Open Source Archive

Docker is deleting open source organisations – what you need to know

Coming up with a title that explains the full story here was difficult, so I’m going to try to explain quickly. Yesterday, Docker sent an email to all Docker Hub users explaining that anyone who has created an “organisation” will have their account deleted including all images, if they do not upgrade to a paid team plan. The email contained a link to a tersely written PDF (since, silently edited) which was missing many important details which caused significant anxiety and additional work for open source maintainers. What a shitshow. We really have to start worrying about the future of Github, too, since I find it highly unlikely Microsoft isn’t planning similar moves in the future. If you’re hosting code at Github, I’d suggest looking at alternatives sooner rather than later, so you don’t end up like the people affected by something like this.

Adobe releases PostScript source code

The story of PostScript has many different facets. It is a story about profound changes in human literacy as well as a story of trade secrets within source code. It is a story about the importance of teams, and of geometry. And it is a story of the motivations and educations of engineer-entrepreneurs. The Computer History Museum is excited to publicly release, for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release. There’s definitely progress being made when it comes to open sourcing old software, but we’ve still got a long, long way to go for this to become the norm – as it should be.

Why I left PINE64

Linux hardware projects are made or broken by their community support. PINE64 has made some brilliant moves to build up a mobile Linux community, and has also made some major mistakes. This is my view on how PINE64 made the PinePhone a success, and then broke that again through their treatment of the community. I want to start by pointing out that this is me leaving PINE64 and not the projects I’m involved in like postmarketOS. This is just a sad story. I hope some of the problems can be mended in time.

Dutch digital identity system crisis

Dutch digital identity verification system DigiD has announced the phasing out SMS as second factor. That way they require citizens to install a smartphone app in order to use digital services from the government, municipalities, the health sector and others. These applications only work on iOS and Android phones, with reliance on third party services. Plenty of members of our community choose not to use a device that is tied to vendor-specific services. There is a threat our community will practically be locked out of the digital infrastructure the government has set up for us to use. Official alternatives are to ask a friend with the app for help or go back to snail mail and physical meetings. This is dreadfully bad, and illustrates just how badly we need rules and regulations in place to force governments to make access to its digital services completely platform-agnostic. The linked article references the German verification system, which published its code as open source, and allows anyone to make an application that uses it. The end result is a variety of open source alternatives, available on various platforms.

Review: MNT Reform laptop has fully open hardware and software – for better or worse

But those laptops all have something in common with run-of-the-mill Windows PCs: a reliance on closed-source hardware and, often, the proprietary software and drivers needed to make it function. For some people, this is a tolerable trade-off. You put up with the closed hardware because it performs well, and it supports the standard software, development tools, and APIs that keep the computing world spinning. For others, it’s anathema—if you can’t see the source code for these “binary blobs,” they are inherently untrustworthy and should be used sparingly or not at all. The MNT Reform is a laptop for the latter group. It’s a crowdfunded, developed-in-the-open, extensively documented device that cares more about being open than it cares about literally any other aspect of the computing experience. Perhaps predictably, this makes for a laptop that is ideologically pure but functionally compromised. This ain’t it. I appreciate – as always – the effort, but this is not the way to go.

“Open source” is not broken

I read this article (“Open Source” is Broken by Xe) written in the aftermath of the unfortunate log4j2 fiasco. The author discusses a pertinent problem that has plagued the FOSS (Free and Open Source) world ever since large for-profit corporations started their widespread consumption of FOSS, ever since countless “unicorns” raised infinite amounts of funding on valuations built pretty much entirely on FOSS, ever since FOSS got co-opted into corporatisation and capitalisation. And yet, countless maintainers of critical and widely used FOSS struggle to make a living. Whose fault is this? I do not believe that this is FOSS’ fault as a conceptual framework or a system. If FOSS was broken, the internet as we know it today wouldn’t exist; the countless marvels of technology that we take for granted and techno-economies that thrive on them wouldn’t exist; millions of software developers (like me) who learnt to write code with FOSS and learnt to make a living with that knowledge wouldn’t exist. How is it that FOSS, a beautiful system that has uplifted and empowered massive swathes of human beings across the globe irrespective of their borders, race, creed, and economic backgrounds, is “broken”? To imply that FOSS is broken because it is abused by a certain category of users, is a form of victim blaming. Reading the various hot takes regarding the log4j2 problems has been an exercise in frustration. The fact that the maintainers of this small but important piece of software barely received any donations or other forms of financial support, despite their software being extensively used by some of the largest corporations in the world is not a fault of open source – it’s the fault of garbage corporations only taking, but rarely giving. The issue here is not open source – it’s unchecked capitalism. That being said, these maintainers, and other people who contribute to open source projects, know full well it’s most likely not going to make them rich, or even allow them to recoup any investments made. That’s the nature of open source, and it seems like the technology world has become so infested with venture capitalists that even the mere idea of someone working on something not for the money, but for other reasons seems entirely alien to a lot of people, meaning open source must, therefore, be broken. Money corrupts anything it touches. I’m insanely grateful for the almost endless number of people contributing to open source projects not because they expect to become rich, but because they enjoy doing it, to show off their skill, for the community of people they love interacting with, for the recognition it sometimes brings, or for the mere secret knowledge that their small project nobody’s ever heard of is a crucial cog in the massive machinery that keeps the technology world spinning. Open source isn’t broken. It’s working exactly as intended, and it’s by far the most powerful force in the technology world, and it will outlive any of the corporations so many people bend over backwards to please today.

European Commission to release its own software as open source

Today, the Commission has adopted new rules on Open Source Software that will enable its software solutions to be publicly accessible whenever there are potential benefits for citizens, companies or other public services. The recent Commission study on the impact of Open Source Software and Hardware on technological independence, competitiveness and innovation in the EU economy showed that investment in open source leads on average to four times higher returns. The Commission services will be able to publish the software source code they own in much shorter time and with less paperwork. Good. A small step, sure, but my hope remains that eventually, we come to realise that for our own safety and security, all code must be open source, no matter if it’s from Apple, Microsoft, or anyone else. We can’t continue down our current path where some of the most crucial, elemental parts of our society rely entirely on closed code of which we have no idea what it is – or isn’t – doing.

How Linux and open-source software took the computing world by storm

Interview with Miguel de Icaza about his own journey, GNU, Linux, GNOME, and how he ended up working at Microsoft. It’s an interview for a mainstream audience, but with plenty of fun stories that should entertain any OSNews reader. I found it particularly interesting how de Icaza recounts his decades-long obsession to make Linux a great desktop OS, only to see it achieve massive success on server, mobile, and embedded devices, and never really catch on as a mainstream desktop OS. Today, he uses a Mac for his everyday platform while working at Microsoft.

Audacity’s new owners turn it into spyware

The famous open source audio manipulation program was acquired by a company named Muse Group two months ago. The same company owns other projects in its portfolio such as Ultimate Guitar (Famous website for Guitar enthuisasts) and MuseScore (Open source music notation software). Ever since, Audacity has been a heated topic. The parent company is a multi-national company and it has been trying to start a data-collection mechanism in the software. While Audacity is nothing more than a desktop program, its developers want to make it phone home with various data taken from users’ machines. This is a sad situation all around – but at the same time, it highlights the incredibly strength, resilience, and unique qualities of open source. The new owner of Audacity might want to turn it into spyware, but unlike with proprietary software, we don’t just have to sit back and take it. Various forks have already been made, and a few months from now, one or possibly a few of those will come out on top as the proper continuation of the project.

Apple’s CUPS repository has died a quiet death

The Common Unix Printing System (CUPS) is something all the GNU/Linux distributions use to manage printers. It’s been maintained by Apple since 2007. The Apple-lead CUPS development efforts appear to have completely died out after lead CUPS developer Michael Sweet left the company. CUPS isn’t dead, though, Sweet and others are still working on it in a fork maintained by the OpenPrinting organization. Usually, these stories end in tears, with a desperate plea for interested parties and potential contributors to join and save the project. Luckily, this is not one of those stories – the Common Unix Printing System is safe, thanks to the wonders of open source.

A reflection on the departure of RMS

Thomas Bushnell (?): But I’ll give you a personal take. By my reckoning, I worked for RMS longer than any other programmer. There has been some bad reporting, and that’s a problem. While I have not waded through the entire email thread Selam G. has posted, my reaction was that RMS did not defend Epstein, and did not say that the victim in this case was acting voluntarily. But it’s not the most important problem. It’s not remotely close to being the most important problem. Add to all this RMS’s background of having defended the idea of adults having sex with minors under some circumstances, and people’s visceral and sharp reaction was entirely sensible. I was around for most of the 90s, and I can confirm the unfortunate reality that RMS’s behavior was a concern at the time, and that this protection was itself part of the problem. He was never held to account; he was himself coddled in his own lower-grade misbehavior and mistreatment of women. He made the place uncomfortable for a lot of people, and especially women. The end result here, while sad for him, is correct.

Richard Stallman resigns from FSF, MIT after defending child rape

Richard Stallman has resigned as president of and from the board of directors of the Free Software Foundation. The move comes after several reports on deeply inappropriate behaviour towards women, as well as a spirited defense of convicted child trafficker and child rapist Jeffrey Epstein. Stallman defended Marvin Minsky, an AI pioneer accused of raping one of Epstein’s trafficked children, by basically saying that since the underage child was forced by Epstein, Minsky wasn’t at fault for raping an underage child. Early in the thread, Stallman insists that the “most plausible scenario” is that Epstein’s underage victims were “entirely willing” while being trafficked. Stallman goes on to argue about the definition of “sexual assault,” “rape,” and whether they apply to Minsky and Giuffre’s deposition statement that she was forced to have sex with him. In response to a student pointing out that Giuffre was 17 when she was forced to have sex with Minsky in the Virgin Islands, Stallman said “it is morally absurd to define ‘rape’ in a way that depends on minor details such as which country it was in or whether the victim was 18 years old or 17.” Stallman has a history of defending child rape, so perhaps this shouldn’t come as a surprise. On top of all this, there’s a long list of problematic behaviour towards women. Today, a notice on the Free Software Foundation website announced his resignation, after he left MIT yesterday, too. On September 16, 2019, Richard M. Stallman, founder and president of the Free Software Foundation, resigned as president and from its board of directors. The board will be conducting a search for a new president, beginning immediately. Further details of the search will be published on fsf.org. Good riddance to bad people. We’ve always known Stallman had some seriously disturbing ideas, but I had no idea they went this far and this deep. This is for the better of the Free software community as a whole.

Bash-5.0 released

This release fixes several outstanding bugs in bash-4.4 and introduces several new features. The most significant bug fixes are an overhaul of hownameref variables resolve and a number of potential out-of-bounds memory errors discovered via fuzzing. There are a number of changes to the expansion of $@ and $* in various contexts where word splitting is not performed to conform to a Posix standard interpretation, and additional changes to resolve corner cases for Posix conformance. The most notable new features are several new shell variables: BASH_ARGV0, EPOCHSECONDS, and EPOCHREALTIME. The ‘history’ builtin can remove ranges of history entries and understands negative arguments as offsets from the end of the history list. There is an option to allow local variables to inherit the value of a variable with the same name at a preceding scope. There is a new shell option that, when enabled, causes the shell to attempt to expand associative array subscripts only once (this is an issue when they are used in arithmetic expressions). The ‘globasciiranges’ shell option is now enabled by default; it can be set to off by default at configuration time.

Making the GPL more scary

For some years now, one has not had to look far to find articles proclaiming the demise of the GNU General Public License. That license, we are told, is too frightening for many businesses, which prefer to use software under the far weaker permissive class of license. But there is a business model that is based on the allegedly scary nature of the GPL, and there are those who would like to make it more lucrative; the only problem is that the GPL isn't quite scary enough yet.

I'm sure we can have a civil discussion about the merits and demerits of the GPL.

FSFE: publicly funded software has to be open source

Digital services offered and used by public administrations are the critical infrastructure of 21st-century democratic nations. To establish trustworthy systems, government agencies must ensure they have full control over systems at the core of our digital infrastructure. This is rarely the case today due to restrictive software licences.

Today, 31 organisations are publishing an open letter in which they call for lawmakers to advance legislation requiring publicly financed software developed for the public sector be made available under a Free and Open Source Software licence.

Good initiative, and a complete and utter no-brainer. Public money, public code.

VMware becomes gold member of Linux Foundation

As we can read in recent news, VMware has become a gold member of the Linux foundation. That causes - to say the least - very mixed feelings to me.

One thing to keep in mind: The Linux Foundation is an industry association, it exists to act in the joint interest of it's paying members. It is not a charity, and it does not act for the public good. I know and respect that, while some people sometimes appear to be confused about its function.

However, allowing an entity like VMware to join, despite their many years long disrespect for the most basic principles of the FOSS Community (such as: Following the GPL and its copyleft principle), really is hard to understand and accept.

Richard Stallman receives ACM Software System Award

Richard Stallman, recipient of the ACM Software System Award for the development and leadership of GCC (GNU Compiler Collection), which has enabled extensive software and hardware innovation, and has been a lynchpin of the free software movement. A compiler is a computer program that takes the source code of another program and translates it into machine code that a computer can run directly. GCC compiles code in various programming languages, including Ada, C, C++, Cobol, Java, and FORTRAN. It produces machine code for many kinds of computers, and can run on Unix and GNU/Linux systems as well as others.

GCC was developed for the GNU operating system, which includes thousands of programs from various projects, including applications, libraries, tools such as GCC, and even games. Most importantly, the GNU system is entirely free (libre) software, which means users are free to run all these programs, to study and change their source code, and to redistribute copies with or without changes. GNU is usually used with the kernel, Linux. Stallman has previously been recognized with ACM's Grace Murray Hopper Award.

Well-deserved.

Ubuntu may ship ZFS as a module… Or not?

Ubuntu's announcement about inclusion of ZFS support in upcoming 16.04 LTS started an important discussion in opensource community: the license incompatibility between GPL and CDDL licenses may be an issue. Being a copyleft license, GPL requires that all works that are derived from GPL-licensed work are also distributed under terms of GPL. CDDL, the license of ZFS code, is also a copyleft license, and as such requires CDDL-licensed work be distributed "only under the terms of ." Although Ubuntu's ZFS code comes from OpenZFS project, Oracle is still one of the major copyright holders of the code base, and it does not seem likely to relicense its assets under GPL any time soon.

Dustin Kirkland of Ubuntu, the author of the announcement, explained Canonical's position, albeit light on details:

The CDDL cannot apply to the Linux kernel because zfs.ko is a self-contained file system module -- the kernel itself is quite obviously not a derivative work of this new file system. And zfs.ko, as a self-contained file system module, is clearly not a derivative work of the Linux kernel but rather quite obviously a derivative work of OpenZFS and OpenSolaris. Equivalent exceptions have existed for many years, for various other stand alone, self-contained, non-GPL kernel modules.

Software Freedom Conservancy (SFC), a non-profit with self-assigned mission of carrying on a crusade against GPL violations, quickly pointed out that the "obvious" conclusions of Canonical are not really all that obvious:

f ZFS were statically linked with Linux and shipped as a single work, few would argue it was not a "work based on the Program" under GPLv2. And, if we believe there is no legal difference when we change that linking from static to dynamic, we conclude easily that binary distribution of ZFS plus Linux - even with ZFS in a .ko file - constitutes distribution of a combined work.

Another non-profit organization - Software Freedom Law Center (SFLC) - provides yet another opinion on the matter. Eben Moglen points out that CDDL permits distribution of binaries under other licenses, so in case of Linux module GPL's requirements in case of binary module may be fullfilled by distributing it under GPL. Admittedly, this does not solve the issue of the license incompatibility of the code bases. The proposed solution is basically to ignore the wording of GPL's viral clause:

In this specific sense, then, the conduct which falls outside the words of GPLv2 falls within the "equity of the license," or its "spirit." As all Western legal systems have known since Aristotle, literal interpretation of any legal material will sometimes produce unintended unjust results, which can and should be corrected by the invocation of "equity." This present issue is evidently an example in which the tension between literal and equitable interpretation is raised, and it is the consensus of the kernel copyright holders' intention which determines which mode of interpretation is to be employed.

The issue of GPL compatibility and kernel modules' licensing arised before. For example, Linus Torvalds already noted that kernel modules are in "gray area" when it comes to the issue of derived worked. Using an example of Andrew filesystem he stated that external code base that was designed on different system and only required minimal porting effort due to interface similarities, in his opinion, was not a derived work of Linux. Even more appropriate example is Nvidia's infamous proprietary Linux driver, which interfaces the kernel via specially-crafted module that abstracts away Linux kernel implementation details, so that Nvidia's binary blob may still considered to be a self-contained work targetting module's interface, not the interfaces of Linux. This driver is widely used and generally tolerated by distributions.

The differences in these two positions reveal the two conflicting opinions on Linux copyright situation. SFLC is more concerned about the ability of opensource ecosystem to survive in face of fanatic GPL enforcement: their statements goes into painful details about difficulties that projects with permissive licenses are facing when they need to maintain the ports of their code in GPLed projects. If stictly enforced, GPL could hinder such projects to the point when whole ecosystem comes to net loss. Such situation could be particularly painful in cases like this, when the goals of GPL are met, but the legal mechanism that was chosen by opensource Foundation prevents both Linux and OpenZFS from cross-polination.

But on the other hand, making such excuses would open gates for projects that don't really contribute to the opensource, but only use it to their own benefit. While proponents of permissive licenses (myself included) don't find anything wrong with such outcome, GPL was specifically designed to prevent it, and that is why it is one of the most popular opensource licenses out there. Obviously, every concession weakens the position of those seeking GPL enforcement, including SFC, whose mission right now is endangered by both SFLC's and Canonical's views on ZFS integration into Linux. Being a self-styled GPL crusader with several battles already fought, SFC knows that the ZFS inclusion in Ubuntu may come at a price of legal actions lost, and potentially tolanted hackers driven out of opensource by frustration and disappointment.

There is another interesting angle to this situation: by now it is common knowledge that Sun Microsystems specifically designed CDDL to be incompatible with GPL, so that ZFS, while being opensource, could not be included with Linux. Shipping ZFS with Ubuntu would defeat this tactics and potentially remove motivation for such unfortunate choice of license for companies like Sun or Oracle, to benefit of all involved sides.

And yet another thing to consider: some (most?) jurisdictions explicitly require sticking with literal meanings of laws and contracts. This means that even if SFLC's position is defendable in United States, it might be dismissed in other parts of the world, giving Linux copyright holders ability to sue Canonical over copyright infringement. Given that Oracle holds copyright in both Linux and OpenZFS, and that it already demonstrated willingness to take legal actions against opensource projects, Canonical might still be under significant risk.

At any rate, the outcome of this discussion, if any, have potential to settle a long-standing issue in opensource community, and to make legal implications of using GPL more transparent and clear.

The GNU Manifesto turns thirty

Stallman expanded and formalized his ideas in the GNU Manifesto, which he published in the March, 1985, issue of Dr. Dobb's Journal of Software Tools, thirty years ago this month. "So that I can continue to use computers without dishonor," he wrote, "I have decided to put together a sufficient body of free software so that I will be able to get along without any software that is not free. I have resigned from the AI Lab to deny MIT any legal excuse to prevent me from giving GNU away." The nearly forty-five-hundred-word text called for collaborators to help build a freely shareable Unix-like operating system, and set forth an innovative method to insure its legal protection.

Stallman is one of the greatest technology visionaries. He will never achieve the popularity status of businessmen like Jobs and Gates, but his contributions to technology - directly and indirectly - are immeasurable.

And he was right all along.

The GNU GPL to be tested in court

The GNU General Public License (version 2) is one of the most widely used open source licenses in the world. The GNU GPLv2 is commonly used in Linux distributions and open source applications. Yet, despite being widely used for decades, the GPLv2 has not been tested much in the legal system. Most GPL violations do not result in a trial and so the power of the license has remained largely untested. That is about to change. As OpenSource.com posted,

This lack of court decisions is about to change due to the five interrelated cases arising from a dispute between Versata Software, Inc. ("Versata") (its parent company, Trilogy Development Corporation, is also involved, but Versata is taking the lead) and Ameriprise Financial, Inc. ("Ameriprise")

It is expected the court cases will help define what qualifies as a derivative work and how the GPL affects software patents along with other details of how the license is interpreted.