Linux Foundation is leading fight against fauxpen source

http://securitytc.com/T5Plwk

Inside Jidometa: A look at our Open Source Software

[Read part 2 of Inside Jidometa]

In this post, we’ll highlight some of the open source tools we’ve created and deploy in every Jidoteki appliance, including Jidometa itself.

The OS

We'll start from the buttom up. Jidometa is built on top of TinyCore Linux - a small footprint in-memory operating system built on GNU/Linux. We use the unmodified OS with a few minor changes.

The sources for the OS toolchain

The sources for the OS busybox

The TinyCore OS initramfs and kernel

The TinyCore OS scripts modifications

The kernel

TinyCore Linux ships with a slightly modified Linux kernel. In our tests, we were able to deploy our appliances with a completely unmodified (vanilla) Linux kernel, so we provide the full unmodified kernel sources.

The kernel build scripts

The sources for the Linux kernel

The extensions

Extensions are similar to Debian .deb packages and RedHat .rpm packages. In Jidometa, they are squashfs .tcz files which contain pre-compiled and stripped binaries. They're typically much smaller because we don't include man pages, headers, and other files not needed in an immutable OS.

The sources for the extensions

We have yet to publish all the build scripts for our extensions, but they all use basic commands:

./configure;make;make install

Anyone can easily rebuild them with the original sources.

The admin scripts

We always include our own Open Source scripts to help manage the appliance. The scripts vary in importance and are either written in POSIX shell, or PicoLisp. We're slowly working on replacing all our POSIX shell scripts with PicoLisp shell scripts.

The Jidoteki Admin scripts, which manage the appliance from the console

The Jidoteki Admin API scripts, which manage the appliance from a REST API

The helper scripts, which provide additional functionality to the appliance scripts

We have quite a few more administration scripts, but we haven't open sourced them yet.

The libraries

The Admin scripts are built on top of a set of open source PicoLisp libraries which provide the foundation for stable, tested, and functional tools. The libraries include:

A unit testing library, to help write simple unit tests for every PicoLisp script and library, and ensure correct functionality (as well as reduce bugs/regressions)

A JSON library, to natively parse and generate JSON documents directly in PicoLisp

A SemVer library, to help manage, compare, and validate appliance and update package versions

An API library, to help build simple REST APIs as quickly and easily as possible

The licenses

It's almost impossible to gather every single license for every single software used in the appliance. We provided the software source packages intact, which include all the unmodified license files as well.

Additional licenses can be found directly in the appliance in:

/usr/share/doc/License/

The ISOs

Since downloading all individual source packages can be quite troublesome at times, we also provide direct links to download ISOs which bundle all the sources together.

Fauxpen source

We're not running a fauxpen source operation here. Admittedly not all our code is Open Source, but we do our best to comply with the GNU and OSD licenses by making it easy for everyone to access the sources files for the appliances and binaries we distribute.

We're constantly releasing new open source tools and libraries, so make sure you sign-up for our mailing list to stay up-to-date on our work, tools, and solutions.

If you're looking to provide your customers with an on-premises virtual appliance, without being locked-in by your vendor, then contact us and we'll be happy to discuss your requirements.

REMEMBER WHEN WE BROKE THE INTERNET?

julia ferraioli

OPEN SOURCE TECHNICAL LEADER @ CISCO

amanda casari

OPEN SOURCE SCIENTIST @ GOOGLE

@juliaferraioli, @amcasari

There are times in our past when open source, or something like open source broke the internet. It is ALL interconnected!

In Open Source, you cannot restrict who uses your technology.

Complexity Theory: unpredictable systems that operate by independent rules. And the emergent system is more complex that its parts.

A sociotechnical system is a complex system that contains people as nodes in the system.

Open Source is a complex sociotechnical system. OSS is fundamentally a human-based system. We have to take in consideration how we as humans interact with each other

A "black swan" event is an evet that disrupts the status quo, causes systematic change, and seem inevitable in hindsight.

Context matters. You have to understand the history behind where systems have evolved over time. And where evolution happens as a disruption of norms.

<sing a long commencing now>

The Morris Worm 1988 - Created by Robert Tappan Morris at Cornell to attack MIT by exploiting transitive trust between sys admins and users.

Morris was the first arrest under the computer fraud act of 1986

We do not assume, now, that everyone is operating in everyone else's best interests. Morris himself helped spread the solution to the worm.

Super homogeneity is now though as a risk.

Heartbleed 2014 - Heartbleed was released is 2012, but publicly announced in 2014. Security flaw in OpenSSL (used EVERYWHERE is TLS). 66% of the internet used OpenSSL.

Heartbleed increased funding towards developers and maintainers of open source software.

Corporations start paying people to work on open source software.

left-pad 2016 - trademark disagreement over an npm package name. The maintainer deleted ALL his libraries, including left-pad, and broke a TON of services.

Npm published the left-pad package without permission of the main maintainer. It is "free to Fork" which should be OK.

Choose your license carefully.

This increased visibility of the cost on maintainer burnout.

New issues abound on maintainer rights.

Fauxpen 2018 - Licensing wars… Companies start using open source as a business strategy. OSS used to be counter culture, now it is corporate culture.

Companies developed OSS n order to monetize it. And at the same time the cloud was born.

The companies that made the OSS started reversing their licenses. Example: Akka.

A haiku:

A need for income

The actors have to get paid

My old friend, Akka

Open source waters are muddied: Open Core is being a thing, where the OSS is a core that is useless, but still open.

Exposed OSS as a business strategy. How can companies be a part of the ecosystem ethically.

Also, capitalism introduced into OSS is a sticky mess.

#TODO(everyone) https://todogroup.org/

OSS is a sociotechnical system. OSS is lost to walled gardens, private conversations, and an overindex on source code. OSS needs to be more transparent.

Glue work is critical, but not recognized. Feature work is given more visibility than glue work for systems, though it is the critical and essential work of OSS.

Our OSS narratives are not complete, they are overindexed by a cult of personality. As long as OSS is captured by hero engineers and cult of personality founders, the system will be broken and glue work will be undervalued.

This is a sustainability problem. We didn't light this fire, but we are here to fight it!

Thank you Julia and Amanda!

Creative Commons Working with Flickr, OSI Announces $200,000 Donation from Handshake, Intel's OTC Adopts Contributor Covenant, Artifact Digital Card Game Coming Soon to Linux and Facebook Open-Sources Suite of Kernel Components and Tools

News briefs for November 2, 2018.

Creative Commons is working with Flickr and SmugMug, Flickr's parent company, to protect the Commons following Flickr's recent announcement that it will be limiting free accounts to 1,000 images. Ryan Merkley, Creative Commons CEO, writes, "We want to ensure that when users share their works that they are available online in perpetuity and that they have a great experience." But he also admits that "the business models that have powered the web for so long are fundamentally broken. Storage and bandwidth for hundreds of millions (if not billions) of photos is very expensive. We've all benefited from Flickr's services for so long, and I'm hopeful we will find a way forward together."

The Open Source Initiative announces a $200,000 donation from Handshake, "the largest single donation in organizational history". Patrick Masson, the OSI's general manager, says "Handshake's funding will allow us to extend the reach and impact of our Working Groups and Incubator Projects, many which were established to confront the growing efforts to manipulate open source through 'fauxpen source software' and 'open-washing'."

Intel's Open-Source Technology Center (OTC) has adopted the Contributor Covenant for all of its open-source projects. Phoronix reports that it chose the Contributor Covenant because "it's well written and represented, provides a clear expression of expectations, and represents open-source best practices." You can read the Contributor Covenant here.

Valve's digital card game Artifact is scheduled to be released November 28th with Linux support. According to Gaming on Linux, the new game will also have a built-in tournament feature. See the official Artifact site for more details.

Facebook recently announced it's open-sourcing a new suite of Linux kernel components and related tools "that address critical fleet management issues. These include resource control, resource utilization, workload isolation, load balancing, measuring, monitoring, and much more". According to the Facebook blog post, "the kernel components and tools included in this release can be adapted to solve a virtually limitless number of production problems."

News

creative commons

Handshake

OSI

Intel

gaming

Valve

Facebook

open source

https://ift.tt/2zmtDTQ via @johanlouwers . follow me also on twitter