Open Source Icon

Open Source

All things open source.
182 Stories
All Topics

Drupaldri.es

Happy 20th birthday, Drupal! 🎂

Drupal creator Dries Buytaert with lots of reason to celebrate:

On January 15, 2001, exactly 20 years ago, I released Drupal 1.0.0 into the world. I was a 22 years old, and just finished college. At the time, I had no idea that Drupal would someday power 1 in 35 websites, and impact so many people globally.

Quite the accomplishment. Congrats to Dries and the entire Drupal community!

In this post, he also shares why he’s still working on the project and details 3 birthday wishes for Drupal:

  1. Never stop evolving
  2. Continue our growing focus on ease-of-use
  3. Economic systems to sustain and scale Open Source

Those sound like noble wishes to me. 💯

The ChangelogThe Changelog #424

You can FINALLY use JSHint for evil

Today we welcome Mike Pennisi into our Maintainer Spotlight. This is a special flavor of The Changelog where we go deep into a maintainer’s story. Mike is the maintainer of JSHint which, since its creation in 2011, was encumbered by a license that made it very hard for legally-conscious teams to use the project. The license was the widely-used MIT Expat license, but it included one additional clause: “The Software shall be used for Good, not Evil.” Because of this clause, many teams could not use JSHint.

Today’s episode with Mike covers the full gamut of JSHint’s journey and how non-free licensing can poison the well of free software.

The ChangelogThe Changelog #423

Coding without your hands

What do you do when you make a living typing on a keyboard, but you can no longer do that for more than a few minutes at a time? Switch careers?! Not Josh Comeau. He decided to learn from others who have come before him and develop his own solution for coding without his hands. Spoiler Alert: he uses weird noises and some fancy eye tracking tech.

On this episode Josh tells us all about the fascinating system he developed, how it changed his perspective on work & life, and where he’s going from here. Plus we mix in some CSS & JS chat along the way.

Medium IconMedium

Death of an open source business model

Joe Morrison:

Until yesterday, I was still clinging to a few shreds of romantic optimism about open source software businesses. Mapbox is the protagonist of a story I’ve told myself and others countless times. It’s a seductive tale about the incredible, counterintuitive concept of the “open core” business model for software companies.

We’ve discussed the challenges with open core on many occasions (this episode of The Changelog on Nextcloud immediately comes to mind), but most of those conversations center around the tension of balancing commercial and open source interests. This Mapbox open core story, on the other hand, has a different villain:

Today, we’re gathered here on the internet to mourn the death of the open core business model. We’re here to tell stories of the before-times, to reminisce about how smart we thought we were. We went against consensus, and we were wrong. Because, open core is dead.

Cloud killed open core.

Medium IconMedium

OpenStreetMap is having a moment

Joe Morrison on how OpenStreetMap has quietly become a core piece of open source infrastructure:

OpenStreetMap is now at the center of an unholy alliance of the world’s largest and wealthiest technology companies. The most valuable companies in the world are treating OSM as critical infrastructure for some of the most-used software ever written.

What a success story. Do you think it can be repeated?

OpenStreetMap is having a moment

Matt Kleinchangelog.com/posts

My secret to building Envoy's community

Envoy’s open source community is amazing. I looked the other day, and at least on GitHub, just from a code contribution perspective, we’re almost at 600 contributors. Which for a fairly low-level C++ project… that is freakin’ incredible. It just blows my mind. And then you look at all of the vertical products and all these other things that are built on top…

There are many factors that contributed to this success, but one thing I did early on stands out as the most important thing I could’ve done. In this post I share my secret with you.

Jussi Pakkanennibblestew.blogspot.com

The 9 phases of an open source project maintainer

Running an open source project is more than just writing code. Jussi Pakkanen says “…most of all work has to do with something else,” which if you listen to The Changelog, our Maintainer Spotlight series, or Request for Commits then you know this all too well.

This places additional requirements to project maintainers that are often not talked about. In this post we’ll briefly go over nine distinct phases each with a different hat one might have to wear. These can be split into two stages based on the lifetime and popularity of the project.

Twitter IconTwitter

Guido van Rossum comes out of retirement, joins Microsoft

Guido van Rossum:

I decided that retirement was boring and have joined the Developer Division at Microsoft. To do what? Too many options to say! But it’ll make using Python better for sure (and not just on Windows :-). There’s lots of open source here. Watch this space.

Late last year Guido left Dropbox to head into retirement. Apparently “retirement was boring.” I’m curious to see how coming out of retirement changes things at the steering level of Python.

We talked mid last year with Brett Cannon about Python’s new governance and core team. I don’t recall their plan accounting for the possibility for their BDFL to come back from retirement. 😱

I’m sure whatever is to come for Python with Guido being back, it’ll be a net positive.

Opensource.com IconOpensource.com

Improve open source community sustainability by tracking these two metrics

Kevin Xu:

There are plenty of metrics you can track—stars, forks, pull requests (PRs), merge requests (MRs), contributor counts, etc.—but more data doesn’t necessarily mean clearer insights. I’ve previously shared my skepticism about the value of these surface-level metrics, especially when assessing an open source project’s health and sustainability.

In this article, I propose two second-order metrics to track, measure, and continually optimize to build a strong, self-sustaining open source community

Those two metrics? Breakdowns of code reviewers and leaderboards of different community interactions. (He also explains why. Worth a read.)

Peter Wanganaconda.com

Anaconda's dividend program helps sustain the open source DS/ML community

Anaconda CEO (and Practical AI guest) Peter Wang:

I am excited to announce the Anaconda Dividend Program, which formalizes our commitment to direct a portion of our revenue to open-source projects that help advance innovation in data science. We are launching the program in partnership with NumFOCUS, and will kick off with a seed donation of $10,000, as well as an additional 10% of single-user Commercial Edition subscription revenue through the end of this year. Going forward, we will fund the dividend with at least 1% of our revenue in 2021, with a minimum of $25,000 committed for the year.

We’ve been beating the successful-businesses-that-thrive-in-large-part-due-to-open-source-software-should-set-aside-revenues-to-support-those-projects drum for years now, so it’s exciting to see forward-looking companies like Anaconda step up and do just that. More like this! 🙏

The New Stack IconThe New Stack

An open source leader is gone, a remembrance of Dan Kohn

Thanks to Alex Williams over at The New Stack for doing a great write up remembering Dan Kohn and the tremendous mark he has left on open source and Cloud Native. Of course Dan had help along the way, but by-and-large the CNCF and “cloud native” as we know it are the direct result of Dan’s vision and leadership.

Thank you Dan. You will be missed.

We knew little in 2016 about what Dan was up to but we soon got a hint. The CNCF was already established but what it represented was still a bit unclear. If anything, Dan was a businessman and a computer scientist. He knew the economic importance of at-scale computing and the technical complexity that made it so fascinating.

The technical community was ready for someone like Dan — they needed help. Open source cloud native projects were growing but the resources were essential to keep progress moving. He was there to make sure the work got done that technologists should not have to do: Building awareness, supporting the publicity of new projects and perhaps most of all, smoothly running the conferences.

We’ve had Dan on The Changelog a few times. Go back and listen to episode #276 and episode #314 to hear from Dan himself about the journey of the CNCF and Cloud Native.

An open source leader is gone, a remembrance of Dan Kohn

Markus Hatvanmarkushatvan.com

Why you should start contributing to open source software right now

Markus Hatvan:

There are outstanding advantages to contributing to open source software. As a firm believer in making software better continuously, the main reason for writing this article was to motivate and get more developers into the field.

The reasons might be obvious to us, but they’re well-explained here and worth a share to you friend/colleague who could use a nudge.

The ChangelogThe Changelog #418

Maintaining the massive success of Envoy

Today we welcome Matt Klein into our Maintainer Spotlight. Matt is the creator of Envoy, born inside of Lyft. It’s an edge and service proxy designed for cloud-native applications. Envoy was unexpectedly popular, and completely changed the way Lyft considers what and how to open source. While Matt has had several opportunities to turn Envoy into a commercial open source company, he didn’t. In today’s conversation with Matt we learn why he choose a completely different path for the project.

Josh Aasabetterinternet.org

Memory safe ‘curl’ for a more secure internet

We recently talked with Josh Aas on The Changelog #389 about securing the web with Let’s Encrypt. At the tail end of the conversation Josh shared his passion for memory safety, saying “we need to rewrite all the software that we already wrote in C and C++, and replace it. “ My guess is that this move with Daniel and curl takes us several steps further in this direction.

Memory safety vulnerabilities represent one of the biggest threats to Internet security. As such, we at ISRG are interested in finding ways to make the most heavily relied-upon software on the Internet memory safe. Today we’re excited to announce that we’re working with Daniel Stenberg, author of ubiquitous curl software, and WolfSSL, to make critical parts of the curl codebase memory safe. … ISRG is funding Daniel to work on adding support for Hyper as an HTTP back-end for curl. Hyper is a fast and safe HTTP implementation written in Rust.

Hayden Barnesboxofcables.dev

No, Microsoft is not rebasing Windows to Linux

Hayden Barnes explains how Windows and Linux exist in a “cosmic duality” and whether or not Microsoft will ever “shift the core of the Windows operating system to the Linux kernel.”

I have a unique perspective on Microsoft’s Linux involvement. I help deliver Ubuntu on Windows Subsystem for Linux in my job at Canonical. … I have become somewhat of an intermediary between the Microsoft and Linux communities. It is something I am glad to do. There are creative, kind, and fascinating people in both communities. Interesting things happen when the lines between them blur. Fostering cross-pollination will make computing better for everyone.

The ChangelogThe Changelog #415

Spotify's open platform for shipping at scale

We’re joined by Jim Haughwout (Head of Infrastructure and Operations) and Stefan Ålund (Principal Product Manager) from Spotify to talk about how they manage hundreds of teams producing code and shipping at scale. Thanks to their recently open sourced open platform for building developer portals called Backstage, Spotify is able to keep engineering squads connected and shipping high-quality code quickly — without compromising autonomy.

Salvatore Sanfilippoantirez.com

The open source paradox

Antirez on the strange relationship between money, open source, and the code we write on the job:

Open source is different, it’s an artifact, it’s a transposition in code of what you really want to do, of what you feel software should be, or just of all your fun and joy, or even anger you are feeling while coding… It’s not about money. You can ignore bugs if you want, and ignore their complains, you can do that since you don’t have a contract to do otherwise, but they are helping you, they care about the same thing you care: your software quality, grandiosity, perfection.

Hacktoberfesthacktoberfest.digitalocean.com

Hacktoberfest responds with a commitment to reducing spam

The Hacktoberfest team has responded to the concerns of Hacktoberfest hurting open source, saying…

We apologize for the impact this spam is having on the community. We often talk about intent versus impact and this is a classic example. Hacktoberfest aims to celebrate open source with positive engagement between contributors and maintainers alike. Unfortunately, the actions of some participants led to unintended consequences for all. They’ve overwhelmed maintainers and steamrolled other participants in an effort to receive a T-shirt they didn’t really earn.

Despite this, we are confident that, with your help, we can make things better. We’ve already started making changes to the program to help reduce spam and there is much more work planned in the days ahead.

And specifically to maintainers…

We’re sorry that these unintended consequences of Hacktoberfest have made more work for many of you. We know there is more work to do, which is why we ask that you please join us for a community roundtable discussion where we promise to listen and take actions based on your ideas.

Domenic Denicolablog.domenic.me

Hacktoberfest is hurting open source

We’re big fans of what Hacktoberfest represents, but maybe it’s time to rethink the model. The burden falls primarily on maintainers, as Domenic Denicola outlines in this post – going as far as to describe Hacktoberfest as “a corporate-sponsored distributed denial of service attack against the open source maintainer community.”

For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.

In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.

So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage. … The rate of spam pull requests is, at this time, around four per hour. And it’s not even October yet in my timezone.

This screenshot of issues on whatwg/html labeled as spam was taken moments before posting this.

Hacktoberfest is hurting open source
0:00 / 0:00