Language Selection

English French German Italian Portuguese Spanish

February 2019

Why CLAs aren't good for open source

Filed under
OSS

Few legal topics in open source are as controversial as contributor license agreements (CLAs). Unless you count the special historical case of the Fedora Project Contributor Agreement (which I've always seen as an un-CLA), or, like Karl Fogel, you classify the DCO as a type of CLA, today Red Hat makes no use of CLAs for the projects it maintains.

It wasn't always so. Red Hat's earliest projects followed the traditional practice I've called "inbound=outbound," in which contributions to a project are simply provided under the project's open source license with no execution of an external, non-FOSS contract required. But in the early 2000s, Red Hat began experimenting with the use of contributor agreements. Fedora started requiring contributors to sign a CLA based on the widely adapted Apache ICLA, while a Free Software Foundation-derived copyright assignment agreement and a pair of bespoke CLAs were inherited from the Cygnus and JBoss acquisitions, respectively. We even took a few steps towards adopting an Apache-style CLA across the rapidly growing set of Red Hat-led projects.

Read more

3 open source behavior-driven development tools

Filed under
OSS

Behavior-driven development (BDD) seems very easy. Tests are written in an easily readable format that allows for feedback from product owners, business sponsors, and developers. Those tests are living documentation for your team, so you don't need requirements. The tools are easy to use and allow you to automate your test suite. Reports are generated with each test run to document every step and show you where tests are failing.

Quick recap: Easily readable! Living documentation! Automation! Reports! What could go wrong, and why isn't everybody doing this?

Read more

KStars v3.1.0 is released!

Filed under
KDE
Sci/Tech

I'm glad to announce KStars first release of 2019: v3.1.0 for MacOS, Linux, and Windows. This release focuses on improvements to stability & performance of KStars. In 3.0.0, we introduced quite a few features which resulted in a few regressions that we worked hard to iron out in this release.

Read more

Servers: Red Hat, Kubernetes and SUSE

Filed under
Red Hat
Server
SUSE
  • OpenShift Partner Reference Architectures

    Red Hat’s Partners play a key role in developing customer relationships, understanding customer needs, and providing comprehensive joint solutions. As customers use Red Hat technologies to help solve increasingly complex business issues, partners provide reliable guidance, technical information, and even engineered integrations to assist customers in making sound technology decisions.

    For this post, the focus is on partners that are helping to showcase their technology paired with the OpenShift platform. Whether this is technology from our system vendor partners, independent software vendors (ISVs), or cloud service providers, we are including a library of reference architectures here. Reference Architectures combine partner technology with Red Hat technology to formulate a best-practices design and to simplify the process for creating a stable, highly-available, and repeatable environment on which to run your applications on OpenShift.

  • Using sidecars to analyze and debug network traffic in OpenShift and Kubernetes pods

    In the world of distributed computing, containers, and microservices, a lot of the interactions and communication between services is done via RESTful APIs. While developing these APIs and interactions between services, I often have the need to debug the communication between services, especially when things don’t seem to work as expected.

    Before the world of containers, I would simply deploy my services on my local machine, start up Wireshark, execute my tests, and analyze the HTTP communication between my services. This for me has always been an easy and effective way to quickly analyze communication problems in my software. However, this method of debugging does not work well in a containerized world.

  • Kubernetes Warms Up to IPv6

    There’s a finite number of public IPv4 addresses and the IPv6 address space was specified to solve this problem some 20 years ago, long before Kubernetes was conceived of. But because it was originally developed inside Google and it’s only relatively recently that cloud services like Google and AWS have started to support IPv6 at all, Kubernetes started out with only IPv4 support.

    That’s a problem for organizations that are already committed to using IPv6, perhaps for IoT devices where there are simply too many IP addresses required. “IoT customers have devices and edge devices deployed everywhere using IPv6,” notes Khaled (Kal) Henidak, Microsoft principal software engineer who works on container services for Azure and co-ordinates Microsoft’s upstream contributions to Kubernetes.

  • Technical Deep-Dive of Container Runtimes

    As you might have already seen, SUSE CaaS Platform will soon support CRI-O as a container runtime. In this blog, I will dig into what a container runtime is and how CRI-o differentiates architecturally from Docker. I’ll also dig into how the Container Runtime Interface (CRI) and the two Open Container Initiative (OCI) specs are used to promote stability in the container ecosystem.

  • SUSE at “The City of Lights” for HPE Technology and Solutions Summit
  • Transformation and Future Trends at SUSECON 2019

Fragments App for the Librem 5

Filed under
Software

In continuing our series of applications that are ready to work with the Librem 5, we would like to announce that Fragments is now fully working! With Fragments, you get to have the ability to use BitTorrent to download large files. At Purism, we like using torrent to efficiently download PureOS or Debian operating systems, because what’s more fun than torrenting on the go?

Read more

'Chromisation' of GNU/Linux

Filed under
GNU
Linux
Google
Microsoft
  • Google Chrome/Chromium Begins Landing POWER PPC64LE Patches

    Raptor Computing Systems spent a lot of time last year working on Chrome's PPC64LE support to enable Google's web browser to run on the latest IBM POWER processors. Google was sitting on these patches without any action for months but finally they are beginning to be accepted upstream. 

    It's been a bit odd with the PPC64LE support for Chrome/Chromium taking so long with Google being a founding member of the OpenPOWER Foundation and also reportedly using some POWER9 CPUs within their data centers. But after this long and drawn out process, progress is finally being made on getting Raptor's patches upstreamed. 

  • Chrome OS 74 adds support for backing up the Linux container

    Chrome OS version 74 has been reported on in the past, but if you're running this version then you can now back up and restore the Linux container it uses.

  • Chrome OS 74 brings much-needed audio support to Linux apps

    Spotted in the most recent Dev builds by About Chromebooks, the virtual machine responsible for Chrome OS’s Linux apps is now able to pass audio to Chrome OS proper. Under the hood, this is handled by PulseAudio, a well-known Linux sound system which is capable of transmitting audio data over a network.

    If you’ve never installed Linux apps support before on your Chromebook, it should work after initial install from the newest Chrome OS 74 Dev build. Otherwise, the Chromium team has provided some simple instructions of commands to be run to enable audio.

  • Windows 10 Updates Are Still A Confusing Mess, And This One Image Proves It

    A new way of looking at how Windows 10 Updates behave may just melt your brain.

    [...]

    I'll leave you with this webcomic by Brandon Bradshaw about how Linux updates your PC...

Kernel: Linux 5.1, Linux 5.0, LVFS and Elisa

Filed under
Linux
  • A Number Of Additional Graphics Drawing Tablets To Be Supported By Linux 5.1

    For those interested in using graphics drawing tablets on Linux, a number of devices will now be supported with the upcoming Linux 5.1 kernel cycle. 

    A number of updates are pending to the "uclogic" HID driver for supporting various UC-Logic graphics tablet devices. This work for Linux 5.1 includes supporting a new version of the company's device protocol and going on to add support for the Ugee 2150, Ugee M540, XP-Pen Star G540, XP-Pen Star G640, XP-Pen Deco 01, and Ugee G5.

  • Looking At Why Linux 5.0 Is Running Slower For Apache & PostgreSQL On Some Systems

    Last week I reported on some slowdowns when running on the Linux 5.0 development kernel for both Intel and AMD systems. As a few days passed and the regression didn't seem to be figured out and addressed by upstream, and several inquiries from Phoronix readers, I spent some time looking at some of the slowdowns encountered when running on this bleeding-edge code. 

    The slowdowns when encountered so far on a few different systems were some of the most sizable regressions since the Linux 4.14 to 4.15 transition when Spectre and Meltdown mitigations began rolling out. But with the 5.0 regressions, they haven't been across the board and range from a few percent to about 10% or so. 

  • Making ATA updates just work

    The fwupd project has supported updating the microcode on ATA devices for about a month, and StarLabs is shipping firmware on the LVFS already. More are coming, but as part of the end-to-end testing with various deliberately-unnamed storage vendors we hit a thorny issue.

    Most drives require the firmware updater to use the so-called 0xE mode, more helpfully called ATA_SUBCMD_MICROCODE_DOWNLOAD_CHUNKS in fwupd. This command transfers chunks of firmware to the device, and then the ATA hardware waits for a COMRESET before switching to the new firmware version. On most drives you can also use 0x3 mode which downloads the chunks and switches to the new firmware straight away using ATA RESET. As in, your drive currently providing your root filesystem disconnects from your running system and then reconnects with the new firmware version running.

  • New Elisa Project Focuses on Linux In Safety-Critical Systems

    The project is called Elisa, for "Enabling Linux in Safety Applications," and it's aim is to create a shared set of tools and processes for building Linux-based systems that will operate without surprises in situations where failure could cause injury, loss of life, or result in significant property or environmental damage.

    These days computers are being used to perform a long and growing list of tasks that can have serious consequences if something goes wrong. This includes light rail systems where the trains often drive themselves, robotic devices, medical devices, and smart factories where potentially dangerous tasks are directed by single board computers spitting out X's and O's.

Security: VFEmail Incident, Spectre Mitigation, Open Source Voting and More

Filed under
Security
  • VFEmail

    As this issue goes to print, news is circulating about a catastrophic hack on the mail provider VFEmail. According to reports, two decades of saved data for all US users is lost – totally wiped out. Email providers are accustomed to getting attacked, and most of the attacks are stopped at the front door. Attackers sometimes get through, in which case, the most common scenario is that they encrypt some data and ask for a ransom. In this case, however, the attacker didn't seem to really want anything, other than a chance to go on a rampage and destroy all the data.

    No attempt was made to deliver ransom demands. The crime did not look like extortion or theft but resembled something more like ordinary vandalism. The attacker careened around the network, reformatting disks and destroying data. Mail servers, file servers, VM servers, database servers, and even backup servers were lost. Although vandalism tends to appear random, this attack seems to have been carefully planned. According to reports, the attacker needed multiple passwords to access all these servers and therefore must have been lurking and listening on the network for some time to acquire the necessary access information.

    I won't solve the mystery in the time it takes to write this column. Too much is unknown at this time. Was the attack from a disturbed loner who just wanted to destroy something? Was it a disgruntled customer or a former employee out for revenge? Was it an inside job? Another possible scenario is that the attacker was a customer with a secret who decided to destroy the evidence by destroying every account, rather than just deleting personal emails and risking leaving a trail.

    The VFEmail attack caught the imagination of the high tech press because it was just so weird. Nefarious as ransomware attacks might be, we are at least able to classify them as being somehow related to the quest for money (which we all secretly understand). A wanton attack of vengeance or vandalism scares us the way we are scared by a tornado or a madman with a knife. This attack underscores the dark reality that the Internet really is an unsafe place. Criminals and sociopaths from all over the world can ride a magic carpet to your front door, and the onus is on you to find the right kind of lock – and to continually change the lock as new techniques render old locks ineffective. It is actually profoundly strange that our whole economy and trillions of dollars in business interests are based on this model.

  • Linux Kernel Continues to Offer Mitigation for Spectre Mitigation
  • Open Source Voting

    Attempts by Russia to interfere with US elections have been headline news in the last year. But the problems with the election process in the United States goes deeper than the public generally realizes and includes obsolete, proprietary systems, a lack of funds for upgrades, and near monopolies on voting machines. As the 2020 US elections near, academics are working to provide solutions to these issues – and open source software and hardware are at the core of these solutions, together with modern interface design.

  • OpenShift Commons Briefing: State of Open Source Security Report Review with Liran Tal (Snyk) [Ed: Red Hat is entertaining anti-FOSS and Microsoft-connected FUDsters from Snyk]
  • When an internet emergency strikes

    Research shows that we spend more time on phones and computers than with friends. This means we’re putting out more and more information for hackers to grab. It’s better to be safe than sorry in an internet emergency, but how you prepare depends on the type of emergency you’re facing.

  • Critical WinRAR Flaw Found Actively Being Exploited

    A critical 19-year-old WinRAR vulnerability disclosed last week has now been spotted actively being exploited in a spam campaign spreading malware.

    The campaign, discovered by researchers with 360 Threat Intelligence Center, takes advantage of a path-traversal WinRAR vulnerability, which could allow bad actors to remotely execute malicious code on victims’ machines simply by persuading them to open a file.

  • WinRAR Flaw Being Actively Used To Load Malware In Windows PCs

Programming: scikit-survival, Igalia, GCC, GDB, LLVM/Clang, Rust, Python and More

Filed under
Development
  • scikit-survival 0.7 released

    This is a long overdue maintenance release of scikit-survival 0.7 that adds compatibility with Python 3.7 and scikit-learn 0.20. For a complete list of changes see the release notes.

  • Review of Igalia's Web Platform activities (H2 2018)

    As mentioned in the previous report, Igalia has proposed and developed the specification for BigInt, enabling math on arbitrary-sized integers in JavaScript. We’ve continued to land patches for BigInt support in SpiderMonkey and JSC. For the latter, you can watch this video demonstrating the current support. Currently, these two support are under a preference flag but we hope to make it enable by default after we are done polishing the implementations. We also added support for BigInt to several Node.js APIs (e.g. fs.Stat or process.hrtime.bigint).

    Regarding “object-oriented” features, we submitted patches private and public instance fields support to JSC and they are pending review. At the same time, we are working on private methods for V8

    We contributed other nice features to V8 such as a spec change for template strings and iterator protocol, support for Object.fromEntries, Symbol.prototype.description, miscellaneous optimizations.

  • Zack's Kernel News

    For a long time, the Linux kernel would only compile with the GNU C Compiler (GCC). Now, several compilers can do it, but each compiler has its own way of doing things, offering various extensions to the C language and optimizing code in different ways. The question of which compiler features to depend on can have an effect on whether other compilers can keep supporting Linux.

    Recently, Matthew Wilcox suggested using the -fplan9-extensions GCC option to handle some implicit type conversions. This way, a particular cyclic memory allocation could be made to embed a needed reference instead of requiring it to be passed explicitly to the function. If the code used the Plan 9 extensions, the functions would not need to be tweaked to accept the additional input.

  • GNU Debugger GDB 8.3 Is On Approach With Many Improvements

    The code for the GNU Debugger "GDB" was branched overnight ahead of the upcoming v8.3 release. This release adds for compilation and injection of C++ code, RISC-V improvements, terminal styling capabilities, and a lot more. 

  • AMD Zen 2 "znver2" Support Lands In LLVM Clang 9.0

    While it didn't make it in time for the soon to be released LLVM 8.0, the latest LLVM/Clang 9.0 development code has just added support for the Zen 2 "znver2" processors.

    Back in October is when AMD published the Znver2 compiler patch for GCC that builds atop the existing Zen "znver1" support while adding in the new instructions of Cache Line Write Back (CLWB), Read Processor ID (RDPID), and Write Back and Do Not Invalidate Cache (WBNOINVD). It was the first-cut support and still leveraged the same cost tables and scheduler data from the current-generation Zen processors. That support was quickly merged, making it for the upcoming GCC 9.1 stable compiler release, so that when these next-generation processors hit it will be possible to use -march=znver2 for generating optimized code for these 7nm AMD CPUs.

  • Rust build scripts vs. Meson

    One of the pain points in trying to make Meson work with Rust and Cargo is Cargo's use of build scripts, i.e. the build.rs that many Rust programs use for doing things before the main build. This post is about my exploration of what build.rs does.

    Thanks to Nirbheek Chauhan for his comments and additions to a draft of this article!

    TL;DR: build.rs is pretty ad-hoc and somewhat primitive, when compared to Meson's very nice, high-level patterns for build-time things.

    I have the intuition that giving names to the things that are usually done in build.rs scripts, and creating abstractions for them, can make it easier later to implement those abstractions in terms of Meson. Maybe we can eliminate build.rs in most cases? Maybe Cargo can acquire higher-level concepts that plug well to Meson?

  • Talk Python to Me: #201 Choosing JupyterHub and Python over MATLAB
  • Planar graph layout, Pandemic
  • 9 resources for data science projects

More in Tux Machines

Debian: CUPS, LTS and Archival

  • Praise Be CUPS Driverless Printing

    Last Tuesday, I finally got to start updating $work's many desktop computers to Debian Buster. I use Puppet to manage them remotely, so major upgrades basically mean reinstalling machines from scratch and running Puppet. Over the years, the main upgrade hurdle has always been making our very large and very complicated printers work on Debian. Unsurprisingly, the blog posts I have written on that topic are very popular and get me a few 'thank you' emails per month. I'm very happy to say, thanks to CUPS Driverless Printing (CUPS 2.2.2+), all those trials and tribulations are finally over. Printing on Buster just works. Yes yes, even color booklets printed on 11x17 paper folded in 3 stapled in the middle.

  • Freexian’s report about Debian Long Term Support, August 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Louis-Philippe Véronneau: Archiving 20 years of online content

    mailman2 is pretty great. You can get a dump of an email list pretty easily and mailman3's web frontend, the lovely hyperkitty, is well, lovely. Importing a legacy mailman2 mbox went without a hitch thanks to the awesome hyperkitty_import importer. Kudos to the Debian Mailman Team for packaging this in Debian for us. But what about cramming a Yahoo! Group mailing list in hyperkitty? I wouldn't recommend it. After way too many hours spent battling character encoding errors I just decided people that wanted to read obscure emails from 2003 would have to deal with broken accents and shit. But hey, it kinda works! Oh, and yes, archiving a Yahoo! Group with an old borken Perl script wasn't an easy task. Hell, I kept getting blacklisted by Yahoo! for scraping too much data to their liking. I ended up patching together the results of multiple runs over a few weeks to get the full mbox and attachments. By the way, if anyone knows how to tell hyperkitty to stop at a certain year (i.e. not display links for 2019 when the list stopped in 2006), please ping me.

Running The AMD "ABBA" Ryzen 3000 Boost Fix Under Linux With 140 Tests

Last week AMD's AGESA "ABBA" update began shipping with a fix to how the boost clock frequencies are handled in hopes of better achieving the rated boost frequencies for Ryzen 3000 series processors. I've been running some tests of an updated ASUS BIOS with this adjusted boost clock behavior to see how it performs under Linux with a Ryzen 9 3900X processor. The AGESA 1.0.0.3 ABBA update has an improved boost clock frequency algorithm along with changes to the idle state handling. This AGESA update should better position AMD Ryzen 3000 processors with the boost clock behavior expected by users with better hitting the maximum boost frequency and doing so more aggressively. Read more

Stable kernels 5.2.16, 4.19.74, and 4.14.145

  • Linux 5.2.16
    I'm announcing the release of the 5.2.16 kernel. All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.74
  • Linux 4.14.145

Linux Container Technology Explained (Contributed)

State and local governments’ IT departments increasingly rely on DevOps practices and agile development methodologies to improve service delivery and to help maintain a culture of constant collaboration, iteration, and flexibility among all stakeholders and teams. However, when an IT department adopts agile and DevOps practices and methodologies, traditional IT problems still need to be solved. One long-standing problem is “environmental drift,” when the code and configurations for applications and their underlying infrastructure can vary between different environments. State and local IT teams often lack the tools necessary to mitigate the effects of environmental drift, which can hamper collaboration and agility efforts. Read more