OpenTofu gets a nasty-gram from HashiCorp's lawyers, Polar is a creator platform for devs, HuggingFace releases a Common Corpus & more

Changelog News

Developer news worth your attention

Hello, again! šŸ‘‹

Mateus Freira wrote a very nice comment on Spotify about our undercover generalist episode, but since approximately zero people read those, I figured why not give it a boost?

Amazing episode, this is the kind of content that makes me open Spotify twice a week and come here. To hear from real developers out there making real stuff. Keep them coming Changelog.

Thanks, Mateus! Ok, letā€™s get into the news. (Audio Edition)

šŸŽ§ Some pods you might enjoy

šŸŽ™ļø Zeno Rocha from Dracula & Resend changelog.fm/585
šŸ’š Kaizen! There goes my PgHero changelog.com/friends/38
šŸš€ VerĆ³nica LĆ³pez, Kubernetes SIG Release tech lead shipit.show/98
šŸ¤– Should kids still learn to code? practicalai.fm/263
ā° Go team members talk the magic of a trace gotime.fm/310

šŸ‘Š HashiCorp strikes back

On April 3rd, Matt Asay published a piece for InfoWorld titled OpenTofu may be showing us the wrong way to fork. In it, he says:

that OpenTofu may have illegally taken HashiCorpā€™s code to keep pace. At least, itā€™s hard to avoid that conclusion, perusing OpenTofuā€™s GitHub repositories and comparing them to HashiCorpā€™s.

The code in question is a new feature in Terraform 1.7 that also landed in OpenTofu as the fork maintainers work to maintain parity. Asay claimed:

OpenTofu took this BUSL-licensed HashiCorp code, removed the headers, and tried to instead relicense it under the Mozilla Public License (MPL 2.0).

As a beleaguered boxer might say, ā€œThemā€™s is fighting words.ā€ So, it naturally prompted many armchair software copyright lawyers to analyze the code in question and determine whether or not it was actually copy pasta. Smart people have landed on either side of this issue. Dan Lorenc from ChainGuard says:

I did my own audit and the samples bear no resemblance despite implementing similar functionality, which is honestly hard to do in Go where there are so few ways to do things. I canā€™t possibly see any validity to this claim.

Meanwhile, Joe Duffy from Pulumi concluded:

There are three major kinds of taint, from worst to least worse

  1. Copied the code directly
  2. Read the source and was influenced by it
  3. Copied the functionality

Iā€™ve seen this game enough to know that if the file, function, and variable names, plus non-zero number of statements, match, youā€™ve probably got at least level 2 (if not level 1). And thatā€™s a problem. Thatā€™s pretty clearly true of at least remove_statement.go.

Asay later issued this statement about his article:

I regret how strongly i expressed myself (force of habit šŸ˜¬),but grateful for those who expressed support against mob dog piling. Two are execs my post put under fire. They didnā€™t agree w/ my conclusions but responded w/ kindness. Theyā€™re the kind of OSS community I want to join

A few days later, OpenTofu posted this on their LinkedIn page:

OpenTofu Project was recently made aware of a letter by HashiCorpā€™s lawyers, alleging that OpenTofu was not respecting the terms of its BSL license governing its Terraform codebase. OpenTofu vehemently disagrees with any suggestion that it misappropriated, mis-sourced, or otherwise misused HashiCorpā€™s BSL code. Indeed, it seems that HashiCorp may be conflating code that it had previously been open-sourced under the MPL and more recently developed code it published under the BSL. OpenTofuā€™s maintainers have investigated this matter, and intends to issue a written response providing a more detailed explanation of its position in the coming days.

Iā€™m excited to read OpenTofuā€™s written response, but I have a feeling itā€™s only going to get uglier from here. If Iā€™m running the OpenTofu project, Iā€™d be seriously considering a change in strategy from ā€œfeature parityā€ to ā€œdifferentiationā€ from now onā€¦

šŸ»ā€ā„ļø Polar is a creator platform for developers

Polar is like Patreon, but tailored to software creators. Their tagline is, ā€œget paid coding on your passionā€ and, I have to say, thatā€™s a compelling propositionā€¦

Theyā€™re ā€œjust getting startedā€, but the current suite enables maintainers to offer: exclusive posts & newsletters, access to private GitHub repos, Discord invites & ā€œSponsorship 2.0ā€ (logos on your READMEs). Thereā€™s a few things that are interesting to me about this:

  1. Zero fixed costs (5% rev share + Stripe fees)
  2. Issue funding and reward splits
  3. Mitchell Hashimoto joined on as an advisor

Watch this space. You know I will.

šŸ’­ Rethinking Microservices

Thanks to Synadia for sponsoring Changelog News šŸ’°

In this video, Synadiaā€™s Jeremy Saenz addresses the current state of overwhelm when building micro-service architectures, and how a technology like NATS.io can help solve many of the current requirements for microservices within a single piece of infrastructure.

Rethinking Microservices thumbnail

šŸ“š Releasing Common Corpus

Pierre-Carl Langlais, announcing the release of Common Corpus on Hugging Face (March 20th, 2024)

Contrary to what most large AI companies claim, the release of Common Corpus aims to show it is possible to train Large Language Model on fully open and reproducible corpus, without using copyright content. This is only an initial part of what we have collected so far, in part due to the lengthy process of copyright duration verification. In the following weeks and months, weā€™ll continue to publish many additional datasets also coming from other open sources, such as open data or open science.

More info about this massive dataset:

  • Common Corpus is the largest public domain dataset released for training LLMs.
  • Common Corpus includes 500 billion words from a wide diversity of cultural heritage initiatives.
  • Common Corpus is multilingual and the largest corpus to date in English, French, Dutch, Spanish, German and Italian.
  • Common Corpus shows it is possible to train fully open LLMs on sources without copyright concerns.

šŸ§ Loki is an open source tool for fact verification

This Python-based tool is designed to automate the process of verifying factuality. Its list of components helps explain how it does what it does:

  • Decomposer: Breaks down extensive texts into digestible, independent claims, setting the stage for detailed analysis.
  • Checkworthy: Assesses each claimā€™s potential significance, filtering out vague or ambiguous statements to focus on those that truly matter. For example, vague claims like ā€œMBZUAI has a vast campusā€ are considered unworthy because of the ambiguous nature of ā€œvast.ā€
  • Query Generator: Transforms check-worthy claims into precise queries, ready to navigate the vast expanse of the internet in search of truth.
  • Evidence Crawler: Ventures into the digital realm, retrieving relevant evidence that forms the foundation of informed verification.
  • ClaimVerify: Examines the gathered evidence, determining the veracity of each claim to uphold the integrity of information.

Usage: python factcheck.py --modal string --input "Loki is the God of Mischief"

šŸ”Ž Cory Doctorow on ditching Google Search for Kagi

Replacing Google is so hot right now.

Not coincidentally, Googleā€™s search is getting progressively, monotonically worse. It is a cesspool of botshit, spam, scams, and nonsense. Important resources that I never bothered to bookmark because I could find them with a quick Google search no longer show up in the first ten screens of resultsā€¦

This is enshittification. Google is shifting value away from end users (searchers) and business customers (advertisers, publishers and merchants) to itselfā€¦

And hereā€™s the thing: there are search engines out there that are so good that if you just try them, youā€™ll get that same feeling you got the first time you tried Google.

šŸ” What is Tailscale SSH?

Thanks to Tailscale for sponsoring Changelog News šŸ’°

With Tailscale SSH, you can:

  • SSH as normal, using Tailscale for authentication. With Tailscale SSH, Tailscale takes over port 22 for SSH connections incoming from the Tailscale network. Tailscale will authenticate and encrypt the connection over WireGuard, using Tailscale node keys. The SSH client and server will still create an encrypted SSH connection, but it will not be further authenticated.
  • Verify high-risk connections with check mode. Optionally require certain connections, or connections as certain users (for example, root), to re-authenticate before connecting. This allows the user to access these high-risk applications for the next 12 hours or for a specified check period before re-authenticating again.

Your SSH config (/etc/ssh/sshd_config) and keys (~/.ssh/authorized_keys) files will not be modified, which means that other SSH connections to the same host, not made over Tailscale, will still work.

Pretty cool, huh? Learn moreā€¦

ā˜”ļø The Wi-Fi only works when itā€™s raining

This was published on April 1st, but itā€™s actually true. Thanks. April Cools Club!

ā€œWhat?ā€ I uttered, stunned. ā€œThe Wi-Fi only works while itā€™s raining,ā€ he repeated patiently. ā€œIt started a couple of weeks ago, and I havenā€™t had a chance to look into it yet.ā€

ā€œNo way,ā€ I said. If anything, rain makes wireless signal quality worse, not better. Never better!

Two weeks without reliable internet? I started a speed-run through the stages of griefā€¦

From denial to bargaining, determination, debugging, realization, the problem & the fix. I have to say I did not see this one coming!

šŸ§¾ More links to fill up your tab(s)

Thatā€™s the news for now, but we have some great episodes coming up this week: we interview Scott Chacon on Wednesday, and Breakmaster Cylinder returns to help us deconstruct the new Dance Party album on Friday!

Have a great week, forward this to a friend who might dig it & Iā€™ll talk to you again real soon. šŸ’š

ā€“Jerod