'Open Source Creators: Red Hat Got $34 Billion and You Got $0. Here's Why.' (tidelift.com) 236
And just like you don't have time to sell to large companies, they don't have time to buy from you alongside a thousand other open source creators, one at a time. Sure, big companies know how to install and use your software. (And good news! They already do.) But they can't afford to put each of 1100 npm packages through a procurement process that costs $20k per iteration. Red Hat solved this problem for one corner of open source by collecting 2,000+ open source projects together, adding assurances on top, and selling it as one subscription product. That worked for them, to the tune of billions. But did you get paid for your contributions?
Why Jupyter is Data Scientists' Computational Notebook of Choice (nature.com) 58
[...] For data scientists, Jupyter has emerged as a de facto standard, says Lorena Barba, a mechanical and aeronautical engineer at George Washington University in Washington DC. Mario Juric, an astronomer at the University of Washington in Seattle who coordinates the LSST's data-management team, says: "I've never seen any migration this fast. It's just amazing." Computational notebooks are essentially laboratory notebooks for scientific computing. Instead of pasting, say, DNA gels alongside lab protocols, researchers embed code, data and text to document their computational methods. The result, says Jupyter co-creator Brian Granger at California Polytechnic State University in San Luis Obispo, is a "computational narrative" -- a document that allows researchers to supplement their code and data with analysis, hypotheses and conjecture. For data scientists, that format can drive exploration.
Twelve Malicious Python Libraries Found and Removed From PyPI (zdnet.com) 36
Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named "colourama," was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.
54 users downloaded that package -- although all 12 malicious packages have since been taken down.
Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.
With Few US Students Taking CS Classes, Code.org 'Scales Back' Funding For CS Education (acm.org) 162
But is anyone taking the classes? Slashdot reader theodp quotes a Communications of the ACM post by University of Michigan professor Mark Guzdial: In 2013, Code.org began, and they changed the face of CS education in the United States . It started out as just a video (linked here, seen over 14 million times), and grew into an organization that created and provided curriculum, offered teacher professional development, and worked with states and districts around public policy initiatives. A recent report from Code.org showed that 44 states have enacted public policies to promote computing education in the five years from 2013 to 2018, and much of that happened through Code.org's influence....
Now, Code.org has announced that they are starting to scale back their funding, which begins a multi-year transition to shift the burden of paying for teacher professional development to the local regions.... The only question is whether it's too soon. Will local regions step up and demonstrate that they value computer science by paying for it...? I'd guess that many states have between 40% and 70% of their high schools now offering computer science. However, even though many schools offer computer science, there are still few students taking computer science.
Indiana reported that only 0.4% of Indiana high school students had enrolled in their most popular course. Meanwhile in one region in Texas, 54 of 159 high schools offer computer science, yet only 2.3% of their students have ever taken a computer science class. But of course, there's another issue.
"If Code.org (or NSF or Google) are paying for all the development of CS teachers, then the districts don't get to say, 'In our community we care about this and we care less about that.' The U.S. education system is organized around the local regions calling the shots, setting the priorities, and deciding what they want teachers to teach."
Microsoft Closes Its $7.5 Billion Purchase of GitHub (techcrunch.com) 87
"We will always support developers in their choice of any language, license, tool, platform, or cloud," he writes, noting that there will be more tools to come. "We will continue to build tasteful, snappy, polished tools that developers love," he added.
190 Universities Launch 600 Free Online Courses 82
In the past four months alone, 190 universities have announced 600 such free online courses. I've compiled a list of them and categorized them according to the following subjects: Computer Science, Mathematics, Programming, Data Science, Humanities, Social Sciences, Education & Teaching, Health & Medicine, Business, Personal Development, Engineering, Art & Design, and finally Science. The full list is available in the report. If you need help signing up, there's a report for that too.
IBM Open Sources Mac@IBM Code (9to5mac.com) 91
Back in 2015, IBM discussed how it went from zero to 30,000 Macs in six months. In 2016, IBM said Apple products were cheaper to manage when you looked at the entire life cycle: "IBM is saving a minimum of $265 (up to $535 depending on model) per Mac compared to a PC, over a 4-year lifespan. While the upfront workstation investment is lower for PCs, the residual value for Mac is higher The program's success has improved IBM's ability to attract and retain top talent -- a key advantage in today's competitive market."
Amazon's Move Off Oracle Caused Prime Day Outage in One of its Biggest Warehouses, Internal Report Says (cnbc.com) 130
SQLite Adopts 'Monastic' Code of Conduct (sqlite.org) 653
Having been encouraged by clients to adopt a written code of conduct, the SQLite developers elected to govern their interactions with each other, with their clients, and with the larger SQLite user community in accordance with the "instruments of good works" from chapter 4 of The Rule of St. Benedict. This code of conduct has proven its mettle in thousands of diverse communities for over 1,500 years, and has served as a baseline for many civil law codes since the time of Charlemagne.
Not everyone has found SQLite's attempt informative or funny (though many did). A developer wrote, for instance, "So is the SQLite CoC thing a joke or not? If it's not a joke, f*ck this. If it is a joke, that's even worse. Your CoC should be taken seriously." A security researcher, chimed in, "This sort of stunt will make actual code of conduct discussions harder. It's not funny, helpful, or wise."
GitHub's Website Remains Broken After a Data Storage System Failed Earlier Today (theregister.co.uk) 66
As PHP Group Patches High-Risk Bugs, 62% of Sites Still Use PHP 5 (threatpost.com) 112
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.
So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."
Researchers Secretly Deployed A Bot That Submitted Bug-Fixing Pull Requests (medium.com) 87
It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts.
Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot."
The researchers proudly published the approving comments on their merged patches -- although a conundrum arose when repairnator submitted a patch for Eclipse Ditto, only to be told that "We can only accept pull-requests which come from users who signed the Eclipse Foundation Contributor License Agreement."
"We were puzzled because a bot cannot physically or morally sign a license agreement and is probably not entitled to do so. Who owns the intellectual property and responsibility of a bot contribution: the robot operator, the bot implementer or the repair algorithm designer?"
GitHub Launches 'Actions' -- Code That Can Be Run (and Maybe Monetized) (techcrunch.com) 39
This is a big deal for GitHub. Indeed, Sam Lambert, GitHub's head of platform, described it to me as "the biggest shift we've had in the history of GitHub... I see Continuous Integration/Continuous Delivery as one narrow use case of actions. It's so, so much more," Lambert stressed. "And I think it's going to revolutionize DevOps because people are now going to build best in breed deployment workflows for specific applications and frameworks, and those become the de facto standard shared on GitHub... It's going to do everything we did for open source again for the DevOps space and for all those different parts of that workflow ecosystem...."
Over time -- and Lambert seemed to be in favor of this -- GitHub could also allow developers to sell their workflows and Actions through the GitHub marketplace. For now, that's not an option, but it it's definitely that's something the company has been thinking about. Lambert also noted that this could be a way for open source developers who don't want to build an enterprise version of their tools (and the sales force that goes with that) to monetize their efforts.
Ask Slashdot: Should Open-Source Developer Teams Hire Professional UI/UX Designers? 249
MongoDB Switches Up Its Open-Source License (techcrunch.com) 141
So while the SSPL isn't all that different from the GNU GPLv3, with all the usual freedoms to use, modify and redistribute the code (and virtually the same language), the SSPL explicitly states that anybody who wants to offer MongoDB as a service -- or really any other software that uses this license -- needs to either get a commercial license or open source the service to give back the community. "The market is increasingly consuming software as a service, creating an incredible opportunity to foster a new wave of great open source server-side software. Unfortunately, once an open source project becomes interesting, it is too easy for cloud vendors who have not developed the software to capture all of the value but contribute nothing back to the community," said Eliot Horowitz, the CTO and co-founder of MongoDB, in a statement. "We have greatly contributed to -- and benefited from -- open source and we are in a unique position to lead on an issue impacting many organizations. We hope this will help inspire more projects and protect open source innovation."
Magic Leap Expands Shipments of Its AR Headset To 48 US States (techcrunch.com) 23
The Breach That Killed Google+ Wasn't a Breach At All (theverge.com) 75
The bigger problem for Google isn't the crime, but the cover-up. The vulnerability was fixed in March, but Google didn't come clean until seven months later when The Wall Street Journal got hold of some of the memos discussing the bug. [...] Part of the disconnect comes from the fact that, legally, Google is in the clear. There are lots of laws about reporting breaches -- primarily the GDPR but also a string of state-level bills -- but by that standard, what happened to Google+ wasn't technically a breach. Those laws are concerned with unauthorized access to user information, codifying the basic idea that if someone steals your credit card or phone number, you have a right to know about it. But Google just found that data was available to developers, not that any data was actually taken. With no clear data stolen, Google had no legal reporting requirements. As far as the lawyers were concerned, it wasn't a breach, and quietly fixing the problem was good enough.
Internet Archive Launches a Commodore 64 Emulator (hardocp.com) 77
Economics Nobel Laureate Paul Romer Is a Python Programming Convert (qz.com) 106
Instead of using Mathematica, Romer discovered that he could use a Jupyter notebook for sharing his research. Jupyter notebooks are web applications that allow programmers and researchers to share documents that include code, charts, equations, and data. Jupyter notebooks allow for code written in dozens of programming languages. For his research, Romer used Python -- the most popular language for data science and statistics. Importantly, unlike notebooks made from Mathematica, Jupyter notebooks are open source, which means that anyone can look at all of the code that created them. This allows for truly transparent research. In a compelling story for The Atlantic, James Somers argued that Jupyter notebooks may replace the traditional research paper typically shared as a PDF.