Open Source Archive
Open source, the thing that drives the world, the thing Harvard says has an economic value of 8.8 trillion dollars (also a big number). Most of it is one person. And I can promise you not one of those single person projects have the proper amount of resources they need. If you want to talk about possible risks to your supply chain, a single maintainer that’s grossly underpaid and overworked. That’s the risk. The country they are from is irrelevant. ↫ Josh Bressers If the massive corporations that exploit the open source world for massive personal profit don’t want to contribute back, perhaps it’s time we start making them. I envision an European Economic Area-wide “open source contribution tax”, levied against any technology corporation operating within the European Economic Area, whether they actually make use of open source code or not, not entirely unlike how insurance works – you pay into it even if you don’t make any claims. Such tax could be based on revenue, number of users, or any combination thereof or other factors. The revenue from this open source contribution tax is put into an EEA-wide fund and redistributed to EEA-based open source maintainers in the form of a monetary subsidy. Such types of taxes and money redistribution frameworks already exist in virtually every country for a whole wide variety of purposes and in a wide variety of forms, both in non-commercial and commercial settings. While it may seem complicated at first, it really isn’t. The most difficult aspect is definitely figuring out who, exactly, would be eligible to receive the subsidy and how much, but that, too, is a question both governments and commercial entities answer every single day. No, it will never be perfect, and some people will receive a subsidy who shouldn’t, and some who should receive it will not, but if that’s a valid reason not to implement a tax like this, no tax or insurance should be implemented. The benefits are legion. Of course, there is the primary benefit of alleviating the thousands of open source maintainers who form the backbone of pretty much out entire digital infrastructure, which in and of itself should be reason enough. On top of that, it would also strengthen the open source world – on which, I wish to reiterate, our entire digital infrastructure is built – against the kind of infiltration we saw with XZ Utils. And to put another top on top of that, it would cement Europe, or the EEA more specifically, as the hub for open source development, innovation, and leadership, and would surely attract countless open source maintainers to relocate to Europe. In other words, it would serve the grander European ambition to become less dependent on the criminal behaviour US tech giants and the erratic behaviour of the US government. We can either wait indefinitely for those who exploit the free labour of open source maintainers to contribute, or we make them.
We removed ads from OSNews. Donate to our fundraiser to ensure our future! Hi, FAB 2025 is still happening in Prague and it has been a wonderful event. It’s been great to meet so many people from our community at home, in Czechia! But during my chats with the attendee’s, there was one topic which was emerging time and time again, and that is the state of open hardware. I cannot talk about all of the open hardware, but I can share experience from 3D printing. And it is not good! Open hardware in 3D printing is dead – you just don’t know it yet. This is an opinion piece, imagine we are talking about this topic over a cold Pilsner… ↫ Josef Prusa What happens when the Chinese government lists 3D printing as an industry it wants to dominate? Well, an explosion in bogus patents and the death of tons of smaller, local brands, leaving only major players from China and perhaps one or two bigger non-Chinese brands. That’s the conclusion by Josef Prusa, founder of Prusa Research, a major 3D printer maker from Prague, Czechia. Prusa’s printers used to be entirely open source, but starting in 2023, this is no longer the case – ostensibly because being open source hardware meant that competitors were copying their work wholesale without contributing anything back, or worse, stealing their work entirely and keeping it all closed, despite the copyleft license in use. Looking at the numbers, it seems clear that smaller companies will not be able to deal with the onslaught of bogus patents, as fighting patent infringement claims in court and getting patents invalidated, even if prior art exists in abundance, is prohibitively expensive and incredibly time-consuming. It’s a game of really expensive whack-a-mole against people with far deeper pockets than you. Still, this whole thing does taste a bit sour considering Prusa’s abandonment of its open source roots and ideals. There’s a business to be run here, I understand that, but principles do matter, and if not even a company priding itself on producing open source hardware stands by its ideals, why should anyone else?
The Linux Vendor Firmware Service (LVFS), which provides device makers and OEMs with the infrastructure to upload and distribute firmware files to Linux users, as well as support during this process, is taking bold steps to ensure large companies contribute to the project. LVFS is the infrastructure behind fwupd, the tool users actually use to download and install firmware updates. While Richard Hughes, the maintainer of LVFS, is employed by Red Hat to work on the project, and the Linux Foundation provides the hosting costs, there’s just not enough people and resources dedicated to the project. They’re going to take measures to address this. This year there will be a fair-use quota introduced, with different sponsorship levels having a different quota allowance. Nothing currently happens if the quota is exceeded, although there will be additional warnings asking the vendor to contribute. The “associate” (free) quota is also generous, with 50,000 monthly downloads and 50 monthly uploads. This means that almost all the 140 vendors on the LVFS should expect no changes. Vendors providing millions of firmware files to end users (and deriving tremendous value from the LVFS…) should really either be providing a developer to help write shared code, design abstractions and review patches (like AMD does) or allocate some funding so that we can pay for resources to take action for them. So far no OEMs provide any financial help for the infrastructure itself, although two have recently offered — and we’re now in a position to “say yes” to the offers of help. ↫ Richard Hughes In other words, functionality is going to be reduced for vendors who make extensive use of LVFS, but who don’t provide any financial or development support. I think this is an excellent incentive to get corporations who effectively freeload off a free infrastructure without providing anything in return to step up. It seems the measures are explicitly designed to target only the very few major users of LVFS, leaving the smaller companies unaffected. Funding in open source is a major issue, and as open source becomes ever more popular and used by more and more large companies with excessive amounts of revenue, the strain on maintainers and developers is going to keep increasing. I’m entirely on board with efforts to encourage funding and contributions, as long as they fall within the confines of the terms of the open source licenses in use.
What do SourceHut, GNOME’s GitLab, and KDE’s GitLab have in common, other than all three of them being forges? Well, it turns out all three of them have been dealing with immense amounts of traffic from “AI” scrapers, who are effectively performing DDoS attacks with such ferocity it’s bringing down the infrastructures of these major open source projects. Being open source, and thus publicly accessible, means these scrapers have unlimited access, unlike with proprietary projects. These “AI” scrapers do not respect robots.txt, and have so many expensive endpoints it’s putting insane amounts of pressure on infrastructure. Of course, they use random user agents from an effectively infinite number of IP addresses. Blocking is a game of whack-a-mole you can’t win, and so the GNOME project is using a rather nuclear option called Anubis now, which aims to block “AI” scrapers with a heavy-handed approach that sometimes blocks real, genuine users as well. The numbers are insane, as Niccolò Venerandi at Libre News details. Over Mastodon, one GNOME sysadmin, Bart Piotrowski, kindly shared some numbers to let people fully understand the scope of the problem. According to him, in around two hours and a half they received 81k total requests, and out of those only 3% passed Anubi’s proof of work, hinting at 97% of the traffic being bots – an insane number! ↫ Niccolò Venerandi at Libre News Fedora is another project dealing with these attacks, with infrastructure sometimes being down for weeks as a result. Inkscape, LWN, Frama Software, Diaspora, and many more – they’re all dealing with the same problem: the vast majority of the traffic to their websites and infrastructure now comes from attacks by “AI” scrapers. Sadly, there’s doesn’t seem to be a reliable way to defend against these attacks just yet, so sysadmins and webmasters are wasting a ton of time, money, and resources fending off the hungry “AI” hordes. These “AI” companies are raking in billions and billions of dollars from investors and governments the world over, trying to build dead-end text generators while sucking up huge amounts of data and wasting massive amounts of resources from, in this case, open source projects. If no other solutions can be found, the end game here could be that open source projects will start to make their bug reporting tools and code repositories much harder and potentially even impossible to access without jumping through a massive amount of hoops. Everything about this “AI” bubble is gross, and I can’t wait for this bubble to pop so a semblance of sanity can return to the technology world. Until the next hype train rolls into the station, of course. As is tradition.
OSNews Sponsor OS-SCi is educating the next generation FOSS engineers, and as part of their coursework, they’re looking for worthy open source projects to which they can contribute their time and effort. In addition to the work they provide during their studies, these volunteers will be encouraged to continue to be involved after they finish their courses and proceed into the workforce. If you are involved in an open source project and would like some help, please register here. Also, please leave a comment below to share some details about your project with the OSNews community. Perhaps we can use this forum to bring some OSNews readers together as long term collaborators. In other news, OS-SCi is organizing an international Open Source Hackathon on 21-22 February online and on multiple university campuses. Register for the hackathon here. Read more details here.
I don’t use GNU Screen so I don’t have much to say here, but I do know it’s a popular tool among the kind of people who read OSNews, so a new major release should be covered here. In case you’re not aware, “Screen is a full-screen window manager that multiplexes a physical terminal between several processes, typically interactive shells”. Basically, it’s window manager for terminals. You can download the tarball yourself, or just wait until the update hits your distribution of choice.
Winamp has announced that on 24 September 2024, the application’s source code will be open to developers worldwide. Winamp will open up its code for the player used on Windows, enabling the entire community to participate in its development. This is an invitation to global collaboration, where developers worldwide can contribute their expertise, ideas, and passion to help this iconic software evolve. ↫ Winamp press release Nice, I guess, but twenty years to late to be of any relevance. At least it’ll be great for software preservation. But what’s up with the odd language used in the press release, and the weirdly specific date that’s month from now? They really seem to want to avoid the term “open source”, which makes me think this is going to be one of those cases where they hope the community will work for them for free without actually using a real open source license. You know, those schemes that always – no exception – fail.
Redis, a tremendously popular tool for storing data in-memory rather than in a database, recently switched its licensing from an open source BSD license to both a Source Available License and a Server Side Public License (SSPL). The software project and company supporting it were fairly clear in why they did this. Redis CEO Rowan Trollope wrote on March 20 that while Redis and volunteers sponsored the bulk of the project’s code development, “the majority of Redis’ commercial sales are channeled through the largest cloud service providers, who commoditize Redis’ investments and its open source community.” Clarifying a bit, “cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge.” This generated a lot of discussion, blowback, and action. The biggest thing was a fork of the Redis project, Valkey, that is backed by The Linux Foundation and, critically, also Amazon Web Services, Google Cloud, Oracle, Ericsson, and Snap Inc. Valkey is “fully open source,” Linux Foundation execs note, with the kind of BSD-3-Clause license Redis sported until recently. You might note the exception of Microsoft from that list of fork fans. ↫ Kevin Purdy at Ars Technica Moves like this never go down well.
Coming up with a title that explains the full story here was difficult, so I’m going to try to explain quickly. Yesterday, Docker sent an email to all Docker Hub users explaining that anyone who has created an “organisation” will have their account deleted including all images, if they do not upgrade to a paid team plan. The email contained a link to a tersely written PDF (since, silently edited) which was missing many important details which caused significant anxiety and additional work for open source maintainers. What a shitshow. We really have to start worrying about the future of Github, too, since I find it highly unlikely Microsoft isn’t planning similar moves in the future. If you’re hosting code at Github, I’d suggest looking at alternatives sooner rather than later, so you don’t end up like the people affected by something like this.
The story of PostScript has many different facets. It is a story about profound changes in human literacy as well as a story of trade secrets within source code. It is a story about the importance of teams, and of geometry. And it is a story of the motivations and educations of engineer-entrepreneurs. The Computer History Museum is excited to publicly release, for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release. There’s definitely progress being made when it comes to open sourcing old software, but we’ve still got a long, long way to go for this to become the norm – as it should be.
Linux hardware projects are made or broken by their community support. PINE64 has made some brilliant moves to build up a mobile Linux community, and has also made some major mistakes. This is my view on how PINE64 made the PinePhone a success, and then broke that again through their treatment of the community. I want to start by pointing out that this is me leaving PINE64 and not the projects I’m involved in like postmarketOS. This is just a sad story. I hope some of the problems can be mended in time.
Dutch digital identity verification system DigiD has announced the phasing out SMS as second factor. That way they require citizens to install a smartphone app in order to use digital services from the government, municipalities, the health sector and others. These applications only work on iOS and Android phones, with reliance on third party services. Plenty of members of our community choose not to use a device that is tied to vendor-specific services. There is a threat our community will practically be locked out of the digital infrastructure the government has set up for us to use. Official alternatives are to ask a friend with the app for help or go back to snail mail and physical meetings. This is dreadfully bad, and illustrates just how badly we need rules and regulations in place to force governments to make access to its digital services completely platform-agnostic. The linked article references the German verification system, which published its code as open source, and allows anyone to make an application that uses it. The end result is a variety of open source alternatives, available on various platforms.
But those laptops all have something in common with run-of-the-mill Windows PCs: a reliance on closed-source hardware and, often, the proprietary software and drivers needed to make it function. For some people, this is a tolerable trade-off. You put up with the closed hardware because it performs well, and it supports the standard software, development tools, and APIs that keep the computing world spinning. For others, it’s anathema—if you can’t see the source code for these “binary blobs,” they are inherently untrustworthy and should be used sparingly or not at all. The MNT Reform is a laptop for the latter group. It’s a crowdfunded, developed-in-the-open, extensively documented device that cares more about being open than it cares about literally any other aspect of the computing experience. Perhaps predictably, this makes for a laptop that is ideologically pure but functionally compromised. This ain’t it. I appreciate – as always – the effort, but this is not the way to go.
I read this article (“Open Source” is Broken by Xe) written in the aftermath of the unfortunate log4j2 fiasco. The author discusses a pertinent problem that has plagued the FOSS (Free and Open Source) world ever since large for-profit corporations started their widespread consumption of FOSS, ever since countless “unicorns” raised infinite amounts of funding on valuations built pretty much entirely on FOSS, ever since FOSS got co-opted into corporatisation and capitalisation. And yet, countless maintainers of critical and widely used FOSS struggle to make a living. Whose fault is this? I do not believe that this is FOSS’ fault as a conceptual framework or a system. If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist; millions of software developers (like me) who learnt to write code with FOSS and learnt to make a living with that knowledge wouldn’t exist. How is it that FOSS, a beautiful system that has uplifted and empowered massive swathes of human beings across the globe irrespective of their borders, race, creed, and economic backgrounds, is “broken”? To imply that FOSS is broken because it is abused by a certain category of users, is a form of victim blaming. Reading the various hot takes regarding the log4j2 problems has been an exercise in frustration. The fact that the maintainers of this small but important piece of software barely received any donations or other forms of financial support, despite their software being extensively used by some of the largest corporations in the world is not a fault of open source – it’s the fault of garbage corporations only taking, but rarely giving. The issue here is not open source – it’s unchecked capitalism. That being said, these maintainers, and other people who contribute to open source projects, know full well it’s most likely not going to make them rich, or even allow them to recoup any investments made. That’s the nature of open source, and it seems like the technology world has become so infested with venture capitalists that even the mere idea of someone working on something not for the money, but for other reasons seems entirely alien to a lot of people, meaning open source must, therefore, be broken. Money corrupts anything it touches. I’m insanely grateful for the almost endless number of people contributing to open source projects not because they expect to become rich, but because they enjoy doing it, to show off their skill, for the community of people they love interacting with, for the recognition it sometimes brings, or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning. Open source isn’t broken. It’s working exactly as intended, and it’s by far the most powerful force in the technology world, and it will outlive any of the corporations so many people bend over backwards to please today.
Today, the Commission has adopted new rules on Open Source Software that will enable its software solutions to be publicly accessible whenever there are potential benefits for citizens, companies or other public services. The recent Commission study on the impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy showed that investment in open source leads on average to four times higher returns. The Commission services will be able to publish the software source code they own in much shorter time and with less paperwork. Good. A small step, sure, but my hope remains that eventually, we come to realise that for our own safety and security, all code must be open source, no matter if it’s from Apple, Microsoft, or anyone else. We can’t continue down our current path where some of the most crucial, elemental parts of our society rely entirely on closed code of which we have no idea what it is – or isn’t – doing.
Interview with Miguel de Icaza about his own journey, GNU, Linux, GNOME, and how he ended up working at Microsoft. It’s an interview for a mainstream audience, but with plenty of fun stories that should entertain any OSNews reader. I found it particularly interesting how de Icaza recounts his decades-long obsession to make Linux a great desktop OS, only to see it achieve massive success on server, mobile, and embedded devices, and never really catch on as a mainstream desktop OS. Today, he uses a Mac for his everyday platform while working at Microsoft.
The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software). Ever since, Audacity has been a heated topic. The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines. This is a sad situation all around – but at the same time, it highlights the incredibly strength, resilience, and unique qualities of open source. The new owner of Audacity might want to turn it into spyware, but unlike with proprietary software, we don’t just have to sit back and take it. Various forks have already been made, and a few months from now, one or possibly a few of those will come out on top as the proper continuation of the project.
The Common Unix Printing System (CUPS) is something all the GNU/Linux distributions use to manage printers. It’s been maintained by Apple since 2007. The Apple-lead CUPS development efforts appear to have completely died out after lead CUPS developer Michael Sweet left the company. CUPS isn’t dead, though, Sweet and others are still working on it in a fork maintained by the OpenPrinting organization. Usually, these stories end in tears, with a desperate plea for interested parties and potential contributors to join and save the project. Luckily, this is not one of those stories – the Common Unix Printing System is safe, thanks to the wonders of open source.
Thomas Bushnell (?): But I’ll give you a personal take. By my reckoning, I worked for RMS longer than any other programmer. There has been some bad reporting, and that’s a problem. While I have not waded through the entire email thread Selam G. has posted, my reaction was that RMS did not defend Epstein, and did not say that the victim in this case was acting voluntarily. But it’s not the most important problem. It’s not remotely close to being the most important problem. Add to all this RMS’s background of having defended the idea of adults having sex with minors under some circumstances, and people’s visceral and sharp reaction was entirely sensible. I was around for most of the 90s, and I can confirm the unfortunate reality that RMS’s behavior was a concern at the time, and that this protection was itself part of the problem. He was never held to account; he was himself coddled in his own lower-grade misbehavior and mistreatment of women. He made the place uncomfortable for a lot of people, and especially women. The end result here, while sad for him, is correct.
Richard Stallman has resigned as president of and from the board of directors of the Free Software Foundation. The move comes after several reports on deeply inappropriate behaviour towards women, as well as a spirited defense of convicted child trafficker and child rapist Jeffrey Epstein. Stallman defended Marvin Minsky, an AI pioneer accused of raping one of Epstein’s trafficked children, by basically saying that since the underage child was forced by Epstein, Minsky wasn’t at fault for raping an underage child. Early in the thread, Stallman insists that the “most plausible scenario” is that Epstein’s underage victims were “entirely willing” while being trafficked. Stallman goes on to argue about the definition of “sexual assault,” “rape,” and whether they apply to Minsky and Giuffre’s deposition statement that she was forced to have sex with him. In response to a student pointing out that Giuffre was 17 when she was forced to have sex with Minsky in the Virgin Islands, Stallman said “it is morally absurd to define ‘rape’ in a way that depends on minor details such as which country it was in or whether the victim was 18 years old or 17.” Stallman has a history of defending child rape, so perhaps this shouldn’t come as a surprise. On top of all this, there’s a long list of problematic behaviour towards women. Today, a notice on the Free Software Foundation website announced his resignation, after he left MIT yesterday, too. On September 16, 2019, Richard M. Stallman, founder and president of the Free Software Foundation, resigned as president and from its board of directors. The board will be conducting a search for a new president, beginning immediately. Further details of the search will be published on fsf.org. Good riddance to bad people. We’ve always known Stallman had some seriously disturbing ideas, but I had no idea they went this far and this deep. This is for the better of the Free software community as a whole.
Submitted by