Language Selection

English French German Italian Portuguese Spanish

The Schism at the Heart of the Open-Source Movement

Filed under
Microsoft

Richard Schneeman is a software developer in Austin. Since 2012, he’s contributed to Ruby on Rails, an open-source coding software that GitHub has long used as part of its infrastructure. “Since I have contributed to Ruby on Rails, and I know that GitHub is using Ruby on Rails, I know that ICE is directly using my code,” he told me. “When I first found out, I was like, Oh, this has gotta be a mistake, right?”

In December, Schneeman signed an open letter alongside 2,000 other open-source contributors, who called the ICE contract a betrayal of open source’s commitment to “inverting power structures and creating access and opportunities for everyone.”

When reached for comment, a spokesperson for GitHub referred me to an October blog post from the company’s CEO and co-founder, Nat Friedman. The post acknowledges the work GitHub has done to connect and build users, but also points to a tension central to the open-source project. For a project to call itself “open source,” it can’t place restrictions on who can and cannot access it.

Friedman noted that although GitHub is an enormous part of the open-source community, its contract with ICE is for a different product, the GitHub Enterprise Server—a version of the typical GitHub platform retooled for the company using it. Data are hosted on the company’s own servers, access is restricted solely to its own employees, sharing is limited based on internal rules and regulations, and so on.

Friedman explained that GitHub doesn’t know the specifics of how ICE is using the Enterprise product. He maintained a distinction between the open-source repositories the platform is known for and ICE’s “private work” using the Enterprise software. As he argued, interrogating the agency or potentially terminating its contract would compromise Github’s core philosophy.

“A world where developers in one country or every country are required to tell us what type of software they are creating would, in our view, undermine the fundamental rights of software developers,” Friedman wrote in his blog post.

It’s important to note that GitHub has a code of conduct and has removed users from its site for violating those terms. Being unpopular is neither illegal nor a violation of the terms of service.

Read more

Via: LWN

More in Tux Machines

How to create bootable Ubuntu 20.04 on windows 10

I think so; a few weeks back, I was doing something on my Ubuntu 20.04. Suddenly my friend knocks on my door, and he was curiously peeking on my laptop screen. I asked what happen, Benhur? Benhur replied, what are you doing on your laptop, It is totally different from my laptop screen, and It fascinated me. Will you tell me what it is? Read more

Audio/Video: LHS, Going Linux, and DistroTube

  • LHS Episode #388: The Weekender LXIV

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Going Linux · Shownotes

    We are pleased to say we are in an excellent place with music streaming on Linux. For the most part all of the services we reviewed worked really well.

  • "Hey, DT. Why LibreOffice Instead Of OpenOffice?" Plus Other Questions.

Security Leftovers

  • Oh, the Irony! Chrome is Blocking Security Tool Nmap Downloads Considering it a Security Threat

    Nmap is a popular open-source tool created by Gordon Lyon used by security experts and network admins to analyze the network, find exploits, and keep it secure. However, it seems that for a day at least, Google Chrome blocked all Nmap downloads using its Safe Browsing service by labelling it as a threat. Even though this has been fixed quickly. For many visitors trying to download the tool, this must have been confusing. A software that’s more than a decade old is now suddenly considered as a threat?

  • Logging as a service isn't SIEM -- so what is it?

    Log management software is often confused or conflated with security information event management (SIEM) software. Both monitor and analyze system and application data, so vendors often blur the lines between the two categories, with many SIEM products including a log management module. Conversely, some log management vendors also have SIEM offerings that work with or supplement their logging products. The primary distinction between log management and SIEM is focus. SIEM tools prioritize data and metrics relevant to security, not the totality of an environment's system, user and application log output. Log management software and services provide a scalable, holistic platform to collect, manage, archive and analyze all of an IT environment's log output -- on premises and in the cloud.

  • Laptops given to British schools came preloaded with malware and talked to Russia when booted [iophk: Windows TCO]

    These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. One source at a school told The Register that the machines in question seemed to have been manufactured in late 2019 and appeared to have had their DfE-specified software installed last year.

  • Democrats seek answers on impact of Russian cyberattack on Justice Department, Courts [iophk: Windows TCO]

    The senators’ concerns come weeks after both the Justice Department and the U.S. Courts reported that they had been among the federal agencies compromised by the Russian attack on SolarWinds, which was uncovered in December but had been ongoing for more than a year.

    In a statement earlier this month, a DOJ spokesperson said around 3 percent of the agency’s employee email accounts had been “potentially accessed” as part of the breach, but that there was “no indication that any classified systems were accessed.” DOJ has more than 100,000 employees.

    The federal judiciary confirmed it was breached the same week as DOJ, noting in a statement that the AO’s Case Management/Electronic Files system had suffered an “apparent compromise,” with new procedures immediately put in place to file sensitive court documents.

  • Biden inherited one of the worst [cracks] in history. How will his administration respond?

    But that's the easy part. The SolarWinds [attack] — named for the Texas software company that Russia [cracked] in order to gain access to tens of thousands of its customers, many of them American businesses and federal agencies — ran undetected for at least nine months, siphoning off private information before it was discovered in December.

    At least five federal agencies have admitted they were affected. Several others have so far refused to comment. Few private companies have admitted to being victims, but experts say the working assumption is the number is in the hundreds.

    That's left cybersecurity experts with the labor-intensive task of combing through sensitive networks.

Android Leftovers