques. One is synchronous stochastic gradient descent, an optimization algorithm used to update a given AI model's parameters, and the other is pipeline parallelism, a task execution system in which one step's output is streamed as input to the next step.

Most of GPipe's performance gains come from better memory allocation for AI models. On second-generation Google Cloud tensor processing units (TPUs), each of which contains eight processor cores and 64 GB memory (8 GB per core), GPipe reduced intermediate memory usage from 6.26 GB to 3.46GB, enabling 318 million parameters on a single accelerator core. Without GPipe, Huang says, a single core can only train up to 82 million model parameters. That's not GPipe's only advantage. It partitions models across different accelerators and automatically splits miniature batches (i.e., "mini-batches") of training examples into smaller "micro-batches," and it pipelines execution across the micro-batches. This enables cores to operate in parallel, and furthermore accumulate gradients across the micro-batches, thereby preventing the partitions from affecting model quality.

An anonymous reader writes: Linus Torvalds has released Linux 5.0 in kicking off the kernel's 28th year of development. Linux 5.0 features include AMD FreeSync support, open-source NVIDIA Turing GPU support, Intel Icelake graphics, Intel VT-d scalable mode, NXP PowerPC processors are now mitigated for Spectre Variant Two, and countless other additions. eWeek adds: Among the new features that have landed in Linux 5.0 is support for the Adiantum encryption system, developed by Google for low power devices. Google's Android mobile operating system and ChromeOS desktop operating system both rely on the Linux kernel. "Storage encryption protects your data if your phone falls into someone else's hands," Paul Crowley and Eric Biggers, Android Security and Privacy Team at Google wrote in a blog post. "Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted. Memory management in Linux also gets a boost in the 5.0 kernel with a series of improvements designed to help prevent memory fragmentation, which can reduce performance.

Bruce Perens writes: The Open Source Initiative is holding an election for 6 board seats. We shouldn't have an election without a policy debate! Even if you aren't an OSI member, you can (and should) ask questions of the candidates. To do so, go to the election site, register on the wiki, and then enter questions at the bottom of each candidate's statement. The XWiki syntax is here.

On Thursday, Google began officially selling their new .dev domains to anyone, Engadget reports: To claim a .dev, all you need to do is sign up with your registrar of choice (Google, naturally, is an option). As a bonus, Google is offering a free .dev domain to anyone who applied for a ticket to the Google I/O event happening this May.

The domains will be secure by default, as they all require HTTPS, and Google has already moved many of its own sites (including web.dev, opensource.dev and flutter.dev) to the domain.
"The internet has come a long way from the days of .com, .org and .net," writes Engadget. "Now, you can get domains ending in anything from .cool to .ninja."

UPDATE (3/3/2019): Apparently the domain emacs.dev now points to the web site for Vim.

Big cloud companies are "strip-mining open-source technologies and companies," complains Michael Howard, CEO of MariaDB. At their developer conference, Howard accused "big cloud" of "really abusing the license and privilege [of open source], by not giving back to the community." ZDNet reports: Even as MariaDB grows by leaps and bounds in enterprise computing at Oracle's expense, Howard sees Oracle and Amazon fighting against it. "Oracle as the example of on-premise lock-in and Amazon being the example of cloud lock-in. You could interchange the names, you can honestly say now that Amazon should just be called Oracle Prime...."

In the first keynote, Austin Rutherford, MariaDB's VP of Customer Success, showed the result of a HammerDB benchmark on AWS EC2... In these tests, AWS's default MariaDB instances did poorly, while AWS homebrew Aurora, which is built on top of MySQL, consistently beat them. The top-performing database management system of all was MariaDB Managed Services on AWS. "My first reaction when I looked at the benchmarks," said Howard, was "maybe there's incompetence going on. Maybe they just don't know how to optimize a DBMS." He observed that one MariaDB customer, one of the biggest retail drug companies in the world, had told MariaDB that "Amazon offers the most vanilla MariaDB around. There's nothing enterprise about it. We could just install MariaDB from source on EC2 and do as well."

He then "began to wonder, Is there something that they're deliberately crippling?" Howard wouldn't go so far as to say AWS is consciously doing a poor job of implementing its MariaDB instances. Howard did say, "And then it became clear that, however, you want to articulate this, there is something not kosher happening." Howard doesn't have much against AWS promoting its own brands... But, if AWS's going out of its way to make a rival service look inferior to its own, well, Howard's not happy about that.
ZDNet adds that "it's also quite possible that unoptimized generic MariaDB instance will simply lag behind AWS-optimized Aurora.

"That said, even in this most innocent take on the benchmark results, cloud customers would be wise to take into consideration that cloud instances of any specific software service may not be created equal."

"Redis Labs is dropping its Commons Clause license in favor of its new 'available-source' license: Redis Source Available License (RSAL)," reports ZDNet -- adding "This is not an open-source license." Redis Labs had used Commons Clause on top of the open-source Apache License to protect its rights to modules added to its 3-Clause-BSD-licensed Redis, the popular open-source in-memory data structure store. But, as Manish Gupta, Redis Labs' CMO, explained, "It didn't work. Confusion reigned over whether or not the modules were open source. They're not open-source." So, although it hadn't wanted to create a new license, that's what Redis Labs ended up doing....

The RSAL grants, Gupta said, equivalent rights to permissive open-source licenses for the vast majority of users. With the RSAL, developers can: Use the software; modify the source code; integrate it with an application; and use, distribute, support, or sell their application. But -- and this is big -- the RSAL forbids you from using any application built with these modules in a database, a caching engine, a stream processing engine, a search engine, an indexing engine, or a machine learning/artificial intelligence serving engine. In short, all the ways that Redis Labs makes money from Redis. Gupta wants to make it perfectly clear: "We're not calling it open source. It's not."
Earlier this month the Open Source Initiative had reaffirmed its commitment to open source's original definition, adding "There is no trust in a world where anyone can invent their own definition for open source, and without trust there is no community, no collaboration, and no innovation."

And earlier this week on Twitter a Red Hat open-source evangelist said they wondered whether Redis was just "clueless. There are a lot of folks entering #opensource today who are unwilling to do the research and reading, and assume that these are all new problems."

Google Registry today announced .dev, a brand new top-level domain (TLD) that's dedicated to developers and technology. From a report: The new .dev TLD comes after the company launched .app and .page, all are protected by HTTPS. Google has already used the TLD for a few of its own projects, such as web.dev and opensource.dev, but now it is being opened up to a wider audience. If you are interested in securing yourself a .dev domain, you can register through the Early Access Program.