Blog Fiasco

January 25, 2015

Introducing the “Permissive 3000″ license

Filed under: Linux,The Internet — Tags: , , , , , — bcotton @ 6:39 pm

Software licenses aren’t necessarily the easiest texts to understand. This issue is compounded when the person trying to understand the license is in a different jurisdiction or is a non-native speaker of English. A recent thread on the OSI’s license-discuss list brought this issue to light. According to the original poster, a project using the BSD 3-Clause license was used without attribution in a proprietary product. The developer lost the court case because the judge did not understand English well. The poster brought an attempt at a rewrite to the list, but it had some contradictions and other meaningful differences. So I thought I’d give it a try myself.

This weekend, I started from the original BSD 3-Clause license and excised all of the words not on the Oxford 3000™ word list (or reasonably close modifications, e.g. verb tense conjugations). I did make an exception for the word “copyright”, since it seems indispensable to a software license. In all other cases, I used synonyms and circumlocution in order to preserve the meaning while remaining within the constrained word list. This was challenging at times, since circumlocution can end up making the document more difficult to understand than an unknown word might. The difficulty is further compounded by the fact that many words have a distinct legal meaning and a synonym might not have the same weight.

I consoled myself with the fact that software warranties (where most of the real challenge was) are probably not that useful anyway. Furthermore, just because a word has a distinct meaning in American courts, that doesn’t mean that foreign legal systems have the same definitions. Trying to use largely U.S.-centric licenses written in English is a challenge for a global society, but I don’t know that a system of jurisdiction/language-specific licenses would be any better.

In any case, without further ado, I present the Permissive 3000 license. It’s highly experimental and totally unvetted by legal professionals, so nobody should use it for anything except a learning exercise. I’m looking forward to some constructive feedback and hopefully it sparks a discussion about how licenses can be simplified so that they’re more easily understood by judges, developers, and users alike.

January 22, 2015

Using tracer to point out service restart needs

Filed under: Linux — Tags: , , , , — bcotton @ 9:04 pm

If you’re seeing this via Fedora Planet, you probably saw Miroslav Suchý’s post from a few days ago about a project called Tracer. Tracer is a friendly tool to tell you what outdated services are running. With the dnf plugin installed, you get a list at the end of the upgrade process.

For example, right after I installed the plugin and ran an upgrade, I was told that I needed to restart the Samba service. In addition, there were several programs that needed to be manually restarted (KeePassX and Spider Oak, to name two). Plus, one process required a logout, and one required a full system reboot.

I’ve found this to be pretty useful, since I don’t always realize what services need to be restarted after package updates. I have a decade of system administration experience, so it’s not too bad for me. For others, this is a great way to shine light on exactly what needs to be restarted and how.

January 18, 2015

On Linus Torvalds and communities

Filed under: Linux,Musings — Tags: , , , , — bcotton @ 4:06 pm

This week, the Internet was ablaze with reactions to comments made by Linus Torvalds at Linux.conf.au. Unsurprisingly, Torvalds defended the tone he employs on the Linux kernel mailing list, where he holds no punches. “I’m not a nice person, and I don’t care about you. I care about the technology and the kernel—that’s what’s important to me,” he said (as reported by Ars Technica). He later said “all that [diversity] stuff is just details and not really important.”

The reactions were mixed. Some were upset at the fact that an influential figure like Torvalds didn’t take the opportunity to address what they see as a major issue in the Linux community. Others dismissed those who were upset by pointing to the technical quality of Linux, cultural differences, etc.

I don’t subscribe to the LKML, so most of the posts I’ve seen are generally when someone is trying to point out a specific event (whether a behavior or a technical discussion), and I don’t claim to have a good sense for what that particular mailing list is like. Torvalds and the Linux community have developed a great technical product, but the community needs work.

Speaking to open source communities in general, too many people use the impersonal nature of email to mistake rudeness for directness. Direct and honest technical criticisms are a vital part of any collaborative development. Insults and viciousness are not. Some people thrive in (or at least tolerate) those kinds of environments, but they are incredibly off-putting to everyone else, particularly newcomers.

Open source communities, like any community, need to be welcoming to new members. This allows for the infusion of new ideas and new perspectives: some of which will be obnoxiously naive, some of which will be positively transformative. The naive posts of newcomers can be taxing when you’ve seen the same thing hundreds of times, but everyone has to learn somewhere. The solution is to have a team armed with pre-written responses in order to prevent frustrated emails.

Not being a jerk doesn’t just mean tolerating noobs, though. Communities should have an established code of conduct which addresses both annoying and mean actors. When the code of contact is being repeatedly breached, the violator needs to be nudged in the right direction. When a community is welcoming and actively works to remain that way, it thrives. That’s how it can get the diversity of ideas and grow the technical competency that Linus Torvalds so desires.

January 6, 2015

A lesson in ISO weeks

Filed under: Linux,The Internet — Tags: , — bcotton @ 10:26 pm

Last week, users of the Twitter client for Android experienced authentication problems. It was a long and lonely Sunday night for me without my Tweeps. When the issue was fixed, word on the street was that it was due to time travel, in a sense. Sunday started the first week of 2015 if you’re using ISO week numbering.

The next morning, I got my regular weekly email from our time tracking system at work, except it showed I had recorded zero hours in the previous week. Late December tends to be a quiet time, but not that quiet. Then I looked a little closer and noticed that the email was for week 2015-52. Oops!

I thought I’d take a look at the code for the report generator, and my hunch that it was also an ISO week issue was quickly confirmed. In the code, the current date was recorded and split into year and week values. Then the week value was decremented. This seemed silly to me. I changed it to first subtract a week before splitting into the year and week values. This seemed to fix…the glitch.

So what’s the lesson in all of this? First, make sure you do the math at the right time. Secondly, make sure you understand how time works. The year of the ISO week being ahead of the calendar year only happens on limited occasion. It’s not a scenario that one would think to test (though I expect a lot more tests will include it now).

January 5, 2015

Computer stuck at “Verifying DMI Pool Data”

Filed under: Linux — Tags: , , , , — bcotton @ 10:44 pm

I built my desktop back in 2009 and it has served me well. However, I decided that a dual-core machine with 4 GB of RAM just really wasn’t cutting it in 2015. Flush with Christmas cash, I upgraded to an eight-core CPU and 16 GB of RAM. This also meant bringing a new motherboard along for a ride. Like my old motherboard, this new one was a Gigabyte product (GA-78LMT-S2P, specifically), so I figured life would be pretty simple.

After work, I yanked the old parts out and inserted the new. I booted the new machine and made sure the BIOS settings were just how I wanted them. I let it boot and…

Crap. It got stuck at “Verifying DMI Pool Data”. For a long time. I did some searching and most of the answers I found suggested that the answer was one of a bad SATA cable, a bad SATA port, or a bad disk. None of these seemed to be the case, as the RAID utility found all four drives. But wait, I have five. Two smaller drives in a RAID 1 for my OS and local files, and a 3×1 TB (software) RAID 5 for data.

Therein lies the solution: by setting SATA ports 4/5 to RAID instead of IDE mode, the computer booted right up. I leave this here as a marker for anyone else who happens to come across this problem (or myself if I repeat it in another six years). As an aside, this is the first time I’ve played with hardware in a few years. I kind of missed it a little, tiny bit.

January 2, 2015

In defense of the bazaar

Filed under: Linux,Musings,Project Management — Tags: , , — bcotton @ 9:22 pm

Earlier this week, I came across a 2012 article from Poul-Henning Kamp entitled “A generation lost in the bazaar“. This is a reference to Eric S. Raymond’s seminal The Cathedral and the Bazaar, which advocates for making the sausage, so to speak, in public. Using the Linux kernel and his own fetchmail program as examples, Raymond emphasizes the benefits of rapid, iterative development and of fostering a user community that acts as co-developers. This stands in contrast to the “cathedral” style of development where a product is worked on by a small number of people until it is ready to be revealed to the public.

Kamp’s point (and subtitle) is “quality happens only when someone is responsible for it,” which I endorse wholeheartedly. However, he is mistaken to blame Raymond’s bazaar for “a clueless generation of IT ‘professionals’ who wouldn’t recognize sound IT architecture if you hit them over the head with it.” What he observes is the democratization of programming, which is due to ever-cheaper hardware, free (as in beer) software, and the Internet. Had The Cathedral and the Bazaar never been written I doubt the world would look dramatically different, at least in this respect.

IT is in its awkward teenage years. It has been around long enough that it can do pretty cool things, but not so long that it has accumulated much wisdom. The fact that anyone can write software (or copypasta snippets from various example sites and fora) and make it available to others is simultaneously a wonderful and terrible thing. Nonetheless, that doesn’t make the bazaar style wrong.

Kamp described the end result of the bazaar as “a pile of old festering hacks,” and I’ll agree that its an apt description for a lot of software. It’s probably just as apt for a lot of software developed in the cathedral style. Raymond devotes a fair portion of his book to quality and good design, and it’s unfair to blame him for people not following that part (assuming they’re even aware of his work at all).

Raymond makes many unsubstantiated claims that the bazaar style of development leads to higher-quality software. That may or may not be the case. My own view is that the bazaar style is well-suited for open source projects. After all, open source is about more than code.

December 26, 2014

Another great SysAdvent

Filed under: Linux,The Internet — Tags: , , , , — bcotton @ 10:47 am

Once again, a group of volunteer writers and editors came together to put together 25 posts related to systems administration for the SysAdvent blog. Although I have contributed several articles over the years, I much prefer editing. All of this year’s posts are great, but I’m very proud of the posts that I had a hand in editing. As usual, the writers did most of the work, my suggestions were always minor.

November 17, 2014

Mozilla’s new ad feature

Filed under: Linux,The Internet — Tags: , , , — bcotton @ 8:55 pm

Edited to remove erroneous statements about what gets sent to Mozilla based on Matthew Miller’s comment below.

Mozilla’s release last week of in-browser ads has caused quite the discussion on the Fedora development mailing list. Firefox now will show sponsored “tiles” on the default home screen when a new or cleared profile is used. Although Mozilla claims to collect data in such a way that it’s not personally identifiable, there are reasons to be concerned. Sure, this can be disabled, but the default behavior is the only thing most users will experience.

The reactions on Fedora-devel spanned the gamut from indifference to insistence that Firefox be removed from the repository entirely. My own take (which was already represented on the mailing list, so I refrained from “me too”-ing) is that the right answer is to disable this feature in the Firefox build that ships in Fedora, effectively making it opt-in instead of opt-out. Mozilla has a history of being a good actor and I don’t begrudge them trying to make some money. However, I’d prefer that the user have to consciously enable such tracking.

Though I disapprove of the implementation, I find it hard to get very worked up about this. The Internet is awash in tracking. Google and Facebook probably know more about me than I do about myself. But that’s because I decided the value I get from those sites (well, not so much Facebook) is worth the data I give them. I respect the right of others to come to their own decision, which is why opt-in is preferred.

I appreciate the opinion of those who think the only appropriate response is to remove Firefox entirely, but I find that to be a wholly impractical solution. If Fedora wants casual desktop users (and I see no reason to not court that use case), having Firefox is and important part of a welcoming environment. A great deal of casual computing is done in the browser these days and Firefox is a well-known browser (even if some people call it “Foxfire”). Sure, there are other FLOSS browsers (including IceWeasel), but few of them work as well for casual users as Firefox and none of them have the familiarity and name recognition. Given the good Mozilla has done for free software over the years, this hardly seems like a bridge worth burning.

November 10, 2014

Open source is about more than code

The idea of open source developed in a closed manner is hardly new. The first real discussion of it came, as best as I can tell, in Eric S. Raymond’s The Cathedral and the Bazaar. A culture of open discussion and decision making is still a conscious act for projects. It’s not always pretty: consensus decision making is frustrating and some media outlets jump on every mailing list suggestion as the final word on a project’s direction. Still, it’s important for a project to make a decision about openness one way or the other.

Bradley Kuhn recently announced the copyleft.org project, which seeks to “create and disseminate useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing.” In the first substantive post on the mailing list, Richard Fontana suggested the adoption of the “Harvey Birdman Rule,” which has been used in his copyleft-next project. The limited response has been mostly favorable, though some have questioned its utility given that to date the work is almost entirely Kuhn’s. One IRC user said the rule “seems to apply only to discussions, not decisions. The former are cheap and plentiful, but the latter actually matter.”

I argue that the discussions, while cheap and plentiful, do matter. If all of the meaningful discussion happens in private, those who are not privy to the discussion will have a hard time participating in the decision-making process. For some projects, that may be okay. A ruling cadre makes the decisions and other contributors can follow along or not. But I see open source as being more than just meeting the OSI’s definition (or the FSF’s definition of free software for that matter). Open source is about the democratization of computing, and that means putting the sausage-making on public display.

September 30, 2014

Cloud detente

Filed under: HPC/HTC,Linux,The Internet — Tags: , , , , , , , — bcotton @ 8:21 am

Evident.io founder and CEO Tim Prendergast wondered on Twitter why other cloud service providers aren’t taking marketing advantage of the Xen vulnerability that lead Amazon and Rackspace to reboot a large number of cloud instances over a few-day period. Digital Ocean, Azure, and Google Compute Engine all use other hypervisors, so isn’t this an opportunity for them to brag about their security? Amazon is the clear market leader, so pointing out this vulnerability is a great differentiator.

Except that it isn’t. It’s a matter of chance that Xen is The hypervisor facing an apparently serious and soon-to-be-public exploit. Next week it could be Mircosoft’s Hyper-V. Imagine the PR nightmare if Microsoft bragged about how much more secure Azure is only to see a major exploit strike Hyper-V next week. It would be even worse if the exploit was active in the wild before patches could be applied.

“Choose us because of this Xen issue” is the cloud service provider equivalent of an airline running a “don’t fly those guys, they just had a plane crash” ad campaign. Just because your competition was unlucky this time, there’s no guarantee that you won’t be the lower next time.

I’m all for companies touting legitimate security features. Amazon’s handling of this incident seems pretty good, and I think they generally do a good job of giving users the ability to secure their environment. That doesn’t mean someone can’t come along and do it better. If there’s anything 2014 has taught us, it’s that we have a long road ahead of us when it comes to the security of computing.

It’s to the credit of Amazon’s competition that they’ve remained silent. It shows a great degree of professionalism. Digital Ocean’s Chief Technology Evangelist John Edgar had the best explanation for the silence: “because we’re not assholes mostly.”

Older Posts »

Powered by WordPress