Open Source Icon

Open Source

All things open source.
250 Stories
All Topics

Salvatore Sanfilippo

The open source paradox

Antirez on the strange relationship between money, open source, and the code we write on the job:

Open source is different, it’s an artifact, it’s a transposition in code of what you really want to do, of what you feel software should be, or just of all your fun and joy, or even anger you are feeling while coding… It’s not about money. You can ignore bugs if you want, and ignore their complains, you can do that since you don’t have a contract to do otherwise, but they are helping you, they care about the same thing you care: your software quality, grandiosity, perfection.


Hacktoberfest responds with a commitment to reducing spam

The Hacktoberfest team has responded to the concerns of Hacktoberfest hurting open source, saying…

We apologize for the impact this spam is having on the community. We often talk about intent versus impact and this is a classic example. Hacktoberfest aims to celebrate open source with positive engagement between contributors and maintainers alike. Unfortunately, the actions of some participants led to unintended consequences for all. They’ve overwhelmed maintainers and steamrolled other participants in an effort to receive a T-shirt they didn’t really earn.

Despite this, we are confident that, with your help, we can make things better. We’ve already started making changes to the program to help reduce spam and there is much more work planned in the days ahead.

And specifically to maintainers…

We’re sorry that these unintended consequences of Hacktoberfest have made more work for many of you. We know there is more work to do, which is why we ask that you please join us for a community roundtable discussion where we promise to listen and take actions based on your ideas.

Domenic Denicola

Hacktoberfest is hurting open source

We’re big fans of what Hacktoberfest represents, but maybe it’s time to rethink the model. The burden falls primarily on maintainers, as Domenic Denicola outlines in this post – going as far as to describe Hacktoberfest as “a corporate-sponsored distributed denial of service attack against the open source maintainer community.”

For the last couple of years, DigitalOcean has run Hacktoberfest, which purports to “support open source” by giving free t-shirts to people who send pull requests to open source repositories.

In reality, Hacktoberfest is a corporate-sponsored distributed denial of service attack against the open source maintainer community.

So far today, on a single repository, myself and fellow maintainers have closed 11 spam pull requests. Each of these generates notifications, often email, to the 485 watchers of the repository. And each of them requires maintainer time to visit the pull request page, evaluate its spamminess, close it, tag it as spam, lock the thread to prevent further spam comments, and then report the spammer to GitHub in the hopes of stopping their time-wasting rampage. … The rate of spam pull requests is, at this time, around four per hour. And it’s not even October yet in my timezone.

This screenshot of issues on whatwg/html labeled as spam was taken moments before posting this.

Hacktoberfest is hurting open source

David Bryant

Mozilla WebThings ~> WebThings

David Bryant shared the details and transition plans for WebThings as it’s being spun out of Mozilla as an independent open source project. Mozilla is “transitioning control and responsibility to the community,” and the project’s new home will be

Governance of the project will be passed to the community using a module ownership system independent of the Mozilla Corporation’s organisational structure, like the one used by the core Mozilla project 11. … The WebThings project will no longer be directly affiliated with the Mozilla Corporation so will stop using Mozilla trademarks and will instead operate under its own WebThings brand.


youtube-dlc is the new youtube-dl

Open source software shows its resiliency once again:

youtube-dlc is a fork of youtube-dl with the intention of getting features tested by the community merged in the tool faster, since youtube-dl’s development seems to be slowing down.

If you’re unaware of youtube-dl, it’s like a Swiss Army Knife for downloading videos from the web. It’s a great tool and I’m happy to see the community rally around its maintenance.

Craig Mod

Craigstarter lets you do crowdfunding built on Shopify

The why of the project from Craig Mod is what’s interesting…

Kickstarter is an excellent way to run a crowdfunding campaign. But if you already have a community built up, and have communication channels in place (via a newsletter, for example), and already run an online shop, then Kickstarter can be unnecessarily cumbersome. Kickstarter’s 10% fee is also quite hefty. By leaning on Shopify’s flexible Liquid templating system and reasonable CC processing fees, an independent publisher running a campaign can save some ~$7,000 for every $100,000 of sales by using Craigstarter instead of Kickstarter. That’s materially meaningful, especially in the world of books.

There’s also a step-by-step walkthrough on setting things up here ~>

Max Braun Medium

PiSight brings back Apple iSight

Max Braun thinks today’s webcams are boring, so he brought back a classic. Max took an Apple iSight and retrofitted it with a $5 Raspberry Pi Zero, which “fits the iSight’s dimensions almost perfectly.”

The PiSight actually works like you’d expect it to. Just plug in the USB cable and the camera will show up in your video conferencing app of choice. The image quality is quite good, possibly better than the built-in camera of today’s MacBooks.

The best part is you can do this too because Max made all the plans available as open source.

Just in case you’re not completely taken aback by the absurdity of this project and are now considering building your very own PiSight, rest assured that I’m making everything available as open source.

The GitHub repo has a list of parts and where to get them, the 3D-print-ready model of the frame, and the source code. I’m thinking it should be possible to get the total cost down to under $150. I had to spend a bit more than that because I needed to experiment and opted for higher-end materials.

PiSight brings back Apple iSight

Troy Hunt

I'm open sourcing the Have I Been Pwned code base

Troy Hunt:

Let me just cut straight to it: I’m going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how.

It’s not open source yet, but it will be and Troy lays out his thinking and the process in this excellent write-up. Since HIBP’s data is both sensitive and the entire point of the software, there will be special consideration taken with it:

I need to really clearly break this part of the discussion out because whilst open sourcing the code base is one thing, how the data is handled is quite another. There’s no way to sugar coat this so I’ll just lay it out bluntly: HIBP only exists due to a whole bunch of criminal activity resulting in data that’s ultimately ended up in my possession.

Then there’s the privacy side of it all: my own personal data is in those breaches and your data almost certainly is too because there are literally billions of people that have been impacted by data breaches. Regardless of how broadly that information is circling, I still need to ensure the same privacy controls prevail across the breach data itself even as the code base becomes more transparent. That’s non-trivial. Doable, but non-trivial.

Jon Evans GitHub Blog

GitHub Arctic Code Vault's guide to the Tech Tree

Have you heard of the GitHub Arctic Code Vault? If not, the goal of GitHub Arctic Code Vault is to preserve open source software for future generations. Which means we need thorough docs describing how the world makes and uses software. Which I find completely fascinating!

From the GitHub Archive Program readme:

We are now also opening up the initial compilation of Tech Tree resources to community input. Inspired by the Long Now Foundation’s Manual for Civilization, the Tech Tree is a collection of technical works which document and explain the layers of technology on which today’s open-source software relies, along with works included to provide additional cultural context for the Arctic Code Vault.

From the Tech Tree readme:

What follows, which we call the Tech Tree, is a selection of works intended to describe how the world makes and uses software today, as well as an overview of how computers work and the foundational technologies required to make and use computers. The purpose of the GitHub Archive Program is to preserve open source software for future generations. This implies also preserving the knowledge of other technologies on which open-source software runs, along with a depiction of the open-source movement which brought this software into being. Icon

How to find new maintainers for your open source project

A smooth hand-off of your open source project is no easy feat. To help others succeed in this arena, Paul Götze build

I found that, on GitHub alone, there were more than 36,000 issues asking “Is this project abandoned?”, I thought about how to tackle this problem. More than 15,000 of these were open issues. So, lots of projects need help with their maintenance.

Patrick DeVivo

Identify the most relevant git contributors based on commit recency, frequency, and impact

gitpert measures the “pertinence” of git authors as a time-decayed measure of LOC added and removed to a repository (or a set of files in a repository). It’s meant to help identify who the most relevant contributors are based on commit recency, frequency and impact.

Cool tool, as long as we don’t forget about non-code contributors.


Why designing for open source can be so difficult

After being involved with design and open source projects for many years, I’ve noticed a few common reasons why designing for open source projects can be very difficult. Open source projects (especially FOSS) face a lot of issues that more conventional projects don’t because they lack a clear business model, the structure, and the incentives that for-profit proprietary projects have.

This is a hard problem due to many of the factors outlined in the post, but one worth solving.

The New Stack Icon The New Stack

The rise of RISC-V

John Cassel from The New Stack lays out the quiet-yet-effective push toward open source hardware. We first heard about RISC-V from Ron Evans on Go Time. He was very excited about its potential, saying:

it’s an open source set of silicon designs, so that you can build your own custom chips the same way that we’ve been able to build our own custom operating systems; either pieces of Linux to create their own Linux distros - we’ll be able to do the same exact things with custom silicon


An unobstructive approach to large scale software license analysis

DRAT is a Map Reduce version of RAT using Apache Tika to automatically sort and classify the code base files

A well-named solution to an ever-expanding problem. But what is up with Apache projects and their obsession with trademarks?

A distributed parallelized ( Map Reduce) wrapper around APACHE RAT™️ (Release Audit Tool) that goes far beyond RAT™️ by leveraging Apache OODT™️ to dramatically speed up the process.

The New Stack Icon The New Stack

Why Bruce Perens is proposing "coherent open source"

This is a solid (text) interview with Bruce Perens, former member of the OSI:

… a recognized pioneer of the Open Source movement, 62-year-old Bruce Perens is still thinking about ways to protect the freedoms of software users. “Most people who develop open source don’t have access to lawyers” Perens told the Register last month. “One of the goals for open source was you could use it without having to hire a lawyer. You could put [open source software] on your computer and run it and if you don’t redistribute or modify it, you don’t really have to read the license.”

Bruce suggests we all limit ourselves to just three licenses: AGPL 3, LGPL 3, and Apache 2. He’s a fascinating guy with lots to say on the matter. It’s an exciting time in software licensing, which is a sentence I never expected to write in my life.

Luis Villa

2019 year in review for open source licenses

2019 was a crazy year for licensing in open source. Luis Villa shared his take at what happened last year…

2019 was the most active year in open source licenses in a very, very long time, with news from China to Silicon Valley, from rawest capitalism to most thoughtful ethics. Given all that, I thought it would be worth summarizing the most interesting events, and sharing some reflections on them.

A stand out to me was on the subject of money…

Inevitably, as open source has “won,” money has become ever more central to how it functions. It turns out it is hard to sustain the entire software industry on a part time basis! Licensing has not played a central role in this discussion, but 2019 gave several examples of how licensing and money are entangled.

The Register Icon The Register

Bruce Perens quits Open Source Initiative (OSI)

Extending from topics around open source licensing in this recent conversation with Adam Jacob and this recent conversation with David Cramer, we’re now at a point where Bruce Perens (OSI co-founder) has quit the OSI saying “we’ve gone the wrong way with licensing” regarding the recently drafted Cryptographic Autonomy License (CAL).

The debate over whether or not to approve the license, now in its fourth draft, has proven contentious enough to prompt OSI co-founder Bruce Perens to resign from the organization, for a second time, based on concern that OSI members have already made up their minds.

“Well, it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn’t freedom respecting,” Perens wrote in a missive to the OSI’s license review mailing list on Thursday. “Fine, do it without me, please.”

0:00 / 0:00