1. 13

    A good reminder of the worst case scenario of copyright assignment to an open source project. Money received by (most) contributors for their time, effort, and source code to Ansible: $0.

    1. 5

      I think this is short of worst case, because Red Hat plans to maintain it as open-source software. In fact they seem to be indicating that they’ll open-source even more than was the case previously. They don’t commit to a timeline, but they suggest that Ansible Tower will probably be open sourced.

      The worst case is more like Oracle buying the project and taking the whole thing proprietary. You can make a project a bit more resistant to that by 1) using a copyleft license; and 2) not requiring copyright assignment all to one party. Then an acquirer would have to acquire rights to or remove all the third-party code before taking it proprietary.

      1. 4

        Has there ever been a situation like this where copyright wasn’t assigned and the umbrella company actually rewarded contributors with anything (either to get copyright assignment or just as a thank you)?

        1. 5

          Not really comparable, but in the late 90’s Red Hat was giving out or selling a lot of pre-IPO stock to significant open source contributors who were not employees (Linus, etc). Of course, that was the late 90’s.

          1. 3

            Even in some cases when copyright/ip is assigned in a sloppy manner they will clean up with major contributors with cash prior to a sale or IPO. Many smaller shops copy-paste other companies copyright agreements and they often have unforeseen issues due to location or corporation type and they have to clean it up. I was on the receiving end of one of those checks, and it was a nice little bonus for just reasserting what I had already agreed to (in spirit at least).

          2. 1

            Does Ansible require copyright assignment?

            1. 1

              They do (bottom of the page). I couldn’t find if there’s a more elaborate text in a 5-minute search.

              http://docs.ansible.com/ansible/community.html#contributors-license-agreement

              1. 2

                That doesn’t look like copyright assignment…

                For reference: “By contributing you agree that these contributions are your own (or approved by your employer) and you grant a full, complete, irrevocable copyright license to all users and developers of the project, present and future, pursuant to the license of the project.”

          1. 5

            Hi, Lobste.rs! Founder here (on my 2nd “startup”).

            I strongly believe in the need for private communication, especially in the context of doctors-patients, clients-lawyers or sources-journalists.

            PGP has done a great job of allowing private communication between two parties, but it places a heavy burden on both the sender and the recipient. Often though, the person who needs to send the private communication is less tech-savvy than the recipient. Private Forms removes the burden from the sender, and places it squarely on the recipient.

            With Private Forms (https://privateforms.com) you can create an embeddable web form (with custom fields) that encrypts messages client-side, before being sent to the server (and emailed to the recipient). These messages are encrypted using the recipient’s PGP public key, which can only be decrypted using their private key—this way, not even we can view the form submissions. We can help less technical users by generating a keypair for them (again, client-side), or they can upload their own public keys.

            Recipients can view form submissions on the web (using their private key, which is never transmitted to our server), or via their own email client that supports PGP decryption.

            This is very much a MVP, with regards to the interface and the number of features, but I wanted to get this out in front of as many people as possible!

            1. 2

              What prevents an attacker from injecting code into the page to scoop data on the client side before it’s encrypted?

              If the answer is ‘https’, what security benefit does this scheme give over https with no client-side encryption?

              1. 2

                “https” is the answer you’re looking for!

                Beyond that, it gives an extra layer of security, in that the host (me) can’t read it, and that the data is never unencrypted, at rest.

                1. 4

                  The problem is that you can read it: all you need to do is inject JS to extract the message. The users have to trust you not to do this, but in that case they can just trust you not to look at the messages.

                  Similarly, an attacker who can break TLS can do the same thing, so this provides no additional security layer beyond TLS…

            1. 8

              This week, I’m actually taking off from my regular contract work that involves emscripten. I have guests visiting from the US and I’m playing host. (Just got to spend 2 days by the beach…) One of the guests is Brian Rice who used to work on his Slate language, among other things. It is nice to have someone around to discuss things like safepoint implementation with while relaxing under a sea almond tree!

              In Dylan land, I’ve been keeping busy.

              • I started a plugin for Dylan support in Visual Studio Code.
              • I found that we have a sub-optimal implementation of symbol equality in the Dylan run-time and did some initial work to suss out whether or not this matters.
              • When I was looking into something else, @pkhuong noticed that we could emit more optimal code for stripping an integer of its tag. This lets LLVM and Clang at least produce better machine code.
              • I added support to our compiler’s build system to support building C++ sources. We already had support for building C sources into a library, but this is a useful extension.
              • After being able to build C++ sources, I started work on an LLDB-based debugger backend for our debugging infrastructure. This is just a toy / experiment at the moment as I’m pretty happy with just using LLDB directly with Dylan.
              • I got bored the other night and hacked on our bindings generator, melange where I had a test case for poor performance. I took that from taking 20 seconds to 1.5 or so on my laptop.
              • A bunch of other random stuff here and there.

              I decided about a month ago to step up the pace on my Github streak, so I now try to do 4 GitHub contributions / day. This is pretty useful for me because it encourages me to fix some minor things along with the major tasks that I’m working on.

              I also bought a whole beef tenderloin (about 2.5kg), so I’m looking forward to cooking portions of that. I have no idea what I’ll make though yet.

              1. 2

                A nice break is always welcome!

                Myself, I’ve neglected my side projects for the past week (and likely this week, if today is a sign of how the week is going to go at the 9-5). Headed to the beach next week too, hoping to come back refreshed!

              1. 5

                And not just projects that use older technology, but projects that are ABOUT older technology, like http://artpacks.org or the Internet Archive’s efforts with their Internet Arcade https://archive.org/details/internetarcade

                1. 2

                  Definitely a good addition. Do you think “using older tech in a modern way to use older tech” includes that?

                  1. 3

                    If that wording is actually going to be written somewhere (do we have a directory of extant tags?), I would suggest changing “to use” to “for the sake of using”. It’s clearer to me.

                    1. 2

                      I knew it was off somehow. I kind of was thinking of the filters page when I was trying to get a concise description.

                      Edit: fix mobile auto correct space between ] and (

                      1. 3

                        Ah, indeed. Thanks. :) I haven’t used that page because I prefer to see everything that’s being discussed, although they’re not all to my interest. But I’m glad to know about it.

                1. 3

                  With Jazz Fest and friends/family visiting, I’m going to have much less time to work on side projects. That said, I’m going to make it a priority to get the last screen all laid out for my game. Once the final screen is designed/laid out, then it’s time to polish the game content, and then push it live!

                  Oh, also starting to generate social media posts for marketing .

                  1. 1

                    Hm, which jazz fest is that? We have a pretty big one here in Montréal, but not for a couple more months.

                    1. 1

                      New Orleans. Don’t take the name too literally, though. ;) http://www.nojazzfest.com/

                  1. 10

                    $SCHOOL

                    • Test this week, two projects due next week, the usual. I hate C because it isn’t Rust and working with legacy C that needs old versions of GCC to compile hence defeating modern CLANG based tooling makes my life in operating systems a real joy. At least my programming partner is awesome.

                    !$SCHOOL

                    • Last week I dropped another large batch of changes to Grimoire, the Clojure documentation site I run.
                      • Grimoire was originally built op a static site generator (Jekyll) which turned out to be a feature for simplicity of rolling the original site but resulted in a lot of technical debt as I replaced Jekyll with a all Clojure/JVM web stack. Foremost, Jekyll won’t serve files with weird names like “-” and “?” let alone “.” which is totally reasonable from a URL encoding point of view but gets in the way when you have symbols like clojure.core/. or clojure.core/.. forget clojure.core/some?. Rather than use URL encoding, at the time I opted to use a custom munge function which has caused me no end of pain. Last weeks changes finally killed off the old munging function internally at least so Grimoire is now entirely URL encoding driven.
                      • As a static site system, Grimoire used to feature user edits via pull request in Github because that’s how I was editing it. Thanks in part to the new fixed URL encoding stuff I was finally able to expose the still filesystem backed data store to user edits and add editing URLs back in for all examples and notes. Links to add examples and notes are a point of work, as is making the edit links not look like trash.
                    • lib-grimoire now supports the above URL encoding changes, and features an addition, grimoire.api.web/make-html-url which allows clients like CIDER and the Clojure Cheatsheet to do away with all the manual URL forging nonsense and instead use a fixed API invocation to get links to Grimoire content.
                    • guten-tag got refactored out of my bits and bats library into its own package. Guten-tag tries to make smart constructors and value tag dispatch ala MLs fit more nicely into the existing Clojure ecosystem and I think manages it fairly well. I’ve been quite pleased with the case analysis code it has enabled me to write using pattern matching.

                    This week I’m in maintinance mode. Looking at my github profile, I clearly exhibit a burn out and come back workflow. I’m trying to transition to a “5 commits a day” ceiling and hold myself to a commit a day. Incremental progress, not 72 commit days once every two weeks or so. I need to address compat issues with Grimoire, deal with trash URLs, add a real test suite to Grimoire propper, extend and harden the lib-grimoire test suite, and try to get more UI sketches of the next Grimoire version together.

                    question for the room: what todo list and note tracking software do you use? I’ve been a die hard org-mode user for a while now, but the lack of a good mobile frontend for that stack and professors who don’t allow computers in class is really killing me.

                    1. 2

                      A course that makes you write in legacy old-gcc C? I both do and don’t want to know more about what you mean there… OK, mostly don’t - but I feel your pain.

                      WRT todo list, I used Org for a long time too, but had the same problems with MobileOrg, it’s not great. Manual syncing is a pain. I’ve settled on a todo.txt in Dropbox and the todotxt iphone app from http://todotxt.com/, along with some extra scripts to implement a GTD-style daily/weekly review that I wrote. This works well because I spend most of the day at a computer and only need to occasionally refer to the ios app. If I was on the go more (e.g. a student) I might be less happy with it.

                      I’ve been using Evernote for notes, but I don’t use it much. I don’t take as many notes as I used to.

                      1. 1

                        yeah there’s a comment in the Makefile.config somewhere to the effect of #fixme: will only compile with GCC pre X.Y.Z. The TAs grade using the unmodified Makefiles so there’s no point in rewriting the entire Make system to use CLANG although I really wish I could just so irony-mode would work.

                        I used todotxt for a while, dropped it for Org and then threw some stuff back on that list via the app in class this morning. I’ll check out your scripts thanks for the link. Evernote has been on my radar for a while but I can’t say I’ve given it a honest try, Emacs has done lasting damage to my ability and willingness to use webapps.

                        1. 1

                          Oh right, makefiles. Yeah, the only way out is through…

                          I’m honestly not sure I’d recommend evernote. If I was still taking notes often I would probably still be using paper notebooks. Anything else just engages the yak shaving parts of my brain and makes it hard to learn. AFAICT this is still an unsolved problem, especially if you’re inclined to free software or emacs damaged/spoiled (as I am too)…

                          1. 3

                            If I was still taking notes often I would probably still be using paper notebooks. Anything else just engages the yak shaving parts of my brain and makes it hard to learn.

                            I relate, completely. What I do is take notes on paper, then photograph them to save them into Evernote.

                      2. 1

                        I’ve started using HabitRPG to track my todo lists. From what you’ve said, it doesn’t particurlaly closely aligned to your use case, but it’s worth a look!

                        1. 1

                          Do you think you have bad writing old C? A different department on my uni has a mandatry course that requires students to write software for following three systems: HP-UX B.10.20; Linux 2.2.19 (hw: AMD Am5x86-WB; 48 MB RAM); and SunOS 5.8 with 2cupu sparc.

                          1. 1

                            That doesn’t sound bad at all. SunOS 5.8 is just Solaris 8. HP-UX 10.20 was pretty horrible, but a great lesson in how different a Unix could be.

                        1. 9

                          Also, if you want to start your own there’s x84, which is a modern, python-based telnet and SSH BBS server: https://github.com/jquast/x84

                          1. 6

                            For anyone who’s interested in BBS ANSI and ASCII art, including a lot of screens for BBS interfaces, check out http://artpacks.org

                            There was a new ANSI pack released today, actually!