Should Companies Audit Their Software Stacks for Critical Open Source Dependencies?

Thoughtworks is a technology consultancy/distributed agile software design company. The principle technologist in its CTO’s office warns that managers of IT assets “need to keep up” with the changing economics of open source:

Early 2022 has brought with it an unusually high level of commotion in the open-source community, largely focused on the economics of who — and how we — should pay for “free” software. But this isn’t just some geeky flame war. What’s at stake is critical for vast swaths of the business world….

We know of many open-source enthusiasts who maintain their software personally while leading busy professional lives — the last thing they want is the responsibility of a service-level agreement because someone paid them for their creation. So, is this the end of the road for the open-source dream? Certainly, many of the open-source naysayers will view the recent upheavals as proof of a failed approach. They couldn’t be more wrong. What we’re seeing today is a direct result of the success of open-source software. That success means there isn’t a one-size-fits-all description to define open-source software, nor one economic model for how it can succeed.

For internet giants like Facebook or Netflix, the popularity, or otherwise, of their respective JavaScript library and software tool — React and Chaos Monkey — is beside the point. For such companies, open-source releases are almost a matter of employer branding — a way to show off their engineering chops to potential employees. The likelihood of them altering licensing models to create new revenue streams is small enough that most enterprises need not lose sleep over it. Nonetheless, if these open-source tools form a critical part of your software stack or development process, you might want some form of contingency plan — you’re likely to have very little sway over future developments, so understanding your risks helps.

For companies that have built platforms containing open-source software, the risks are more uncertain. This is in line with Thoughtworks’ view that all businesses can benefit from a greater awareness of what software is running in their various systems. In such cases, we advise companies to consider the extent to which they’re reliant on that piece of software: are there viable alternatives? In extreme circumstances, could you fork the code and maintain it internally?

Once you start looking at crucial parts of your software stack where you’re reliant on hobbyists, your choices begin to dwindle. But if Log4J’s case has taught us anything, it’s this: auditing what goes into the software that runs your business puts you in a better place than being completely caught by surprise.

Read more of this story at Slashdot.

How US Billionaires Can Avoid Paying Income Taxes

On April 15th Americans filed their taxes with the Internal Revenue Service (or IRS). But on the same day ProPublica was reporting a difference between “the rich and the rest of us” — that their wealth just isn’t easily defined:

For one, wages make up only a small part of their earnings. And they have broad latitude in how they account for their businesses and investments. Their incomes aren’t defined by a tax form. Instead, they represent the triumph of careful planning by skilled professionals who strive to deliver the most-advantageous-yet-still-plausible answers to their clients. For them, a tax return is an opening bid to the IRS. It’s a kind of theory….

We counted at least 16 other billionaires (along with hundreds of other ultrawealthy people, including hedge fund managers and former CEOs) among the stimulus check recipients. This is just how our system works. It’s why, in 2011, Jeff Bezos, then worth $18 billion, qualified for $4,000 in refundable child tax credits. (Bezos didn’t respond to our questions.) A recent study by the Brookings Institution set out with a simple aim: to compare what owners of privately held businesses say they earn with the income that appears on the owners’ tax returns. The findings were stark: “More than half of economic income generated by closely held businesses does not appear on tax returns and that ratio has declined significantly over the past 25 years.”

That doesn’t mean business owners are illegally hiding income from the IRS, though it’s certainly a possible contributor. There are plenty of ways to make income vanish legally. Tax perks like depreciation allow owners to create tax losses even as they expand their businesses… “Losses” from one business can also be used to wipe out income from another. Sometimes spilling red ink can be lots of fun: For billionaires, owning sports teams and thoroughbred racehorses are exciting loss-makers. Congress larded the tax code with these sorts of provisions on the logic that what’s good for businesses is good for the economy. Often, the evidence for this broader effect is thin or nonexistent, but you can be sure all this is great for business owners. The Brookings study found that households worth $10 million or more benefited the most from being able to make income disappear….

In the tax system we have, billionaires who’d really rather not pay income taxes can usually find a way not to. They can bank their accumulating gains tax-free and deploy tax losses to wipe out whatever taxable income they might have. They can even look forward to a few thousand dollars here and there from the government to help them raise their kids or get through a national emergency.
This system also means it’s much harder to catch underreported income on the tax returns of the wealthy, the article points out. And with so many legal deducations, it’s also hard to prove the low incomes really exceed what the law allows. Even then, the wealthy can still hire an army of the best tax lawyers to make their case in court.

And now thousands of auditors have left the agency — and have not been replaced. The end result? “Audits of the wealthy have plummeted.

“Business owners have still more reason to be bold….”

Read more of this story at Slashdot.

Ebook Services Are Bringing Unhinged Conspiracy Books into Public Libraries

Librarians say Holocaust deniers, antivaxxers, and other conspiracy theorists are being featured in the catalogs of a popular ebook lending service. From a report: In February, a group of librarians in Massachusetts identified a number of Holocaust denial and anti-Semitic books on Hoopla, including titles like “Debating The Holocaust” and “A New Nobility of Blood and Soil” — the latter referring to the infamous Nazi slogan for nationalist racial purity. After public outcry from library and information professionals, Hoopla removed a handful of titles from its digital collection.

In an email obtained by the Library Freedom Project last month, Hoopla CEO Jeff Jankowski explained that the titles came from the company’s network of more than 18,000 publishers: “[The titles] were added within the most recent twelve months and, unfortunately, they made it through our protocols that include both human and system-driven reviews and screening.” However, quick Hoopla keyword searches for ebooks about “homosexuality” and “abortion” turn up dozens of top results that contain largely self-published religious texts categorized as “nonfiction,” including several titles like “Can Homosexuality Be Healed” which promote conversion therapy and anti-LGBTQ+ rhetoric. This prompted a group of librarians to start asking how these titles are appearing in public library catalogs and why they are ranked so high.

Read more of this story at Slashdot.

American Phone-Tracking Firm Demo’d Surveillance Powers By Spying On CIA and NSA

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. Reader BeerFartMoron shares a report: In the months leading up to Russia’s invasion of Ukraine, two obscure American startups met to discuss a potential surveillance partnership that would merge the ability to track the movements of billions of people via their phones with a constant stream of data purchased directly from Twitter. According to Brendon Clark of Anomaly Six — or “A6” — the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines. To prove that the technology worked, Clark pointed A6’s powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.

Virginia-based Anomaly Six was founded in 2018 by two ex-military intelligence officers and maintains a public presence that is scant to the point of mysterious, its website disclosing nothing about what the firm actually does. But there’s a good chance that A6 knows an immense amount about you. The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact: Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling terms of service that the companies involved count on you never reading.

Read more of this story at Slashdot.

Rolls-Royce Expects UK Approval For Small Nuclear Reactors By Mid-2024

Rolls-Royce is to start building parts for its small modular nuclear reactors in anticipation of receiving regulatory approval from the British government by 2024, one of its directors has said. The Guardian reports: Paul Stein, the chairman of Rolls-Royce SMR, a subsidiary of the FTSE 100 engineering company, said he hoped to be providing power to the UK’s national grid by 2029. Speaking to Reuters in an interview conducted virtually, Stein said the regulatory “process has been kicked off, and will likely be complete in the middle of 2024. We are trying to work with the UK government, and others to get going now placing orders, so we can get power on grid by 2029.”

Small modular reactors (SMRs) are seen by their proponents as a way to build nuclear power plants in factories, a method that could be cheaper and quicker than traditional designs. The technology, based on the reactors used in nuclear submarines, is seen by Rolls-Royce as a potential earner far beyond any previous business such as jet engines or diesel motors. The government under Boris Johnson put nuclear power at the centre of its energy strategy announced earlier this month, in response to climate concerns and a desire to ditch Russian gas. SMRs are expected to play an important role in an expansion of nuclear to supply a quarter of the UK’s energy needs. Lower costs would be crucial in justifying the nuclear push, given that onshore wind is seen as much cheaper and quicker to install.

Read more of this story at Slashdot.