Category: opensource

Early 2022 has brought with it an unusually high level of commotion in the open-source community, largely focused on the economics of who — and how we — should pay for “free” software. But this isn’t just some geeky flame war. What’s at stake is critical for vast swaths of the business world….

We know of many open-source enthusiasts who maintain their software personally while leading busy professional lives — the last thing they want is the responsibility of a service-level agreement because someone paid them for their creation. So, is this the end of the road for the open-source dream? Certainly, many of the open-source naysayers will view the recent upheavals as proof of a failed approach. They couldn’t be more wrong. What we’re seeing today is a direct result of the success of open-source software. That success means there isn’t a one-size-fits-all description to define open-source software, nor one economic model for how it can succeed.

For internet giants like Facebook or Netflix, the popularity, or otherwise, of their respective JavaScript library and software tool — React and Chaos Monkey — is beside the point. For such companies, open-source releases are almost a matter of employer branding — a way to show off their engineering chops to potential employees. The likelihood of them altering licensing models to create new revenue streams is small enough that most enterprises need not lose sleep over it. Nonetheless, if these open-source tools form a critical part of your software stack or development process, you might want some form of contingency plan — you’re likely to have very little sway over future developments, so understanding your risks helps.

For companies that have built platforms containing open-source software, the risks are more uncertain. This is in line with Thoughtworks’ view that all businesses can benefit from a greater awareness of what software is running in their various systems. In such cases, we advise companies to consider the extent to which they’re reliant on that piece of software: are there viable alternatives? In extreme circumstances, could you fork the code and maintain it internally?

Once you start looking at crucial parts of your software stack where you’re reliant on hobbyists, your choices begin to dwindle. But if Log4J’s case has taught us anything, it’s this: auditing what goes into the software that runs your business puts you in a better place than being completely caught by surprise.

And while you’re listening to the presentations, you can apparently also interact with the rest of the community:

Each LibrePlanet room has its own IRC channel on the Libera.Chat network… Want to interact with other conference-goers in a virtual space? Join us on LibreAdventure, where you’ll be able to video chat with fellow free software users, journey to the stars, and walk around a replica of the FSF office!

Our Minetest server is back by popular demand, and now running version 5.x of everyone’s favorite free software, voxel sandbox game. You can install Minetest through your GNU/Linux distro’s package manager, and point your client to minetest.libreplanet.org with the default port 30000.

Sunday’s presentations include “Living in freedom with GNU Emacs” and “Hacking my brain: Free virtual reality implementations and their potential for therapeutic use.”

And Sunday will also include a talk from Seth Schoen, the first staff technologist at the Electronic Frontier Foundation (who helped develop the Let’s Encrypt certificate authority) titled “Reducing Internet address waste: The IPv4 unicast extensions project.”

View the complete schedule here.

With two weeks to go before its February 25th release date, Valve has published CAD files for Steam Deck’s exterior shell to GitHub. Making them available under a Creative Commons license, the company noted the release is “good news” for DIY enthusiasts, modders and most notably, accessory manufacturers. All three groups can use the provided technical drawings and schematics to 3D-print custom shells for the handheld.

As Eurogamer notes, Valve’s decision here is an interesting one. It suggests the company will allow case makers to freely make aftermarket shells for Steam Deck. In fact, Valve said it was “looking forward to seeing what the community creates!” Contrast that to the approach Sony has taken with the PlayStation 5. When Sony’s latest console first shipped and only came in one color, an entire cottage industry of companies sprang up to produce colored plates for the PS5. However, Sony quickly moved to shut down those projects before it went on to announce a set of first-party covers for people to purchase.

Long-time Slashdot reader frank_adrian314159 shares a related article from a programming author on Dev.To, who’d read hot takes like “Open source needs to grow the hell up.” and “Open source’ is broken”.

[T]he log4j developers had this massive security issue dumped in their laps, with the expectation that they were supposed to fix it. How did that happen? How did a group of smart, hard-working people get roped into a thankless, high-pressure situation with absolutely no upside for themselves…?

It is this communal mythology I want to talk about, this great open source brainwashing that makes maintainers feel like they need to go above and beyond publishing source code under an open source license — that they need to manage and grow a community, accept contributions, fix issues, follow vulnerability disclosure best practices, and many other things…
In reality what is happening, is that open source maintainers are effectively unpaid outsourcing teams for giant corporations.

The log4j exploit was first reported by an engineer at Alibaba — a corporation with a market capitalization of $348 billion — so the article wonders what would happen if log4j’s team had sent back a bill for the time they’d spend fixing the bug.

Some additional opinions (via the “This Week in Programming” column):

PuTTY maintainer Andrew Ducker: “The internet (and many large companies) are dependent on software maintained by people in their spare time, for free. This may not be sustainable.”
Filippo Valsorda, a Go team member at Google: “The role of Open Source maintainer has failed to mature from a hobby into a proper profession… The status quo is unsustainable…. GitHub Sponsors and Patreon are a nice way to show gratitude, but they are an extremely unserious compensation structure.”
Valsorda hopes to eventually see “a whole career path with an onramp for junior maintainers, including training, like a real profession.”

Since Mastodon is an open-source software project, anyone can use it for free. But if you do, the software license demands the code and any ensuing modifications to your Mastodon-powered platform be made publicly available, allowing the entire Mastodon community to benefit. (This doesn’t include publishing any user data or disclosing admin access, though.) […] However, it appears the uploaded Zip archive is simply a barebones version of the existing Mastodon source code you can already find on GitHub. The archive itself is only a mere 30MB in size. Nevertheless, Rochko said the Zip archive might “become more interesting” once Truth Social finally launches.