#linus
Open Source is about enabling users "Amazon, Microsoft, Google" and the White House, want to help make Open Source more secure... [caption id="attachment_26251" align="alignnone" width="430"] https://www.youtube.com/watch?v=U-8KopUKMzA\[/caption\] https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html https://www.golem.de/news/openssf-linux-foundation-will-security-praxis-vereinheitlichen-2008-150036.html src of src: "White House OSS Mobilization Plan" 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/ 2020: "The OpenSSF is[...]
#linux #gnu #gnulinux #opensource #administration #sysops #dev #c #development #rust #go #google #security #itsec #cybersec #cybersecurity #kernel #linus #torvalds #mozilla #licence #licencing #patents #patent
Originally posted at: https://dwaves.de/2022/05/16/rust-vs-go-open-source-is-about-enabling-users-rust-lang-will-complement-c-around-the-gnu-linux-kernel-for-better-safety-amazon-microsoft-google-and-the-white-house-want-to-make-open-sour/
Open Source is about enabling users
âAmazon, Microsoft, Googleâ and the White House, want to help make Open Source more secureâŚ
- https://www.golem.de/news/openssf-150-millionen-us-dollar-sollen-open-source-absichern-2205-165382.html
-
- src of src: âWhite House OSS Mobilization Planâ
- 2022: https://openssf.org/blog/2022/05/11/testimony-to-the-us-house-committee-on-science-and-technology/
- 2020: âThe OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by:
- building a broader community with targeted initiatives and best practices
- It combines efforts from the Core Infrastructure Initiative, GitHubâs Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.
- Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.
- Open source software has become pervasive in data centers, consumer devices and services, representing its value among technologists and businesses alike.
- Because of its development process, open source that ultimately reaches end users has a chain of contributors and dependencies.
- It is important that those responsible for their user or organizationâs security are able to understand and verify the security of this dependency chain.â (src linuxfoundation.org)
so far so good eh?
How will this exactly play out? What will be the âmodi operandiâ? (Pentagon & JP Morgan Bank, are interested in making the software supply chain more secure, as the IT of banks (!!!) not very good (say the banks THEMSELVES (that fired a lot of IT staff to save on money))
Just an idea for the govs & big corps with the money:
- put up a âOpen Sourceâ âkickstarterâ like website
- where companies & gov can put up their requirements
- Open Source developers either accept to tackle those requirements
- or:
- post their own projects & investors can allocate their resorces to Open Source
- ABSOLUTE transparency is critical here, not a âpay to playâ âtaking powerâ âtaking overâ âOpen Sourceâ âinfluencingâ sealing deals behind closed doors.
long version:
https://peertube.co.uk/w/jKvQozs7xDqpQvbwQFdKbF
The Star Trek economy: will it ever exist?
Afaik Dutch historian Rutger Bregman confirms in his book âHumankind: A Hopeful Historyâ (BE WARNED: it is a realistâs thriller!), that âthe natureâ of humans (also under constant development), is as such, that only a small percentage are reckless âpsychopathsâ,
the majority of mankind rather wants to help each other, than shoot each other.
Rust âsecond in commandâ around the GNU Linux Kernel
Because Rust lang promises improvements around cyber/itsecurity (no more buffer over/underruns), it might become âsecond in commandâ around the Kernel.
The cons: Rust is more C++ than C, which might be a problem for the (long term) C nerds.
Unless (Linus?) & Greg (or someone else) wants to develop a brand new âCâ â2.0â lang + compiler designed around securityâŚ
Unless Google wants to change itâs Go lang licenceâŚ
âŚRust it is.
Is Go (a more C like) alternative?
(2018: developer Voit wrote a Network driver (GNU Linux kernel module) in Go)
https://www.net.in.tum.de/fileadmin/bibtex/publications/theses/2018-ixy-go.pdf
C ixy vs Go ixy: performance (only) â10% slower then the C implementation under optimal circumstanceâ (optimal meaning: systemâs CPU needs fast single threading)
âOne of the biggest problem during development was low-level memory management.â
âSpecifically register access has proven itself to be difficult in Goâ
âOn the other hand we were surprised about the garbage collection.â
âOriginally named as the reason why Go is nor suited for systems programming, our analysis has proven otherwiseâ
âeasier to read and does not require much understanding of the language itself in order to understand the code, especially compared to some C constructs like function pointer, pointer casting and other more intricate operationsâ (src)
the Go lang licencing MumboJumbo:
âCopyright (c) 2009 The Go Authors. All rights reserved.â
âRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
âAS ISâ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.â
thatâs not all⌠there is more licencing mumbojumbo for all those Free Software Foundation & lawyerzzz:
âAdditional IP Rights Grant (Patents)â
ââThis implementationâ means the copyrightable works distributed by Google as part of the Go project.
Google hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section)
patent license to make, have made, use, offer to sell, sell, import, transfer and otherwise run, modify and propagate
the contents of this implementation of Go,
where such license applies only to those patent claims,
both currently owned or controlled by Google and acquired in the future,
licensable by Google that are necessarily infringed by this implementation of Go.
This grant does not include claims that would be infringed only as a consequence of further modification of this implementation.
If you or your agent or exclusive licensee institute or order or agree to the institution of patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that this implementation of Go or any code incorporated within this implementation of Go constitutes direct or contributory patent infringement,
or inducement of patent infringement, then any patent rights granted to you under this License for this implementation of Go shall terminate as of the date such litigation is filed.â
src: https://raw.githubusercontent.com/golang/go/master/PATENTS
While the sources of the Go lang are indeed accessible via github, itâs licence is neither GPL 2.0 nor GPL 3.0 nor Apache licence nor MIT licence and thus questionable if:
- Google can be trusted (?)
- the Go lang licence is âcompactâ but (currently) not at all Open Source compatible (not a word about if modifcations are allowed)
- why did Google not simply pick a âwell knownâ Open source licence? https://opensource.org/licenses
One fine day, Google might to decide, to change the licence, and from this to:
- stop providing the (latest) source code (the old one yes, not the new one)
- re-distribute Go only in itâs binary form
- charge licence fees for itâs usage
- it is called: âbuilding up dependencies, then cashing in on something that used to be freeâ (as Oracle did with Java)
- until it was out of the testing-phase
- and every developer and every company was using it/became dependant on it
- it is called: âbuilding up dependencies, then cashing in on something that used to be freeâ (as Oracle did with Java)
Next problem: Rust (src here) was started by Mozilla, is used by Mozilla for Firefox, but Mozilla has build up financial dependencies to Google.
(Rust in contrast is licenced under MIT & Apache licence https://www.rust-lang.org/policies/licenses)
While this is all not really: K.I.S.S (the UNIX philosophy of Keep it Super Simple)
No dispair, just do your best.
Sticking to the default?
The problem is that systems designed & âMade in the 1970sâ (C compiler, Phones, Mail), were not designed around security (because it was not really a problem in those days).
SoâŚ
- unless Google wonât change the Go lang licence to something Open Source compatible
- unless Linus & Greg or someone else wants to build a C 2.0 around security, Rust is it.
The Go lang licencing problem is the ZFS Oracle licencing problematic all over again:
In other words: Licences (money) have more than once, instead of enabling developers & users, have hindered developers & users.
Another company that M$ successfully killed by buying itâŚ
Another example how Microsoft successfully made this planet worse:
IT WAS AN EXCELLENT learning platform, with high quality video learning courses withâŚ
- 2000 courses in German
- 1200 courses in Spanish
- 1300 courses in French
- 500 courses in Japanese (as of September 2017)
- 0 in English? (a bit strange, but this company was from Austria and has focused on the EU market, that might be one reason)
Microsoft bought it up⌠now it is⌠dead? MS killed it. #wtf?
Now a high quality Video2Brain Rust videos would be needed (luckily â again â Youtube volunteers are chipping in THANKS! (MS maybe transfer some money to them? eh? thanks!))
PS: so thatâs my take, could not ask that question viaâŚ
stackoverflow.com and serverfault.com suck and DESPERATELY needs competition
#linux #gnu #gnulinux #opensource #administration #sysops #dev #c #development #rust #go #google #security #itsec #cybersec #cybersecurity #kernel #linus #torvalds #mozilla #licence #licencing #patents #patent
Originally posted at: https://dwaves.de/2022/05/16/rst-vs-go-open-source-is-about-enabling-users-rust-lang-will-complement-c-around-the-gnu-linux-kernel-for-better-safety-amazon-microsoft-google-and-the-white-house-want-to-make-open-sourc/
âFOSS means that effort is shared across organizations and lowers maintenance costs significantlyâ (src: comment by JohnFOSS on itsfoss.com)
getting the naming right: Why is it GNU Linux and not just Linux?
[video width=â576âł height=â462âł mp4=âhttps://dwaves.de/wp-content/uploads/2022/01/Stallman-getting-the-naming-right-Why-is-ist-GNU-Linux-and-not-just-Linux.mp4âł\]\[/video\]
- because it would given the developers who wrote the c compiler gcc (many contributors) and libc (many contributors) that compiles the kernel (and a lot of other stuff) no credit
Linus talking about GPL v3 vs GPL v2 (the better one)
[video width=â578âł height=â348âł mp4=âhttps://dwaves.de/wp-content/uploads/2022/01/GNU-Linux-DebConf-Linus-talking-about-GPL-v3-vs-GPL-v2-the-better-one.mp4âł\]\[/video\]
- ### the (GPL 2.0) intented social contract is: âi give you sourcecode, give me back your changesâ
- Linus drew criticism over his âstubbornnessâ to stick with GPL 2.0 e.g. Oracleâs Sunâs ZFS filesystem is released under a GPL incompatible licence, that as seen in this video statement, that is completely on purpose, just as it is (probably) on purpose by Oracleâs Sun to be DELIBERATELY incompatible with GPL (it seems to be a Microsoft-like a fake-support for the Open Source movement attempt companies like that âwant to do marketing as Open Source but not really do Open Sourceâ)
- GPL 2.0: (spdx.org calls it âDeprecatedâ? calling this the successor version)
- GPL-2.0+.txt
- GPL-2.0+.pdf (Courier like Font)
- GPL-2.0+ (Liberation Sans, Arial like font)
- GPL 2.0: (spdx.org calls it âDeprecatedâ? calling this the successor version)
- Tivoization /ËtiËvoĘÉŞËzeÉŞĘÉn/ is the creation of a system that incorporates software under the terms of a copyleft software license like the GNU General Public License (GNU GPL), but uses hardware restrictions or digital rights management (DRM) to prevent users from running modified versions of the software on that hardware. Richard Stallman coined the term in reference to TiVoâs use of GNU GPL licensed software on the TiVo brand digital video recorders (DVR), which actively blocks users from running modified software on its hardware by design.[1][2] Stallman believes this practice denies users some of the freedom that the GNU GPL was designed to protect.[3] The Free Software Foundation refers to tivoized hardware as âtyrant devicesâ.[4] (creditz: wiki)
- Linux kernel licensing rules ============================
- The Linux Kernel is provided under the terms of the GNU General Public License version 2 only (GPL-2.0), as provided in LICENSES/preferred/GPL-2.0, with an explicit syscall exception described in LICENSES/exceptions/Linux-syscall-note, as described in the COPYING file.This documentation file provides a description of how each source file should be annotated to make its license clear and unambiguous. It doesnât replace the Kernelâs license.The license described in the COPYING file applies to the kernel source as a whole, though individual source files can have a different license which is required to be compatible with the GPL-2.0:
GPL-1.0+ : GNU General Public License v1.0 or later <a href="https://spdx.org/licenses/GPL-2.0-or-later.html">GPL-2.0+ : GNU General Public License v2.0 or later</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/LICENSES/preferred/GPL-2.0?h=v5.17-rc2">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/LICENSES/preferred/GPL-2.0?h=v5.17-rc2</a> LGPL-2.0 : GNU Library General Public License v2 only LGPL-2.0+ : GNU Library General Public License v2 or later LGPL-2.1 : GNU Lesser General Public License v2.1 only LGPL-2.1+ : GNU Lesser General Public License v2.1 or later
src: https://docs.kernel.org/process/license-rules.html
- actually there is a whole folder âLICENCEâ that is shipped with the kernel sources, which has the following subfolders:
- deprecated
- dual
- exceptions
- preferred
- here is a list of all sorts of free licences https://spdx.org/licenses/ (RSS Feed)- Can I use the word âLinuxâ or the Tux logo?
hereby creditz shall be given to Larry_Ewing for creating the Tux Logo
Linux is a registered trademark of Linus Torvalds and its use is governed by the Linux Trademark Institute. Please consult the following page for further information: Trademark Usage
The Tux penguin logo was created by Larry Ewing using Gimp software. It is free to use, including commercially, as long as you give Larry Ewing proper credit (âif someone asksâ). For any other permissions, please reach out to Mr. Larry Ewing directly. (src)
- I heard that Linux ships with non-free âblobsâ (pieces of software that are binary closed source)
- Before many devices are able to communicate with the OS, they must first be initialized with the âfirmwareâ provided by the device manufacturer.
- This firmware is not part of Linux and isnât âexecutedâ by the kernel â it is merely uploaded to the device during the driver initialization stage.
- While some firmware images are built from free software, a large subset of it is only available for redistribution in binary-only form.
- To avoid any licensing confusion, firmware blobs were moved from the main Linux tree into a separate repository called linux-firmware.
- It is possible to use Linux without any non-free firmware binaries, but usually at the cost of rendering a lot of hardware inoperable.
- Furthermore, many devices that do not require a firmware blob during driver initialization simply already come with non-free firmware preinstalled on them.
- If your goal is to run a 100% free-as-in-freedom setup, you will often need to go a lot further than just avoiding loadable binary-only firmware blobs.
- src: https://kernel.org/category/faq.html
Links:
https://www.linuxplumbersconf.org/
because this site https://lpc2021.org/ is massively broken (WTF LPC?) who wants to watch the 2021 conference will have to rely on Google: https://www.youtube.com/playlist?list=PLVsQ_xZBEyN2c21jFUgqI2iMa094zXanH
manpage of man: man.man.txt
#linux #gnu #gnulinux #opensource #administration #sysops #gpl #fsf #eff #licence #licensing #license #gnu-linux #gcc #kernel #linus #stallman
Originally posted at: https://dwaves.de/2022/01/31/why-is-it-gnu-linux-and-not-just-linux-linus-talking-about-gpl-v3-vs-gpl-v2-the-better-one-the-social-gpl-contract-is-i-give-you-sourcecode-give-me-back-your-changes-non-free-binary/
#dwr #foto #fotografieren #mywork #goodmorning #fbg #fbd #jamendo #CC #mastobikes
#Tousled #Crane on #Tour
Guten Morgen #Welt!
Auf den groĂen #KĂźrbis habe ich nicht gewartet, âŚ
⌠aber gefßhlt wie #Linus, habe ich mich! Die dunkelsten und wahrscheinlich auch schmutzigsten #Feldwege, habe ich die Nacht aufgesucht und auf eine #Wolkenlßcke gewartet. Keine Chance! Aber dies sind #Stunden die ich fßr mich gut nutzen konnte. Es gab zwar keine #Aurora #Borealis aber gute #Gedanken und #Ideen fßr mich.
Jemand 'n #Kaffee?
Bleibt senkrecht und gesund!
DevC - Linus Torvalds "Nothing better than C"
[video width=â492âł height=â426âł mp4=âhttps://dwaves.de/wp-content/uploads/2021/08/Linus-Torvalds-Nothing-better-than-C.mp4âł\]\[/video\]
what is great about C?
- - the simplicity of the compiler that just runâs anywhere
- still THE most resource efficient language
- with C the user does not have to buy a new computer every 3 years, because of updates slowing down the system so much it become inefficient
- still THE language that can speak best to hardware
- the syntax can be called ugly sometimes, but not as ugly as C++ X-D
- still THE most resource efficient language
everyone understands what this does:
cat boolstd.c
#include
#include
int main(void) {
// set to true
bool b1 = 1;
// this is correct, it will print
if(b1)
{
printf("Bool b1 is true \n");
}
// set to false
_Bool b2 = 2;
// this is false, will not print
if(b2 == false)
{
printf("Bool b2 is false \n");
}
// requires
bool b3 = true;
// this is correct, it will print
if(b3 == true)
{
printf("Bool b3 is true \n");
}
// requires
bool b4 = false;
if(b4 == false)
{
printf("Bool b4 is false \n");
}
}
the problems of C:
- security problems need to be adressed (all those buffer over- and underruns)
⌠security/safety plus multi core computing is what RUST tries to adress
RUST the safer C/C++?
#linux #gnu #gnulinux #opensource #administration #sysops #dev #devrust #rust #devc #c #linus
Originally posted at: https://dwaves.de/2021/08/19/devc-linus-torvalds-nothing-better-than-c/