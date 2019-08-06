How to measure the health of an open source community
As a person who normally manages software development teams, over the years I’ve come to care about metrics quite a bit. Time after time, I’ve found myself leading teams using one project platform or another (Jira, GitLab, and Rally, for example) generating an awful lot of measurable data. From there, I’ve promptly invested significant amounts of time to pull useful metrics out of the platform-of-record and into a format where we could make sense of them, and then use the metrics to make better choices about many aspects of development.
Earlier this year, I had the good fortune of coming across a project at the Linux Foundation called Community Health Analytics for Open Source Software, or CHAOSS. This project focuses on collecting and enriching metrics from a wide range of sources so that stakeholders in open source communities can measure the health of their projects.
I just migrated the first / a customer's mail server site away from Amavis+SpamAssassin to Rspamd. Main reasons for the migration were speed and the setup needed a polish up anyway. People on site had been complaining about too much SPAM for quite a while. Plus, it is always good to dive into something new. Mission accomplished.
The main part of the work had already been documented in a blog post [2] by someome with the nick "zac" (no real name found). Thanks for that!
The Sophos AV integration was a little tricky at the start, but worked out well, after some trial and error, log reading, Rspamd code studies, etc.
On half way through, there was popped up one tricky part, that could be avoided by the Rspamd upstream maintainers in future releases. As far as I took from [3], Rspamd lacks support for retrieving its map files and such (hosted on *.rspamd.com, or other 3rd party providers) via a http proxy server. This was nearly a full blocker for my last project, as the customer's mail gateway is part of a larger infrastructure and hosted inside a double ring of firewalls. Only access to the internet leads over a non-transparent squid proxy server (one which I don't have control over).
To work around this, I set up a transparent https proxy on "localhost", using a neat Python script [4]. Thanks for sharing this script.
At the Defcon hacker conference in Las Vegas today, 18-year-old Bill Demirkapi presented his findings from three years of after-school hacking that began when he was a high school freshman. Demirkapi poked around the web interfaces of two common pieces of software, sold by tech firms Blackboard and Follett and used by his own school. In both cases, he found serious bugs that would allow a hacker to gain deep access to student data. In Blackboard's case in particular, Demirkapi found 5 million vulnerable records for students and teachers, including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords, and photos.
Demirkapi points out that if he, then a bored 16-year-old motivated only by his own curiosity, could so easily access these corporate databases, his story doesn't reflect well on the broader security of the companies holding millions of students' personal information."The access I had was pretty much anything the school had," Demirkapi says. "The state of cybersecurity in education software is really bad, and not enough people are paying attention to it."
Intel's open-source SVT video encoder team today released a new feature update to their HEVC/H.265 open-source video encoder.
I hate to say it, but summer is finally winding down. This time of year just “feels” like school, doesn’t it? Some kids are already back in school but mine have a couple of weeks of summer left that they are trying to savor. For my kids, preparation for the new school year is quite involved, from concerns about who their teachers will be, will their friends have the same teacher, what to wear, and more. Rarely does what they’ll learn come up as a concern for my kids. Deep down we trust that their school, and teachers, have a plan for each day and that their learning journey will pick up where it left off last spring. It’s the one thing my kids don’t worry about when it comes to school.
Audiocasts/Shows/Videos: Going Linux, Linux Action News, BeeFree OS MMXX Run Through
We've heard a lot about them, but what ARE Snaps, Flatpaks, and AppImages? What do they do for us? Which should we use?
Ubuntu integrates ZFS even further, NVIDIA starts publishing GPU documentation, and Harmony OS makes its debut.
Plus why you might actually want to use the new Dex, significant performance gains for a beloved project, and more.
In this video, we are looking at BeeFree OS MMXX.
Software and Games Leftovers
Unless otherwise noted, changes described below apply to the newest Chrome beta channel release for Android, Chrome OS, Linux, macOS, and Windows. Learn more about the features listed here through the provided links or from the list on ChromeStatus.com. Chrome 77 is beta as of August 8, 2019.
Following the Chrome 76 release from just over one week ago, Google has now issued the beta for the Chrome/Chromium 77 series.
As much as we love Linux, we all have to agree on Windows’s massive dominance in the industry. Due to being the most widely used operating system for personal computers since the last couple of decades, Microsoft Windows enjoys a widespread usage in the business world. If you’re a Linux enthusiast but need to utilize Windows for your Job or academic purposes, you don’t need to be disappointed anymore. There are powerful Linux emulators for Windows which allow you to run Linux programs seamlessly in your Windows machine without having to install a fresh copy of your favorite distro.
Batman Arkham Origins running through Steam play.
Almost six years after the original, Michael Todd Games returns to inflict more painful hardcore platforming with slick beats in Electronic Super Joy 2 which is out now. Technically the third game, since Electronic Super Joy: Groove City was also released back in 2014.
It's…difficult, maddeningly so in some areas. This is a game designed to make you furious, yet it's so damn good at the same time. I will fully admit to being absolutely atrocious at it, hardcore platformers aren't usually something that I go for but Electronic Super Joy 2 has the right amount of weird for me to enjoy it.
