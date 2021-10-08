On centralized development forges
Since the launch of SourceForge in 1999, development of FOSS has started to concentrate in centralized development forges, the latest one of course being GitHub, now owned by Microsoft. While the centralization of development talent achieved by GitHub has had positive effects on software development output towards the commons, it is also a liability: GitHub is now effectively a single point of failure for the commons, since the overwhelming majority of software is developed there.
In other words, for the sake of convenience, we have largely traded our autonomy as software maintainers to GitHub, GitLab.com, Bitbucket and SourceForge, all of which are owned by corporate interests which, by definition, are aligned with profitability, not with our interests as maintainers.
It is indeed convenient to use GitHub or GitLab.com for software development: you get all the pieces you need in order to maintain software with modern workflows, but it really does come at a cost: SourceForge, for example, was caught redistributing Windows builds of projects under their care with malware.
While GitHub or the other forges besides SourceForge have not yet attempted anything similar, it does serve as a reminder that we are trusting forges to not tamper with the packages we release as maintainers. There are other liabilities too, for example, a commercial forge may unilaterally decide to kick your project off of their service, or terminate the account of a project maintainer.
In order to protect the commons from this liability, it is imperative to build a more robust ecosystem, one which is a federated ecosystem of software development forges, which are either directly run by projects themselves, or are run by communities which directly represent the interests of the maintainers which participate in them.
-
- Login or register to post comments
- Printer-friendly version
- 610 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Audiocasts/Shows: BSD Now, TLLTS, and FLOSS Weekly
Beijing reveals five-year plan to grow software industry
China's software industry is underperforming internationally and needs to lean into open source technology to improve, the nation's Ministry of Industry and Information Technology (MIIT) on Tuesday. "Software is the soul of a new generation of information technology, the foundation of digital economic development, and the key support for the construction of manufacturing power, network power and digital China," according to a (machine-translated) announcement from the Ministry. The document boasts that great strides were made in China's software industry under the the 13th five-year plan, which ran from 2016–20, but is also is critical about the state of software in China. MIIT said China has has a fragile software supply chain, lacks depth in homegrown applications, and just doesn't value software or intellectual property. A lack of skilled developers is a symptom and a cause of those issues. The Ministry is also concerned about international competitiveness, and suggests deeper international exchanges and open cooperation so that China improves its software prowess to reach an equal footing with global players. Among the plans to improve the state of homegrown software is a call to develop an "emerging field of software products with ecological influence by 2025", some of it developed in one of 20 new Chinese software parks. China also wants to build "two or three open source communities with international influence."
Security Leftovers
Is It Worthwhile Running Intel Alder Lake With mitigations=off?
Over the past month of trying out Intel Alder Lake processors on Linux, one of the questions that has come up a few times but not readily disclosed is whether it's still worthwhile on this latest-generation process to boot with "mitigations=off" to disable CPU security mitigations to help squeeze out some otherwise lost performance. Here are some benchmarks to answer that questions. Particularly with Intel CPUs from 2018 and prior where there isn't in-silicon changes for mitigating the likes of Spectre and Meltdown, some Linux users have resorted to running with "mitigations=off" to run the security risk but at increased (or otherwise regressed) performance. This Linux parameter allows booting the system with software-controlled CPU security mitigations disabled. Running with mitigations disabled is a security risk but for prior generations of Intel CPUs can make a measurable difference with workloads that are heavy on context switching, I/O, and other areas impacted by the software mitigations.
Recent comments
8 min 29 sec ago
1 hour 5 min ago
1 hour 58 min ago
2 hours 13 min ago
5 hours 48 min ago
20 hours 22 min ago
23 hours 4 min ago
1 day 2 hours ago
1 day 2 hours ago
1 day 5 hours ago