Mike McQuaid on 15 Years of Homebrew and Protecting Open-Source Maintainers

Despite multiple methods available across major operating systems for installing and updating applications, there remains “no real clear answer to ‘which is best,'” reports The Next Web. Each system faces unique challenges such as outdated packages, high fees, and policy restrictions.

Enter Homebrew.

“Initially created as an option for developers to keep the dependencies they often need for developing, testing, and running their work, Homebrew has grown to be so much more in its 15-year history.” Created in 2009, Homebrew has become a leading solution for macOS, integrating with MDM tools through its enterprise-focused extension, Workbrew, to balance user freedom with corporate security needs, while maintaining its open-source roots under the guidance of Mike McQuaid. In an interview with The Next Web’s Chris Chinchilla, project leader Mike McQuaid talks about the challenges and responsibilities of maintaining one of the world’s largest open-source projects: As with anything that attracts plenty of use and attention, Homebrew also attracts a lot of mixed and extreme opinions, and processing and filtering those requires a tough outlook, something that Mike has spoken about in numerous interviews and at conferences. “As a large project, you get a lot of hate from people. Either people are just frustrated because they hit a bug or because you changed something, and they didn’t read the release notes, and now something’s broken,” Mike says when I ask him about how he copes with the constant influx of communication. “There are a lot of entitled, noisy users in open source who contribute very little and like to shout at people and make them feel bad. One of my strengths is that I have very little time for those people, and I just insta-block them or close their issues.”

More crucially, an open-source project is often managed and maintained by a group of people. Homebrew has several dozen maintainers and nearly one thousand total contributors. Mike explains that all of these people also deserve to be treated with respect by users, “I’m also super protective of my maintainers, and I don’t want them to be treated that way either.” But despite these features and its widespread use, one area Homebrew has always lacked is the ability to work well with teams of users. This is where Workbrew, a company Mike founded with two other Homebrew maintainers, steps in. […] Workbrew ties together various Homebrew features with custom glue to create a workflow for setting up and maintaining Mac machines. It adds new features that core Homebrew maintainers had no interest in adding, such as admin and reporting dashboards for a computing fleet, while bringing more general improvements to the core project.

Bearing in mind Mike’s motivation to keep Homebrew in the “traditional open source” model, I asked him how he intended to keep the needs of the project and the business separated and satisfied. “We’ve seen a lot of churn in the last few years from companies that made licensing decisions five or ten years ago, which have now changed quite dramatically and have generated quite a lot of community backlash,” Mike said. “I’m very sensitive to that, and I am a little bit of an open-source purist in that I still consider the open-source initiative’s definition of open source to be what open source means. If you don’t comply with that, then you can be another thing, but I think you’re probably not open source.”

And regarding keeping his and his co-founder’s dual roles separated, Mike states, “I’m the CTO and co-founder of Workbrew, and I’m the project leader of Homebrew. The project leader with Homebrew is an elected position.” Every year, the maintainers and the community elect a candidate. “But then, with the Homebrew maintainers working with us on Workbrew, one of the things I say is that when we’re working on Workbrew, I’m your boss now, but when we work on Homebrew, I’m not your boss,” Mike adds. “If you think I’m saying something and it’s a bad idea, you tell me it’s a bad idea, right?” The company is keeping its early progress in a private beta for now, but you can expect an announcement soon. As for what’s happening for Homebrew? Well, in the best “open source” way, that’s up to the community and always will be.

Read more of this story at Slashdot.

HPE Set For Unconditional EU Nod For $14 Billion Juniper Deal

According to Reuters, Hewlett Packard Enterprise (HPE) is expected to secure unconditional EU antitrust approval for its $14 billion acquisition of networking gear maker Juniper Networks. From the report: HPE announced the deal in January, underscoring the rush by companies to upgrade and develop new products amid a sharp rise in artificial intelligence-driven services. The European Commission, which is scheduled to decide on the deal by Aug. 1, declined to comment. HPE was expected to underline the power of market leader and Juniper rival Cisco to allay any possible European Union competition concerns, other people with direct knowledge of the matter had previously told Reuters. The deal is also being assessed by Britain’s antitrust enforcer, with a decision due on Aug. 14.

Read more of this story at Slashdot.

Disney’s First R-Rated Movie Opening Sets an All-Time Record: ‘Deadpool & Wolverine’

No R-rated film has ever earned as much in its opening weekend, reports the Hollywood Reporter — a whopping $205 million. (The previous record was $133.7 million, set in 2016 by the original film Deadpool…)

It’s also the very first R-rated film ever released by Disney…

[Deadpool actor Ryan] Reynolds has his own theory about its success. “Disney probably doesn’t want me to frame it this way, but I’ve always thought of Deadpool & Wolverine as the first four-quadrant, R-rated film,” Reynolds tells the Hollywood Reporter. “Yes, it’s rated R, but we set out to make a movie with enough laughs, action and heart to appeal to everyone, whether you’re a comic book movie fan or not.”

There’s reason Disney and others may bristle at labeling it a four-quadrant film, which generally is reserved for movies that work equally for males and females over and under 25. Afterall, it is perhaps the most violent and bloody Deadpool movie yet. Still, here’s evidence to back up Reynolds’ theory that it’s playing to a far more broad audience than the usual Marvel Cinematic Univerese movie, even if it’s skewing male by anywhere from 60 to 63 percent. So far, 13.6 million people have bought tickets to see it, on par with last year’s Barbie, which was rated PG-13, according to Steve Buck’s leading research firm EntTelligence. That’s the most foot traffic ever for an R-rated movie….

“Once thought of as a sure-fire way to limit potential box office, the R rating, when properly applied, can be the key to unlocking massive box office, and this has proven to be the secret sauce for the Deadpool franchise,” says chief Comscore box office analyst Paul Dergarabedian. “The creative freedom afforded by the less restrictive rating has enabled filmmakers to push the envelope and, particularly in the case of Deadpool & Wolverine, can deliver the kind of edgy, intense, profanity-filled comedy action that modern audiences are fired up to see on the big screen….”

It’s also the biggest July opening of all time, the biggest opening of 2024 so far and Marvel Studios’ biggest launch since Spider-Man: No Way Home in December 2021.

ScreenRant notes that Deadpool & Wolverine has already surpassed the entire global box office for The Marvels in just three days. It’s the biggest debut for a film since James Cameron’s Avatar: The Way of the Water in December of 2022 (according to the Hollywood Reporter). And they add that though the figures haven’t been adjusted for inflation — it’s still the eighth-biggest box office opening of all time.

But at the end of the day, it’s just people enjoying a movie together. “Well, I’m not saying that other people should do this, but my 9-year-old watched the movie with me and my mom, who’s in her late 70s,” Reynolds reportedly told the New York Times, “and it was just was one of the best moments of this whole experience for me. Both of them were laughing their guts out, were feeling the emotion where I most desperately hoped people would be.”

Read more of this story at Slashdot.

After Crowdstrike Outage, FSF Argues There’s a Better Way Forward

“As free software activists, we ought to take the opportunity to look at the situation and see how things could have gone differently,” writes FSF campaigns manager Greg Farough:

Let’s be clear: in principle, there is nothing ethically wrong with automatic updates so long as the user has made an informed choice to receive them… Although we can understand how the situation developed, one wonders how wise it is for so many critical services around the world to hedge their bets on a single distribution of a single operating system made by a single stupefyingly predatory monopoly in Redmond, Washington. Instead, we can imagine a more horizontal structure, where this airline and this public library are using different versions of GNU/Linux, each with their own security teams and on different versions of the Linux(-libre) kernel…

As of our writing, we’ve been unable to ascertain just how much access to the Windows kernel source code Microsoft granted to CrowdStrike engineers. (For another thing, the root cause of the problem appears to have been an error in a configuration file.) But this being the free software movement, we could guarantee that all security engineers and all stakeholders could have equal access to the source code, proving the old adage that “with enough eyes, all bugs are shallow.” There is no good reason to withhold code from the public, especially code so integral to the daily functioning of so many public institutions and businesses. In a cunning PR spin, it appears that Microsoft has started blaming the incident on third-party firms’ access to kernel source and documentation. Translated out of Redmond-ese, the point they are trying to make amounts to “if only we’d been allowed to be more secretive, this wouldn’t have happened…!”

We also need to see that calling for a diversity of providers of nonfree software that are mere front ends for “cloud” software doesn’t solve the problem. Correcting it fully requires switching to free software that runs on the user’s own computer.The Free Software Foundation is often accused of being utopian, but we are well aware that moving airlines, libraries, and every other institution affected by the CrowdStrike outage to free software is a tremendous undertaking. Given free software’s distinct ethical advantage, not to mention the embarrassing damage control underway from both Microsoft and CrowdStrike, we think the move is a necessary one. The more public an institution, the more vitally it needs to be running free software.

For what it’s worth, it’s also vital to check the syntax of your configuration files. CrowdStrike engineers would do well to remember that one, next time.

Read more of this story at Slashdot.

What Happens If You Connect Windows XP To the Internet In 2024?

Long-time Slashdot reader sandbagger writes: Have you ever wondered if it’s true you can instantly get malware? In this video, a person connects an XP instance directly to the internet with no firewall to see just how fast it gets compromised by malware, rootkits, malicious services and new user accounts. The answer — fast!

Malwarebytes eventually finds eight different viruses/Trojan horses — and a DNS changer. (One IP address leads back to the Russian federation.) Itâ(TM)s fun to watch — within just a few hours a new Windows user has even added themself. And for good measure, he also opens up Internet Explorer…

âoeWindows XP — very insecure,â they conclude at the end of the video. âoeVery easy for random software from the internet to get more privileges than you, and it is very hard to solve that.

âoeAlso, just out of curiosity I tried this on Windows 7. And even with all of the same settings, nothing happened. I let it run for 10 hours. So it seems like this may be a problem in historical Windows.â

Read more of this story at Slashdot.