• Seenthis cité dans cet article : "Mastodon, Diaspora, PeerTube... : des alternatives « libres » face aux géants du Net et à leur monde orwellien"

    Réseau social original, Seenthis (« Vu ça » en français) a été lancé en France en 2011. Il s’apparente par certains aspects à Twitter, mais propose bien d’autres fonctionnalités. L’utilisateur peut y tenir un blog personnel constitué de billets courts, dans lesquels il recommande à ceux qui le suivent la lecture d’articles (comme ceux de Bastamag, par exemple).

    https://www.bastamag.net/Mastodon-Diaspora-PeerTube-Qwant-framasoft-logiciels-libres-open-street-ma

    #LogicielsLibres #Logiciels_Libres #MondeDuLibre #SeenThis

  • An Open Source License That Requires Users to Do No Harm | WIRED
    https://www.wired.com/story/open-source-license-requires-users-do-no-harm

    China uses facial recognition technology to track Uyghur Muslims. The US military uses drones to kill suspected terrorists—any nearby civilians. US Immigration and Customs Enforcement—which has locked children in cages near the Mexican border—relies on software for communications and coordination, like all modern organizations.

    Someone had to write the code that makes all of that possible. Increasingly, some developers are calling on their employers and the government to stop using their work in ways they believe are unethical. Google employees convinced the company to stop its drone footage analysis work and cancel plans to bid on a cloud computing contract with the Pentagon. Microsoft employees have protested the company’s work for ICE and the military, though with little success thus far.

    But it’s hard to stop a company or government from using software that it already has, especially if that software is open source. Last month, for example, programmer Seth Vargo deleted some of his open source code from online repositories to protest its potential use by ICE. But because open source code can be freely copied and distributed, his code was soon back online elsewhere.

    Coraline Ada Ehmke wants to give her fellow developers more control over how their software is used. Software released under her new “Hippocratic License” can be shared and modified for almost any purpose, with one big exception: "Individuals, corporations, governments, or other groups for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of individuals or groups in violation of the United Nations Universal Declaration of Human Rights.”

    #Logiciels_libres #Licence #Hippocratic_licence #Coraline_Ada_Ehmke

  • Statement on Gab’s fork of Mastodon - Official Mastodon Blog
    https://blog.joinmastodon.org/2019/07/statement-on-gabs-fork-of-mastodon

    Mastodon is completely opposed to Gab’s project and philosophy, which seeks to monetize and platform racist content while hiding behind the banner of free speech. Mastodon remains committed to standing up against hate speech; for example, our new server covenant means we only list servers on joinmastodon.org that are committed to active moderation against racism, sexism and transphobia. The Mastodon community does not approve of their attempt to hijack our infrastructure and has already taken steps to isolate Gab and keep hate speech off the fediverse.

    Mastodon champions a free API ecosystem and as such all Mastodon apps are created and maintained by independent developers. However, Tusky (Android) and Toot! (iOS) have blacklisted Gab’s domains from their login screens. Gab users will not be able to use these apps to access or post from Gab. We do not currently know if any other apps are doing the same. Mastodon itself allows instance owners to decide which domains to block. Most servers in the fediverse are already blocking the Gab domains and we have done the same at mastodon.social.

    In addition to the isolation Gab can expect from the fediverse, it is clear that their design choices offer users no incentive to choose their platform. By paywalling basic features that are freely available on Mastodon, Gab puts itself at a disadvantage compared to any Mastodon instance. Mastodon remains non commercially structured and all features are available to users freely from the start.

    #Modération #Mastodon #Détournement #Logiciels_libres

  • The Internet Relies on People Working for Free - OneZero
    https://onezero.medium.com/the-internet-relies-on-people-working-for-free-a79104a68bcc
    https://miro.medium.com/focal/1200/632/52/50/0*93mCYPVf551dbAQY

    But when software used by millions of people is maintained by a community of people, or a single person, all on a volunteer basis, sometimes things can go horribly wrong. The catastrophic Heartbleed bug of 2014, which compromised the security of hundreds of millions of sites, was caused by a problem in an open-source library called OpenSSL, which relied on a single full-time developer not making a mistake as they updated and changed that code, used by millions. Other times, developers grow bored and abandon their projects, which can be breached while they aren’t paying attention.

    It’s hard to demand that programmers who are working for free troubleshoot problems or continue to maintain software that they’ve lost interest in for whatever reason — though some companies certainly try. Not adequately maintaining these projects, on the other hand, makes the entire tech ecosystem weaker. So some open-source programmers are asking companies to pay, not for their code, but for their support services.

    Daniel Stenberg is one of those programmers. He created cURL, one of the world’s most popular open-source projects.

    #Logiciels_libres #cURL #Maintenance

  • Python’s creator thinks it has a diversity problem — Quartz
    https://qz.com/1624252/pythons-creator-thinks-it-has-a-diversity-problem

    In a rare interview with the programmer in October last year, which was recently published on YouTube, he was asked about the lack of diversity among the people working on open-source programming languages. He noted that it was an issue, and said that those who ignore it, because open-source projects are available for anyone to contribute, are not seeing the full picture.

    “It’s not just joining a project that’s the problem, it’s staying in the project, which means you have to feel comfortable exchanging emails and code reviews… with people that you don’t know personally but you communicate frequently with online,” he said. Van Rossum thinks that these exchanges can be difficult for women because of unconscious bias and male-driven cultural norms within open-source communities.

    “It’s not just about writing the code, but you have stand up for your code and defend your code, and there is a certain male attitude that is endemic in many projects where a woman would just not feel comfortable claiming that she is right,” he explained. “A guy who knows less than that woman might honestly believe [he is right], so they present a much more confident image.” In his experience, van Rossum sees incompetent men’s ideas gaining acceptance more often than merited because they are more forceful in how they present them.

    Van Rossum believes that the different attitudes of women and men in programming communities is due to wider societal problems that we need to fix from the bottom up. “I’ve always felt that feminism was right and we need to change the whole society,” he said. In the meantime, he feels a responsibility to act in the places he has influence, like in the Python community.

    He believes the key to making open-source communities more inclusive is establishing (and enforcing) codes of conduct and mentoring. Van Rossum says that he now mentors women and underrepresented minority programmers. “But white guys can forget it,” he said. “They are not the ones who need it most.” (In typical programmer speak, he calls mentoring a “completely distributed, democratic approach.”)

    Rather, he thinks it’s important that men are educated about their biases. “[There are] some guys who are super defensive when you tell about this shit, but the majority of guys just don’t know any better,” he said. “The first time I heard the term unconscious bias was maybe five years ago and it was an eye opener.” It’s changed him, and he thinks it could change others.

    #Python #Logiciels_libres #Genre #Féminisme #Programmation

  • À LA TÉLÉ - Le logiciel libre, un enjeu philosophique autant qu’un choix de société
    https://reporterre.net/A-LA-TELE-Le-logiciel-libre-un-enjeu-philosophique-autant-qu-un-choix-de

    Depuis la généralisation d’#Internet dans tous les domaines de la #société, la problématique des #logiciels_propriétaires, opposés aux #logiciels_libres, est devenue cruciale, quoique encore ignorée par la grande majorité des utilisateurs. Par définition, le logiciel libre peut être exploité, amélioré et distribué par tous. Or, la plupart des logiciels auxquels nous recourons quotidiennement sont dit « propriétaires » : leur code source appartient à de grandes entreprises, qui en tirent des bénéfices importants. Les #résistants de l’open source y voient ainsi un #enjeu_philosophique autant qu’un #choix_de_société : les nouvelles technologies devraient être contrôlées par leurs #utilisateurs, plutôt que de limiter leur #liberté à leur trouver des alternatives.

  • The Linux desktop is in trouble | ZDNet
    https://www.zdnet.com/article/the-linux-desktop-is-in-trouble

    Jason Hicks, Muffin maintainer and member of the Linux Mint team, observed on Reddit, as reported by Brian Fagioli:

    I also have a life outside open-source work, too. It’s not mentally sound to put the hours I’ve put into the compositor. I was only able to do what I could because I was unemployed in January. Now I’m working a job full time, and trying to keep up with bug fixes. I’ve been spending every night and weekend, basically every spare moment of my free time trying to fix things.

    There’s also been tension because we’re 1-2 months from a release. We’ve had contentious debate about input latency, effects of certain patches, and ways to measure all of this. Other team members are going through their own equally hard circumstances, and it’s an unfortunate amount of stress to occur all at once at the wrong times. We’re human at the end of the day. I wish these aspects didn’t leak into the blog post so much, so just wanted to vent and provide some context. If you take away anything from it, please try the PPA and report bugs. We need people looking for things that might get stuck in cinnamon 4.2.

    I’ve heard this before. There have been a lot of Linux desktop distros over the years. They tend to last for five or six years and then real life gets in the way of what’s almost always a volunteer effort. The programmers walk away, and the distro then all too often declines to be replaced by another.

    It is not easy building and supporting a Linux desktop. It comes with a lot of wear and tear on its developers with far too little reward. Mint is really a winner and I hope to see it around for many more years to come. But I worry over it.

    Looking ahead, I’d love to see a foundation bring together the Linux desktop community and have them hammer out out a common desktop for everyone. Yes, I know, I know. Many hardcore Linux users love have a variety of choices. The world is not made up of desktop Linux users. For the million or so of us, there are hundreds of millions who want an easy-to-use desktop that’s not Windows, doesn’t require buying a Mac, and comes with broad software and hardware support. Are you listening Linux Foundation?

    #Logiciels_libres #Linux #GUI #Economie

  • SPIP : Mise à jour CRITIQUE de sécurité
    https://www.domainepublic.net/SPIP-Mise-a-jour-CRITIQUE-de-securite.html

    Une faille CRITIQUE a été découverte récemment sous SPIP, permettant l’exécution de code arbitraire par les visiteurs identifiés. Elle touche les versions SPIP 3.1 ( inférieure à la 3.1.10) et les versions SPIP 3.2 ( inférieure à la 3.2.4) , et impacte tous les sites utilisant ces versions. Les versions SPIP 3.0 et antérieures ne sont pas concernées par ce problème. Il est impératif de mettre à jour votre site SPIP dès que possible. L’équipe remercie Guillaume Fahrner pour l’identification et le (...)

    #Logiciels_Libres

  • KEI letter to US DOJ, opposing IBM acquisition of Red Hat | Knowledge Ecology International
    https://www.keionline.org/30093

    Très intéressant sur les relations Logiciels libres et grandes entreprises. Utiliser le LL comme cheval de Troie pour renforcer des services spécifiques... brisant la confiance et la neutralité du libre. L’inverse de ce que décrit « Des routes et des ponts » sur les partenariats communs-privés.

    The following was sent to US DOJ today, to express KEI’s opposition to the IBM acquisition of Red Hat.

    13 March 2019

    Bindi R. Bhagat
    U.S. Department of Justice
    Antitrust Division
    Technology and Financial Services Section

    Dear Ms. Bhagat,

    Thank you for taking our call today, regarding the International Business Machines Corporation (IBM) effort to buy Red Hat, Inc. As discussed, Knowledge Ecology International (KEI) is opposed to IBM acquiring Red Hat.

    At present, Red Hat controls the most important Linux distribution for Internet and cloud servers.

    The important metrics in this area include, but are not limited to, the share of Internet traffic supported by Red Hat server installations, as well as the revenue that Red Hat realizes for maintaining and customizing Linux server software, compared to other Linux server distribution companies or organizations.

    Red Hat is an important contributor to the Linux kernel and to the code that is used in many elements in the broader GNU/Linux platform of free software programs that are used by server platforms, including the many non-Red Hat Linux distributions.

    IBM is proposing to pay a large premium for Red Hat. Prior to the acquisition offer, Red Hat was valued at approximately $20.5 billion. IBM is proposing to buy Red Hat for $34 billion, a premium of about 67 percent of the previous value.

    IBM could have invested in Red Hat stock at a much lower price, if the objective was simply to share in the expected profits of Red Hat, continuing its current business offerings. What IBM gains from its acquisition of Red Hat is control, and the ability to shape the direction of its software development efforts, to favor IBM’s own cloud services.

    Today Red Hat is considered a neutral partner for many companies offering or developing cloud services. If IBM acquires Red Hat, the trust in Red Hat will be eroded, and IBM will have powerful incentives to influence Red Hat’s software development efforts towards providing special functionality and benefits to IBM and the IBM cloud services, and even to degrade the functionality of services to companies that compete directly with IBM, or fail to buy services from IBM.

    The Department of Justice (DOJ) should consider the impact of the merger on the incentives that Red Hat will have, post merger, to undermine competition and degrade the benefits of a more level playing field, for this critical Internet resource and platform.

    Our concerns are shaped to some degree by the detrimental decision made by the DOJ in approving the Oracle acquisition of Sun Computer’s open source assets, including the MySQL database program. At the time, DOJ viewed the MySQL software as unimportant, because the revenues were small, relative to other database programs. Most users of MySQL did not pay any fees to use the software. Our organization, KEI, used MySQL to support our Joomla, Drupal and WordPress content management systems, and did not pay fees to Sun Computer, along with countless other businesses, non-profit organizations and individuals who also used the free version. We were concerned, at the time, that Oracle would degrade and slow the development of the capacities of MySQL, in order to protect Oracle’s very expensive proprietary database services. We believe that our concerns about Oracle have unfortunately been borne out, by the blunting of the rate of innovation and ambition for MySQL, the fact that Open Office (another program gained in the acquisition of Sun Computers) is no longer an important free software client for office productivity, and Oracle’s aggressive litigation over copyright and patent claims related to Java.

    The DOJ might consider conditions on the merger that would provide greater assurances that Red Hat will not be used to create an unlevel playing field that favors IBM’s own cloud services. We are willing to suggest such conditions, relating to governance, licensing and other issues. For example, the DOJ could require IBM to show how it will ensure the continued policy of ensuring that Red Hat’s patents are only used for defensive purposes. Conditions on this issue should be durable, and avoid predictable loopholes.

    IBM’s competitors and existing customers of Red Hat will have more informed suggestions as to specific conditions that would protect IBM’s competitors. But overall, the best decision would be to reject the merger, on the grounds that is is fundamentally designed to create an unlevel playing field.

    Red Hat is not just another technology company. It is one of the main reasons the Internet functions as well as it does.

    Sincerely,

    James Love
    Knowledge Ecology International (KEI)
    1621 Connecticut Avenue, Suite 500
    Washington, DC 20009
    https://keionline.org

    #Communs #Logiciels_libres #Red_Hat #IBM

  • Urgent, mobilisez-vous, contactez les député⋅e⋅s pour la priorité au logiciel libre dans l’éducation | April
    https://www.april.org/urgent-mobilisez-vous-contactez-les-depute-e-s-pour-la-priorite-au-logiciel-l

    L’examen en séance publique du projet de loi pour une école de la confiance va démarrer lundi 11 février 2019 à partir de 16h. Deux amendements déposés par les membres du groupe de la Gauche Démocrate et Républicaine (GDR) proposent que les logiciels mis à disposition des élèves dans le cadre du service public de l’enseignement soient en priorité des logiciels libres. L’April appelle chacun et chacune à contacter dès maintenant les député⋅e⋅s pour soutenir ces propositions. L’examen de ces amendements pourrait avoir lieu dès lundi 11 février ou mardi 12 février.

    #logiciels_libres #éducation_nationale

  • Node.js : une bibliothèque populaire vérolée vise un portefeuille de crypto-monnaies - Next INpact
    https://www.nextinpact.com/brief/node-js---une-bibliotheque-populaire-verolee-vise-un-portefeuille-de-cry

    Un reproche de plus en plus fréquent à l’endroit des projets libres, dont ceux fondés sur Node.js, est la forêt de dépendances plus ou moins solides sur lesquelles ils reposent. Certaines, pourtant considérées comme essentielles, sont maintenues par des particuliers sur leur temps libre, voire abandonnées.

    C’était le cas d’event-stream pour Node.js, très utilisé. Pourtant, son concepteur Dominic Tarr a cessé son développement depuis longtemps, ouvrant la porte à right9ctrl.

    Il a repris le projet et immédiatement publié even-stream 3.3.6, vérolé avec « flatmap-stream 1.1 ». Problème : la bibliothèque est téléchargée jusqu’à 2,4 millions de fois par semaine, selon NPM Stat.

    « Il m’a envoyé un email et dit qu’il voulait maintenir le module, donc je lui ai donné. Je n’obtiens rien en maintenant ce module, je ne l’utilise même plus, depuis des années », s’est défendu le créateur de l’outil, face à des pairs dubitatifs. Certains lui ont dit d’archiver son projet sur GitHub s’il n’était plus activement développé ; une précaution oubliée.

    Le projet est resté sous le nom de Dominic Tarr sur GitHub. Il ne peut être transféré officiellement à right9ctrl, qui avait déjà ouvert un dérivé (fork). Pourtant, le concepteur a perdu tous droits sur le projet sur npm, le système de distribution de modules de Node.js. Un utilisateur demande à revenir à la version 3.3.4, la dernière mouture sûre connue.

    Le code masqué ne fonctionnerait qu’en présence de bibliothèques liées à Copay de Bitpay sur le même serveur. Copay permet de créer des portefeuilles de crypto-monnaies partagés. Le code malveillant inclus dans event-streamer tenterait donc de voler les bitcoins que contient Copay.

    Selon NPM, la version 3.3.6 d’event-stream a disparu du dépôt, ne laissant que les moutures 3.3.5 et 4.x. Cette nouvelle branche a été publiée il y a deux mois par right9ctrl.

    « La seconde mise à jour (commit) après [la version 3.3.6] retire l’injection et crée une nouvelle version majeure [4.x] pour nettoyer le dépôt GitHub de la présence de flatmap-stream, tout en conservant tous ceux utilisant la branche 3.x affectés », estime FallingSnow, qui a révélé le scandale sur GitHub.

    Bon, faut dire que l’opacité de Node.js, son caractère « magique » n’aide pas, alors même que cela devient indispensable pour tous les développeurs, dont la spécialité n’est pas forcément Node.js. Il faut alors l’installer et « faire confiance », ne serait-ce que pour utiliser Symfony. La maintenance du code n’est pas le seul problème du libre ; celle de la doc et de la création de tutoriels qui apprennent vraiment quelque chose (comprendre et pas seulement cliquez-là et faites-ci) sont aussi importante.

    #Logiciels_libres #Node.js #Cryptomonnaie #Sécurité

    • C’est vrai que l’architecture encourage l’empilement de modules (dont certains ridiculement limités https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos) mais ce n’est ni limité au libre ni au développement web.
      J’ai plus l’impression que c’est une affaire de culture et peut-être de génération.

      Il y a aussi un autre aspect de cet épisode : le code vérolé n’était présent que dans la version minifiée du module apparemment, donc beaucoup plus difficile à détecter. Ça par contre c’est un problème qui a une solution technologique, par exemple, la minification ne devrait se faire que par une autorité ou par un mécanisme garantissant l’équivalence entre les deux versions.

  • After Years of Abusive E-mails, the Creator of Linux Steps Aside | The New Yorker
    https://www.newyorker.com/science/elements/after-years-of-abusive-e-mails-the-creator-of-linux-steps-aside?mbid=nl_D

    Torvalds’s decision to step aside came after The New Yorker asked him a series of questions about his conduct for a story on complaints about his abusive behavior discouraging women from working as Linux-kernel programmers. In a response to The New Yorker, Torvalds said, “I am very proud of the Linux code that I invented and the impact it has had on the world. I am not, however, always proud of my inability to communicate well with others—this is a lifelong struggle for me. To anyone whose feelings I have hurt, I am deeply sorry.”

    Although it distributes its product for free, the Linux project has grown to resemble a blue-chip tech company. Nominally a volunteer enterprise, like Wikipedia, Linux, in fact, is primarily sustained by funds and programmers from the world’s large technology companies. Intel, Google, IBM, Samsung, and other companies assign programmers to help improve the code. Of the eighty thousand fixes and improvements to Linux made in the past year, more than ninety per cent were produced by paid programmers, the foundation reported in 2017; Intel employees alone were responsible for thirteen per cent of them. These same companies, and hundreds of others, covered the foundation’s roughly fifty-million-dollar annual budget.

    Linux’s élite developers, who are overwhelmingly male, tend to share their leader’s aggressive self-confidence. There are very few women among the most prolific contributors, though the foundation and researchers estimate that roughly ten per cent of all Linux coders are women. “Everyone in tech knows about it, but Linus gets a pass,” Megan Squire, a computer-science professor at Elon University, told me, referring to Torvalds’s abusive behavior. “He’s built up this cult of personality, this cult of importance.”

    Valerie Aurora, a former Linux-kernel contributor, told me that a decade of working in the Linux community convinced her that she could not rise in its hierarchy as a woman. Aurora said that the concept of Torvalds and other powerful tech figures being “equal-opportunity assholes” was false and sexist: when she and Sharp adopted Torvalds’ aggressive communication style, they experienced retaliation. “Basically, Linus has created a model of leadership—which is being an asshole,” Aurora told me. “Sage and I can tell you that being an asshole was not available to us. If we were an asshole, we got smacked for it, got punished, got held back. I tried it.”

    Torvalds, by contrast, long resisted the idea that the Linux programming team needed to become more diverse, just as he resisted calls to tone down his language. In 2015, Sharp advocated for a first-ever code of conduct for Linux developers. At a minimum, they hoped for a code that would ban doxxing—the releasing of personal information online to foment harassment—and threats of violence in the community. Instead, Torvalds accepted a programming fix provocatively titled “Code of Conflict,” which created a mechanism for filing complaints more generally. In the three years since then, no developers have been disciplined for abusive comments. Sharp, who was employed by Intel at the time, said they carefully avoided Linux kernel work thereafter.

    #Linux #Linus_Torvalds #Genre #Développeurs #Logiciels_libres #Machisme

  • The percentage of open source code in proprietary apps is rising - Help Net Security
    https://www.helpnetsecurity.com/2018/05/22/open-source-code-security-risk

    Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed that:

    96 percent of the scanned applications contain open source components, with an average 257 components per application, and that
    The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

    “Today, open source use is pervasive across every industry and is used by organizations of all sizes. The reasons are straightforward—open source lowers development costs, speeds time to market, and accelerates innovation and developer productivity,” analysts with the Synopsys Center for Open Source Research & Innovation (COSRI) have noted.

    #Logiciels_libres #Open_source #Cybersécurité

  • Modalités d’ouverture des codes sources | Modalités d’ouverture des codes sources
    https://disic.github.io/politique-de-contribution-open-source

    Comment ouvrir ses codes sources ? Quelle licence choisir ? Comment un agent public peut-il contribuer à un logiciel libre existant ?

    Conformément à la Loi pour une République Numérique du 7 octobre 2016, les codes sources sont des documents administratifs communicables et réutilisables.

    La DINSIC a souhaité échanger avec les acteurs de l’État, mais également les communautés du libre, les associations, les sociétés privées et le secteur académique sur les modalités d’ouverture des codes sources.

    Cette politique a été validée par l’ensemble des DSI ministériels le 15 février 2018 et est officiellement en vigueur.
    Contenu du document

    Politique de contribution aux logiciels libres de l’État
    Principes d’ouverture des codes sources
    Bonnes pratiques
    Instanciation des politiques de contribution ministérielles
    Gouvernance de la politique de contribution interministérielle
    Foire aux questions

    Licence

    Ce document est publié sous la Licence Ouverte 2.0.

    #Logiciels_libres

  • Open source isn’t the community you think it is | ITworld
    https://www.itworld.com/article/3268001/open-source-tools/open-source-isnt-the-community-you-think-it-is.html

    Name your favorite open source project, and the odds are good—very good—that a small handful of contributors account for the vast majority of significant development thereof. The odds are just as good that most of those contributors work for just one or a few vendors. Such is open source today, and such has been open source for the past 20 years.

    So, does that mean open source is really just commercial software by another name?
    [ Community: Who really contributes to open source. | Celebration: 20 years of open source: Its world-changing history. | Contrarian: 20 years on, open source hasn’t changed the world as promised. ]

    No, it does not. But it means the popular stereotype of a broad community coming together to create software is a myth. The reality of open source is different than the myth, but still a good, positive alternative to commercial software.
    Why only a few vendor-paid developers do almost all the work

    Thirteen years ago, I dug into academic research that showed how Mozilla’s Firefox browser and the Apache HTTP Server were both developed by a small cadre of core contributors. While the population of contributors broadened with things like bug fixes, the central development work for these and virtually all other projects was done by a talented group of core committers.

    Today, an analysis from Redmonk’s Fintan Ryan on projects housed under the Cloud Native Computing Foundation shows nothing has changed. Kubernetes is the most famous CNCF tenant, with Google and Red Hat contributing the lion’s share of code, but the other, lesser-known CNCF projects follow this same pattern. Indeed, perhaps the only real surprise in this fact of concentrated contributions is that the pattern has remained constant for so long.

    Look at any CNCF project, Ryan has shown, and you’ll see that virtually all of its contributions come from fewer than ten people. In fact, if you drill down deeper, you see that most work is done by just two people on any given project.

    As Ryan has written:

    It is fair to say that for almost all of the projects in the CNCF, specific vendors account for most of the development work being done.

    This is not to say that this is a bad thing—it is not; it is just a statement of reality. While the broad community around the projects may be large, the number of significant core contributors is relatively small, and the number of truly independent contributors is smaller still. This pattern is common across many open source projects.

    Not just “many” open source projects—all of them. I can’t think of a significant counterexample. For big, diverse projects like Linux, if you peel away the overall wrapping and count contributors for the subprojects, you see the same phenomenon: A few developers, nearly all of them employed by vendors, generate a huge percentage of core contributions.

    But if you step back, you realize it could only be thus. After all, anysoftware project degrades in efficiency the more bodies you throw at it (as Fred Brooks’s seminal book The Mythical Man Month anticipated).

    As for why most of these developers would be funded by vendors, that’s easy to explain, too: Developers have rent to pay, too, and they can only afford to heavily contribute if they are paid to do so. Companies, pursuing their corporate self-interest, employ developers to work on projects that help their business.

    Smart vendors understand how to use this to their advantage. Red Hat, for example, devoted part of its most recent earnings call to tout its Kubernetes contributions (second only to Google). As CEO Jim Whitehurst argued, those contributions let Red Hat both influence Kubernetes’s roadmap as well as better support its customers. Contributions, in short, give it a competitive advantage in selling Kubernetes.
    What “community” really means for open source

    So, is “community,” that mythical beast that powers all open source, just a chimera?

    The easy answer is “no.” That’s also the hard answer. Open source has always functioned this way.

    The interesting thing is just how strongly the central “rules” of open source engagement have persisted, even as open source has become standard operating procedure for a huge swath of software development, whether done by vendors or enterprises building software to suit their internal needs.

    While it may seem that such an open source contribution model that depends on just a few core contributors for so much of the code wouldn’t be sustainable, the opposite is true. Each vendor can take particular interest in just a few projects, committing code to those, while “free riding” on other projects for which it derives less strategic value. In this way, open source persists, even if it’s not nearly as “open” as proponents sometimes suggest.

    Is open source then any different from a proprietary product? After all, both can be categorized by contributions by very few, or even just one, vendor.

    Yes, open source is different. Indeed, the difference is profound. In a proprietary product, all the engagement is dictated by one vendor. In an open source project, especially as licensed under a permissive license like Apache 2.0, there’s always the option for a new developer or vendor to barge in and upset that balance. Kubernetes is a great example: Google started as the sole contributor but Red Hat (and others) quickly followed.

    No, this doesn’t help the casual corporate contributor that wants influence without making a sacrifice of code, but it does indicate that it’s possible to have an impact on an open source project in ways that proprietary products don’t afford.

    In short, there’s little to fear and much to celebrate in how open source works. Indeed, it is precisely this self-interested seeking of individual corporate (or personal) benefit that should keep open source flowering for decades to come.

    As should be evident 20 years into open source’s rise, the model works at both the community level and at the vendor level. Will it work for another 20? Yes.

    This story, “Open source isn’t the community you think it is” was originally published by InfoWorld.

    #Logiciels_libres #Communs #Communautés

    • @rastapopoulos Je viens de lire tes remarques sur l’excellent livre Roads and Bridges (j’avais envie de le traduire, mais je vois que Framablog l’a déjà fait... c’est bien l’open traduction ;-)

      Si on compare ce que tu dis que logiciel libre et des contraintes de financement, avec ce qui se passe également dans le monde associatif, où la course aux projets et subventions permettant de payer les permanents est devenue une nécessité, on voit bien qu’il y a un élément commun à creuser sur l’activité autonome des multitudes. Pour construire du ou des communs, il faut trouver des partenariats (communs-public ou communs-privé)... sinon, le projet risque d’être très beau, mais la réalisation pêcher par manque de solidité, de rayonnement,... (mon coeur saigne quand j’y pense ;-)

      Cela souligne d’autant plus la nécessité d’une élaboration théorique forte pour trouver des voies à l’émancipation, quel que soit le domaine. Les vieilles recettes (comme les vielles fractures des mondes militants) doivent être interrogées... et depuis trente ans, c’est cela que provoque le numérique.

  • La Cour des comptes valide le recours aux logiciels libres au sein de l’État | April
    https://www.april.org/la-cour-des-comptes-valide-le-recours-aux-logiciels-libres-au-sein-de-l-etat

    La Cour des comptes contrôle et analyse les actions de la DINSIC, dont elle salue le travail qu’elle appelle à amplifier et à relayer dans les autres services interministériels. On peut ainsi rappeler le récent appel à commentaires de la DINSIC sur la politique de contribution aux #logiciels_libres de l’#État clos le 28 janvier 2018.

  • Announcing the Initial Release of Mozilla’s Open Source Speech Recognition Model and Voice Dataset - The Mozilla Blog
    https://blog.mozilla.org/blog/2017/11/29/announcing-the-initial-release-of-mozillas-open-source-speech-recognit

    And yet, while this technology is still maturing, we’re seeing significant barriers to innovation that can put people first. These challenges inspired us to launch Project DeepSpeech and Project Common Voice. Today, we have reached two important milestones in these projects for the speech recognition work of our Machine Learning Group at Mozilla.

    I’m excited to announce the initial release of Mozilla’s open source speech recognition model that has an accuracy approaching what humans can perceive when listening to the same recordings. We are also releasing the world’s second largest publicly available voice dataset, which was contributed to by nearly 20,000 people globally.

    #reconnaissance_vocale #logiciels_libres #Mozilla

  • The Pentagon is set to make a big push toward open source software next year - The Verge
    https://www.theverge.com/2017/11/14/16649042/pentagon-department-of-defense-open-source-software

    Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process.

    Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.

    “How would the Trojans have reacted if the Horse statue the Greeks gave them was made of glass and they could see right through it? They would have seen the malicious implants and removed them before letting the statue into their enterprise,” says Bob Gourley, co-founder of the security consultancy firm Cognitio and former chief technology officer of the Defense Intelligence Agency. “That is my key thought about open-source software. Everyone can examine the code and look for and remove vulnerabilities before they are brought into the enterprise.”

    #Logiciels_libres #Ministère_Défense #USA

  • Open Letter - Public Money, Public Code
    https://publiccode.eu/openletter

    Un pétition intéressante pour tous les libristes... et une revendication simple et évidente.

    Publicly funded software has to be Free and Open Source Software. While there are plenty of good reasons for this, many politicians don’t know about them yet.

    Free Software gives everybody the right to use, study, share and improve software. This right helps support other fundamental freedoms like freedom of speech, press and privacy.

    This is where you can help! Sign the open letter to give our message more weight. 5825 people and 36 organisations have already signed. We will hand over the letter and signatures to your representatives and make sure that they understand that: Public Money? Public Code!

    Public Money? Public Code!

    Digital services offered and used by our public administrations are the critical infrastructure of 21st century democratic nations. In order to establish trustworthy systems, public bodies must ensure they have full control over the software and the computer systems at the core of our state digital infrastructure. However, right now, this is rarely the case due to restrictive software licences that:

    Forbid sharing and exchanging publicly funded code. This prevents cooperation between public administrations and hinders further development.
    Support monopolies by hindering competition. As a result, many administrations become dependent on a handful of companies.
    Pose a threat to the security of our digital infrastructure by forbidding access to the source code. This makes fixing backdoors and security holes extremely difficult, if not completely impossible.

    We need software that fosters the sharing of good ideas and solutions. Like this we will be able to improve IT services for people all over Europe. We need software that guarantees freedom of choice, access, and competition. We need software that helps public administrations regain full control of their critical digital infrastructure, allowing them to become and remain independent from a handful of companies. That is why we call our representatives to support Free and Open Source Software in public administrations, because:

    Free and Open Source Software is a modern public good that allows everybody to freely use, study, share and improve applications we use on a daily basis.
    Free and Open Source Software licences provide safeguards against being locked in to services from specific companies that use restrictive licences to hinder competition.
    Free and Open Source Software ensures that the source code is accessible so that backdoors and security holes can be fixed without depending on one service provider.

    Public bodies are financed through taxes. They must make sure they spend funds in the most efficient way possible. If it is public money, it should be public code as well!

    That is why we, the undersigned, call our representatives to:

    “Implement legislation requiring that publicly financed software developed for public sector must be made publicly available under a Free and Open Source Software licence.”

    #Logiciels_libres #Législation #Services_publics

  • Quels sont les logiciels libres que l’État conseille en 2017 ? - Tech - Numerama
    http://www.numerama.com/tech/244219-quels-sont-les-logiciels-libres-que-letat-conseille-en-2017.html
    http://www.numerama.com/content/uploads/2017/03/SILL-2017-socle-interminist%C3%A9riel-logiciels-libres_0.pdf

    Le socle interministériel de logiciels libres a été mis à jour. Cette liste, publiée depuis 2012, regroupe les logiciels libres que l’État recommande. Elle inclut des programmes généralistes mais aussi des solutions bien plus pointues.

    #logiciels_libres
    #xyzaeiou

  • L’April a 20 ans, et toutes ses dents pour défendre le logiciel libre - ZDNet
    http://www.zdnet.fr/blogs/l-esprit-libre/l-april-a-20-ans-et-toutes-ses-dents-pour-defendre-le-logiciel-libre-39848430.

    Qu’est-ce qui a changé pour l’April en 20 ans ?

    Il y a eu un virage : avant 2000, notre but était de démocratiser et faire connaître l’informatique libre. Au début des années 2000, nous avons découvert des adversaires, et des menaces comme les brevets logiciels. Ça nous a obligé à augmenter nos activités en défense et pas seulement en promotion du Libre.

    Autre changement, radical : quand nous avons commencé, il n’y avait pas de Google ni de Facebook, et très peu de téléphones mobiles. Et la question de la surveillance par des entreprises privées et par les Etats n’était pas aussi sensible qu’elle l’est devenue.

    Quels sont les prochains chantiers pour l’association, pour les 2-3 ans à venir (on laissera les 20 ans à la science-fiction) ?

    Il y a évidemment l’agenda politique entre autres, nous allons bien sûr interpeller les candidats. Il faut saisir toutes les occasions possibles de distiller du logiciel libre. C’est ce que nous venons de faire en demandant que les outils de consultation publique en ligne soient basés sur des logiciels libres.

    Dans l’esprit de la campagne Dégooglisons Internet, nous avons rejoint le projet CHATONS (Collectif des Hébergeurs Alternatifs, Transparents, Ouverts, Neutres et Solidaires) initié par Framasoft, et nous allons mettre en place un Chaton April, proposant différents services en ligne, libres et loyaux.

    On va aussi continuer de sensibiliser le public avec de nouveaux outils de sensibilisation, un possible projet d’émission de radio récurrente avec Libre à Toi, en allant à la rencontre de publics très différents et pas forcément convaincus.

    Et puis encore, il y a la directive européenne sur le droit d’auteur qui arrive en révision ; nous ne sommes pas en première ligne, mais on va surveiller et participer. Les liens entre Microsoft et l’État, c’est bien sûr quelque chose que nous n’allons pas lâcher. Deux nouvelles questions parlementaires, à l’Assemblée et au Sénat, ont d’ailleurs été posées, suite à Cash Investigation, sur le contrat avec le ministère de la Défense – qui vient de répondre à l’une, en expliquant qu’il y aurait un bilan risque-opportunités, dont nous avons demandé la communication au titre de la loi Cada.

    Nous n’allons pas manquer d’activités dans les prochaines années. Il reste beaucoup de travail à accomplir pour faire du monde informatique un endroit où il fait bon vivre.

    #logiciels_libres #april

  • just for the record
    http://www.radiopanik.org/emissions/les-promesses-de-l-aube/just-for-the-record

    On estime la contribution sur Wikipedia non représentative de la population. Environs 90% des contributeurs sont des hommes, blanc, d’une trentaine d’année. L’histoire se répète alors quant à l’écriture de l’Histoire et le partage des savoirs.

    Just For The Record est un projet questionnant la représentation des genres dans les nouveaux médias et les outils d’écriture/de partage du savoir tels que Wikipédia, et l’influence de cette représentation sur l’écriture de l’histoire et du savoir.

    Pour approcher ces questions et encourager plus de diversité en ligne, Just For The Record propose une série de rencontres thématiques à partir de janvier 2016, avec des invité·e·s, des présentations et des sessions d’édition collectives sur Wikipedia.

    Les ateliers sont mixtes. (...)

    #wikiperia #feminisme #genre #logiciels_libres #histoire
    http://www.radiopanik.org/media/sounds/les-promesses-de-l-aube/just-for-the-record_03211__1.mp3