Recently, I was in a discussion about making contributions to open source projects. One person said it would be nice if their employer gave each employee a budget that could be directed to open source projects at the employee’s discretion. The idea is that it would be a way for employees to support the specific projects that make their jobs or lives better. Another person said “isn’t it better to contribute” code to the project?
No, it is not. Even in software companies, a large percentage of employees lack the skills necessary to make meaningful code contributions to projects. Even when you consider (the very valuable) non-code contributions like documentation, testing, graphic design, et cetera. Money is quicker and easier.
Money gives the project maintainers to put it where they need it. They could buy test hardware, pay for web hosting, hire a contractor, buy themselves a nice cup of coffee. Whatever. This is the same reason charities prefer money over goods for disaster relief donations.
Of course, money isn’t perfect either. Not all projects are equipped to accept financial donations. Even if there’s a way to route money to them, they may not want to deal with tax implications. Loosely-governed projects may not have a good mechanism for deciding how to spend the money. Money can make relationships go south in a hurry.
If you’re a company looking for ways to let employees support the open source projects that they depend on, I advocate the “¿por que no los dos?” approach. Give your employees time to contribute effort in whatever way they’re able. But also give them a pool of money to sprinkle on the projects that provide value to your company.
A couple of friends independently directed me to a recent forecast discussion from Peachtree (Atlanta). Forecaster Kyle Thiem embraced his inner poet when he wrote the long-term discussion entirely in haiku. (Full disclosure: I didn’t count syllables to verify.) The discussion is now forever enshrined in the Forecast Discussion Hall of Fame.
It isn’t, but I thought that made for a good title. You have probably heard about GitHub Copilot, the new AI-driven pair programming buddy. Copilot is trained on a wealth of publicly-available code, including code under copyleft licenses like the GPL. This has lead many people to question the legality of using Copilot. Does code developed with it require a copyleft license?
The legal parts
Reminder: I am not a lawyer.
No. While I’d love to see the argument play out in court, I don’t think it’s an issue. For as much as I criticize how we apply AI in society, I don’t think this is an illegal case. In the same way that the book I’m writing on program management isn’t a derivative work of all of the books and articles I’ve read over the years, Copilot-produced code isn’t a derivative work either.
“But, Ben,” you say. “What about the cases where machine learning models have produce verbatim snippets from code?” In those cases, I doubt the snippets rise to the level of copyrightability on their own. It’d be one thing to reproduce a dozen-line function. But even giving two or three lines…eh.
The part where verbatim reproduction gets interesting is by leaking secrets. I’ve seen anecdotal tales of Copilot helpfully suggesting private keys. This is either: Copilot producing strings that are gibberish because it expects gibberish or Copilot producing a string that someone accidentally checked into a repo. The latter seems more likely. And it’s not a licensing concern at that point. I’m not sure it’s any legal concern at all. But it’s a concern to the owner of the secret if that information gets out into the wild.
The community parts
But being legally permissible doesn’t mean Copilot is acceptable to the community. It certainly feels like it’s a two-trillion dollar company (Microsoft, the parent of GitHub) taking advantage of individual and small-team developers—people who are generally under-resourced. I can’t argue with that. I understand why people would find it gross, even if it’s legal. Of course, open source licenses by nature often permit behavior we don’t like.
Pair programming works well, or so I’m told. If a service like Copilot can be that second pair of eyes sometimes, then it will have a net benefit for open and proprietary code alike. In the right context, I think it’s a good idea. The execution needs some refinement. It would be good to see GitHub proactively address the concerns of the community in services like this. I don’t think Copilot is necessarily the best solution, but it’s a starting point.
[Full disclosure: I own a limited number of Microsoft shares.]
At the end of June, the Lafayette (Indiana) School Corporation sent parents its 2021-2022 school year COVID-19 plan. After a reasonable approach to 2020-2021, I’m disappointed with this plan. This plan seems to embrace the “pandemic’s over!” mentality. The pandemic, of course, is not over.
The pandemic is particularly not over for children under 12, who are not yet eligible for vaccines. LSC, being a K-12 school district, has roughly half of their students ineligible for vaccination. Thankfully, the effects on children have largely been minor-to-none, but there’s no guarantee that this will continue to be the case as new variants develop. In addition, students may live with adults who cannot get vaccinated or have compromised immune systems.
The district dropped the mask requirement on July 1, regardless of vaccination status. And vaccination is not required. I hope that changes when the vaccines receive full (not emergency use) approval from the FDA. I am not optimistic it will. Masks will still be required on buses.
The district says “Social Distancing will be a high priority.” But how? When ~20 percent of students were e-learning, this allowed for additional spacing. Now that all of the students will be back in the building, this is going to be very difficult. I doubt that the district has overhauled the ventilation systems in schools, and with no mask mandate, I expect we’ll see a lot more transmission in the schools.
An e-learning option will be available but only if a doctor says it’s “in the student’s best medical interest” and the school administration approves. This offends me. If a doctor makes a medical decision, who are the school administrators to say otherwise? I wouldn’t go to my kids’ pediatrician to override the curriculum.
The state legislature has been remarkably stupid in response to the pandemic. I suspect the school district is just trying to avoid the wrath of the legislators and Attorney General. Unfortunately, they’re doing it by giving up on any meaningful protection of the students.
Microsoft’s announcement of the hardware requirements for Windows 11 caused quite a stir recently. In particular, the TPM 2.0 and processor requirements exclude a lot of perfectly-usable hardware. I’ve heard folks in the Linux community say this could be an opportunity for Linux to make inroads on the consumer desktop. I disagree.
In free/open source software, we have a tendency to assume that other people care about what we care about. That’s why our outreach efforts often fall flat. As I wrote in February: If we want to get the general public on board, we have to convince them in terms that make sense to their values and concerns, not ours.
The idea that Windows 11 will be a benefit for Linux is founded on the idea that people care what operating system they’re running. They’ll want to upgrade to Windows 11, the thinking goes, but realize they can’t. So this is an opportunity for them to try Linux instead.
The logic is sound, but the premise is flawed. The average user does not care—or maybe even know!—what operating system they have. They care about what the computer does, not what it is. They’ll keep using it until Microsoft drops support for the OS…and then they’ll keep using it well beyond that. That’s why Windows XP had a greater install base in August 2020 (6+ years after support ended) than Windows 8. It’s why Fedora Linux 20 machines still show in repo data a dozen releases later. And it’s not just consumer devices. EPEL 5 still had plenty of activity long after RHEL 5 reached end of life.
For most people, the way they upgrade their operating system these days is by buying a new computer. So it never matters to them if their current computer can run the new version.
Do I like this move by Microsoft? No. I also didn’t like it when Fedora considered changing the CPU baseline last year. Thankfully, the community agreed that it was not the right decision. But whether I like it or not, I don’t expect that it will provide any meaningful boost in Linux desktop adoption.
We’ll have to find other ways to make inroads. Ways that resonate with how people use their computers.
On Friday, I was looking at the radar and I thought “gee, that storm a few miles away from me looks like it might have a little bit of rotation.” I talked myself out of it. This means, of course, that it produced two tornadoes an 18 minute drive from my house. On Saturday when I saw some storms getting their spin on in central Illinois, I refused to be fooled again. So I woke my girlfriend from a nap and we got in the car heading toward Paxton.
As we pulled into Hoopeston, I had a choice to make. There were some cells popping up from Paxton to Mahomet that looked interesting but not particularly spinny. The main squall line was meh except further north. I had to pick an option. My risks were basically “nothing happens” to the south or “stuff happens but you can’t see it” to the north. Given the choices, I decided to engage to the south.
We turned down IL 1 toward Rossville. I figured we’d cut west from there to get under the storms. Unfortunately, the storms were speeding up, and I quickly decided that staying near IL 9 was the better option. We took a county road back north and made it all the way to IL 9 when we encountered a flooded roadway. With John Fausett in mind, we turned around (and didn’t drown) after driving about half a mile in reverse. We picked the next county road west and went north.
The storm was near Rankin at this point and it seemed to be showing some signs of rotation. We stopped to watch it for a few minutes and saw some lowerings, but there was no spinning.
After a few minutes, it was time to reposition again. The storm had become uninteresting, so I decided to follow it’s friend slightly to the south. From our position looking southwest, it looked pretty nice.
We dropped south a bit to meet it and then followed east and a little north to watch it further. At that point, we were a little east of Wellington. The lowering maybe showed a little bit of weak rotation, but it was never obvious. After a few minutes, it became an mess.
These storms were basically done (although there was a report of a funnel cloud near Earl Park, IN later). There were some tornado warnings in the line near Villa Grove. After driving through near-zero visibility on the east side of Hoopeston, we went south on IL 1 for a little bit. But after a few minutes, the line looked less interesting and it didn’t seem worth staying out for. Also, the bag of Combos that I ate was not a reasonable dinner.
We managed to beat the line back to Lafayette by 5-10 minutes. For an unplanned chase, I’m okay with how this turned out. I feel like the decisions I made were reasonable, which was not a given considering I haven’t seriously chased in ten-plus years. Missing a photogenic tornado minutes from my house still stings, but I feel good about doing this again in the future.
My friend sysadm1138 recently wrote a post titled “managers are more important than company culture.” I don’t disagree with anything she wrote, but I wanted to “yes, and” on it a bit. An employee’s immediate supervisor has the most impact their experience. This is true for everyone, but particularly for underindexed folks. But I would go on to say that managers are a reflection of the corporate culture.
I’ll grant that some people are better managers than others (indeed, some people are better people than others). Well-intentioned managers can still result in hostile and damaging work environments. But just as actions speak louder than words, the behavior of an organizations management at all layers is a more accurate reflection of corporate culture than anything else.
Even if 99 out of 100 managers are terrific, that one bad manager can taint the whole culture. If the organization doesn’t improve or remove harmful managers, then the culture is clear. Similarly, if the organization doesn’t enable and support employees identifying harmful managers, that says volumes about the culture.
This isn’t to say that you should only work at companies that have perfect management. I doubt any such place exists. But you should be aware of what the bad managers say about your culture. Corporate cultures, as expressed in words, are always aspirational. And when something is aspirational, you expect to fall short of it. Probably frequently. The question is how short do you fall? And what are you doing about it?
I recently had a discussion with Luboš Kocman of openSUSE about how distros can monitor their “freshness”. In other words: how close is a distro to upstream? From our perspectives, it’s helpful to know which packages are significantly behind their upstreams. These packages represent areas that might need attention, whether that be a gentle nudge to the maintainer or recruiting additional volunteers from the community.
The challenge is that freshness can mean different things. The Repology project monitors a large number of distributions and upstreams to report on the status. But simply comparing the upstream version number to the packaged version number ignores a lot of very important context.
Updating to the latest upstream version as soon as it comes out is the most obvious definition of “fresh”, but it’s not always the best. Rolling releases (and their users) probably want that. In Fedora, policy is to not do “major updates” within a release. Many other release-oriented distributions have a similar policy, with varying degrees of “major”. Enterprise distributions add another wrinkle: they’ll backport security fixes (and sometimes key features), so the difference in version number doesn’t necessarily tell you what’s missing.
Of course, the upstream’s version number doesn’t necessarily tell you much. Semantic versioning is great, but not everyone uses it. And not everyone that uses it uses it well. If a distribution has version 1.4 and upstream released 1.5, is that a lack of freshness or an intentional decision to avoid mid-release compatibility changes?
I don’t have a good answer. This is a hard problem to solve. Something like Repology may be the best we can do with reasonable effort. But I’d love to have a more accurate view of how fresh Fedora packages are within the bounds of policy.
This is the fourth (and hopefully final) post in a series of personal stories about how my parents’ house has some really bad luck.
I want to bring the curse house series to an end with a short and amusing story. It was Thanksgiving a decade or so ago. We were at my parents’ house and had just finished eating. When the phone rang, my sister got up to answer it. The caller was asking for my other sister, so Jennifer brought the phone into the dining room. (Kids, this is when people had landlines and cordless phones.)
She stepped into the dining room and CRACK! I felt the floor drop out from under me. It’s hard to say exactly how much, but it was enough to notice and be very worried that I was about to fall into the cellar.
What happened was that the metal pole under the floor joist had finally rusted away after many years and several cellar floods. Jennifer stepped in just the right place at the right time to break it. Fortunately, the house held together well enough that Dad and I could grab a 4-by-4 and use it to support the floor.
But all of these years later, we still tease Jennifer about how she broke the house.