April 2019 - wlug - University of Waikato Mail Lists

Does Open Source Have a 'Working For Free' Problem?

by Peter Reutemann

'"Let's abandon the notion that open source is exclusively charity," writes Havoc Pennington, a free software engineer (and former Red Hat engineer) who's now a co-founder of Tidelift: Look around. We do have a problem, and it's time we do something about it.... The lack of compensation isn't just bad for individual developers -- it also creates social problems, by amplifying existing privilege.... The narrative around open source is that it's completely OK -- even an expectation -- that we're all doing this for fun and exposure; and that giant companies should get huge publicity credit for throwing peanuts-to-them donations at a small subset of open source projects. There's nothing wrong with doing stuff for fun and exposure, or making donations, as an option. It becomes a problem when the free work is expected and the donations are seen as enough... What would open source be like if we had a professional class of independent maintainers, constantly improving the code we all rely on? The essay suggests some things consider, including asking people to pay for: * Support requests * Security audits/hardening and extremely good test coverage * Supporting old releases * License-metadata-annotation practices that are helpful for big companies trying to audit the code they use, but sort of a pain in the ass and nobody cares other than these big companies. "Right now many users expect, and demand, that all of this will be free. As an industry, perhaps we should push back harder on that expectation. It's OK to set some boundaries..." "Of course this relates to what we do at Tidelift -- the company came out of discussions about this problem, among others... In our day-to-day right now we're specifically striving to give subscribers a way to pay maintainers of their application dependencies for additional value, through the Tidelift Subscription. But we hope to see many more efforts and discussions in this area.... [I]n between a virtual tip jar and $100 million in funding, there's a vast solution space to explore."' -- source: https://news.slashdot.org/story/19/04/28/0459236 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year

2
1
0 / 0

Mark Shuttleworth Sees Increased Demand For Enterprise Ubuntu Linux Desktop

by Peter Reutemann

'Canonical's real money comes from the cloud and Internet of Things, but AI and machine learning developers are demanding -- and getting -- Ubuntu Linux desktop with enterprise support. From a report: In a wide-ranging conversation at Open Infrastructure Summit, Mark Shuttleworth, founder of Ubuntu Linux and its corporate parent Canonical, said: "We have seen companies signing up for Linux desktop support, because they want to have fleets of Ubuntu desktop for their artificial intelligence engineers." This development caught Shuttleworth by surprise. "We're starting actually now to commercially support the desktop in a way that we've never been asked to before," he said. Of course, Ubuntu has long been used by developers, but Shuttleworth explained, "Previously, those were kind of off the books, under the table. You know, 'Don't ask don't tell deployments.' "But now suddenly, it's the AI team and they've got to be supported."' -- source: https://news.slashdot.org/story/19/04/30/1641242 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
0
0 / 0

Vodafone Denies Bloomberg Report on Security Flaws in Huawei Equipment

by Peter Reutemann

'Vodafone denied a Bloomberg report on Tuesday that stated it had found "backdoors" hidden in Huawei equipment supplied to its Italian business dating back years, per BBC . From a report: What they're saying: Vodafone said the "backdoors" in the report were actually a common industry protocol: "The 'backdoor' that Bloomberg refers to is Telnet, which is a protocol that is commonly used by many vendors in the industry for performing diagnostic functions. It would not have been accessible from the internet. Bloomberg is incorrect in saying that this 'could have given Huawei unauthorised access to the carrier's fixed-line network in Italy.' In addition, we have no evidence of any unauthorised access. This was nothing more than a failure to remove a diagnostic function after development."' -- source: https://tech.slashdot.org/story/19/04/30/1542202 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

2
1
0 / 0

Fedora 30 Linux Distro Is Here

by Peter Reutemann

'Fedora 30, the newest release of the venerable Linux distribution that serves (in part) as the staging environment for Red Hat Enterprise Linux, was released Tuesday, bringing with it a number of improvements and performance optimizations. From a report: The most exciting aspect, for workstation/desktop users at least, is the update to GNOME 3.32. Of course, that is hardly the only notable update -- the DNF package manager is getting a performance boost, for instance. In other words, this is a significant operating system upgrade that should delight both existing Fedora users and beginners alike. "Fedora 30 brings enhancements to all editions with updates to the common underlying packages, from bug fixes and performance tweaks to new versions. In Fedora 30, base updates include Bash shell 5.0, Fish 3.0, the GNU Compiler Collection (GCC) 9 and Ruby 2.6. Fedora 30 also now uses the zchunk format for data compression within the DNF repository. When metadata is compressed using zchunk DNF will only download the differences between earlier copies of metadata and the current versions, saving on resources and increasing efficiency," says The Fedora Project.' -- source: https://linux.slashdot.org/story/19/04/30/1742231 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
0
0 / 0

Apache Software Foundation joins GitHub open source community

by Peter Reutemann

'Today we’re excited to welcome the Apache Software Foundation (ASF) to GitHub. Apache is the world’s largest open source foundation, with over 200 million lines of code managed by an all-volunteer community of 730 members and 7,000 code contributors. Over their 20 year history, one billion lines of code have been committed across three million code commits. In 2016, Apache made the decision to start integrating GitHub’s repository and tooling with their own services. After solidifying the integration over the years, they decided to simplify how they work and move all Git projects to GitHub. As of February 2019, Apache’s migration to GitHub was complete, enabling all these projects with a simple platform to host and review code, collaborate on projects, and build software alongside 31 million developers around the world.' -- source: https://github.blog/2019-04-29-apache-joins-github-community/ Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
0
0 / 0

How an Obsolete Medical Device With a Security Flaw Became a Must-Have For Some Patients With Type 1 Diabetes

by Peter Reutemann

'In 2014, a few hackers realized that the security flaw in certain Medtronic pumps could be exploited for a DIY revolution. Type 1 diabetes is a disease where the pancreas is unable to produce insulin to control blood sugar. For years, Boss (the anecdote in the story who purchased used insulin pumps from some dealer on Craiglist) had counted, down to the gram, the carbohydrates in every meal and told his pump how much insulin to dispense. [...] By 2014, the hardware components of a DIY artificial pancreas -- a small insulin pump that attaches via thin disposable tubing to the body and a continuous sensor for glucose, or sugar, that slips just under the skin -- were available, but it was impossible to connect the two. That's where the security flaw came in. The hackers realized they could use it to override old Medtronic pumps with their own algorithm that automatically calculates insulin doses based on real-time glucose data. It closed the feedback loop. They shared this code online as OpenAPS, and "looping," as it's called, began to catch on. Instead of micromanaging their blood sugar, people with diabetes could offload that work to an algorithm. In addition to OpenAPS, another system called Loop is now available. Dozens, then hundreds, and now thousands of people are experimenting with DIY artificial-pancreas systems -- none of which the Food and Drug Administration has officially approved. And they've had to track down discontinued Medtronic pumps. It can sometimes take months to find one. Obviously, you can't just call up Medtronic to order a discontinued pump with a security flaw. "It's eBay, Craigslist, Facebook. It's like this underground market for these pumps," says Aaron Kowalski, a DIY looper and also CEO of JDRF, a nonprofit that funds type 1 diabetes research. This is not exactly how a market for lifesaving medical devices is supposed to work. And yet, this is the only way it can work -- for now.' -- source: https://science.slashdot.org/story/19/04/29/2051257 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
0
0 / 0

Finally ... The Vertical TV

by Lawrence D'Oliveiro

I’ve been wondering when this was going to happen. Just as widescreen TVs and computer monitors have become standard, more and more video footage is being shared, whether on broadcast TV, social media or whatever, that was captured on mobile phones in *portrait* mode. So you get the awkward problem of filling in the gaps on the sides of the screen with something useless but unobtrusive (heavily-blurred portions of the actual content seems popular right now), and wasting all that display resolution to boot. Seems like going back to 4:3 monitors, or even an orientation-neutral square 1:1 shape, is not an option. But Samsung has the solution: a TV that can rotate to portrait mode! <https://arstechnica.com/gadgets/2019/04/samsung-embraces-vertical-videos-...>

1 year, 1 month

1
0
0 / 0

Designers Release 'Aweigh', An Open Source Alternative to GPS

by Peter Reutemann

'"A team of student designers and engineers from the RCA and Imperial College have designed an open-source alternative to GPS, called Aweigh, that does not rely on satellites," reports the design magazine Dezeen. It's similar to the sextant, calculating positions by measuring the angular distances between the horizon and the sun.' -- source: https://news.slashdot.org/story/19/04/27/1813237 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
1
0 / 0

The Mysterious History of the MIT License

by Peter Reutemann

'Red Hat technology evangelist Gordon Haff explains why it's hard to say exactly when the MIT license created. Citing input from both Jim Gettys (author of the original X Window System) and Keith Packard (a senior member on the X Windows team), he writes that "The best single answer is probably 1987. But the complete story is more complicated and even a little mysterious."' -- source: https://news.slashdot.org/story/19/04/28/0326207 Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

1 year, 1 month

1
0
0 / 0

How the Boeing 737 Max Disaster Looks to a Software Developer

by Lawrence D'Oliveiro

The author of this article <https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disas...> (archive.org copy at <https://web.archive.org/web/20190418200057/https://spectrum.ieee.org/aero...>) is both a pilot and a software developer. He looks into the root causes of the Boeing 737 MAX crashes in Indonesia and Ethiopia. Basic points: * The new aircraft has sufficiently different airframe handling characteristics to be classified as a new model. * Boeing didn’t want it to be treated as a new model, because of the extra regulatory costs, pilot training etc this would entail. * So they implemented software (“MCAS”) that actively managed the handling characteristics to make it behave to pilots like previous 737 models. * They neglected to tell the pilots about the software. * It also turns out that correct operation of this software depends on a hardware component that is known to be unreliable. Commentary from Bruce Schneier <https://www.schneier.com/blog/archives/2019/04/excellent_analy.html> and Glyn Moody <https://www.techdirt.com/articles/20190424/06571442075/shoddy-software-is...>.

1 year, 1 month

1
0
0 / 0

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

wlug April 2019