Language Selection

English French German Italian Portuguese Spanish

OSS Leftovers

Filed under
OSS
  • Open source connecting people and technology

    Candice Herotodou, formerly Mesk, will speak about agile. A collaborator by nature and involved in all things agile and DevOps, Herotodou will relay the story of her journey in a presentation titled DevOps Culture: Are you ready?

  • Fractal Hackfest 2018

    The last couple of days I was in Strasbourg for the Fractal Hackfest. We made some fundamental decisions for the future of Fractal, our Matrix client.  We also decided on some basic architectural changes we want to make.

    You probably already read about the split of Fractal into two separate apps, to cover two different use cases: Barbecue and Banquet. Barbecue will mostly cover “one to one” chats and Banquet high-traffic group chats and IRC-like rooms. We are certain that the split is the right direction for Fractal, but we didn’t define the exact split between the apps.

  • Fracturing Fractal  Fracturing Fractal

    Last week my employer Purism allowed me to attend the Fractal hackfest in Strasbourg. There we chatted about the future of Fractal and of the messaging applications Purism needs for the Librem 5.

  • The Ultimate Postgres vs MySQL Blog Post

    I should probably say up front that I love working with Postgres and could die happy without ever seeing a mysql> prompt again. This is not an unbiased comparison -- but those are no fun anyway.

  • Prisma raises $4.5M seed round led by Kleiner Perkins

    Silicon Valley’s Kleiner Perkins led the round, with participation from a number of angel investors, many of whom have deep roots in the developer and/or open source space, including Nick Schrock, one of the creators of GraphQL itself.

  • The fatal flaw of libertarianism, exemplified by BSD vs GPL

    I'll get right to the point: libertarianism's fatal flaw is that it commits a fallacy, the name of which I do not know, in assuming that the fewest up-front restrictions on personal freedoms necessarily and inevitably translates into the most freedom for the most people into the indefinite future.

    The BSD vs GPL licensing example is perhaps the single best illustration of this I've seen in the tech world to date. Debate, and I use the term charitably, rages on still about the merits of each license, with the BSD partisans making almost verbatim the exact same argument just laid out above: that the BSD license is morally, ethically, and pragmatically superior because it places fewer restrictions on who may do what with the code.

    By contrast, they say, the GPL is infectious, inserting itself like a retrovirus into the replication machinery of any code licensed with it and forcing certain behaviors (redistribution of source) the BSD types disagree with. As I understand it, the reason they give explicitly for disliking this is that it means fewer people will use the GPL compared to the BSD license, which theoretically therefore translates into BSD-licensed code both proliferating and persisting more than its GPL'd siblings.

    What this *actually* means, on the psychological and perhaps subconscious level, is "fuck you, I won't do what you tell me." Sorry guys, but it's the truth: dress it up however you like, but the underlying principle here is "I don't wanna share."

    It also betrays an almost stunning naivete about human nature, the very same one that small-L-libertarianism itself seems predicated on. There is a sort of ceteris paribus assumption at work here, one which assumes that the wide world of coding is meritocratic (it is not), equal-access (it is not), and measures worth solely on quality, correctness, usefulness, etc., of code (it does not). It is the Just World Fallacy writ small and in C, you might say.

    It *completely* fails to take into account human nature, and such wholly non-technical yet pervasive and powerful human engines of corruption as the corporation. Witness Theo de Raadt's anger, entirely justified morally but also entirely his own fault, over the lack of gratitude from corporations who took OpenSSH and OpenBSD itself for their own use and contributed back, perhaps, a single laptop, which took over a year to arrive.

    From the outside, this makes perfect sense. I mean, if you leave a plate of cookies out with a sign that says "free cookies," you don't have a right to complain when someone comes by and takes the entire plate for him/herself. But somehow this simple and obvious line of thought seems to elude the BSD-license partisans, or maybe they quash it for ideological reasons, such as faith (and it *is* a faith position...) in the idea that their code will conquer by virtue of spreading far and wide and continuing to evolve.

  • Friday Free Software Directory IRC meetup time: May 18th starting at 12:00 p.m. EDT/16:00 UTC
  • Generating Third-Party Attribution Documents

    In this post, I’ll show you how to use the qtattributionsscanner tool and Python to generate an attribution document for third-party code in Qt.

  • Edge computing and the importance of open infrastructure

    Open infrastructure is not as much about packaging and deployment as it is about creating a consistent paradigm and environment for running workloads in the form best used to address those applications. Many edge workloads today run on Linux or in VM's, they may evolve for simplified lifecycle management, or they may be superseded by a next generation of applications.

  • Metsä Wood Launches a Groundbreaking Platform for Open Source Wood
  • How citizen science and open-source tech can create change

    As a teenager, Jason Gomez never was the biggest fan of science, and among his peers, environmental work brought to mind planting trees. But he lived in Sunset Park, Brooklyn, where asthma and heart disease affected the lives and health of many residents. Uprose, a local environmental justice organization, recruits youth volunteers like Gomez to understand that these are not side effects of living in a working-class neighborhood that one should just accept–they are the result of planning and design decisions that de-prioritize the health and well-being of the residents of those neighborhoods. Specifically, in Sunset Park, they are the result of the Gowanus Expressway, a large elevated highway that runs directly through the neighborhood.

    [...]

    And with open-source software, their findings are becoming easier to verify and share. Red Hat, a leading open-source tech company, created a documentary called The Science of Collective Discovery featuring citizen scientists like Cooper and the Uprose team to highlight the practice for its annual Summit in San Francisco this week.

More in Tux Machines

Ubuntu, Debian, RHEL, and CentOS Linux Now Patched Against "Foreshadow" Attacks

Both Canonical and Red Hat emailed us with regards to the L1 Terminal Fault security vulnerability, which are documented as CVE-2018-3620 for operating systems and System Management Mode (SMM), CVE-2018-3646 for impacts to virtualization, as well as CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX). They affect all Linux-based operating system and machines with Intel CPUs. "It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS)," reads the Ubuntu security advisory. Read more

Hands-on with Linux Mint Debian Edition 3 Beta

I have been out of touch for the past six months, because I accepted a teaching position in Amsterdam. The amount of time that required, and the weekly commute from Switzerland (yes, really, weekly), was vastly more than I expected, and left me no time to do justice to my blog. But now I am back again, and determined to manage my time more effectively and keep up with blogging. Although I haven't been writing, I certainly have been keeping up with news and developments in the Linux world. What really inspired me to get busy and write again was the announcement of LMDE 3 (Cindy) Beta. Hooray! How long have we been waiting for this? It feels like years. Oh, that's because it has been years. Read more

Security Leftovers

  • Theo on the latest Intel issues

    Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD.

    [...]

    These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together are the currently public artifacts of this one bug.

  • Putting Stickers On Your Laptop Is Probably a Bad Security Idea

    Mitchell said political stickers, for instance, can land you in secondary search or result in being detained while crossing a border. In one case, Mitchell said a hacker friend ended up missing a flight over stickers.

  • Video Shows Hotel Security at DEF CON Joking About Posting Photos of Guests' Belongings to Snapchat

    But the room check captured on video suggests the walkthroughs are subject to abuse by hotel personnel who may use them as opportunity to snoop on guests or take and post images for amusement. And accounts of other searches that involved hotel security staff refusing to show ID or showing insufficient ID, and displaying bullying and threatening behavior to guests in occupied rooms, raises questions about the legality of the searches and the tactics and training of security personnel.

  • Researchers in Finland detect vulnerability in password management software
    Researchers identified a security gap in more than 10 applications used by millions around the world, including an app used by Finland's population registry.
  • Trump ends Obama-era rules on US-led cyberattacks: report
     

    The memorandum required that an extensive interagency process take place before the U.S. government embarks on any cyberattacks. Trump reversed the rules to try and ease some of those restrictions, which critics argued were detrimental to launching the attacks quickly, according to the Journal.

Android Leftovers