POPULARITY
23 episodes with open source summit
5 episodes with open source summit
2 episodes with open source summit
2 episodes with open source summit
2 episodes with open source summit
2 episodes with open source summit
2 episodes with open source summit
2 episodes with open source summit
4 episodes with open source summit
On this summer transmission, Alex and Emma hype new hardware and our presence at the Open Source Summit in Denver. We interview Viktor Petersson at Screenly, an open-source digital signage company. The discussion dives into Screenly's focus on security, especially for enterprise environments, and emphasizes the need for strong hardware and software security partnerships.01:32 Powerful laptop updates05:15 New Adder WS coming soon06:14 COSMIC Beta is coming07:56 Open Source Summit coming to Denver and System76 is hosting a happy hour event10:48 Interview with Viktor Petersson at Screenly begins11:53 Viktor's Linux Journey13:53 The evolution of open source project into a commercial product18:40 Writing the software in bash scripts in two weeks19:32 Sreenly Player MK2 based on the System76 Meerkat20:22 Supply chain security and aligned values with System7622:59 Interesting ways companies use Screenly23:55 Tailored digital signage solutions with the Screenly Edge App25:42 NASA as a clientCheck out what we make!Blog: blog.system76.comLaptops: s76.co/WuEDOnoSDesktops: s76.co/Zn4NXTf9
In this episode, Danielle Tal and Thilo Fromm join us to discuss Flatcar Linux. They introduce Flatcar as a Linux operating system designed specifically for containers and Kubernetes workloads, highlighting its automation, self-healing capabilities, and security features. They emphasize how Flatcar simplifies operations for startups and large companies alike by automating OS provisioning and maintenance. We discussed contributor engagement and the project's involvement with the CNCF. They also share intriguing use cases, like a Kubernetes cluster running on a tractor fleet, and stress the importance of community contributions, not just in code but in evangelism and documentation. 00:00 Introduction 01:05 What is Flatcar? 02:01 Flatcar's Automation and Self-Healing Capabilities 04:10 User Experience and Testing 05:06 Ideal Users and Use Cases 10:36 Community and Contributions 13:38 Getting Started with Contributions 16:59 Impact and Future Directions 19:58 Conclusion and Final Thoughts Guest: Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse enterprise cloud applications as a support engineer, Danielle has transitioned into a management role, overseeing Docker EMEA support before joining the Flatcar team. Thilo Fromm is an engineering manager and works on Community Linux distributions and Linux Security at Azure. Thilo's team helps maintaining Flatcar Container Linux. He has given talks at FOSDEM, FrOSCon, KubeCon, Open Source Summit, Cloud-Native Rejekts, and various meetups like Kubernetes Community Days. Thilo started his career in embedded systems with hardware design and roll-your-own /from scratch embedded Linux, kernel and plumbing level development, and later virtualisation. After working for various cloud providers in engineering and management positions, he went full cloud native in 2019. Nowadays Thilo works on operating systems for cloud-native environments with a special focus on Flatcar Container Linux.
Interview with Karla Nieminen about Open Source Summit Europe 2024
Learning from other developers is an important ingredient to your success. During this episode, Joël Quenneville is joined by Stefanni Brasil, Senior Developer at Thoughtbot, and core maintainer of faker-ruby. To open our conversation, she shares the details of her experience at the Rails World conference in Toronto and the projects she enjoyed seeing most. Next, we explore the challenge of Mac versus Windows and how these programs interact with Ruby on Rails and dive into Stefanni's involvement in Open Source for Thoughtbot and beyond; what she loves about it, and how she is working to educate others and expand the current limitations that people experience. This episode is also dedicated to the upcoming Open Source Summit that Stefanni is planning on 25 October 2024, what to expect, and how you can get involved. Thanks for listening! Key Points From This Episode: Introducing and catching up with Thoughtbot Senior Developer and maintainer of faker-ruby, Stefanni Brasil. Her experience at the Rails World conference in Toronto and the projects she found most inspiring. Why accessibility remains a key topic. How Ruby on Rails translates on Mac and Windows. Stefanni's involvement in Open Source and why she enjoys it. Her experience as core maintainer at faker-ruby. Ideas she is exploring around Jeremy Evans' book Polished Ruby Programming and the direction of Faker. Involvement in Thoughtbot's Open Source and how it drew her in initially. The coaching series on Open Source that she participated in earlier this year. What motivated her to create a public Google doc on Open Source maintenance. An upcoming event: the Open Source Summit. The time commitment expected from attendees. How Stefanni intends to interact with guests and the talk that she will give at the event. Why everyone is welcome to engage at any level they are comfortable with. Links Mentioned in Today's Episode: Stefanni Brasil (https://www.stefannibrasil.me/) Stefanni Brasil on X (https://x.com/stefannibrasil) Thoughtbot Open Summit (https://thoughtbot.com/events/open-summit) Open Source Issues doc (https://docs.google.com/document/d/1zok6snap6T6f4Z1H7mP9JomNczAvPEEqCEnIg42dkU4/edit#heading=h.rq72izdz9oh6) Open Source at Thoughtbot (https://thoughtbot.com/open-source) Polished Ruby Programming (https://www.packtpub.com/en-us/product/polished-ruby-programming-9781801072724) Faker Gem (https://github.com/faker-ruby/faker) Rails World (https://rubyonrails.org/world/) The Bike Shed (https://bikeshed.thoughtbot.com/) Joël Quenneville on LinkedIn (https://www.linkedin.com/in/joel-quenneville-96b18b58/)
An in-depth conversation about Hiero and the future of the ecosystem with Richard Bair, VP Software Engineering at Hedera. Plus the new Asset Tokenization Studio, updates from Karate Combat, Linux Foundation, AUDD and other top stories! Live
Rust meets Linux in a clash of coding cultures. Why some developers are resisting, and where things go from here.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:
The Linux xz utils backdoor exploit, discussed in an interview at the Open Source Summit 2024 on The New Stack Makers with John Kjell, director of open source at TestifySec, highlights critical vulnerabilities in the open-source ecosystem. This exploit involved a maintainer of the Linux xz utils project adding malicious code to a new release, discovered by a Microsoft engineer. This breach demonstrates the high trust placed in maintainers and how this trust can be exploited. Kjell explains that the backdoor allowed remote code execution or unauthorized server access through SSH connections.The exploit reveals a significant flaw: the human element in open source. Maintainers, often under pressure from company executives to quickly address vulnerabilities and updates, can become targets for social engineering. Attackers built trust within the community by contributing to projects over time, eventually gaining maintainer status and inserting malicious code. This scenario underscores the economic pressures on open source, where maintainers work unpaid and face demands from large organizations, exposing the fragility of the open-source supply chain. Despite these challenges, the community's resilience is also evident in their rapid response to such threats. Learn more from The New Stack about Linux xz utils Linux xz Backdoor Damage Could Be Greater Than Feared Unzipping the XZ Backdoor and Its Lessons for Open Source The Linux xz Backdoor Episode: An Open Source Myster Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Amazon Web Services (AWS) has introduced PG Vector, an open-source tool that integrates generative AI and vector capabilities into PostgreSQL databases. Sirish Chandrasekaran, General Manager of Amazon Relational Database Services, explained at Open Source Summit 2024 in Seattle that PG Vector allows users to store vector types in Postgres and perform similarity searches, a key feature for generative AI applications. The tool, developed by Andrew Kane and offered by AWS in services like Aurora and RDS, originally used an indexing scheme called IVFFlat but has since adopted Hierarchical Navigable Small World (HNSW) for improved query performance. HNSW offers a graph-based approach, enhancing the ability to find nearest neighbors efficiently, which is crucial for generative AI tasks. AWS emphasizes customer feedback and continuous innovation in the rapidly evolving field of generative AI, aiming to stay responsive and adaptive to customer needs. Learn more from The New Stack about Vector Databases Top 5 Vector Database Solutions for Your AI Project Vector Databases Are Having a Moment – A Chat with Pinecone Why Vector Size Matters Join our community of newsletter subscribers to stay on top of the news and at the top of your game. https://thenewstack.io/newsletter/
Valkey, a Redis fork supported by the Linux Foundation, challenges Redis' new license. In this episode, Madelyn Olson, a lead contributor to the Valkey project and former Redis core contributor, along with Ping Xie, Staff Software Engineer at Google and Dmitry Polyakovsky, Consulting Member of Technical Staff at Oracle highlights concerns about the shift to a more restrictive license at Open Source Summit 2024 in Seattle. Despite Redis' free license for end users, many contributors may not support it. Valkey, with significant industry backing, prioritizes continuity and a smooth transition for Redis users. AWS, along with Google and Oracle maintainers, emphasizes the importance of open, permissive licenses for large tech companies. Valkey plans incremental updates and module development in Rust to enhance functionality and attract more engineers. The focus remains on compatibility, continuity, and consolidating client behaviors for a robust ecosystem. Learn more from The New Stack about the Valkey Project and changes to Open Source licensingLinux Foundation Backs 'Valkey' Open Source Fork of Redis Redis Pulls Back on Open Source Licensing, Citing Stingy Cloud ServicesHashiCorp's Licensing Change is only the Latest Challenge to Open Source Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
When Weaveworks, known for pioneering "GitOps," shut down, concerns arose about the future of Flux, a critical open-source project. However, Puja Abbassi, Giant Swarm's VP of Product, reassured Alex Williams, Founder and Publisher of The New Stack at Open Source Summit in Paris that Flux's maintenance is secure in this episode of The New Makers podcast. Giant companies like Microsoft Azure and GitLab have pledged support. Giant Swarm, an avid Flux user, also contributes to its development, ensuring its vitality alongside related projects like infrastructure code plugins and UI improvements. Abbassi highlighted the importance of considering a project's sustainability and integration capabilities when choosing open-source tools. He noted Argo CD's advantage in UI, emphasizing that projects like Flux must evolve to meet user expectations and avoid being overshadowed. This underscores the crucial role of community support, diversity, and compatibility within the Cloud Native Computing Foundation's ecosystem for long-term tool adoption.Learn more from The New Stack about Flux: End of an Era: Weaveworks Closes Shop Amid Cloud Native Turbulence Why Flux Isn't Dying after WeaveworksJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
Frank Liu is the Director of Operations & ML Architect at Zilliz, where he serves as a maintainer for the Towhee open-source project. Jiang Chen is the Head of AI Platform and Ecosystem at Zilliz. Yujian Tang is a developer advocate at Zilliz. He has a background as a software engineer working on AutoML at Amazon. MLOps Coffee Sessions Special episode with Zilliz, Why Purpose-built Vector Databases Matter for Your Use Case, fueled by our Premium Brand Partner, Zilliz. Engineering deep-dive into the world of purpose-built databases optimized for vector data. In this live session, we explore why non-purpose-built databases fall short in handling vector data effectively and discuss real-world use cases demonstrating the transformative potential of purpose-built solutions. Whether you're a developer, data scientist, or database enthusiast, this virtual roundtable offers valuable insights into harnessing the full potential of vector data for your projects. // Bio Jiang Chen Frank Liu is Head of AI & ML at Zilliz, with over eight years of industry experience in machine learning and hardware engineering. Before joining Zilliz, Frank co-founded Orion Innovations, an IoT startup based in Shanghai, and worked as an ML Software Engineer at Yahoo in San Francisco. He presents at major industry events like the Open Source Summit and writes tech content for leading publications such as Towards Data Science and DZone. His passion for ML extends beyond the workplace; in his free time, he trains ML models and experiments with unique architectures. Frank holds MS and BS degrees in Electrical Engineering from Stanford University. Frank Liu Jiang Chen is the Head of AI Platform and Ecosystem at Zilliz. With years of experience in data infrastructures and information retrieval, Jiang previously served as a tech lead and product manager for Search Indexing at Google. Jiang holds a Master's degree in Computer Science from the University of Michigan, Ann Arbor. Yujian Tang Yujian Tang is a Developer Advocate at Zilliz. He has a background as a software engineer working on AutoML at Amazon. Yujian studied Computer Science, Statistics, and Neuroscience with research papers published to conferences including IEEE Big Data. He enjoys drinking bubble tea, spending time with family, and being near water. // MLOps Jobs board https://mlops.pallet.xyz/jobs // MLOps Swag/Merch https://mlops-community.myshopify.com/ // Related Links Website: https://zilliz.com/ Neural Priming for Sample-Efficient Adaptation: https://arxiv.org/abs/2306.10191LIMA: Less Is More for Alignment: https://arxiv.org/abs/2305.11206ColBERT: Efficient and Effective Passage Search via Contextualized Late Interaction over BERT: https://arxiv.org/abs/2004.12832 Milvus Vector Database by Zilliz: https://zilliz.com/what-is-milvus --------------- ✌️Connect With Us ✌️ ------------- Join our slack community: https://go.mlops.community/slack Follow us on Twitter: @mlopscommunity Sign up for the next meetup: https://go.mlops.community/register Catch all episodes, blogs, newsletters, and more: https://mlops.community/ Timestamps: [00:00] Demetrios' musical intro [04:36] Vector Databases vs. LLMs [07:51] Relevance Over Speed [12:55] Pipelines [16:19] Vector Databases Integration Benefits [26:42] Database Diversity Market [27:38] Milus vs. Pinecone [30:22] Vector DB for Training & Deployment [34:32] Future proof of AI applications [45:16] Data Size and Quality [48:53] ColBERT Model [54:25] Vector Data Consistency Best Practices [57:24] Wrap up
In this episode, I finish up my interviews from last year's Open Source Summit with two amazing interviews. First is Leszek Manicki, engineering manager at the Wikimedia Foundation Second is Jessica Tegner an advocate for diversity, inclusivity, and equity in open source
TNS host Alex Williams is joined by Florian Valeye, a data engineer at Back Market, to shed light on the evolving landscape of data engineering, particularly focusing on Delta Lake and his contributions to open source communities. As a member of the Delta Lake community, Valeye discusses the intersection of data warehouses and data lakes, emphasizing the need for a unified platform that breaks down traditional barriers.Delta Lake, initially created by Databricks and now under the Linux Foundation, aims to enhance reliability, performance, and quality in data lakes. Valeye explains how Delta Lake addresses the challenges posed by the separation of data warehouses and data lakes, emphasizing the importance of providing asset transactions, real-time processing, and scalable metadata.Valeye's involvement in Delta Lake began as a response to the challenges faced at Back Market, a global marketplace for refurbished devices. The platform manages large datasets, and Delta Lake proved to be a pivotal solution in optimizing ETL processes and facilitating communication between data scientists and data engineers.The conversation delves into Valeye's journey with Delta Lake, his introduction to Rust programming language, and his role as a maintainer in the Rust-based library for Delta Lake. Valeye emphasizes Rust's importance in providing a high-level API with reliability and efficiency, offering a balanced approach for developers.Looking ahead, Valeye envisions Delta Lake evolving beyond traditional data engineering, becoming a platform that seamlessly connects data scientists and engineers. He anticipates improvements in data storage optimization and envisions Delta Lake serving as a standard format for machine learning and AI applications.The conversation concludes with Valeye reflecting on his future contributions, expressing a passion for Rust programming and an eagerness to explore evolving projects in the open-source community. Learn more from The New Stack about Delta Lake and The Linux Foundation:Delta Lake: A Layer to Ensure Data QualityData in 2023: Revenge of the SQL NerdsWhat Do You Know about Your Linux System?
Liam Crilly, Senior Director of Product Management at NGINX, discussed the potential of WebAssembly (Wasm) during this recording at the Open Source Summit in Bilbao, Spain. With over three decades of experience, Crilly highlighted WebAssembly's promise of universal portability, allowing developers to build once and run anywhere across a network of devices.While Wasm is more mature on the client side in browsers, its deployment on the server side is less developed, lacking sufficient runtimes and toolchains. Crilly noted that WebAssembly acts as a powerful compiler target, enabling the generation of well-optimized instruction set code. Despite the need for a virtual machine, WebAssembly's abstraction layer eliminates hardware-specific concerns, providing near-native compute performance through additional layers of optimization.Learn more from The New Stack about WebAssembly and NGINX:WebAssembly Overview, News and TrendsWhy WebAssembly Will Disrupt the Operating SystemTrue Portability Is the Killer Use Case for WebAssembly4 Factors of a WebAssembly Native World
Jonathan Katz, a principal product manager at Amazon Web Services, discusses the evolution of PostgreSQL in an episode of The New Stack Makers. He notes that PostgreSQL's uses have expanded significantly since its inception and now cover a wide range of applications and workloads. Initially considered niche, it faced competition from both open-source and commercial relational database systems. Katz's involvement in the PostgreSQL community began as an app developer, and he later contributed by organizing events.PostgreSQL originated from academic research at the University of California at Berkeley in the mid-1980s, becoming an open-source project in 1994. In the mid-1990s, proprietary databases like Oracle, IBM DB2, and Microsoft SQL dominated the market, while open-source alternatives like MySQL, MariaDB, and SQLite emerged.PostgreSQL 16 introduces logical replication from standby servers, enhancing scalability by offloading work from the primary server. The meticulous design process within the PostgreSQL community leads to stable and reliable features. Katz mentions the development of Direct I/O as a long-term feature to reduce latency and improve data writing performance, although it will take several years to implement.Amazon Web Services has built Amazon RDS on PostgreSQL to simplify application development for developers. This managed service handles operational tasks such as deployment, backups, and monitoring, allowing developers to focus on their applications. Amazon RDS supports multiple PostgreSQL releases, making it easier for businesses to manage and maintain their databases.Learn more from The New Stack about PostgreSQL and AWS:PostgreSQL 16 Expands Analytics CapabilitiesPowertools for AWS Lambda Grows with Help of VolunteersHow Donating Open Source Code Can Advance Your Career
In her keynote address at the Linux Foundation's Open Source Summit Europe, Fatima Sarah Khalid emphasized that being an ally is more than just superficial gestures like wearing pronouns on badges or correctly pronouncing coworkers' names. True allyship involves taking meaningful actions to support and uplift individuals from underrepresented or marginalized backgrounds. This support is essential, not only in obvious ways but also in everyday interactions, which collectively create a more inclusive community.Open source communities typically lack diversity, with only a small percentage of women, non-binary contributors, and individuals from underrepresented backgrounds. Khalid stressed the importance of improving diversity and inclusion through various means, including using inclusive language, facilitating asynchronous communication to accommodate global contributors, and welcoming non-technical contributions such as documentation.Khalid also provided insights on making open source events more inclusive, like welcoming newcomers and marginalized groups, providing quiet spaces and enforcing a code of conduct, and partnering newcomers with mentors. Moreover, she highlighted GitLab's unique approach to allyship within the organization, including the Ally Lab, which pairs employees from different backgrounds to learn about and understand each other's experiences.To encourage the audience to embrace allyship, Khalid shared a set of commitments to keep in mind, such as educating oneself about the experiences of marginalized groups, speaking up against inappropriate behavior, using one's voice to amplify marginalized voices, donating to support such groups, and advocating for equity and justice through social networks and connections. She also shared real-life examples of allyship, illustrating how meaningful actions can create positive change in communities.Khalid's discussion with host Jennifer Riggins emphasizes the significance of meaningful, everyday actions to promote allyship in open source communities and organizations, ultimately contributing to a more diverse, inclusive, and equitable tech industry.Learn more from The New Stack about Open Source, Allyship, and GitLab:Embracing Open Source for Greater Business ImpactLeadership and Inclusion in the Open Source CommunityHow Implicit Bias Impacts Open Source Diversity and InclusionInvesting in the Next Generation of Tech Talent
Daniel Izquierdo is the Co-Founder and CEO at Bitergia, an open-source company that provides software development data and analytics. In this episode, we connect at the Open Source Summit in Bilbao to discuss how he went from working in academia to co-founding an open-source company. Throughout our conversation, Daniel shares interesting anecdotes on the unique journey he's taken to build Bitergia, including why they haven't focused on growing fast so much as they have focused on growing in a way that supports their employees and customers. He also shares insights into how to measure an open-source community, and the knowledge gaps that he sees in people who can't contextualize the data they're getting on their community. Daniel also walks us through the other open-source business models Bitergia tried before discovering what worked for them.Highlights: I introduce Daniel, who is the Co-Founder and CEO at Bitergia, as he joins me at the Open Source Summit in Bilbao (00:24) Daniel describes the work that he does at Bitergia (00:41) The story of why Daniel helped to co-found Bitergia during the finalizing of his PhD (01:38) How Daniel and his co-founders got by as they transitioned from academia to founding an open-source company, and what the first year of running Bitergia was like (03:28) Daniel explains how Bitergia makes money as an open-source company (06:04) The main types of customers that Bitergia works with (07:50) The metrics that Daniel feels are critical when measuring an open-source community (08:50) Daniel describes the knowledge gap he observes in clients who can't contextualize the data they get on their community (11:16) The story of how Bitergia tried other open-source business models before finding what worked for them (13:41) Why Daniel feels it is a disadvantage to have his company based in Spain (16:07) Daniel shares his growth philosophy for Bitergia (18:47) The challenges facing Daniel and his team at the moment (20:21) Daniel's advice to aspiring open-source founders (21:53) The most interesting mistake Daniel feels he made in building Bitergia (23:57) Daniel shares what he feels is the main difference between starting a company with and without an open-source component (25:33) Links:Daniel LinkedIn: https://www.linkedin.com/in/dicortazar/ Twitter: https://twitter.com/dizquierdo Company: https://bitergia.com/
In a recent conversation at the Open Source Summit in Bilbao, Spain, Gabriel Colombo, the General Manager of the Linux Foundation Europe and the Executive Director of the Fintech Open Source Foundation, discussed the potential impact of the Cyber Resilience Act (CRA) on the open source community. The conversation shed light on the challenges and opportunities that the CRA presents to open source and how individuals and organizations can respond.The conversation began by addressing the Cyber Resilience Act and its significance. Gabriel Colombo explained that while the Act is being touted as a measure to bolster cybersecurity and national security, it could have unintended consequences for the open source ecosystem, particularly in Europe. The Act, currently in the legislative process, aims to address cybersecurity concerns but could inadvertently hinder open source development and collaboration.Jim Zemlin, the Executive Director of the Linux Foundation, had previously mentioned the importance of forks in open source development, emphasizing that they are a healthy aspect of the ecosystem. However, Colombo pointed out that the CRA could create a sense of unease, as it might deter people and companies from participating in open source projects or using open source software due to potential legal liabilities.To grasp the implications of the CRA, Colombo explained some of the key provisions. The initial drafts of the Act proposed potential liability for individual developers, open source foundations, and package managers. This raised concerns about the open source supply chain's potential vulnerability and the distribution of liability.As the Act evolves, the liability landscape has shifted somewhat. Individual developers may not be held liable unless they consistently receive donations from commercial companies. However, for open source foundations, especially those accepting recurring donations from commercial entities, there remains a concern about potential liabilities and the need to conform to the CRA's requirements.Colombo emphasized that this issue isn't limited to Europe. It could impact the entire global open source ecosystem and affect the ability of European developers and small to medium-sized businesses to participate effectively.The conversation highlighted the challenges open source communities face when engaging with policymakers. Open source is not structured like traditional corporations or industry consortiums, making it more challenging to present a unified front. Additionally, the legislative process can be slow and complex, which may not align with the rapid pace of technology development.The lack of proactive engagement from the European Commission and the absence of open source communities in the initial consultations on the Act are concerning. The understanding of open source, its nuances, and the role it plays in the broader software supply chain appears limited within policy-making circles.What Can Be Done?Gabriel Colombo stressed the importance of awareness and education. It is vital for individuals, businesses, and open source foundations to understand the implications of the CRA. The Linux Foundation and other organizations have launched campaigns to provide information and resources to help stakeholders comprehend the Act's potential impact.Being vocal and advocating for open source within your network, organization, and through public affairs channels can also make a difference. Engagement with policymakers, especially as the Act progresses through the legislative process, is crucial. Colombo encouraged businesses to emphasize the significance of open source in their operations and supply chains, making policymakers aware of how the CRA might affect their activities.In the face of the Cyber Resilience Act, the open source community must unite and actively engage with policymakers. It's essential to educate and raise awareness about the potential impact of the Act and advocate for a balanced approach that strengthens cybersecurity without stifling open source innovation.The Act's development is ongoing, and there is time for stakeholders to make their voices heard. With a united effort, the open source community can help shape the legislation to ensure that open source remains vibrant and resilient in the face of evolving cybersecurity challenges.Learn more from The New Stack about open source and Linux Foundation Europe:At Open Source Summit: Introducing Linux Foundation EuropeMaking Europe's 'Romantic' Open Source World More PracticalEmbracing Open Source for Greater Business Impact
CHAOSScast – Episode 72 In this episode, our host, Matt Germonprez, is joined by Dawn Foster from the CHAOSS Community, Sophia Vargas from Google, and Gary White from Verizon. Today, they dive into the crucial topic of assessing the viability of open source projects for adoption within organizations. The discussion covers the intricacies of evaluating project viability, the challenges of project failure, and the necessity of continuous assessments. The panelists provide valuable insights on mitigating risks, leveraging metrics, and the importance of active engagement within open source communities. This episode offers a wealth of knowledge and practical advice for navigating the world of open source software. Download this episode now to hear more! [00:02:13] The discussion begins on the importance of assessing the viability of open source projects for adoption within organizations. Gary emphasizes the need to formalize the assessment of open source project viability beyond just technical metrics, Sophia stresses the importance of rigor in evaluating open source tools due to the lower barrier to adoption, and Dawn points out the importance of context, where the viability assessment depends on how the project is used within the organization. [00:06:32] The conversation shifts to when an open source project fails or changes significantly within an organization. Dawn discusses the challenges and uncertainty companies face when an open source project becomes unusable due to license changes or discontinuation, Sophia highlights the complexities and burdens of change management when a project fails, and Gary mentions the negative impact on morale and the time-consuming nature of dealing with project failures. [00:10:55] Sophia discusses the challenges in communication between project leaders and end users, particularly when projects are consumed through third-party package managers. Gary highlights the challenge of getting project leaders and developers motivated to assess project viability and the need for data-driven metrics to facilitate communication between leadership and implementation teams. [00:13:09] Dawn stresses the importance of continuous assessments of open source project viability rather than treating it as a one-time task. [00:14:06] How do we assess if a project is good? Dawn discusses her historical approach to assessing open source projects, which included manual assessments. [00:16:31] Gary emphasizes the common practice of engineers making quick project choices without thorough assessments due to the ease of finding solutions online. [00:19:41] Sophia highlights the importance of considering how a project is used within the organization and the strategic implications of choosing open source projects, especially in large organizations. [00:21:50] Matt asks about monitoring and mitigating risks when using open source projects that may not be ideal from a viability perspective but are popular. Dawn acknowledges that project viability is not binary and can vary in terms of risk, suggesting that contributing to open source projects can mitigate risks. [00:22:56] Gary emphasizes the importance of becoming engaged and active members of open source communities to gain insight into project changes and mitigate potential risks. [00 24:15] Sophia highlights the role of metrics and monitoring in risk mitigation, mentioning that tracking certain information may not be easy but it is crucial. Dawn notes the lack of ongoing viability monitoring and suggests the need for more sophisticated approaches. [00:26:37] Gary agrees that monitoring is essential and mentions a metric called “lib year” to track the age of dependencies as an example of monitoring for open source projects, and he discusses the importance of automated recommendations within software scanning tools to help users make informed decisions about dependencies. [00:28:27] Sophia addresses the challenge of scale when dealing with many open source projects, emphasizing the need to adapt monitoring and risk mitigation approaches based on the organization's portfolio size. Value Adds (Picks) of the week: [00:30:15] Matt's pick is running in the dark on cool mornings. [00:30:33] Dawn's pick is hanging out with people when she was at the Open Source Summit in Bilbao, Spain. [00:31:03] Sophia's pick is joining an orchestra a few months ago. [00:31:41] Gary's pick is having pumpkin spice back in his life. *Panelists: * Matt Germonprez Dawn Foster Sophia Vargas Gary White Links: CHAOSS (https://chaoss.community/) CHAOSS Project Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Ford Foundation (https://www.fordfoundation.org/) Georg Link Twitter (https://twitter.com/georglink) Matt Germonprez Twitter (https://twitter.com/germ) Dawn Foster Twitter (https://twitter.com/geekygirldawn?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Sophia Vargas Twitter (https://twitter.com/Sophia_IV) Gary White LinkedIn (https://www.linkedin.com/in/garywhitejr/?challengeId=AQEv--5HftMoBgAAAYsXL2iHfaGnQ2ZuiHoIWXTS2djLR7Egg5bea7ssesyMpR4iE0_FlSm1xuIdrRJtT9Ud3Zz2BA5RPxnaBw&submissionId=9ed5100e-879a-8c17-6615-47f9a29dcf7e&challengeSource=AgHoxRBJLKZQOgAAAYsXL6FZfLKYtxYqjuxY6Vbrgh72b_WOMwkPWsgzm3nPpY4&challegeType=AgHJBLfWjTFXCwAAAYsXL6FcCbRSfBcK6kmhaXgmTaeZZBINfv1FiwQ&memberId=AgE94SgXMMqCywAAAYsXL6FgFfWaBdkGJu0tvP9y7Vb0B8c&recognizeDevice=AgFqtB9A-OoPbAAAAYsXL6FjqkzACctkmLucd27uj2tOYXe6XdFl) libyear (https://libyear.com/#:~:text=A%20simple%20measure%20of%20software,to%2Ddate%20your%20dependencies%20are.) OSS Project Viability Metrics Models: OSS Project Viability: Community (https://chaoss.community/?p=5403) OSS Project Viability: Compliance + Security (https://chaoss.community/?p=5407) OSS Project Viability: Governance (https://chaoss.community/?p=5411) OSS Project Viability: Strategy (https://chaoss.community/?p=5416) Special Guest: Gary White.
Leszek Manicki is the Engineering Manager at Wikimedia Germany. In this episode, we connect at the Open Source Summit in Bilbao to discuss what he has learned being a part of Wikimedia movement and how that inspired his talk at the summit, How Not To Make Open Source. Throughout our conversation, Leszek describes the challenges Wikimedia has experienced in trying to get more contributors to their projects while also having a high security standard and a complex architecture. He also describes what he has learned from these challenges, and gives recommendations for other organizations to consider as they look to get more contributors to their own projects. Leszek also shares his experience representing a non-profit organization that seeks to offer free knowledge at an event that features more commercialized open-source offerings, and how he hopes this will bring about a positive socio-economic change.Highlights: I introduce Leszek, who is the Engineering Manager at Wikimedia Germany as he joins me at the Open Source Summit in Bilbao (00:23) Leszek describes his role at Wikimedia movement and what brings him to the Open Source Summit as a speaker (00:39) The number one thing that Leszek believes open-source organizations shouldn't do (03:41) How Wikimedia has attempted to get more external contributors to their projects and what they learned from their successes and failures there (07:17) Leszek describes the relationship between the creation of knowledge and the creation of software in the Wikimedia organization (12:57) How Leszek and his team are increasing collaboration with external sources to build software (15:43) Why Leszek advocates for simple architecture when you're building a project that will seek external contributors (17:38) The inherent value that Leszek sees in having a community of contributors on a project (18:52) Leszek reflects on his experience attending the Open Source Summit and his hopes for the future (20:20) Links:Leszek LinkedIn: https://www.linkedin.com/in/leszek-manicki Company: https://www.wikimedia.org/
Kim McMahon is the leader of Open Source Marketing & Community at Outshift by Cisco, which is Cisco's emerging technologies and innovation unit. We recorded this episode at Open Source Summit EU, and talked about Kim's strategies and tactics related to helping guide users to the correct edition of your product — ie, decide whether the open source option or a commercial option is best for them.Kim talked about the tricky balance open-source companies must strike between embracing open-source principles and driving revenue as a business, Kim's tactics for community building and why it's so important to be clear on why you want to build a community and the outcomes you expect from your investment in community building. Highlights: I introduce Kim, who is the leader of Open Source Marketing & Community at Outshift by Cisco, as she joins me at the Open Source Summit EU in Bilbao (00:25) Kim gives an overview of the talk she is giving at the Open Source Summit, which is on the topic of self-identifying when to shift to a managed version of open-source products (01:35) Kim and I discuss the different personas of open-source software users, and the role that product-led growth plays for open-source companies (03:07) Why Kim feels it's critical to not treat your community as a sales database but rather to provide educational content to drive sales of open-source products (09:10) Kim and I discuss the challenges of marketing an open-source project and whether positioning truly falls under marketing (10:49) How Kim created a feedback loop on her team between sales, marketing, and product to ensure alignment when bringing open-source products to market (13:31) Kim walks through her thought process for community building from scratch (17:23) How Kim evaluates if a community-building strategy is working or not (24:34) What Kim learned about being a part of a community by being a member of a food co-op (28:09) Where to connect with Kim and learn more about her work (34:44) Links:Kim LinkedIn: https://www.linkedin.com/in/kimmcmahonco/ Twitter: https://twitter.com/kamcmahon Company: https://eti.cisco.com/
Angel Diaz, Vice President of Technology, Capabilities, and Innovation at Discover Financial Services, spoke with TNS Host Alex Williams at the Open Source Summit in Vancouver, BC. Diaz emphasizes the importance of learning and collaboration among software engineers. He leads The Discover Technology Academy, a community of 15,000 engineers, which he describes as a place where craftsmen come together rather than an ivory tower institution.Developers and engineers at Discover define and develop processes for software development. They start their journey by contributing atomic elements of knowledge, such as articles, blogs, videos, and tutorials, and then democratize that knowledge. Open source principles, communities, guilds, and established practices play a vital role in their work and discovery process.Discover's developer experience revolves around the concept of the golden path, which goes beyond consuming content and includes aspects like code, automation, and setting up development environments. Pair programming and a cultural approach to learning are also incorporated into Discover's talent system.Diaz highlights that Discover's work extends beyond their financial services company, as they share their knowledge and open source work with the external community through platforms like technology.discovered.com. This enables engineers to gain merit badges, such as maintainers or contributors, and showcase their expertise on professional platforms like LinkedIn.Learn more at thenewstack.ioThe Future of Developer CareersPlatform Engineer vs Software EngineerHow Donating Open Source Code Can Advance Your Career
The Linux Foundation's Open Source Security Foundation (OSSF) is addressing the challenge of timely software component updates to prevent security vulnerabilities like Log4J. In an interview with Alex Williams of The New Stack at the Open Source Summit in Vancouver, Omkhar Arasaratnam, the new general manager of OSSF, and Brian Behlendorf, CTO of OSSF, discuss the importance of making software secure from the start and the need for rapid response when vulnerabilities occur. In this conversation, they highlight the significance of Software Bill of Materials (SBOMs), which provide a complete list of software components and supply chain relationships. SBOMs offer data that can aid decision-making and enable reputation tracking of repositories. The interview also touches on the issues with package managers and the quantification of software vulnerability risks. Overall, the goal is to improve the efficiency and effectiveness of software component updates and leverage data to enhance security in enterprise and production environments.Learn more from The New Stack:Creating a 'Minimum Elements' SBOM Document in 5 MinutesEnhance Your SBOM Success with SLSA
Josh and Kurt talk about the Open Source Summit in Vancouver. Josh was there and we pick on two observations. Firstly that security keeps trying to use fear as a feature, except it doesn't work. Secondly we discuss AI and how people are talking about it. It is changing things, how much is yet to be seen. Show Notes SLSA FRSCA S2C2F MSI leak Intel microcode Tom Scott AI Video
theCUBE hosts John Furrier and Rob Strechay kickoff our coverage of Open Source Summit NA 2023 in Vancouver, Canada.
DUBLIN — Europe's open source contributors, according to The Linux Foundation's first-ever survey of them released in September, are driven more by idealism than their American counterparts. The data showed that social reasons for contributing to open source projects were more often cited by Europeans than by Americans, who were more likely to say they participate in open source for professional advancement. A big part of Gabriele (Gab) Columbro's mission as the general manager of the new Linux Foundation Europe, will be to marry Europe's "romantic" view of open source to greater commercial opportunities, Columbro told The New Stack's Makers podcast. The On the Road episode of Makers, recorded in Dublin at Open Source Summit Europe, was hosted by Heather Joslyn, TNS's features editor. Columbro, a native of Italy who also heads FINOS, the fintech open source foundation. recalled his own roots as an individual contributor to the Apache project, and cited what he called "a very grassroots, passion, romantic aspect of open source" in Europe By contrast, he noted, "there is definitely a much stronger commercial ecosystem in the United States. But the reality is that those two, you know, natures of open source are not alternatives." Columbro said he sees advantages in both the idealistic and the practical aspects of open source, along with the notion in the European Union and other countries in the region that the Internet and the software that supports it have value as shared resources. "I'm really all about marrying sort of these three natures of open source: the individual-slash-romantic nature, the commercial dynamics, and the public sector sort of collective value," he said.A 'Springboard' for Regional ProjectsEurope sits thousands of miles away from the headquarters of the FAANG tech behemoths — Facebook, Apple, Amazon, Netflix and Google. (Columbro, in fact, is still based in Silicon Valley, though he says he plans to return to Europe at some point.) For individual developers, he said, Linux Foundation Europe will help give regional projects increased visibility and greater access to potential contributors. Contributing a project to Linux Foundation Europe, he said, is "a powerful way to potentially supercharge your project." He added, "I think any developer should consider this as a potential springboard platform for the technology, not just to be visible in Europe, but then hopefully, beyond." The European organization's first major project, the OpenWallet Foundation, will aim to help create a template for developers to build digital wallets. "I find it very aligned with not only the vision of the Linux Foundation that is about not only creating successful open source projects but defining new markets and new commercial ecosystems around these open source projects." It's also, Columbro added, "very much aligned with the sort of vision of Europe of creating a digital commons, based on open source whereby they can achieve a sort of digital independence."Europe's Turmoil Could Spark InnovationAs geopolitical and economic turmoil roils several nations in Europe, Columbro suggested that open source could see a boom if the region's companies start cutting costs. He places his hopes on open source collaboration to help reconcile some differences. "Certainly I do believe that open source has the potential to bring parties together, " Columbro said. Also, he noted, "generally we see open source and investment in open source to be counter-cyclical with the trends of investments in proprietary software. ... in other words, when there is more pressure, and when there is more pressure to reduce costs, or to, you know, reduce the workforce. "That's when people are forced to look more seriously about ways to actually collaborate while still maintaining throughput and efficiency. And I think open source is the prime way to do so. Listen to this On the Road episode of Makers to learn more about Linux Foundation Europe.
Amazon Web Services would not be what it is today without open source. "I think it starts with sustainability," said David Nalley, head of open source and marketing at AWS in an interview at the Open Source Summit in Dublin for The New Stack Makers. "And this really goes back to the origin of Amazon Web Services. AWS would not be what it is today without open source." Long-term support for open source is one of three pillars of the organization's open source strategy. AWS builds and innovates on top of open source and will maintain that approach for its innovation, customers, and the larger digital economy. "And that means that there's a long history of us benefiting from open source and investing in open source," Nalley said. "But ultimately, we're here for the long haul. We're going to continue making investments. We're going to increase our investments in open source." Customers' interest in open source is the second pillar of the AWS open source strategy. "We feel like we have to make investments on behalf of our customers," Nally said. "But the reality is our customers are choosing open source to run their workloads on." [sponsor_note slug="amazon-web-services-aws" ][/sponsor_note] The third pillar focuses on advocating for open source in the larger digital economy. Notable is how much AWS's presence in the market played a part in Paul Vixie's decision to join the company. Vixie, an Internet pioneer, is now vice president of security and an AWS distinguished engineer who was also interviewed for the New Stack Makers podcast at the Open Source Summit. Nalley has his recognizable importance in the community. Nalley is the president of the Apache Software Foundation, one of the world's most essential open source foundations. The importance of its three-pillar strategy shows in many of the projects that AWS supports. AWS recently donated $10 million to the Open Source Software Supply Chain Foundation, part of the Linux Foundation. AWS is a significant supporter of the Rust Foundation, which supports the Rust programming language and ecosystem. It puts a particular focus on maintainers that govern the project. Last month, Facebook unveiled the PyTorch Foundation that the Linux Foundation will manage. AWS is on the governing board.
Paul Vixie grew up in San Francisco. He dropped out of high school in 1980. He worked on the first Internet gateways at DEC and, from there, started the Internet Software Consortium (ISC), establishing Internet protocols, particularly the Domain Name System (DNS). Today, Vixie is one of the few dozen in the technology world with the title "distinguished engineer," working at Amazon Web Services as vice president of security, where he believes he can make the Internet a more safe place. As safe as before the Internet emerged. "I am worried about how much less safe we all are in the Internet era than we were before," Vixie said in an interview at the Open Source Summit in Dublin earlier this month for The New Stack Makers podcast. "And everything is connected, and very little is understood. And so, my mission for the last 20 years has been to restore human safety to pre-internet levels. And doing that at scale is quite the challenge. It'll take me a lifetime." So why join AWS? He spent decades establishing the ISC. He started a company called Farsight, which came out of ISC. He sold Farsight in November of last year when conversations began with AWS. Vixie thought about his mission to better restore human safety to pre-internet levels when AWS asked a question that changed the conversation and led him to his new role. "They asked me, what is now in retrospect, an obvious question, 'AWS hosts, probably the largest share of the digital economy that you're trying to protect," Vixie said. "Don't you think you can complete your mission by working to help secure AWS?' "The answer is yes. In fact, I feel like I'm going to get more traction now that I can focus on strategy and technology and not also operate a company on the side. And so it was a very good win for me, and I hope for them." Interviewing Vixie is such an honor. It's people like Paul who made so much possible for anyone who uses the Internet. Just think of that for a minute -- anyone who uses the Internet have people like Paul to thank. Thanks Paul -- you are a hero to many. Here's to your next run at AWS.
The whole world uses open source, but as we've learned from the Log4j debacle, “free” software isn't really free. Organizations and their customers pay for it when projects aren't frequently updated and maintained. How can we support open source project maintainers — and how can we decide which projects are worth the time and effort to maintain? “A lot of people pick up open source projects, and use them in their products and in their companies without really thinking about whether or not that project is likely to be successful over the long term,” Dawn Foster, director of open source community strategy at VMware's open source program office (OSPO), told The New Stack's audience during this On the Road edition of The New Stack's Makers podcast. In this conversation recorded at Open Source Summit Europe in Dublin, Ireland, Foster elaborated on the human cost of keeping open source software maintained, improved and secure — and how such projects can be sustained over the long term. The conversation, sponsored by Amazon Web Services, was hosted by Heather Joslyn, features editor at The New Stack. Assessing Project Health: the ‘Lottery Factor' One of the first ways to evaluate the health of an open source project, Foster said, is the “lottery factor”: “It's basically if one of your key maintainers for a project won the lottery, retired on a beach tomorrow, could the project continue to be successful?” “And if you have enough maintainers and you have the work spread out over enough people, then yes. But if you're a single maintainer project and that maintainer retires, there might not be anybody left to pick it up.” Foster is on the governing board for an project called Community Health Analytics Open Source Software — CHAOSS, to its friends — that aims to provide some reliable metrics to judge the health of an open source initiative. The metrics CHAOSS is developing, she said, “help you understand where your project is healthy and where it isn't, so that you can decide what changes you need to make within your project to make it better.” CHAOSS uses tooling like Augur and GrimoireLab to help get notifications and analytics on project health. And it's friendly to newcomers, Foster said. “We spend...a lot of time just defining metrics, which means working in a Google Doc and thinking about all of the different ways you might possibly measure something — something like, are you getting a diverse set of contributors into your project from different organizations, for example.” Paying Maintainers, Onboarding Newbies It's important to pay open source maintainers in order to help sustain projects, she said. “The people that are being paid to do it are going to have a lot more time to devote to these open source projects. So they're going to tend to be a little bit more reliable just because they're they're going to have a certain amount of time that's devoted to contributing to these projects.” Not only does paying people help keep vital projects going, but it also helps increase the diversity of contributors, “because you by paying people salaries to do this work in open source, you get people who wouldn't naturally have time to do that. “So in a lot of cases, this is women who have extra childcare responsibilities. This is people from underrepresented backgrounds who have other commitments outside of work,” Foster said. “But by allowing them to do that within their work time, you not only get healthier, longer sustaining open source projects, you get more diverse contributions.” The community can also help bring in new contributors by providing solid documentation and easy onboarding for newcomers, she said. “If people don't know how to build your software, or how to get a development environment up and running, they're not going to be able to contribute to the project.” And showing people how to contribute properly can help alleviate the issue of burnout for project maintainers, Foster said: “Any random person can file issues and bug maintainers all day, in ways that are not productive. And, you know, we end up with maintainer burnout...because we just don't have enough maintainers," said Foster. “Getting new people into these projects and participating in ways that are eventually reducing the load on these horribly overworked maintainers is a good thing.” Listen or watch this episode to learn more about maintaining open source sustainability.
Ricardo Mendoza, founder and CEO of Pantacor, joins me for a chat at the Open Source Summit in Austin. Ricardo shares why he started Pantacor and describes the differences between IoT, edge, connected, and embedded devices. I ask him how Pantacor fits into the edge continuum, and he explains how Pantacor helps bring embedded devices into the future. Ricardo talks about the open source arm of Pantacor's strategy, we discuss Pantacor's unique interest in hardware versus primarily dealing with software, and Ricardo wraps up by sharing his advice for aspiring business owners! Highlights: Why Ricardo started Pantacor (1:19) Difference between IOT edge devices, connected devices, and embedded devices (2:17) How Pantacor fits into the edge continuum (4:49) Why are embedded systems lagging behind and how does that manifest? (6:22) How open source is part of Pantacor's strategy (9:40) How aware are manufacturers of their operating systems and how Pantacor could help them? (13:35) Pantacor's relationship with hardware (16:45) What was the inspiration for the founding of Pantacor? (20:11) The difference between cloud developers and their relationship with open source versus the relationship between embedded devices and open source (22:46) Is there a disadvantage to being based in Europe? (24:51) Advice for someone who wants to start a company or work with embedded devices (26:28) Links:Pantacor https://pantacor.com/ https://pantavisor.io/ Twitter: @pantahub
Live from the Open Source Summit in Austin, I sit down with Jeff Shapiro, the License Scanning Manager for the Linux Foundation. Jeff begins by explaining what he does at the Linux Foundation, including ensuring that open source licenses are compatible and compliant. We discuss what license issues start-ups should be aware of, how to educate yourself on open source licensing, and when you should consult an expert. Jeff clarifies some confusion around dual licenses and explains the challenges of changing licenses on an open source project. Finally, we discuss the possibilities of disallowing specific uses through licensing and who can write a license. Highlights: Jeff talks about the legal and business risks of non-compliant open source licenses (3:09) License issues start-ups should be aware of (7:16) DCO (Developer certificate of origin) and understanding where code comes from (12:10) Educating yourself and others about open source licenses (13:04) Jeff talks about when you need to consult an expert (15:36) Jeff explains how he got into licensing as an engineer (17:23) Jeff discusses dual licenses (18:18) How hard is it to change licenses on an open source project (20:23) Jeff explains if it's possible to disallow specific uses with your license (23:39) Links:Jeff LinkedIn: https://www.linkedin.com/in/jeffcshapiro/ Company: https://www.linuxfoundation.org/
In this episode of The New Stack's On the Road show at Open Source Summit in Austin, Webb Brown, CEO and co-founder of KubeCost, talked with The New Stack about opening up the black box on how much Kubernetes is really costing. Whether we're talking about cloud costs in general or the costs specifically associated with Kubernetes, the problem teams complain about is lack of visibility. This is a cliche complaint about AWS, but it gets even more complicated once Kubernetes enters the picture. “Now everything's distributed, everything's shared,” Brown said. “It becomes much harder to understand and break down these costs. And things just tend to be way more dynamic.” The ability of pods to spin up and down is a key advantage of Kubernetes and brings resilience, but it also makes it harder to understand how much it costs to run a specific feature. And costs aren't just about money, either. Even with unlimited money, looking at cost information can provide important information about performance issues, reliability or availability. “Our founding team was at Google working on infrastructure monitoring, we view costs as a really important part of this equation, but only one part of the equation, which is you're really looking at the relationship between performance and cost,” Brown said. “Even with unlimited budged, you would still care about resourcing and configuration, because it can really impact reliability and availability of your services.”
In this episode of The New Stack's On the Road show at Open Source Summit in Austin, Amanda Brock, CEO and founder of OpenUK, talked with The New Stack about revenue models for open source and how those fit into building a sustainable project.Funding an open source project has to be part of the sustainability question — open source requires humans to contribute, and those humans have bills to pay and risk burnout if the open source project is a side gig after their full time job. That's not the only expenses a project might accrue, either — there might be cloud costs, for example. Brock says there are essentially eight categories of funding models for open source, of which really two or three have been proven successful. They are support, subscription and open core.So how do we define open core, exactly? “You get different kinds of open core businesses, one that is driven very much by the needs of the company, and one that is driven by the needs of the open source project and community,” Brock said. In other words, sometimes the project exists to drive revenue, sometime the revenue exists to support the project — a subtle distinction, but it's easy to see how one or the other orientation could change a company's relationship with open source.Are both types really open source? For Brock, it all comes down to community. “It's the companies that have proper community that are really open source to me,” she said. “That's where you've got a proper project with a real community, the community is not entirely based off of your employees.”
In this episode of The New Stack's On the Road show at Open Source Summit in Austin, Julia Ferraioli, open source technical leader at Cisco's open source programs office, spoke with The New Stack about some alternative ways to define what is and is not ‘open source.' When someone says, well, that's ‘technically' open source, it's usually to be snarky about a project that meets the legal criteria to be open source, but doesn't follow the spirit of open source. Ferraioli doesn't think that the ‘classic' open source project, like a Kubernetes or Linux, are the only valid models for open source. She gives the sample of a research project — the code might be open sourced specifically so that others can see the code and reproduce the results themselves. However, for the research to remain valid, they it can't accept any contributions.“It's no less open source than others,” Ferraioli said about the hypothetical research project. “If you break things down by purpose, it's not always that you're trying to build the robust community.” The social model of open source, Ferraioli says, is about understanding the different use cases for open source, as well as providing a framework for determining what appropriate success metrics could be depending on what the project's motivations are. And if you're just doing a project with friends for laughs, well, quantifying fun isn't going to be easy.
In this episode of The New Stack's On the Road show at Open Source Summit in Austin, Matt Yonkovit, Head of Open Source at Percona, shared his thoughts on how economic uncertainty could affect the open source ecosystem. Open source, of course, is free. So what role does the economic play in whether or not open source software is contributed to, downloaded and used in production? “Generally, open source is considered a bit recession proof,” Yonkovit said. But that doesn't mean that things won't change. Over the past several years, the number of open source companies has increased dramatically, and the amount of funding sloshing around in the ecosystem has been huge. That might change. And if the funding situation does change? “I think the big differentiator for a lot of people in the open source space is going to be the communities,” Yonkovit said. When we talk about having ‘backing,' it's usually in reference to financial investors, but in open source the backing of a community is just as important. In the absence of deep pockets, a community of people who believe in the project can help it survive — and show that the idea is really solid. If you look back at the history of open source, Yonkovit said, it's about people having an idea that inspires other people to contribute to make it a reality. Sometimes those ideas aren't commercially viable, even in the best of times — even if they do get widespread adoption. The only thing that's changing now is that financial investors are going to be a bit more picky in making sure the projects they fund aren't just inspirational ideas, but also are commercially viable.
Bonjour à tous et bienvenue dans le ZDTech, le podcast quotidien de la rédaction de ZDNet. Je m'appelle Guillaume Serries, et aujourd'hui je vous explique pourquoi le langage de programmation Rust, rouille en anglais, pourrait rapidement intégrer le noyau du système d'exploitation Linux. Linus Torvalds, le créateur de Linux, aimerait voir le langage de programmation Rust intégré au noyau du système d'exploitation lors de la prochaine version majeure. Mais ce n'est pas tout à fait gagné. Car cet atterrissage du langage de programmation Rust sur Linux serait tout bonnement révolutionnaire. Depuis plus de trois décennies, Linux est écrit à l'aide du langage de programmation C. Linux est même certainement la réalisation logicielle la plus remarquable écrite en langage C. Mais ces dernières années, de plus en plus de développeurs utilisent le langage de développement Rust pour faire évoluer Linux. Au point que Rust est désormais le deuxième langage de Linux. "J'aimerais que la fusion avec Rust soit lancée dans la prochaine version, mais nous verrons" a confié a ZDNet le père de Linux à l'occasion du tout récent Open Source Summit qui vient de se tenir à Austin, au Texas. Il faut dire que le calendrier est serré. Linus Torvalds et les autres mainteneurs du noyau Linux sont actuellement en train de travailler sur la version Linux 5.19, qui doit être mise à disposition des utilisateurs au début du mois d'août. Et le délai moyen entre les nouvelles versions du noyau principal est de 9 à 10 semaines. Donc Rust pourrait être intégré au noyau dans sa version 5.20, qui devrait arriver fin octobre ou début novembre 2022. Alors à ce moment du podcast vous vous dites, "ok, mais pourquoi est-il si important de passer de C à Rust ?" Et bien le langage de programmation Rust, proposé par Mozilla depuis 2010, se prête plus facilement à l'écriture de logiciels sécurisés. Et par ailleurs, ses performances sont comparables à celles de C en ce qui concerne la vitesse d'exécution. Pour Samartha Chandrashekar, chef de produit AWS, Rust "permet d'assurer la sécurité des threads et d'éviter les erreurs liées à la mémoire, comme les débordements de tampon qui peuvent conduire à des failles de sécurité." Et cet avis semble partagé par un nombre important de développeurs, dont Linus Torvalds. Mais ce qui est clair d'ors et déjà, c'est que personne ne va réécrire la totalité des quelques 30 millions de lignes du noyau Linux en Rust. Seules les évolutions du noyau sont concernées par cette évolution de langage de programmation. Et ces évolutions sont l'utilisation des API existantes dans le noyau, le support de l'architecture et la compatibilité de l'interface binaire d'application entre Rust et C. Donc, si tout se passe bien, vous pouvez vous attendre à voir du Rust dans le noyau Linux avant la fin de l'année. Ensuite, il commencera à apparaître dans les principales distributions Linux telles que Debian, Ubuntu, SUSE Linux Enterprise Server et Red Hat Enterprise Linux, d'ici 2023.
AUSTIN, TEX. —Everyone uses open source software — and it's become increasingly apparent that not nearly enough attention has been paid to the security of that software. In a survey released by The Linux Foundation and Synk at the foundation's Open Source Summit in Austin, Tex., this month, 41% of organizations said they aren't confident in the security of the open source software they use. At the Austin event, The New Stack's Makers podcast sat down with Brian Behlendorf, general manager of Open Source Security Foundation (OpenSSF), to talk about a new plan to attack the problem from multiple angles. He was interviewed for this On the Road edition of Makers by Heather Joslyn, features editor at The New Stack. Behlendorf, who has led OpenSSF since October and serves on the boards of the Electronic Frontier Foundation and Mozilla Foundation, cited the discovery of the Log4j vulnerabilities late in 2021, and other recent security “earthquakes” as a key turning points.“I think the software industry this year really woke up to not only the fact these earthquakes were happening,” he said, “and how it's getting more and more expensive to recover from them.” The Open Source Security Mobilization Plan sprung from an open source security summit in May. It identifies 10 areas that will be targeted for attention, according to the report published by OpenSSF and the Linux Foundation: Security education.Risk assessment.Digital signatures, such as though the open source Sigstore project.Memory safety.Incident response.Better scanning.Code audits.Data sharing.Improved software supply chains.Software bills of material (SBOMs) everywhere. The price tag for these initiatives over the initial two years is expected to total $150 million, Behlendorf told our Makers audience. The plan was sparked by queries from the White House about the various initiatives underway to improve open source software security — what they would cost, and the time frame the solution-builders had in mind. “We couldn't really answer that without being able to say, well, what would it take if we were to invest?” Behlendorf said. “Because most of the time we sit there, we wait for folks to show up and hope for the best.” The ultimate price tag, he said, was much lower than he expected it would be. Various member organizations within OpenSSF, he said, have pledged funding. “The 150 was really an estimate. And these plans are still being refined,” Behlendorf said. But by stating specific steps and their costs, he feels confident that interested parties will feel confident when it comes time to make good on those pledges. Listen to the podcast to get more details about the Open Source Security Mobilization Plan.
On this episode of This Week in Linux: Linus Torvalds Fireside Chat at Open Source Summit, Manjaro Linux 21.3.0, Steam Summer Sale, Help Shape the Future of KDE, Flameshot 12.0, Dooit Terminal Task / To-do Manager, FidelityFX Super Resolution (FSR) 2.0 Open Sourced by AMD, NoiseTorch 0.12.2, Zoom Now Supports Screensharing On Wayland, all that […]
SHOW NOTES ►► https://tuxdigital.com/podcasts/this-week-in-linux/twil-203/
Some highlights from Linus' recent fireside chat, Qt gets a new leader and a Linux botnet we should probably take seriously.
Some highlights from Linus' recent fireside chat, Qt gets a new leader and a Linux botnet we should probably take seriously.
The first time Patrick Debois came into contact with Open Source was in the early stages of development of the Linux kernel, compiling it on floppies on his 486 machine. To tell you how long ago that was, the Intel 486 was introduced in 1989, It was the first chip in the line to include a built-in math coprocessor. Patrick was an early adopter of computers, but one thing he missed was a community. In those days he had to copy software over electronic bulletin board systems. But with the Linux kernel, he found it amazing that you could just get it on a cd-rom and pass it around to friends. From the Linux Foundation office in New York City, this is “The Untold Stories of Open Source”. Each week we choose an open source project or a person behind a popular open source initiative, to uncover the untold stories and details about major open source initiatives. If you work with open source, and you do whether you know it or not, you're in the right place. Mentioned in this episode: Pre-Roll - OpenSSF Day 2022 - Jennifer Bly Support for The Untold Stories of Open Source comes from the OpenSSF Project. Don't miss the first ever OpenSSF Day at Open Source Summit on June 20th in Austin. OpenSSF Day is included with your Open Source Summit registration. Reserve your spot at events.linux foundation.org.
Brian Behlendorf came from a science and technology background. In fact, his parents met at IBM where his father was a Cobol programmer. During the 1980s, Brian was comfortable in front of a TRS 80 and a PC junior doing basic programming and term reports. He quickly found his way onto Usenet and participation on mailing lists around the band REM or the record label 4AD. This eventually turned into a dedicated mailing list focused on the rave scene in San Francisco. Through setting up the mailing list, he stood up an FTP server with DJ sets, which eventually became a gopher server, which eventually became a a web server that was dedicated to electronic music and the electronic music scene in the Bay Area. This was a time when you would only hear electronic music at certain events and not on the radio. Brian continued to go to school at UC Berkeley occasionally, but in January 1993, something else caught his attention. The first issue of https://www.wired.com/ (Wired Magazine) was published. From the Linux Foundation offices in New York City, this is The Untold Stories of Open Source. Each week in our podcast project on GitHub, we uncover the history and people behind the open source projects that are the foundation of technological innovation. If you work with open source, and you do whether you know it or not, you're in the right place. Mentioned in this episode: Pre-Roll - OpenSSF Day 2022 - Jennifer Bly Support for The Untold Stories of Open Source comes from the OpenSSF Project. Don't miss the first ever OpenSSF Day at Open Source Summit on June 20th in Austin. OpenSSF Day is included with your Open Source Summit registration. Reserve your spot at events.linux foundation.org.
Why Linus believes keeping Linux fun is critical, the massive investment Fedora is about to make in video, and why we suspect Cloudflare's R2 service will make Amazon squirm. Plus a low key update to the Raspberry Pi 4, and the changes in the new Docker Compose 2.0.
Why Linus believes keeping Linux fun is critical, the massive investment Fedora is about to make in video, and why we suspect Cloudflare's R2 service will make Amazon squirm. Plus a low key update to the Raspberry Pi 4, and the changes in the new Docker Compose 2.0.
Why Linus believes keeping Linux fun is critical, the massive investment Fedora is about to make in video, and why we suspect Cloudflare's R2 service will make Amazon squirm. Plus a low key update to the Raspberry Pi 4, and the changes in the new Docker Compose 2.0.
Hablamos sobre los temas mas interesantes que se expusieron en el Open Source Summit del pasado verano
In verschiedenen Episoden haben wir über das Matrix-Protokoll gesprochen. Wie wir darauf gekommen sind und wie wir es heute als Chat- und Gruppen-Lösung einsetzen. Oleg Fiksel war zu Besuch und hat uns vieles zu Bridges und Bots erzählt, also wie das Matrix-Protokoll die Brücke zu anderen bekannten Messenger-Lösungen schlägt. Das Ganze in Kombination mit sogenannten Bots, die die direkte Interaktion zwischen Mensch und Maschine bauen. Shownotes FrOSCon 2020 Matrix-Vortrag von Oleg (Video) FrOSCon (Projekt) Das Matrix-Protokoll (Projekt) MM #014 - XMPP Quo Vadis (MM-Folge) MM #028 - Im Zeichen der Matrix (MM-Folge) Internet Relay Chat (IRC) (Wikipedia) Telegram Messenger (Wikipedia) Signal Messenger (Wikipedia) WhatsApp Messenger (Wikipedia) Matrix-Bridges (Projekt) Matrix-Bots (Projekt) ELIZA (Wikipedia) Maubot (GitHub) Element-App (Projekt) Gomuks-App (GitHub) Paderborn Mail (Projekt) Open Source Summit 2020 im Oktober (Projekt) Oleg auf der Open Source Summit 2020 (Termin) FOSDEM (Projekt) Open Rhein Ruhr (Projekt) Gentoo Linux (Projekt) Codimd (GitHub) Etherpad (Projekt) Vim (Wikipedia)
For this week's episode, Brandon and Eric wrap up our Getting Started series. Join in their conversation about tips to better learning tools and how to advance your career! Destination Linux Network (https://destinationlinux.network) Sponsor: Bitwarden (https://bitwarden.com/dln) Sudo Show Website (https://sudo.show) Sudo Show Merch! (https://sudo.show/shirt) Contact Us: * DLN Discourse (https://sudo.show/discuss) * Matrix: +sudoshow:matrix.org What have we been working on? * Brandon has a top secret project to be announced in a future episode * Eric has been working on Mastodon (https://joinmastodon.org/) automation like Feed2Toot (https://carlchenet.com/get-your-rss-feeds-to-mastodon-with-the-feed2toot-bot/) Learning Something New * Katacoda (https://www.katacoda.com) * LinkedIn Learning (https://linkedin.com/learning) * The Odin Project (https://www.theodinproject.com) Tutorials and Walkthroughs * Digital Ocean Blog (https://www.digitalocean.com/blog) * Front Page Linux (https://frontpagelinux.com/) * Installing oVirt with Brandon (https://www.youtube.com/watch?v=SWtT4X1sNlU) Reading * Artificial Intelligence 4 Books in 1 (https://amzn.to/3i6hxmx) * Applied Artificial Intelligence (https://amzn.to/2BVcPIS) * Cognitive Computing with IBM Watson (https://amzn.to/30qlix5) * The Open Organization (https://amzn.to/2PlRlrF) Disclaimer: These links are affiliate links. If you purchase through these links not only do you get an awesome product, but you'll help support the Sudo Show financially! Home Labs * Digital Ocean: DLN Sponsor (https://do.co/dln) * Server Monkey: Buy Refurbished Hardware (https://www.servermonkey.com/) Industry Events * Red Hat Summit (https://www.redhat.com/en/summit) * Open Source Summit (https://events.linuxfoundation.org/open-source-summit-north-america/) * Kubecon (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/) * Ansible Fest (https://www.ansible.com/ansiblefest) Call to Action * Try out some of these learning platforms, like the Odin Project * Keep learning, all the time Send in (https://sudo.show/discuss) your tools and resources!
Our team has been using Nextcloud to replace Dropbox for over a year, we report back on what has worked great, and what's not so great. Plus why Linus Torvalds has become the master of saying no. Special Guest: Drew DeVore.
Libre à vous !, l'émission pour comprendre et agir avec l'April, chaque mardi de 15h30 à 17h sur la radio Cause commune (93.1 FM en Île-de-France et sur Internet. Émission « Libre à vous ! » diffusée mardi 10 mars 2020, partie « Interview du Consortium international des journalistes d'investigation (ICIJ) qui a reçu récemment un prix du meilleur projet logiciel libre remis au salon Paris Open Source Summit en décembre 2019, pour leur logiciel libre Datashare, une plateforme d'indexation et de partage sécurisé d'informations pour les journalistes d'investigation » Retrouvez les références citées dans ce podcast sur la page dédiée à l'émission.
Vous pouvez commenter les émissions, nous faire des retours pour nous améliorer, ou encore des suggestions. Et même mettre une note sur 5 étoiles si vous le souhaitez. Il est important pour nous d'avoir vos retours car, contrairement par exemple à une conférence, nous n'avons pas un public en face de nous qui peut réagir. Pour cela, rendez-vous sur la page dédiée.
Les 10 et 11 décembre derniers, s´est déroulé le Paris Open Source Summit, l'une des plus grandes rencontres européennes sur l'open source, les logiciels libres et l'open innovation. Pendant deux jours, un salon business et un événement communautaire se combine pour partager et discuter autour du rôle des technologies open source dans la transformation numérique actuelle et future. Lors de cette édition 2019, « Más Allá de la Innovación » a voulu être présent pour apporter à tous les auditeurs de notre podcast ainsi qu´à la communauté Open Source Francophone le retour d´expérience des membres de cet écosystème. Cette édition spéciale est en français, la langue de l'événement, et dans quelques semaines, nous proposerons également une version espagnole de ce contenu pour « Más Allá de la Innovación » Notre collaborateur Philippe Lardy, a été en charge de nous rapporter les impressions de l'événement qu´il a vécu à la première personne Merci à tous les participants de cette édition spéciale: Philippe Montarges - co-fondateur Alter Way et co-président CNLLOctave Klaba - Founder,Owner,Chairman, OVHcloudBryan Che - Chief Strategy Officer, Huawei TechnologiesTimothée Ravier - Linux system and security engineer pour l´ Agence nationale de la sécurité des systèmes d'information - ANSSIStephen Walli - Principal Program Manager, MicrosoftJonathan Le Lous - Field CTO, CapgeminiAntoine Thomas - Open source evangelist, PrestashopYoav Kutner - Co-Founder et CEO, Oro Inc. Pauline Pasquer - Avocate IT & Data, LawwaysChristophe Villeneuve - Consultant IT et Community Manager, AtosCedric Thomas - CEO, OW2Roberto Di Cosmo - Director, Software HeritageBenjamin Jean - President, INNO3Christophe Champion - Cofondateur, IOceanPierre Slamich - Cofounder, Open Food FactsOrnella Guyet - Linux System Administrator, Le Garage NumériqueJean-Christophe Elineau - CEO, Pôle Aquinetic Presentado por Paco Estrada y Philippe Lardy Música :https://incompetech.filmmusic.io/ by Kevin McLeod Licencia :Creative Commons (CC BY-NC-SA)
Few days ago, Open Source Summit Europe organized by The Linux Foundation took place in the French city of Lyon. During three days, lots of personalities from the Linux and Open Source world gathered to discuss, meet, share and look at the near future of the code, communities, companies and organizations ... where Linux and open source lead the innovation. In this special podcast, we will approach the opinions of some of the most prominent congress attendees, such as: Jim Zemlin, Executive Director at Linux Foundation Jim Zemlin tells us about the different projects hosted by the Linux Foundation such as Automotive Grade Linux in collaboration with car builders like Daimler, Toyota or Academy Software Foundation in collaboration with Hollywood entertainment companies. We can see that in most of this projects, Open Source methodologies and standards are applied. Shuli Goodman, Executive Director at Linux Foundation Energy We had the opportunity to speak with Doctor Shuli Goodman who told us about the Linux Foundation Energy, one of the projects hosted by the Linux Foundation. Although it is a social, environmental and political issue, LF Energy is an Open Source code project to accelerate technological innovation and enable the energy transition globally. Jono Bacon, Community and Collaboration Strategy Consultant, Author, and Speaker Jono Bacon takes us through the presentation he has given during the event, as well as the presentation of his new book. One of the main objectives in this edition was to talk about Open soure and collaboration, while recommending tools and giving advices to the world in order to help building the very best communities. Patrick Masson, General Manager & Board Director at Open Source Initiative Patrick Masson, commented on the past 20 years for the Open Source Initiative and the evolution of the use of Open Source at the corporate level and the challenges they have to take into account for the future Eric Adams, Technical Marketing Engineer at Intel Corporation Eric Adams tells us that Intel is one of the largest contributor to Open Source in the world and the largest Linux Kernel contributor. They could not miss this event as Diamond Sponsor. This special edition of Más Allá de la Innovación, is held in English which is the official language of the event and serves as a prologue and advance to a more extensive and more detailed edition of the summit, which we will offer next week, in Spanish, our native podcast language Presentado por Paco Estrada y Philippe Lardy
Stuart Langridge, Jono Bacon, and Jeremy Garcia present Bad Voltage, in which Jono and Jeremy are coming to you direct from the Open Source Summit in France, the word for “full of incitement” is not “inciteful”, Stuart, and: [00:01:55] Facebook News and what it should include and what not: what responsibility, if any, does Facebook’s […]
There are common perceptions that organizations have about open source — but these perceptions also vary a lot. This is especially the case when it comes to describing what organizations' role in open source development should be, as well as the best way to take advantage of this ongoing explosion in open source tools and their availability. (Call it a renaissance, if you will). What open source means — and what it should mean — is a main topic of this episode of this The New Stack Makers podcast, recorded during the Open Source Summit in San Diego, with the recently released results of the survey the second annual survey “Open Source Programs in the Enterprise.” Dirk Hohndel, vice president, chief open source officer, VMware, discussed his take on the results and what they meant for VMware, which co-sponsored the survey in partnership with The Linux Foundation's TODO Group. The survey results also served to quantify many of the operations Hohndel has made during his work with the open source community. Given that enterprises increasingly describe themselves as software companies, a key consideration is to determine how software's role specific to your organization. Or more specifically, Hohndel said, most businesses view software as "key to what they do."
The Linux Foundation hosted the executive director of the FreeBSD Foundation, Deb Goodkin, at the Open Source Summit in San Diego. In this episode of Let’s Talk, we sat down with Goodkin to talk about the FreeBSD project and the foundation.
This week, we catch up with The New Stack founder and Publisher Alex Williams to learn about his trip to Shanghai, China, to attend the KubeCon + CloudNativeCon + Open Source Summit China 2019. In this chat, we discussed the ongoing trade issues between China and the U.S., and how they effect Asian companies such as Huawei, and well as efforts of the Linux Foundation to unify the efforts to build an open source community that spans the globe. We also discuss two keynote talks that were given, by Linux founder Linus Torvalds, and the chief maintainer of the older Linux kernels Greg Kroah-Hartman, about open source communities and the need for better vulnerability management, respectively. Then later, in the show, we discuss with TNS Managing Editor Joab Jackson a conference that he attended last week, Redis Day New York. There the company unveiled its new timeseries database configuration, as well as some exciting new benchmarks, showing the database as capable of executing 200 million operations per second.
This week, we catch up with The New Stack founder and Publisher Alex Williams to learn about his trip to Shanghai, China, to attend the KubeCon + CloudNativeCon + Open Source Summit China 2019. In this chat, we discussed the ongoing trade issues between China and the U.S., and how they effect Asian companies such as Huawei, and well as efforts of the Linux Foundation to unify the efforts to build an open source community that spans the globe. We also discuss two keynote talks that were given, by Linux founder Linus Torvalds, and the chief maintainer of the older Linux kernels Greg Kroah-Hartman, about open source communities and the need for better vulnerability management, respectively. Then later, in the show, we discuss with TNS Managing Editor Joab Jackson a conference that he attended last week, Redis Day New York. There the company unveiled its new timeseries database configuration, as well as some exciting new benchmarks, showing the database as capable of executing 200 million operations per second.
What takes an open source project from a hobby to international codebase that the world's top companies rely on? How do you balance the wishes of the individual, creative contributor with that of corporate-backed finance and governance? How do you make the open source community a welcoming one? Open source sustainability and all these questions were on the table when The New Stack Editor in Chief Alex Williams sat down at our first Makers broadcast from Shanghai, China, at the Open Source Summit. For senior staff engineer at VMWare, Bryan Liles, this sustainability is all about the intersection of different open source projects within broader ecosystems that have a strong balance of governance and motivated community. Dan Kohn, executive director of the Cloud Native Computing Foundation (CNCF), says open source sustainability relies on commitment to continue building, supporting and stabilizing core infrastructure and critical libraries for important upstream dependencies. He says the whole purpose of CNCF is that, when organizations recognize there's open source infrastructure that matters, there is a way to build a community that can financially and publicly support it moving forward. Watch on YouTube: https://youtu.be/4ZFlprmD7YA
We recorded this interview last year at Open Source Summit.
The Cloud Native Computing Foundation was formed to create a vendor-neutral home for Kubernetes. Now with over 30 projects, we kick off 2019 by talking to Dan Kohn, Executive Director of the CNCF, and hearing his views on projects, licenses and conferences. Please reach out and say hello: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod News of the week Platform9’s KubeCon survey Security notices: Dashboard custom certificates API server proxying Links from the interview Cloud Native Computing Foundation Dan Kohn Linux Foundation Jim Zemlin Other projects: Lets Encrypt, Hyperledger, Node.js Foundation Fellows: Linus Torvalds and Greg Kroah-Hartman CNCF members and Governing Board Getting people on board with Open Source Crossing the Chasm (a book by Geoffrey A. Moore) Why Software Is Eating The World (an article by Marc Andreessen) CNCF projects Project list Interactive landscape and trail map Licenses Why Dan (& the CNCF) Recommnds Apache 2.0 “Shared source”: Redis and the Commons Clause; MongoDB and the Server Side Public Licence What would Dan like to see in the CNCF? Istio and Knative Technical Oversight Committee Principles say it’s OK for overlapping projects Certification For people: Certified Kubernetes Administrator and Certified Kubernetes Application Developer; curriculum For distributions: Software Conformance KubeCon + CloudNativeCon China Based on the End User Conference in 2017 Co-hosted with the Open Source Summit in 2019 US 27 co-located events Dan Kohn on Twitter
Libre à vous !, l'émission pour comprendre et agir avec l'April, chaque mardi de 15h30 à 17h sur la radio Cause commune (93.1 FM en Île-de-France et sur Internet. Émission « Libre à vous ! » diffusée mardi 4 décembre 2018, partie « POSS (Paris Open Source Summit) » Retrouvez les références citées dans ce podcast sur la page dédiée à l'émission.
Les podcasts de l'émission sont disponibles.Au programme : nous avons commencé par un échange avec Pierre Baudracco et Caroline Corbal, membres du comité de programme de Paris Open Source Summit, qui nous ont entretenus de cet événement qui a lieu les 5 et 6 décembre 2018 au Dock Pullman – 87, avenue des Magasins Généraux, 93300 Aubervilliers notre sujet principal concernait logiciel libre et monde associatif avec Frédérique Pfrunder, déléguée générale chez Le Mouvement associatif et Laurent Costy, administrateur de l'April, co-animateur du groupe de travail Libre Association et directeur adjoint de la Fédération Française des MJC. Isabella Vanni, coordinatrice vie associative et assistante projets à l'April, nous a alors fait une présentation de l'édition 2019 du Libre en Fête enfin, nous avons terminé par l'annonce de quelques événements à venir Pour retrouver toutes les informations concernant l'émission, rendez-vous sur la page dédiée.Sur cette page, vous pouvez commenter les émissions, nous faire des retours pour nous améliorer, ou encore des suggestions. Et même mettre une note sur 5 étoiles si vous le souhaitez. Il est important pour nous d'avoir vos retours car, contrairement par exemple à une conférence, nous n'avons pas un public en face de nous qui peut réagir.Pour connaître les nouvelles concernant l'émission (annonce des podcasts, des émissions à venir, ainsi que des bonus et des annonces en avant-première) inscrivez-vous à la lettre d'actus.
How the term open source was created, running FreeBSD on ThinkPad T530, Moving away from Windows, Unknown Giants, as well as OpenBSD and FreeDOS. This episode was brought to you by Headlines How I coined the term 'open source' (https://opensource.com/article/18/2/coining-term-open-source-software) In a few days, on February 3, the 20th anniversary of the introduction of the term "open source software" is upon us. As open source software grows in popularity and powers some of the most robust and important innovations of our time, we reflect on its rise to prominence. I am the originator of the term "open source software" and came up with it while executive director at Foresight Institute. Not a software developer like the rest, I thank Linux programmer Todd Anderson for supporting the term and proposing it to the group. This is my account of how I came up with it, how it was proposed, and the subsequent reactions. Of course, there are a number of accounts of the coining of the term, for example by Eric Raymond and Richard Stallman, yet this is mine, written on January 2, 2006. It has never been published, until today. The introduction of the term "open source software" was a deliberate effort to make this field of endeavor more understandable to newcomers and to business, which was viewed as necessary to its spread to a broader community of users. The problem with the main earlier label, "free software," was not its political connotations, but that—to newcomers—its seeming focus on price is distracting. A term was needed that focuses on the key issue of source code and that does not immediately confuse those new to the concept. The first term that came along at the right time and fulfilled these requirements was rapidly adopted: open source. This term had long been used in an "intelligence" (i.e., spying) context, but to my knowledge, use of the term with respect to software prior to 1998 has not been confirmed. The account below describes how the term open source software caught on and became the name of both an industry and a movement. Meetings on computer security In late 1997, weekly meetings were being held at Foresight Institute to discuss computer security. Foresight is a nonprofit think tank focused on nanotechnology and artificial intelligence, and software security is regarded as central to the reliability and security of both. We had identified free software as a promising approach to improving software security and reliability and were looking for ways to promote it. Interest in free software was starting to grow outside the programming community, and it was increasingly clear that an opportunity was coming to change the world. However, just how to do this was unclear, and we were groping for strategies. At these meetings, we discussed the need for a new term due to the confusion factor. The argument was as follows: those new to the term "free software" assume it is referring to the price. Oldtimers must then launch into an explanation, usually given as follows: "We mean free as in freedom, not free as in beer." At this point, a discussion on software has turned into one about the price of an alcoholic beverage. The problem was not that explaining the meaning is impossible—the problem was that the name for an important idea should not be so confusing to newcomers. A clearer term was needed. No political issues were raised regarding the free software term; the issue was its lack of clarity to those new to the concept. Releasing Netscape On February 2, 1998, Eric Raymond arrived on a visit to work with Netscape on the plan to release the browser code under a free-software-style license. We held a meeting that night at Foresight's office in Los Altos to strategize and refine our message. In addition to Eric and me, active participants included Brian Behlendorf, Michael Tiemann, Todd Anderson, Mark S. Miller, and Ka-Ping Yee. But at that meeting, the field was still described as free software or, by Brian, "source code available" software. While in town, Eric used Foresight as a base of operations. At one point during his visit, he was called to the phone to talk with a couple of Netscape legal and/or marketing staff. When he was finished, I asked to be put on the phone with them—one man and one woman, perhaps Mitchell Baker—so I could bring up the need for a new term. They agreed in principle immediately, but no specific term was agreed upon. Between meetings that week, I was still focused on the need for a better name and came up with the term "open source software." While not ideal, it struck me as good enough. I ran it by at least four others: Eric Drexler, Mark Miller, and Todd Anderson liked it, while a friend in marketing and public relations felt the term "open" had been overused and abused and believed we could do better. He was right in theory; however, I didn't have a better idea, so I thought I would try to go ahead and introduce it. In hindsight, I should have simply proposed it to Eric Raymond, but I didn't know him well at the time, so I took an indirect strategy instead. Todd had agreed strongly about the need for a new term and offered to assist in getting the term introduced. This was helpful because, as a non-programmer, my influence within the free software community was weak. My work in nanotechnology education at Foresight was a plus, but not enough for me to be taken very seriously on free software questions. As a Linux programmer, Todd would be listened to more closely. The key meeting Later that week, on February 5, 1998, a group was assembled at VA Research to brainstorm on strategy. Attending—in addition to Eric Raymond, Todd, and me—were Larry Augustin, Sam Ockman, and attending by phone, Jon "maddog" Hall. The primary topic was promotion strategy, especially which companies to approach. I said little, but was looking for an opportunity to introduce the proposed term. I felt that it wouldn't work for me to just blurt out, "All you technical people should start using my new term." Most of those attending didn't know me, and for all I knew, they might not even agree that a new term was greatly needed, or even somewhat desirable. Fortunately, Todd was on the ball. Instead of making an assertion that the community should use this specific new term, he did something less directive—a smart thing to do with this community of strong-willed individuals. He simply used the term in a sentence on another topic—just dropped it into the conversation to see what happened. I went on alert, hoping for a response, but there was none at first. The discussion continued on the original topic. It seemed only he and I had noticed the usage. Not so—memetic evolution was in action. A few minutes later, one of the others used the term, evidently without noticing, still discussing a topic other than terminology. Todd and I looked at each other out of the corners of our eyes to check: yes, we had both noticed what happened. I was excited—it might work! But I kept quiet: I still had low status in this group. Probably some were wondering why Eric had invited me at all. Toward the end of the meeting, the question of terminology was brought up explicitly, probably by Todd or Eric. Maddog mentioned "freely distributable" as an earlier term, and "cooperatively developed" as a newer term. Eric listed "free software," "open source," and "sourceware" as the main options. Todd advocated the "open source" model, and Eric endorsed this. I didn't say much, letting Todd and Eric pull the (loose, informal) consensus together around the open source name. It was clear that to most of those at the meeting, the name change was not the most important thing discussed there; a relatively minor issue. Only about 10% of my notes from this meeting are on the terminology question. But I was elated. These were some key leaders in the community, and they liked the new name, or at least didn't object. This was a very good sign. There was probably not much more I could do to help; Eric Raymond was far better positioned to spread the new meme, and he did. Bruce Perens signed on to the effort immediately, helping set up Opensource.org and playing a key role in spreading the new term. For the name to succeed, it was necessary, or at least highly desirable, that Tim O'Reilly agree and actively use it in his many projects on behalf of the community. Also helpful would be use of the term in the upcoming official release of the Netscape Navigator code. By late February, both O'Reilly & Associates and Netscape had started to use the term. Getting the name out After this, there was a period during which the term was promoted by Eric Raymond to the media, by Tim O'Reilly to business, and by both to the programming community. It seemed to spread very quickly. On April 7, 1998, Tim O'Reilly held a meeting of key leaders in the field. Announced in advance as the first "Freeware Summit," by April 14 it was referred to as the first "Open Source Summit." These months were extremely exciting for open source. Every week, it seemed, a new company announced plans to participate. Reading Slashdot became a necessity, even for those like me who were only peripherally involved. I strongly believe that the new term was helpful in enabling this rapid spread into business, which then enabled wider use by the public. A quick Google search indicates that "open source" appears more often than "free software," but there still is substantial use of the free software term, which remains useful and should be included when communicating with audiences who prefer it. A happy twinge When an early account of the terminology change written by Eric Raymond was posted on the Open Source Initiative website, I was listed as being at the VA brainstorming meeting, but not as the originator of the term. This was my own fault; I had neglected to tell Eric the details. My impulse was to let it pass and stay in the background, but Todd felt otherwise. He suggested to me that one day I would be glad to be known as the person who coined the name "open source software." He explained the situation to Eric, who promptly updated his site. Coming up with a phrase is a small contribution, but I admit to being grateful to those who remember to credit me with it. Every time I hear it, which is very often now, it gives me a little happy twinge. The big credit for persuading the community goes to Eric Raymond and Tim O'Reilly, who made it happen. Thanks to them for crediting me, and to Todd Anderson for his role throughout. The above is not a complete account of open source history; apologies to the many key players whose names do not appear. Those seeking a more complete account should refer to the links in this article and elsewhere on the net. FreeBSD on a Laptop - A guide to a fully functional installation of FreeBSD on a ThinkPad T530 (https://www.c0ffee.net/blog/freebsd-on-a-laptop) As I stated my previous post, I recently dug up my old ThinkPad T530 after the embarrassing stream of OS X security bugs this month. Although this ThinkPad ran Gentoo faithfully during my time in graduate school at Clemson, these days I'd much rather spend time my wife and baby than fighting with emerge and USE flags. FreeBSD has always been my OS of choice, and laptop support seems to be much better than it was a few years ago. In this guide, I'll show you the tweaks I made to wrestle FreeBSD into a decent experience on a laptop. Unlike my usual posts, this time I'm going to assume you're already pretty familiar with FreeBSD. If you're a layman looking for your first BSD-based desktop, I highly recommend checking out TrueOS (previously PC-BSD): they've basically taken FreeBSD and packaged it with all the latest drivers, along with a user-friendly installer and custom desktop environment out of the box. TrueOS is an awesome project–the only reason I don't use it is because I'm old, grumpy, and persnickety about having my operating system just so. Anyway, if you'd still like to take the plunge, read on. Keep in mind, I'm using a ThinkPad T530, but other ThinkPads of the same generation should be similarly compatible. Here's what you'll get: Decent battery life (8-9 hours with a new 9-cell battery) UEFI boot and full-disk encryption WiFi (Intel Ultimate-N 6300) Ethernet (Intel PRO/1000) Screen brightness adjustment Suspend/Resume on lid close (make sure to disable TPM in BIOS) Audio (Realtek ALC269 HDA, speakers and headphone jack) Keyboard multimedia buttons Touchpad/Trackpoint Graphics Acceleration (with integrated Intel graphics, NVIDIA card disabled in BIOS) What I haven't tested yet: Bluetooth Webcam Fingerprint reader SD Card slot Installation Power Saving Tweaks for Desktop Use X11 Fonts Login Manager: SLiM Desktop Environment: i3 Applications The LLVM Sanitizers stage accomplished (https://blog.netbsd.org/tnf/entry/the_llvm_sanitizers_stage_accomplished) I've managed to get the Memory Sanitizer to work for the elementary base system utilities, like ps(1), awk(1) and ksh(1). This means that the toolchain is ready for tests and improvements. I've iterated over the basesystem utilities and I looked for bugs, both in programs and in sanitizers. The number of detected bugs in the userland programs was low, there merely was one reading of an uninitialized variable in ps(1). A prebuilt LLVM toolchain I've prepared a prebuilt toolchain with Clang, LLVM, LLDB and compiler-rt for NetBSD/amd64. I prepared the toolchain on 8.99.12, however I have received reports that it works on other older releases. Link: llvm-clang-compilerrt-lldb-7.0.0beta_2018-01-24.tar.bz2 The archive has to be untarballed to /usr/local (however it might work to some extent in other paths). This toolchain contains a prebuilt tree of the LLVM projects from a snapshot of 7.0.0(svn). It is a pristine snapshot of HEAD with patches from pkgsrc-wip for llvm, clang, compiler-rt and lldb. Sanitizers Notable changes in sanitizers, all of them are in the context of NetBSD support. Added fstat(2) MSan interceptor. Support for kvm(3) interceptors in the common sanitizer code. Added devname(3) and devname_r(3) interceptors to the common sanitizer code. Added sysctl(3) familty of functions interceptors in the common sanitizer code. Added strlcpy(3)/strlcat(3) interceptors in the common sanitizer code. Added getgrouplist(3)/getgroupmembership(3) interceptors in the common sanitizer code. Correct ctype(3) interceptors in a code using Native Language Support. Correct tzset(3) interceptor in MSan. Correct localtime(3) interceptor in the common sanitizer code. Added paccept(2) interceptor to the common sanitizer code. Added access(2) and faccessat(2) interceptors to the common sanitizer code. Added acct(2) interceptor to the common sanitizer code. Added accept4(2) interceptor to the common sanitizer code. Added fgetln(3) interceptor to the common sanitizer code. Added interceptors for the pwcache(3)-style functions in the common sanitizer code. Added interceptors for the getprotoent(3)-style functions in the common sanitizer code. Added interceptors for the getnetent(3)-style functions in the common sanitizer code. Added interceptors for the fts(3)-style functions in the common sanitizer code. Added lstat(3) interceptor in MSan. Added strftime(3) interceptor in the common sanitizer code. Added strmode(3) interceptor in the common sanitizer code. Added interceptors for the regex(3)-style functions in the common sanitizer code. Disabled unwanted interceptor __sigsetjmp in TSan. Base system changes I've tidied up inclusion of the internal namespace.h header in libc. This has hidden the usage of public global symbol names of: strlcat -> _strlcat sysconf -> __sysconf closedir -> _closedir fparseln -> _fparseln kill -> _kill mkstemp -> _mkstemp reallocarr -> _reallocarr strcasecmp -> _strcasecmp strncasecmp -> _strncasecmp strptime -> _strptime strtok_r -> _strtok_r sysctl -> _sysctl dlopen -> __dlopen dlclose -> __dlclose dlsym -> __dlsym strlcpy -> _strlcpy fdopen -> _fdopen mmap -> _mmap strdup -> _strdup The purpose of these changes was to stop triggering interceptors recursively. Such interceptors lead to sanitization of internals of unprepared (not recompiled with sanitizers) prebuilt code. It's not trivial to sanitize libc's internals and the sanitizers are not designed to do so. This means that they are not a full replacement of Valgrind-like software, but a a supplement in the developer toolbox. Valgrind translates native code to a bytecode virtual machine, while sanitizers are designed to work with interceptors inside the pristine elementary libraries (libc, libm, librt, libpthread) and embed functionality into the executable's code. I've also reverted the vadvise(2) syscall removal, from the previous month. This caused a regression in legacy code recompiled against still supported compat layers. Newly compiled code will use a libc's stub of vadvise(2). I've also prepared a patch installing dedicated headers for sanitizers along with the base system GCC. It's still discussed and should land the sources soon. Future directions and goals Possible paths in random order: In the quartet of UBSan (Undefined Behavior Sanitizer), ASan (Address Sanitizer), TSan (Thread Sanitizer), MSan (Memory Sanitizer) we need to add the fifth basic sanitizer: LSan (Leak Sanitizer). The Leak Sanitizer (detector of memory leaks) demands a stable ptrace(2) interface for processes with multiple threads (unless we want to build a custom kernel interface). Integrate the sanitizers with the userland framework in order to ship with the native toolchain to users. Port sanitizers from LLVM to GCC. Allow to sanitize programs linked against userland libraries other than libc, librt, libm and libpthread; by a global option (like MKSANITIZER) producing a userland that is partially prebuilt with a desired sanitizer. This is required to run e.g. MSanitized programs against editline(3). So far, there is no Operating System distribution in existence with a native integration with sanitizers. There are 3rd party scripts for certain OSes to build a stack of software dependencies in order to validate a piece of software. Execute ATF tests with the userland rebuilt with supported flavors of sanitizers and catch regressions. Finish porting of modern linkers designed for large C++ software, such as GNU GOLD and LLVM LLD. Today the bottleneck with building the LLVM toolchain is a suboptimal linker GNU ld(1). I've decided to not open new battlefields and return now to porting LLDB and fixing ptrace(2). Plan for the next milestone Keep upstreaming a pile of local compiler-rt patches. Restore the LLDB support for traced programs with a single thread. Interview - Goran Mekic - meka@tilda.center (mailto:meka@tilda.center) / @meka_floss (https://twitter.com/meka_floss) CBSD website (https://bsdstore.ru) Jail and VM Manager *** News Roundup Finally Moving Away From Windows (https://www.manios.ca/blog/2018/01/finally-moving-away-from-windows/) Broken Window Thanks to a combination of some really impressive malware, bad clicking, and poor website choices, I had to blow away my Windows 10 installation. Not that it was Window's fault, but a piece of malware had infected my computer when I tried to download a long lost driver for an even longer lost RAID card for a server. A word of advice – the download you're looking for is never on an ad-infested forum in another language. In any case, I had been meaning to switch away from Windows soon. I didn't have my entire plan ready, but now was as good a time as any. My line of work requires me to maintain some form of Windows installation, so I decided to keep it in a VM rather than dual booting as I was developing code and not running any high-end visual stuff like games. My first thought was to install Arch or Gentoo Linux, but the last time I attempted a Gentoo installation it left me bootless. Not that there is anything wrong with Gentoo, it was probably my fault, but I like the idea of some sort of installer so I looked at rock-solid Debian. My dad had installed Debian on his sweet new cutting-edge Lenovo laptop he received recently from work. He often raves about his cool scripts and much more effective customized experience, but often complains about his hybrid GPU support as he has an Intel/Nvidia hybrid display adapter (he has finally resolved it and now boasts his 6 connected displays). I didn't want to install Windows again, but something didn't feel right about installing some flavour of Linux. Back at home I have a small collection of FreeBSD servers running in all sorts of jails and other physical hardware, with the exception of one Debian server which I had the hardest time dealing with (it would be FreeBSD too if 802.11ac support was there as it is acting as my WiFi/gateway/IDS/IPS). I loved my FreeBSD servers, and yes I will write posts about each one soon enough. I wanted that cleanliness and familiarity on my desktop as well (I really love the ports collection!). It's settled – I will run FreeBSD on my laptop. This also created a new rivalry with my father, which is not a bad thing either. Playing Devil's Advocate The first thing I needed to do was backup my Windows data. This was easy enough, just run a Windows Image Backup and it will- wait, what? Why isn't this working? I didn't want to fiddle with this too long because I didn't actually need an image just the data. I ended up just copying over the files to an external hard disk. Once that was done, I downloaded and verified the latest FreeBSD 11.1 RELEASE memstick image and flashed it to my trusty 8GB Verbatim USB stick. I've had this thing since 2007, it works great for being my re-writable “CD”. I booted it up and started the installation. I knew this installer pretty well as I had test-installed FreeBSD and OpenBSD in VMs when I was researching a Unix style replacement OS last year. In any case, I left most of the defaults (I didn't want to play with custom kernels right now) and I selected all packages. This downloaded them from the FreeBSD FTP server as I only had the memstick image. The installer finished and I was off to my first boot. Great! so far so good. FreeBSD loaded up and I did a ‘pkg upgrade' just to make sure that everything was up to date. Alright, time to get down to business. I needed nano. I just can't use vi, or just not yet. I don't care about being a vi-wizard, that's just too much effort for me. Anyway, just a ‘pkg install nano' and I had my editor. Next was obvious, I needed x11. XFCE was common, and there were plenty of tutorials out there. I wont bore you with those details, but it went something like ‘pkg install xfce' and I got all the dependencies. Don't forget to install SLiM to make it seamless. There are some configs in the .login I think. SLiM needs to be called once the boot drops you to the login so that you get SLiM's nice GUI login instead of the CLI login screen. Then SLiM passes you off to XFCE. I think I followed this and this. Awesome. Now that x11 is working, it's time to get all of my apps from Windows. Obviously, I can't get everything (ie. Visual Studio, Office). But in my Windows installation, I had chosen many open-source or cross-compiled apps as they either worked better or so that I was ready to move away from Windows at a moments notice. ‘pkg install firefox thunderbird hexchat pidgin gpa keepass owncloud-client transmission-qt5 veracrypt openvpn' were some immediate picks. There are a lot more that I downloaded later, but these are a few I use everyday. My laptop also has the same hybrid display adapter config that my dad's has, but I chose to only run Intel graphics, so dual screens are no problem for me. I'll add Nvidia support later, but it's not a priority. After I had imported my private keys and loaded my firefox and thunderbird settings, I wanted to get my Windows VM running right away as I was burning productive days at work fiddling with this. I had only two virtualisation options; qemu/kvm and bhyve. qemu/kvm wasn't available in pkg, and looked real dirty to compile, from FreeBSD's point of view. My dad is using qemu/kvm with virt-manager to manage all of his Windows/Unix VMs alike. I wanted that experience, but I also wanted packages that could be updated and I didn't want to mess up a compile. bhyve was a better choice. It was built-in, it was more compatible with Windows (from what I read), and this is a great step-by-step article for Windows 10 on FreeBSD 11 bhyve! I had already tried to get virt-manager to work with bhyve with no luck. I don't think libvirt connects with bhyve completely, or maybe my config is wrong. But I didn't have time to fiddle with it. I managed it all through command lines and that has worked perfectly so far. Well sorta, there was an issue installing SQL Server, and only SQL Server, on my Windows VM. This was due to a missing ‘sectorsize=512' setting on the disk parameter on the bhyve command line. That was only found after A LOT of digging because the SQL Server install didn't log the error properly. I eventually found out that SQL Server only likes one sector size of disks for the install and my virtual disk geometry was incorrect. Apps Apps Apps I installed Windows 10 on my bhyve VM and I got that all setup with the apps I needed for work. Mostly Office, Visual Studio, and vSphere for managing our server farm. Plus all of the annoying 3rd party VPN software (I'm looking at you Dell and Cisco). Alright, with the Windows VM done, I can now work at work and finish FreeBSD mostly during the nights. I still needed my remote files (I setup an ownCloud instance on a FreeNAS jail at home) so I setup the client. Now, normally on Windows I would come to work and connect to my home network using OpenVPN (again, I have a OpenVPN FreeNAS jail at home) and the ownCloud desktop would be able to handle changing DNS destination IPs Not on FreeBSD (and Linux too?). I ended up just configuring the ownCloud client to just connect to the home LAN IP for the ownCloud server and always connecting the OpenVPN to sync things. It kinda sucks, but at least it works. I left that running at home overnight to get a full sync (~130GB cloud sync, another reason I use it over Google or Microsoft). Once that was done I moved onto the fstab as I had another 1TB SSD in my laptop with other files. I messed around with fstab and my NFS shares to my FreeNAS at home, but took them out as they made the boot time so long when I wasn't at home. I would only mount them when my OpenVPN connected or manually. I really wanted to install SpaceFM, but it's only available as a package on Debian and their non-package install script doesn't work on FreeBSD (packages are named differently). I tried doing it manually, but it was too much work. As my dad was the one who introduced me to it, he still uses it as a use-case for his Debian setup. Instead I kept to the original PCManFM and it works just fine. I also loaded up my Bitcoin and Litecoin wallets and pointed them to the blockchain that I has used on Windows after their sync, they loaded perfectly and my balances were there. I kinda wish there was the Bitcoin-ABC full node Bitcoin Cash wallet package on FreeBSD, but I'm sure it will come out later. The rest is essentially just tweaks and making the environment more comfortable for me, and with most programs installed as packages I feel a lot better with upgrades and audit checking (‘pkg audit -F' is really helpful!). I will always hate Python, actually, I will always hate any app that has it's own package manager. I do miss the GUI GitHub tool on Windows. It was a really good-looking way to view all of my repos. The last thing (which is increasing it's priority every time I go to a social media site or YouTube) is fonts. My god I never thought it was such a problem, and UTF support is complicated. If anyone knows how to get all UTF characters to show up, please let me know. I'd really like Wikipedia articles to load perfectly (I followed this post and there are still some missing). There are some extra tweaks I followed here and here. Conclusion I successfully migrated from Windows 10 to FreeBSD 11.1 with minimal consequence. Shout out goes to the entire FreeBSD community. So many helpful people in there, and the forums are a great place to find tons of information. Also thanks to the ones who wrote the how-to articles I've referenced. I never would have gotten bhyve to work and I'd still probably be messing with my X config without them. I guess my take home from this is to not be afraid to make changes that may change how comfortable I am in an environment. I'm always open to comments and questions, please feel free to make them below. I purposefully didn't include too many technical things or commands in this article as I wanted to focus on the larger picture of the migration as a whole not the struggles of xorg.conf, but if you would like to see some of the configs or commands I used, let me know and I'll include some! TrueOS Rules of Conduct (https://www.trueos.org/rulesofconduct/) We believe code is truly agnostic and embrace inclusiveness regardless of a person's individual beliefs. As such we only ask the following when participating in TrueOS public events and digital forums: Treat each other with respect and professionalism. Leave personal and TrueOS unrelated conversations to other channels. In other words, it's all about the code. Users who feel the above rules have been violated in some way can register a complaint with abuse@trueos.org + Shorter than the BSD License (https://twitter.com/trueos/status/965994363070353413) + Positive response from the community (https://twitter.com/freebsdbytes/status/966567686015782912) I really like the @TrueOS Code of Conduct, unlike some other CoCs. It's short, clear and covers everything. Most #OpenSource projects are labour of love. Why do you need a something that reads like a legal contract? FreeBSD: The Unknown Giant (https://neomoevius.tumblr.com/post/171108458234/freebsd-the-unknown-giant) I decided to write this article as a gratitude for the recent fast answer of the FreeBSD/TrueOS community with my questions and doubts. I am impressed how fast and how they tried to help me about this operating system which I used in the past(2000-2007) but recently in 2017 I began to use it again. + A lot has changed in 10 years I was looking around the internet, trying to do some research about recent information about FreeBSD and other versions or an easy to use spins like PCBSD (now TrueOS) I used to be Windows/Mac user for so many years until 2014 when I decided to use Linux as my desktop OS just because I wanted to use something different. I always wanted to use unix or a unix-like operating system, nowadays my main objective is to learn more about these operating systems (Debian Linux, TrueOS or FreeBSD). FreeBSD has similarities with Linux, with two major differences in scope and licensing: FreeBSD maintains a complete operating system, i.e. the project delivers kernel, device drivers, userland utilities and documentation, as opposed to Linux delivering a kernel and drivers only and relying on third-parties for system software; and FreeBSD source code is generally released under a permissive BSD license as opposed to the copyleft GPL used by Linux.“ But why do I call FreeBSD “The Unknown Giant”?, because the code base of this operating system has been used by other companies to develop their own operating system for products like computers or also game consoles. + FreeBSD is used for storage appliances, firewalls, email scanners, network scanners, network security appliances, load balancers, video servers, and more So many people now will learn that not only “linux is everywhere” but also that “FreeBSD is everywhere too” By the way speaking about movies, Do you remember the movie “The Matrix”? FreeBSD was used to make the movie: “The photo-realistic surroundings generated by this method were incorporated into the bullet time scene, and linear interpolation filled in any gaps of the still images to produce a fluent dynamic motion; the computer-generated “lead in” and “lead out” slides were filled in between frames in sequence to get an illusion of orbiting the scene. Manex Visual Effects used a cluster farm running the Unix-like operating system FreeBSD to render many of the film's visual effects” + FreeBSD Press Release re: The Matrix (https://www.freebsd.org/news/press-rel-1.html) I hope that I gave a good reference, information and now so many people can understand why I am going to use just Debian Linux and FreeBSD(TrueOS) to do so many different stuff (music, 3d animation, video editing and text editing) instead use a Mac or Windows. + FreeBSD really is the unknown giant. OpenBSD and FreeDOS vs the hell in earth (https://steemit.com/openbsd/@npna/openbsd-and-freedos-vs-the-hell-in-earth) Yes sir, yes. Our family, composed until now by OpenBSD, Alpine Linux and Docker is rapidly growing. And yes, sir. Yes. All together we're fighting against your best friends, the infamous, the ugliest, the worst...the dudes called the privacy cannibals. Do you know what i mean, sure? We're working hard, no matter what time is it, no matter in what part in the world we are, no matter if we've no money. We perfectly know that you cannot do nothing against the true. And we're doing our best to expand our true, our doors are opened to all the good guys, there's a lot here but their brain was fucked by your shit tv, your fake news, your laws, etc etc etc. We're alive, we're here to fight against you. Tonight, yes it's a Friday night and we're working, we're ready to welcome with open arms an old guy, his experience will give us more power. Welcome to: FreeDOS But why we want to build a bootable usb stick with FreeDOS under our strong OpenBSD? The answer is as usual to fight against the privacy cannibals! More than one decade ago the old BIOS was silently replaced by the more capable and advanced UEFI, this is absolutely normal because of the pass of the years and exponencial grow of the power of our personal computers. UEFI is a complex system, it's like a standalone system operative with direct access to every component of our (yes, it's our not your!) machine. But...wait a moment...do you know how to use it? Do you ever know that it exist? And one more thing, it's secure? The answer to this question is totally insane, no, it's not secure. The idea is good, the company that started in theory is one of the most important in IT, it's Intel. The history is very large and obviously we're going to go very deep in it, but trust me UEFI and the various friend of him, like ME, TPM are insecure and closed source! Like the hell in earth. A FreeDOS bootable usb image under OpenBSD But let's start preparing our OpenBSD to put order in this chaos: $ mkdir -p freedos/stuff $ cd freedos/stuff $ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img $ wget https://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/dos/sys/sys-freedos-linux/sys-freedos-linux.zip $ wget https://download.lenovo.com/consumer/desktop/o35jy19usa_y900.exe $ wget http://145.130.102.57/domoticx/software/amiflasher/AFUDOS%20Flasher%205.05.04.7z Explanation in clear language as usual: create two directory, download the minimal boot disc image of FreeDOS, download Syslinux assembler MBR bootloaders, download the last Windows only UEFI update from Lenovo and download the relative unknown utility from AMI to flash our motherboard UEFI chipset. Go ahead: $ doas pkg_add -U nasm unzip dosfstools cabextract p7zip nasm the Netwide Assembler, a portable 80x86 assembler. unzip list, test and extract compressed files in a ZIP archive. dosfstoolsa collections of utilities to manipulate MS-DOSfs. cabextract program to extract files from cabinet. p7zipcollection of utilities to manipulate 7zip archives. $ mkdir sys-freedos-linux && cd sys-freedos-linux $ unzip ../sys-freedos-linux.zip $ cd ~/freedos && mkdir old new $ dd if=/dev/null of=freedos.img bs=1024 seek=20480 $ mkfs.fat freedos.img Create another working directory, cd into it, unzip the archive that we've downloaded, return to the working root and create another twos directories. dd is one of the most important utilities in the unix world to manipulate at byte level input and output: The dd utility copies the standard input to the standard output, applying any specified conversions. Input data is read and written in 512-byte blocks. If input reads are short, input from multiple reads are aggregated to form the output block. When finished, dd displays the number of complete and partial input and output blocks and truncated input records to the standard error output. We're creating here a virtual disk with bs=1024 we're setting both input and output block to 1024bytes; with seek=20480 we require 20480bytes. This is the result: -rw-r--r-- 1 taglio taglio 20971520 Feb 3 00:11 freedos.img. Next we format the virtual disk using the MS-DOS filesystem. Go ahead: $ doas su $ perl stuff/sys-freedos-linux/sys-freedos.pl --disk=freedos.img $ vnconfig vnd0 stuff/fdboot.img $ vnconfig vnd1 freedos.img $ mount -t msdos /dev/vnd0c old/ $ mount -t msdos /dev/vnd1c new/ We use the perl utility from syslinux to write the MBR of our virtual disk freedos.img. Next we create to loop virtual node using the OpenBSD utility vnconfig. Take care here because it is quite different from Linux, but as usual is clear and simple. The virtual nodes are associated to the downloaded fdboot.img and the newly created freedos.img. Next we mount the two virtual nodes cpartitions; in OpenBSD cpartition describes the entire physical disk. Quite different from Linux, take care. $ cp -R old/* new/ $ cd stuff $ mkdir o35jy19usa $ cabextract -d o35jy19usa o35jy19usa_y900.exe $ doas su $ cp o35jy19usa/ ../new/ $ mkdir afudos && cd afudos $ 7z e ../AFUDOS* $ doas su $ cp AFUDOS.exe ../../new/ $ umount ~/freedos/old/ && umount ~/freedos/new/ $ vnconfig -u vnd1 && vnconfig -u vnd0 Copy all files and directories in the new virtual node partition, extract the Lenovo cabinet in a new directory, copy the result in our new image, extract the afudos utility and like the others copy it. Umount the partitions and destroy the loop vnode. Beastie Bits NetBSD - A modern operating system for your retro battlestation (https://www.geeklan.co.uk/files/fosdem2018-retro) FOSDEM OS distribution (https://twitter.com/pvaneynd/status/960181163578019840/photo/1) Update on two pledge-related changes (https://marc.info/?l=openbsd-tech&m=151268831628549) *execpromises (https://marc.info/?l=openbsd-cvs&m=151304116010721&w=2) Slides for (BSD from scratch - from source to OS with ease on NetBSD) (https://www.geeklan.co.uk/files/fosdem2018-bsd/) Goobyte LastPass: You're fired! (https://blog.crashed.org/goodbye-lastpass/) *** Feedback/Questions Scott - ZFS Mirror with SLOG (http://dpaste.com/22Z8C6Z#wrap) Troels - Question about compressed ARC (http://dpaste.com/3X2R1BV#wrap) Jeff - FreeBSD Desktop DNS (http://dpaste.com/2BQ9HFB#wrap) Jonathon - Bhyve and gpu passthrough (http://dpaste.com/0TTT0DB#wrap) ***
The costs of open sourcing a project are explored, we discover why PS4 downloads are so slow, delve into the history of UNIX man pages, and more. This episode was brought to you by Headlines The Cost Of Open Sourcing Your Project (https://meshedinsights.com/2016/09/20/open-source-unlikely-to-be-abandonware/) Accusing a company of “dumping” their project as open source is probably misplaced – it's an expensive business no-one would do frivolously. If you see an active move to change software licensing or governance, it's likely someone is paying for it and thus could justify the expense to an executive. A Little History Some case study cameos may help. From 2004 onwards, Sun Microsystems had a policy of all its software moving to open source. The company migrated almost all products to open source licenses, and had varying degrees of success engaging communities around the various projects, largely related to the outlooks of the product management and Sun developers for the project. Sun occasionally received requests to make older, retired products open source. For example, Sun acquired a company called Lighthouse Design which created a respected suite of office productivity software for Steve Jobs' NeXT platform. Strategy changes meant that software headed for the vault (while Jonathan Schwartz, a founder of Lighthouse, headed for the executive suite). Members of the public asked if Sun would open source some of this software, but these requests were declined because there was no business unit willing to fund the move. When Sun was later bought by Oracle, a number of those projects that had been made open source were abandoned. “Abandoning” software doesn't mean leaving it for others; it means simply walking away from wherever you left it. In the case of Sun's popular identity middleware products, that meant Oracle let the staff go and tried to migrate customers to other products, while remaining silent in public on the future of the project. But the code was already open source, so the user community was able to pick up the pieces and carry on, with help from Forgerock. It costs a lot of money to open source a mature piece of commercial software, even if all you are doing is “throwing a tarball over the wall”. That's why companies abandoning software they no longer care about so rarely make it open source, and those abandoning open source projects rarely move them to new homes that benefit others. If all you have thought about is the eventual outcome, you may be surprised how expensive it is to get there. Costs include: For throwing a tarball over the wall: Legal clearance. Having the right to use the software is not the same as giving everyone in the world an unrestricted right to use it and create derivatives. Checking every line of code to make sure you have the rights necessary to release under an OSI-approved license is a big task requiring high-value employees on the “liberation team”. That includes both developers and lawyers; neither come cheap. Repackaging. To pass it to others, a self-contained package containing all necessary source code, build scripts and non-public source and tool dependencies has to be created since it is quite unlikely to exist internally. Again, the liberation team will need your best developers. Preserving provenance. Just because you have confidence that you have the rights to the code, that doesn't mean anyone else will. The version control system probably contains much of the information that gives confidence about who wrote which code, so the repackaging needs to also include a way to migrate the commit information. Code cleaning. The file headers will hopefully include origin information but the liberation team had better check. They also need to check the comments for libel and profanities, not to mention trade secrets (especially those from third parties) and other IP issues. For a sustainable project, all the above plus: Compliance with host governance. It is a fantastic idea to move your project to a host like Apache, Conservancy, Public Software and so on. But doing so requires preparatory work. As a minimum you will need to negotiate with the new host organisation, and they may well need you to satisfy their process requirements. Paperwork obviously, but also the code may need conforming copyright statements and more. That's more work for your liberation team. Migration of rights. Your code has an existing community who will need to migrate to your new host. That includes your staff – they are community too! They will need commit rights, governance rights, social media rights and more. Your liberation team will need your community manager, obviously, but may also need HR input. Endowment. Keeping your project alive will take money. It's all been coming from you up to this point, but if you simply walk away before the financial burden has been accepted by the new community and hosts there may be a problem. You should consider making an endowment to your new host to pay for their migration costs plus the cost of hosting the community for at least a year. Marketing. Explaining the move you are making, the reasons why you are making it and the benefits for you and the community is important. If you don't do it, there are plenty of trolls around who will do it for you. Creating a news blog post and an FAQ — the minimum effort necessary — really does take someone experienced and you'll want to add such a person to your liberation team. Motivations There has to be some commercial reason that makes the time, effort and thus expense worth incurring. Some examples of motivations include: Market Strategy. An increasing number of companies are choosing to create substantial, openly-governed open source communities around software that contributes to their business. An open multi-stakeholder co-developer community is an excellent vehicle for innovation at the lowest cost to all involved. As long as your market strategy doesn't require creating artificial scarcity. Contract with a third party. While the owner of the code may no longer be interested, there may be one or more parties to which they owe a contractual responsibility. Rather than breaching that contract, or buying it out, a move to open source may be better. Some sources suggest a contractual obligation to IBM was the reason Oracle abandoned OpenOffice.org by moving it over to the Apache Software Foundation for example. Larger dependent ecosystem. You may have no further use for the code itself, but you may well have other parts of your business which depend on it. If they are willing to collectively fund development you might consider an “inner source” strategy which will save you many of the costs above. But the best way to proceed may well be to open the code so your teams and those in other companies can fund the code. Internal politics. From the outside, corporations look monolithic, but from the inside it becomes clear they are a microcosm of the market in which they exist. As a result, they have political machinations that may be addressed by open source. One of Oracle's motivations for moving NetBeans to Apache seems to have been political. Despite multiple internal groups needing it to exist, the code was not generating enough direct revenue to satisfy successive executive owners, who allegedly tried to abandon it on more than one occasion. Donating it to Apache meant that couldn't happen again. None of this is to say a move to open source guarantees the success of a project. A “Field of Dreams” strategy only works in the movies, after all. But while it may be tempting to look at a failed corporate liberation and describe it as “abandonware”, chances are it was intended as nothing of the kind. Why PS4 downloads are so slow (https://www.snellman.net/blog/archive/2017-08-19-slow-ps4-downloads/) From the blog that brought us “The origins of XXX as FIXME (https://www.snellman.net/blog/archive/2017-04-17-xxx-fixme/)” and “The mystery of the hanging S3 downloads (https://www.snellman.net/blog/archive/2017-07-20-s3-mystery/)”, this week it is: “Why are PS4 downloads so slow?” Game downloads on PS4 have a reputation of being very slow, with many people reporting downloads being an order of magnitude faster on Steam or Xbox. This had long been on my list of things to look into, but at a pretty low priority. After all, the PS4 operating system is based on a reasonably modern FreeBSD (9.0), so there should not be any crippling issues in the TCP stack. The implication is that the problem is something boring, like an inadequately dimensioned CDN. But then I heard that people were successfully using local HTTP proxies as a workaround. It should be pretty rare for that to actually help with download speeds, which made this sound like a much more interesting problem. Before running any experiments, it's good to have a mental model of how the thing we're testing works, and where the problems might be. If nothing else, it will guide the initial experiment design. The speed of a steady-state TCP connection is basically defined by three numbers. The amount of data the client is will to receive on a single round-trip (TCP receive window), the amount of data the server is willing to send on a single round-trip (TCP congestion window), and the round trip latency between the client and the server (RTT). To a first approximation, the connection speed will be: speed = min(rwin, cwin) / RTT With this model, how could a proxy speed up the connection? The speed through the proxy should be the minimum of the speed between the client and proxy, and the proxy and server. It should only possibly be slower With a local proxy the client-proxy RTT will be very low; that connection is almost guaranteed to be the faster one. The improvement will have to be from the server-proxy connection being somehow better than the direct client-server one. The RTT will not change, so there are just two options: either the client has a much smaller receive window than the proxy, or the client is somehow causing the server's congestion window to decrease. (E.g. the client is randomly dropping received packets, while the proxy isn't). After setting up a test rig, where the PS4's connection was bridged through a linux box so packets could be captured, and artificial latency could be added, some interested results came up: The differences in receive windows at different times are striking. And more important, the changes in the receive windows correspond very well to specific things I did on the PS4 When the download was started, the game Styx: Shards of Darkness was running in the background (just idling in the title screen). The download was limited by a receive window of under 7kB. This is an incredibly low value; it's basically going to cause the downloads to take 100 times longer than they should. And this was not a coincidence, whenever that game was running, the receive window would be that low. Having an app running (e.g. Netflix, Spotify) limited the receive window to 128kB, for about a 5x reduction in potential download speed. Moving apps, games, or the download window to the foreground or background didn't have any effect on the receive window. Playing an online match in a networked game (Dreadnought) caused the receive window to be artificially limited to 7kB. I ran a speedtest at a time when downloads were limited to 7kB receive window. It got a decent receive window of over 400kB; the conclusion is that the artificial receive window limit appears to only apply to PSN downloads. When a game was started (causing the previously running game to be stopped automatically), the receive window could increase to 650kB for a very brief period of time. Basically it appears that the receive window gets unclamped when the old game stops, and then clamped again a few seconds later when the new game actually starts up. I did a few more test runs, and all of them seemed to support the above findings. The only additional information from that testing is that the rest mode behavior was dependent on the PS4 settings. Originally I had it set up to suspend apps when in rest mode. If that setting was disabled, the apps would be closed when entering in rest mode, and the downloads would proceed at full speed. The PS4 doesn't make it very obvious exactly what programs are running. For games, the interaction model is that opening a new game closes the previously running one. This is not how other apps work; they remain in the background indefinitely until you explicitly close them. So, FreeBSD and its network stack are not to blame Sony used a poor method to try to keep downloads from interfering with your gameplay The impact of changing the receive window is highly dependant upon RTT, so it doesn't work as evenly as actual traffic shaping or queueing would. An interesting deep dive, it is well worth reading the full article and checking out the graphs *** OpenSSH 7.6 Released (http://www.openssh.com/releasenotes.html#7.6) From the release notes: This release includes a number of changes that may affect existing configurations: ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation. ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC. ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST Refuse RSA keys
To kick off Open Source Summit 2017, taking place in Los Angeles this week, The New Stack held a special pancake and podcast panel discussion to discuss the intersections of all things hardware and open source. For the event, the panel was comprised of Chris Wright, VP & Chief Technologist, Office of Technology at RedHat, Aaron Welch, SVP of Product at Packet, Ashley McNamara, Principal Developer Advocate at Microsoft, Nithya Ruff, Senior Director of Open Source Practice at Comcast & Director of Board of Directors for The Linux Foundation, and Al Gillen, Analyst at IDC. Watch on YouTube: https://youtu.be/moeELYFQzA8
We read a trip report about FreeBSD in China, look at how Unix deals with Signals, a stats collector in DragonFlyBSD & much more! This episode was brought to you by Headlines Trip Report: FreeBSD in China at COPU and LinuxCon (https://www.freebsdfoundation.org/blog/trip-report-freebsd-in-china-at-copu-and-linuxcon/) This trip report is from Deb Goodkin, the Executive Director of the FreeBSD Foundation. She travelled to China in May 2017 to promote FreeBSD, meet with companies, and participate in discussions around Open Source. > In May of 2017, we were invited to give a talk about FreeBSD at COPU's (China Open Source Promotional Unit) Open Source China, Open Source World Summit, which took place June 21-22, in Beijing. This was a tremendous opportunity to talk about the advantages of FreeBSD to the open source leaders and organizations interested in open source. I was honored to represent the Project and Foundation and give the presentation “FreeBSD Advantages and Applications”. > Since I was already going to be in Beijing, and LinuxCon China was being held right before the COPU event, Microsoft invited me to be part of a women-in-tech panel they were sponsoring. There were six of us on the panel including two from Microsoft, one from the Linux Foundation, one from Accenture of China, and one from Women Who Code. Two of us spoke in English, with everyone else speaking Chinese. It was disappointing that we didn't have translators, because I would have loved hearing everyone's answers. We had excellent questions from the audience at the end. I also had a chance to talk with a journalist from Beijing, where I emphasized how contributing to an open source project, like FreeBSD, is a wonderful way to get experience to boost your resume for a job. > The first day of LinuxCon also happened to be FreeBSD Day. I had my posters with me and was thrilled to have the Honorary Chairman of COPU (also known as the “Father of Open Source in China”) hold one up for a photo op. Unfortunately, I haven't been able to get a copy of that photo for proof (I'm still working on it!). We spent a long time discussing the strengths of FreeBSD. He believes there are many applications in China that could benefit from FreeBSD, especially for embedded devices, university research, and open source education. We had more time throughout the week to discuss FreeBSD in more detail. > Since I was at LinuxCon, I had a chance to meet with people from the Linux Foundation, other open source projects, and some of our donors. With LinuxCon changing its name to Open Source Summit, I discussed how important it is to include minority voices like ours to contribute to improving the open source ecosystem. The people I talked to within the Linux Foundation agreed and suggested that we get someone from the Project to give a talk at the Open Source Summit in Prague this October. Jim Zemlin, the Linux Foundation Executive Director, suggested having a BSD track at the summits. We did miss the call for proposals for that conference, but we need to get people to consider submitting proposals for the Open Source Summits in 2018. > I talked to a CTO from a company that donates to us and he brought up his belief that FreeBSD is much easier to get started on as a contributor. He talked about the steep path in Linux to getting contributions accepted due to having over 10,000 developers and the hierarchy of decision makers, from Linus to his main lieutenants to the layers beneath him. It can take 6 months to get your changes in! > On Tuesday, Kylie and I met with a representative from Huawei, who we've been meeting over the phone with over the past few months. Huawei has a FreeBSD contributor and is looking to add more. We were thrilled to hear they decided to donate this year. We look forward to helping them get up to speed with FreeBSD and collaborate with the Project. > Wednesday marked the beginning of COPU and the reason I flew all the way to Beijing! We started the summit with having a group photo of all the speakers:The honorary chairman, Professor Lu in the front middle. > My presentation was called “FreeBSD Advantages and Applications”. A lot of the material came from Foundation Board President, George-Neville-Neil's presentation, “FreeBSD is not a Linux Distribution”, which is a wonderful introduction to FreeBSD and includes the history of FreeBSD, who uses it and why, and which features stand out. My presentation went well, with Professor Lu and others engaged through the translators. Afterwards, I was invited to a VIP dinner, which I was thrilled about. > The only hitch was that Kylie and I were running a FreeBSD meetup that evening, and both were important! Beijing during rush hour is crazy, even trying to go only a couple of miles is challenging. We made plans that I would go to the meetup and give the same presentation, and then head back to the dinner. Amazingly, it worked out. Check out the rest of her trip report and stay tuned for more news from the region as this is one of the focus areas of the Foundation. *** Unix: Dealing with signals (http://www.networkworld.com/article/3211296/linux/unix-dealing-with-signals.html) Signals on Unix systems are critical to the way processes live and die. This article looks at how they're generated, how they work, and how processes receive or block them On Unix systems, there are several ways to send signals to processes—with a kill command, with a keyboard sequence (like control-C), or through a program Signals are also generated by hardware exceptions such as segmentation faults and illegal instructions, timers and child process termination. But how do you know what signals a process will react to? After all, what a process is programmed to do and able to ignore is another issue. Fortunately, the /proc file system makes information about how processes handle signals (and which they block or ignore) accessible with commands like the one shown below. In this command, we're looking at information related to the login shell for the current user, the "$$" representing the current process. On FreeBSD, you can use procstat -i PID to get that and even more information, and easier to digest form P if signal is pending in the global process queue I if signal delivery disposition is SIGIGN C if signal delivery is to catch it Catching a signal requires that a signal handling function exists in the process to handle a given signal. The SIGKILL (9) and SIGSTOP (#) signals cannot be ignored or caught. For example, if you wanted to tell the kernel that ctrl-C's are to be ignored, you would include something like this in your source code: signal(SIGINT, SIGIGN); To ensure that the default action for a signal is taken, you would do something like this instead: signal(SIGSEGV, SIGDFL); + The article then shows some ways to send signals from the command line, for example to send SIGHUP to a process with pid 1234: kill -HUP 1234 + You can get a list of the different signals by running kill -l On Unix systems, signals are used to send all kinds of information to running processes, and they come from user commands, other processes, and the kernel itself. Through /proc, information about how processes are handling signals is now easily accessible and, with just a little manipulation of the data, easy to understand. links owned by NGZ erroneously marked as on loan (https://smartos.org/bugview/OS-6274) NGZ (Non-Global Zone), is IllumOS speak for their equivalent to a jail > As reported by user brianewell in smartos-live#737, NGZ ip tunnels stopped persisting across zone reboot. This behavior appeared in the 20170202 PI and was not present in previous releases. After much spelunking I determined that this was caused by a regression introduced in commit 33df115 (part of the OS-5363 work). The regression was a one-line change to link_activate() which marks NGZ links as on loan when they are in fact not loaned because the NGZ created and owns the link. “On loan” means the interface belongs to the host (GZ, Global Zone), and has been loaned to the NGZ (Jail) This regression was easy to introduce because of the subtle nature of this code and lack of comments. I'm going to remove the regressive line, add clarifying comments, and also add some asserts. The following is a detailed analysis of the issue, how I debugged it, and why my one-line change caused the regression: To start I verified that PI 20170119 work as expected: booted 20170119 created iptun (named v4sys76) inside of a native NGZ (names sos-zone) performed a reboot of sos-zone zlogin to sos-zone and verify iptun still exists after reboot Then I booted the GZ into PI 20170202 and verified the iptun did not show up booted 20170202 started sos-zone zlogin and verified the iptun was missing At this point I thought I would recreate the iptun and see if I could monitor the zone halt/boot process for the culprit, but instead I received an error from dladm: "object already exists". I didn't expect this. So I used mdb to inspect the dlmgmtd state. Sure enough the iptun exists in dlmgmtd. Okay, so if the link already exists, why doesn't it show up (in either the GZ or the NGZ)? If a link is not marked as active then it won't show up when you query dladm. When booting the zone on 20170119 the llflags for the iptun contained the value 0x3. So the problem is the link is not marked as active on the 20170202 PI. The linkactivate() function is responsible for marking a link as active. I used dtrace to verify this function was called on the 20170202 PI and that the dlmgmtlinkt had the correct llflags value. So the iptun link structure has the correct llflags when linkactivate() returns but when I inspect the same structure with mdb afterwards the value has changed. Sometime after linkactivate() completes some other process changed the llflags value. My next question was: where is linkactivate() called and what comes after it that might affect the llflags? I did another trace and got this stack. The dlmgmtupid() function calls dlmgmtwritedbentry() after linkactivate() and that can change the flags. But dtrace proved the llflags value was still 0x3 after returning from this function. With no obvious questions left I then asked cscope to show me all places where llflags is modified. As I walked through the list I used dtrace to eliminate candidates one at a time -- until I reached dlmgmtdestroycommon(). I would not have expected this function to show up during zone boot but sure enough it was being called somehow, and by someone. Who? Since there is no easy way to track door calls it was at this point I decided to go nuclear and use the dtrace stop action to stop dlmgmtd when it hits dlmgmtdestroycommon(). Then I used mdb -k to inspect the door info for the dlmgmtd threads and look for my culprit. The culprit is doupiptun() caused by the dladm up-iptun call. Using ptree I then realized this was happening as part of the zone boot under the network/iptun svc startup. At this point it was a matter of doing a zlogin to sos-zone and running truss on dladm up-iptun to find the real reason why dladmdestroydatalinkid() is called. So the link is marked as inactive because dladmgetsnapconf() fails with DLADMSTATUSDENIED which is mapped to EACCESS. Looking at the dladmgetsnapconf() code I see the following “The caller is in a non-global zone and the persistent configuration belongs to the global zone.” What this is saying is that if a link is marked "on loan" (meaning it's technically owned/created by the GZ but assigned/loaned to the NGZ) and the zone calling dladmgetsnapconf() is an NGZ then return EACCESS because the configuration of the link is up to the GZ, not the NGZ. This code is correct and should be enforced, but why is it tripping in PI 20170202 and not 20170119? It comes back to my earlier observation that in the 20170202 PI we marked the iptun as "on loan" but not in the older one. Why? Well as it turns out while fixing OS-5363 I fixed what I thought was a bug in linkactivate() When I first read this code it was my understanding that anytime we added a link to a zone's datalink list, by calling zoneadddatalink(), that link was then considered "on loan". My understanding was incorrect. The linkactivate() code has a subtleness that eluded me. There are two cases in linkactivate(): 1. The link is under an NGZ's datalink list but it's lllinkid doesn't reflect that (e.g., the link is found under zoneid 3 but lllinkid is 0). In this case the link is owned by the GZ but is being loaned to an NGZ and the link state should be updated accordingly. We get in this situation when dlmgmtd is restated for some reason (it must resync it's in-memory state with the state of the system). 2. The link is NOT under any NGZ's (zonecheckdatalink() is only concerned with NGZs) datalink list but its llzoneid holds the value of an NGZ. This indicates that the link is owned by an NGZ but for whatever reason is not currently under the NGZ's datalink list (e.g., because we are booting the zone and we now need to assign the link to its list). So the fix is to revert that one line change as well as add some clarifying comments and also some asserts to prevent further confusion in the future. + A nice breakdown by Ryan Zezeski of how he accidently introduced a regression, and how he tracked it down using dtrace and mdb New experimental statistics collector in master (http://dpaste.com/2YP0X9C) Master now has an in-kernel statistics collector which is enabled by default, and a (still primitive) user land program to access it. This recorder samples the state of the machine once every 10 seconds and records it in a large FIFO, all in-kernel. The FIFO typically contains 8192 entries, or around the last 23 hours worth of data. Statistics recorded include current load, user/sys/idle cpu use, swap use, VM fault rate, VM memory statistics, and counters for syscalls, path lookups, and various interrupt types. A few more useful counters will probably be added... I'd like to tie cpu temperature, fork rate, and exec rate in at some point, as well as network and disk traffic. The statistics gathering takes essentially no real overhead and is always on, so any user at the spur of the moment with no prior intent can query the last 23 hours worth of data. There is a user frontend to the data called 'kcollect' (its tied into the buildworld now). Currently still primitive. Ultimately my intention is to integrate it with a dbm database for long-term statistical data retention (if desired) using an occasional (like once-an-hour) cron-job to soak up anything new, with plenty of wiggle room due to the amount of time the kernel keeps itself. This is better and less invasive than having a userland statistics gathering script running every few minutes from cron and has the advantage of giving you a lot of data on the spur of the moment without having to ask for it before-hand. If you have gnuplot installed (pkg install gnuplot), kcollect can generate some useful graphs based on the in-kernel data. Well, it will be boring if the machine isn't doing anything :-). There are options to use gnuplot to generate a plot window in X or a .jpg or .png file, and other options to set the width and height and such. At the moment the gnuplot output uses a subset of statically defined fields to plot but ultimately the field list it uses will be specifiable. Sample image generated during a synth run (http://apollo.backplane.com/DFlyMisc/kcollect03.jpg) News Roundup openbsd changes of note 626 (https://www.tedunangst.com/flak/post/openbsd-changes-of-note-626) Hackerthon is imminent. There are two signals one can receive after accessing invalid memory, SIGBUS and SIGSEGV. Nobody seems to know what the difference is or should be, although some theories have been unearthed. Make some attempt to be slightly more consistent and predictable in OpenBSD. Introduces jiffies in an effort to appease our penguin oppressors. Clarify that IP.OF.UPSTREAM.RESOLVER is not actually the hostname of a server you can use. Switch acpibat to use _BIX before _BIF, which means you might see discharge cycle counts, too. Assorted clang compatibility. clang uses -Oz to mean optimize for size and -Os for something else, so make gcc accept -Oz so all makefiles can be the same. Adjust some hardlinks. Make sure we build gcc with gcc. The SSLcheckprivate_key function is a lie. Switch the amd64 and i386 compiler to clang and see what happens. We are moving towards using wscons (wstpad) as the driver for touchpads. Dancing with the stars, er, NET_LOCK(). clang emits lots of warnings. Fix some of them. Turn off a bunch of clang builtins because we have a strong preference that code use our libc versions. Some other changes because clang is not gcc. Among other curiosities, static variables in the special .openbsd.randomdata are sometimes assumed to be all zero, leading the clang optimizer to eliminate reads of such variables. Some more pledge rules for sed. If the script doesn't require opening new files, don't let it. Backport a bajillion fixes to stable. Release errata. RFC 1885 was obsoleted nearly 20 years ago by RFC 2463 which was obsoleted over 10 years ago by RFC 4443. We are probably not going back. Update libexpat to 2.2.3. vmm: support more than 3855MB guest memory. Merge libdrm 2.4.82. Disable SSE optimizations on i386/amd64 for SlowBcopy. It is supposed to be slow. Prevents crashes when talking to memory mapped video memory in a hypervisor. The $25 “FREEDOM Laptop!” (https://functionallyparanoid.com/2017/08/08/the-25-freedom-laptop/) Time to get back to the original intent of this blog – talking about my paranoid obsession with information security! So break out your tinfoil hats my friends because this will be a fun ride. I'm looking for the most open source / freedom respecting portable computing experience I can possibly find and I'm going to document my work in real-time so you will get to experience the ups (and possibly the downs) of that path through the universe. With that said, let's get rolling. When I built my OpenBSD router using the APU2 board, I discovered that there are some amd64 systems that use open source BIOS. This one used Coreboot and after some investigation I discovered that there was an even more paranoid open source BIOS called Libreboot out there. That started to feel like it might scratch my itch. Well, after playing around with some lower-powered systems like my APU2 board, my Thinkpad x230 and my SPARC64 boxes, I thought, if it runs amd64 code and I can run an open source operating system on it, the thing should be powerful enough for me to do most (if not all) of what I need it to do. At this point, I started looking for a viable machine. From a performance perspective, it looked like the Thinkpad x200, T400, T500 and W500 were all viable candidates. After paying attention on eBay for a while, I saw something that was either going to be a sweet deal, or a throwaway piece of garbage! I found a listing for a Thinkpad T500 that said it didn't come with a power adapter and was 100% untested. From looking at the photos, it seemed like there was nothing that had been molested about it. Obviously, nobody was jumping on something this risky so I thought, “what the heck” and dropped a bit at the opening price of $24.99. Well, guess what. I won the auction. Now to see what I got. When the laptop showed up, I discovered it was minus its hard drive (but the outside plastic cover was still in place). I plugged in my x230's power adapter and hit the button. I got lights and was dropped to the BIOS screen. To my eternal joy, I discovered that the machine I had purchased for $25 was 100% functional and included the T9400 2.54 GHz Core 2 Duo CPU and the 1680×1050 display panel. W00t! First things first, I need to get this machine a hard drive and get the RAM upgraded from the 2GB that it showed up with to 8GB. Good news is that these two purchases only totaled $50 for the pair. An aftermarket 9-cell replacement battery was another $20. Throw in a supported WiFi card that doesn't require a non-free blob from Libreboot at $5.99 off of eBay and $5 for a hard drive caddy and I'm looking at about $65 in additional parts bringing the total cost of the laptop, fully loaded up at just over $100. Not bad at all… Once all of the parts arrived and were installed, now for the fun part. Disassembling the entire thing down to the motherboard so we can re-flash the BIOS with Libreboot. The guide looks particularly challenging for this but hey, I have a nice set of screwdrivers from iFixit and a remarkable lack of fear when it comes to disassembling things. Should be fun! Well, fun didn't even come close. I wish I had shot some pictures along the way because at one point I had a heap of parts in one corner of my “workbench” (the dining room table) and just the bare motherboard, minus the CPU sitting in front of me. With the help of a clip and a bunch of whoops wires (patch cables), I connected my Beaglebone Black to the BIOS chip on the bare motherboard and attempted to read the chip. #fail I figured out after doing some more digging that you need to use the connector on the left side of the BBB if you hold it with the power connector facing away from you. In addition, you should probably read the entire process through instead of stopping at the exciting pinout connector diagram because I missed the bit about the 3.3v power supply need to have ground connected to pin 2 of the BIOS chip. Speaking of that infamous 3.3v power supply, I managed to bend a paperclip into a U shape and jam it into the connector of an old ATX power supply I had in a closet and source power from that. I felt like MacGyver for that one! I was able to successfully read the original Thinkpad BIOS and then flash the Libreboot + Grub2 VESA framebuffer image onto the laptop! I gulped loudly and started the reassembly process. Other than having some cable routing difficulties because the replacement WiFi card didn't have a 5Ghz antenna, it all went back together. Now for the moment of truth! I hit the power button and everything worked!!! At this point I happily scurried to download the latest snapshot of OpenBSD – current and install it. Well, things got a little weird here. Looks like I have to use GRUB to boot this machine now and GRUB won't boot an OpenBSD machine with Full Disk Encryption. That was a bit of a bummer for me. I tilted against that windmill for several days and then finally admitted defeat. So now what to do? Install Arch? Well, here's where I think the crazy caught up to me. I decided to be an utter sell out and install Ubuntu Gnome Edition 17.04 (since that will be the default DE going forward) with full disk encryption. I figured I could have fun playing around in a foreign land and try to harden the heck out of that operating system. I called Ubuntu “grandma's Linux” because a friend of mine installed it on his mom's laptop for her but I figured what the heck – let's see how the other half live! At this point, while I didn't have what I originally set out to do – build a laptop with Libreboot and OpenBSD, I did have a nice compromise that is as well hardened as I can possibly make it and very functional in terms of being able to do what I need to do on a day to day basis. Do I wish it was more portable? Of course. This thing is like a six or seven pounder. However, I feel much more secure in knowing that the vast majority of the code running on this machine is open source and has all the eyes of the community on it, versus something that comes from a vendor that we cannot inspect. My hope is that someone with the talent (unfortunately I lack those skills) takes an interest in getting FDE working with Libreboot on OpenBSD and I will most happily nuke and repave this “ancient of days” machine to run that! FreeBSD Programmers Report Ryzen SMT Bug That Hangs Or Resets Machines (https://hothardware.com/news/freebsd-programmers-report-ryzen-smt-bug-that-hangs-or-resets-machines) It's starting to look like there's an inherent bug with AMD's Zen-based chips that is causing issues on Unix-based operating systems, with both Linux and FreeBSD confirmed. The bug doesn't just affect Ryzen desktop chips, but also AMD's enterprise EPYC chips. It seems safe to assume that Threadripper will bundle it in, as well. It's not entirely clear what is causing the issue, but it's related to the CPU being maxed out in operations, thus causing data to get shifted around in memory, ultimately resulting in unstable software. If the bug is exercised a certain way, it can even cause machines to reset. The revelation about the issue on FreeBSD was posted to the official repository, where the issue is said to happen when threads can lock up, and then cause the system to become unstable. Getting rid of the issue seems as simple as disabling SMT, but that would then negate the benefits provided by having so many threads at-the-ready. On the Linux side of the Unix fence, Phoronix reports on similar issues, where stressing Zen chips with intensive benchmarks can cause one segmentation fault after another. The issue is so profound, that Phoronix Test Suite developer Michael Larabel introduced a special test that can be run to act as a bit of a proof-of-concept. To test another way, PTS can be run with this command: PTS_CONCURRENT_TEST_RUNS=4 TOTAL_LOOP_TIME=60 phoronix-test-suite stress-run build-linux-kernel build-php build-apache build-imagemagick Running this command will compile four different software projects at once, over and over, for an hour. Before long, segfaults should begin to appear (as seen in the shot above). It's not entirely clear if both sets of issues here are related, but seeing as both involve stressing the CPU to its limit, it seems likely. Whether or not this could be patched on a kernel or EFI level is something yet to be seen. TrueOS - UNSTABLE update: 8/7/17 (https://www.trueos.org/blog/unstable-update-8717/) A new UNSTABLE update for TrueOS is available! Released regularly, UNSTABLE updates are the full “rolling release” of TrueOS. UNSTABLE includes experimental features, bugfixes, and other CURRENT FreeBSD work. It is meant to be used by those users interested in using the latest TrueOS and FreeBSD developments to help test and improve these projects. WARNING: UNSTABLE updates are released primarily for TrueOS and FreeBSD testing/experimentation purposes. Update and run UNSTABLE “at your own risk”. Note: There was a CDN issue over the weekend that caused issues for early updaters. Everything appears to be resolved and the update is fully available again. If you encountered instability or package issues from updating on 8/6 or 8/5, roll back to a previous boot environment and run the update again. Changes: UNSTABLE .iso and .img files beginning with TrueOS-2017-08-3-x64 will be available to download from http://download.trueos.org/unstable/amd64/. Due to CDN issues, these are not quite available, look for them later today or tomorrow (8/8/17). This update resyncs all ports with FreeBSD as of 8.1.2017. This includes: New/updated FreeBSD Kernel and World & New DRM (Direct Rendering Manager) next. Experimental patch for libhyve-remote: (From htps://github.com/trueos/freebsd/commit/a67a73e49538448629ea27, thanks araujobsd) The libhyve-remote aims to abstract functionalities from other third party libraries like libvncserver, freerdp, and spice to be used in hypervisor implementation. With a basic data structure it is easy to implement any remote desktop protocol without digging into the protocol specification or third part libraries – check some of our examples.We don't statically link any third party library, instead we use a dynamic linker and load only the functionality necessary to launch the service.Our target is to abstract functionalities from libvncserver, freerdp and spice. Right now, libhyve-remote only supports libvncserver. It is possible to launch a VNC server with different screen resolution as well as with authentication.With this patch we implement support for bhyve to use libhyve-remote that basically abstract some functionalities from libvncserver. We can: Enable wait state, Enable authentication, Enable different resolutions< Have a better compression. Also, we add a new -s flag for vncserver, if the libhyve-remote library is not present in the system, we fallback to bhyve RFB implementation. For example: -s 2,fbuf,tcp=0.0.0.0:5937,w=800,h=600,password=1234567,vncserver,wait New SysAdm Client pages under the System Management category: System Control: This is an interface to browse all the sysctl's on the system. Devices: This lists all known information about devices on the designated system. Lumina Theming: Lumina is testing new theming functionality! By default (in UNSTABLE), a heavily customized version of the Qt5ct engine is included and enabled. This is intended to allow users to quickly adjust themes/icon packs without needing to log out and back in. This also fixes a bug in Insight with different icons loading for the side and primary windows. Look for more information about this new functionality to be discussed on the Lumina Website. Update to Iridium Web Browser: Iridium is a Chromium based browser built with user privacy and security as the primary concern, but still maintaining the speed and usability of Chromium. It is now up to date – give it a try and let us know what you think (search for iridium-browser in AppCafe). Beastie Bits GhostBSD 11.1 Alpha1 is ready (http://www.ghostbsd.org/11.1-ALPHA1) A Special CharmBUG announcement (https://www.meetup.com/CharmBUG/events/242563414/) Byhve Obfuscation Part 1 of Many (https://github.com/HardenedBSD/hardenedBSD/commit/59eabffdca53275086493836f732f24195f3a91d) New BSDMag is out (https://bsdmag.org/download/bsd-magazine-overriding-libc-functions/) git: kernel - Lower VMMAXUSER_ADDRESS to finalize work-around for Ryzen bug (http://lists.dragonflybsd.org/pipermail/commits/2017-August/626190.html) Ken Thompson corrects one of his biggest regrets (https://twitter.com/_rsc/status/897555509141794817) *** Feedback/Questions Hans - zxfer (http://dpaste.com/2SQYQV2) Harza - Google Summer of Code (http://dpaste.com/2175GEB) tadslot - Microphones, Proprietary software, and feedback (http://dpaste.com/154MY1H) Florian - ZFS/Jail (http://dpaste.com/2V9VFAC) Modifying a ZFS root system to a beadm layout (http://dan.langille.org/2015/03/11/modifying-a-zfs-root-system-to-a-beadm-layout/) ***
Pivotal is excited about the upcoming Open Source Summit, with not one but two great speaking sessions. In this episode of Pivotal Insights, Dormain previews her sessions at the summit on navigatng open source business models in the cloud era. Pivotal's Zach Brown likewise talks about his presentation on building .NET Core microservices with Steeltoe.
Pivotal is excited about the upcoming Open Source Summit, with not one but two great speaking sessions. In this episode of Pivotal Insights, Dormain previews her sessions at the summit on navigatng open source business models in the cloud era. Pivotal's Zach Brown likewise talks about his presentation on building .NET Core microservices with Steeltoe.
© 2020-2025 Ivy Podcast Discovery LLC
