Linux Developer Is Unhappy with Amazon

June 17, 2020

Who doesn’t love Amazon? Maybe the person credited with developing Linux? That would be Linus Torvalds, developer of note.

No one pays attention to insults on the Internet unless someone with clout says them. The IT community definitely paid attention to the head of the Linux kernelLinus Torvalds when he said, “Linus Torvalds Rejects ‘Beyond Stupid’ AWS-Made Linux Patch For Intel CPU Snoop Attack” reports ZDNet.

In early 2020, Snoop launched attacks on Intel andCore CPUs and AWS discovered it. The attack causes CPUs to leak data from its L1D cache via bus snooping—a cache-updating operation that happens when the L1D modifies data. AWS developed a patch for the Linux kernel that would allow applications to opt in to flush the L1D cache when a task is switched out. Torvalds thinks the patch would degrade performance in other applications. Torvalds said:

“ ‘Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say ‘slow down anybody else I schedule with too’…‘In other words, from what I can tell, this takes the crazy ‘Intel ships buggy CPU’s and it causes problems for virtualization’ code (which I didn’t much care about), and turns it into ‘anybody can opt in to this disease, and now it affects even people and CPU’s that don’t need it and configurations where it’s completely pointless’.

‘I don’t want some application to go ‘Oh, I’m _soo_ special and pretty and such a delicate flower, that I want to flush the L1D on every task switch, regardless of what CPU I am on, and regardless of whether there are errata or not. Because that app isn’t just slowing down itself, it’s slowing down others too.’’

Torvalds also think the patch is crazy because a hack could inhabit another core within the CPU and attack the L1 cache before its flushed. Another fun word he used was pseudo-security.

Usually “pseudo” is reserved for science, but this works too.

Whitney Grace, June 17, 2020

Degoogling: Yes, It Is a Thing

June 8, 2020

Can free and open source software “degoogle”? Probably not easily or quickly. Nevertheless Reddit user TheEvilSkely wants to try. You can dig through the details, explore the GitHub information, and follow the links at this link. The challenge is that most of the whippersnappers are just okay with the Google. Like Amazon, the service is just wonderful. Why make a change if everything is A-Okay?

News flash: Open source is not just tangled with Googzilla’s feathers (dinosaurs, according to modern research by thumbtypers, had feathers, bright ones too). The Redmond contingent is into open source. Imagine Linux in the really easy to update Windows environment. Amazon is driving its Bezos bulldozer through the thicket of new growth saplings like Elastic as I type this post. If you listen closely, you can hear the bulldozer shift into a lower gear to push annoying old growth software into the dirt. One doesn’t need to have an oracle to understand the earth moving concept.

Open source is a target for these reasons:

  • Community software lowers certain coding costs and has enough bugs to make proprietary fixes a money maker
  • Young developers learn open sourcey ways in college and arrive ready to earn and burn in their virtual frat and sorority duds when they become WFHers and on prem contractors
  • Big companies love open source because they can devote resources to tweaking the software and have enough money to pay legions of certified advisers help out, license open source optimized cloud environments, and pay for proprietary widgets that don’t change the “no handcuffs” idea of non proprietary plumbing.

Worth monitoring, of course.

Stephen E Arnold, June 8, 2020

Oracle: We Do Open Source Just Like Amazon, Google, and Microsoft… Mostly

May 27, 2020

Silicon Angle published the PR-ish “Oracle’s Open Source Alter Ego Behind Some of Its Most Popular Products.” Oracle is creeping up to the half century mark. In Internet years or dog years, Oracle has been around so long that it is like comfortable shoes. The shine may be gone, but, by golly, those slippers work well indoors.

Oracle has its fans, and it has some detractors. Among its fans are the procurement officials in the US government who keep on renewing those contracts for the company’s flagship database. Among its detractors are some Googlers, licensees who struggle with integrating some of the company’s products into zippy new environments like NoSQL, and firms offering unauthorized Oracle training.

None of these considerations sully the Oracle open source article. We learn:

Oracle’s paid products and services are actually loaded with ingredients from open-source communities, including Linux, to which it is also a contributor. This circular ecosystem of contributing and borrowing back enables some of the versatility and cross-environment compatibility in the company’s latest database and hybrid-cloud offerings.

Why is Oracle into open source? Why are Amazon, Google, Microsoft, and other commercial proprietary software vendors embracing open source? DarkCyber finds this statement in the article interesting:

The use of Linux across Oracle’s portfolio, and as the underlying OS for its products and services, enhances end users’ experience.

The article includes a testimonial from the Oracle wizard of open source, who says:

When its contributions improve both the larger Linux community and its own products, a circular flow of innovation develops that helps everyone that uses Linux, according to Coekaerts. “It’s not so much about making my own world better and having Linux be better and Ksplice and so forth, which is important, but that becoming part of the bigger picture — that’s the exciting part.” — Wim Coekaerts, senior vice president of software development at Oracle Corp.

DarkCyber was under the obviously false impression that proprietary software vendors were embracing open source for these reasons:

  1. Shift some development costs to the community
  2. Link proprietary systems and methods to open source to provide a runway to commercial licenses
  3. Prevent other companies from capturing open source technologies and preventing others from using those technologies
  4. Respond to enterprise customers who view open source as a way to avoid the handcuffs of proprietary software by implementing a “wolf in sheep’s clothing” strategy
  5. Gain insight into individuals who might be good hires.

Obviously DarkCyber was incorrect. We acknowledge our error.

Stephen E Arnold, May 27, 2020

What Happens When MBAs Embrace Open Source?

February 24, 2020

Paul Stovell, founder of the open source product-deployment platform Octopus Deploy, explains in a blog post, “Why We Terminated Our Partnership with Microsoft—Re: Next Decade of Open Source.” Microsoft tends to adopt ideas from other projects and incorporate them into its behemoth software ecosystem. Not surprisingly, it does not make the effort to inform consumers where their ideas came from. In fact, such developments tend to eclipse the original product. We’re told:

“There’s a saying in business that if you want to displace a competitor, you need to build a product that’s at least 10x better. It’s not enough to be ‘just as good’. Customers will say ‘why should I use you, we’ve been successful with ‘. You need a really good reason to overcome that. However, in the .NET ecosystem, if you’re Microsoft, that’s not generally true. If Microsoft wants to make a document database, a messaging framework, a unit test framework or a deployment automation tool, it only needs to be 1/10th as good before the conversation immediately becomes ‘why should we use you over the Microsoft thing?’ Microsoft become the default option, even if they’re the last to the game.”

The post notes some ways Microsoft could play more fairly, but also describes why they are unlikely to do so. Octopus Deploy had maintained a healthy working relationship with Microsoft’s Azure team—until Azure Pipelines came out looking remarkably similar to Octopus. It was bundled with Visual Studio and promoted heavily. Stovell writes:

“We suddenly found ourselves competing with a product from Microsoft that looked similar, that was being given away (perception, at least), that was integrated with VS, and that was being pushed in every Azure keynote. Overnight it became the default. We were exhibiting at Build 2016 at the time much of this was announced, and I remember people coming to our booth asking ‘so why should we use you over the Microsoft thing?’. The ‘Microsoft thing’ was announced only 5 minutes prior!”

Is this the future of open source—is it doomed to be co-opted by companies? Maybe it is too late?

Cynthia Murrell, February 24, 2020

Amazon and Open Source: A Wee Bit Sensitive

January 31, 2020

Amazon Web Services (AWS) is one of the nation’s leading cloud computing services and its dominance increases every day. Computer Weekly commented on how AWS might be taking advantage of open source technology in the article, “AWS Hits Back At Open Source Theft Allegations.” Throughout 2019, AWS undermined open source software companies by “stealing” the free version of their software, then hosting it on their cloud computing service.

The actuations were so bad that The New York Times picked up the story and stated that in 2015 AWS integrated Elasticsearch from Elastic into their offerings, now Elastic and AWS are now rivals for customers. MongoDB and Redis have had to alter their open source software and licensed software so their customers know the difference. For example, the free version of MongoDB is integrated into AWS, but the licensed version is not, so it lacks certain features.

AWS responded with:

“In October 2018, Eliot Horowitz, chief technology officer and founder of MongoDB, changed the open source licensing used for MongoDB to reflect the risk of the company’s service revenue being gobbled up by public cloud providers. In response, AWS introduced a MongoDB-compatible service, DocumentDB, in January 2019.”

While open source technology is free, developers behind such offerings usually offer a licensed version with more bells and whistles. These include customer support, free upgrades, patches, and specific features.

AWS is strip mining the open source technology’s source code, then reconfiguring it their services. AWS Vice President of Analytics and ElastiCache states that AWS is only responding to their clients’ demands and their clients want open source software in AWS. He also said that AWS does give back to the open source community:

“AWS contributes mightily to open source projects such as Linux, Java, Kubernetes, Xen, KVM, Chromium, Robot Operating System, Apache Lucene, Redis, s2n, FreeRTOS, AWS Amplify, Apache MXNet, AWS SageMaker NEO, Firecracker, the OpenJDK with Corretto, Elasticsearch, and Open Distro for Elasticsearch. AWS has not copied anybody’s software or services.”

Many of the projects aim to make it easier for developers to build on top of AWS services. SageMaker is its machine learning cloud service; Greengrass extends the AWS cloud to the internet of things (IoT) edge and Firecracker is its kernel virtual machine. However, the s2n project is an open source implementation of the TLS encryption protocol, which AWS made publicly available under the terms of the Apache Software License 2.0.”

While AWS might be a singular provider for multiple services and products, organizations do not want to be locked into one supplier.

Whitney Grace, January 31, 2020

A Call for Openness in Search

January 24, 2020

DarkCyber understands that if one cannot “find” something, that something does not exist for most people who look for the “something.” This is not a statement from Grasshopper or a tablet unearthed outside of Athens. Finding is required in order to do work or — as a matter of fact — anything in a digital environment.

Opening Up Search Is an Ethical Imperative” presents an argument for opening up search. “Opening up” appears to mean that Google’s grip on ad supported search and retrieval is broken. The write up states:

This is a shocking state of affairs given search’s ubiquitous impact on human well-being. And no I don’t think I’m overreaching. Search might mean a doctor diagnosing a patient with tricky symptoms. Bad search results might have life or death consequences. E-Commerce isn’t about buying pointless frivolities. It’s increasingly society’s economic glue. We no longer call on someone in sales to describe our needs verbally. Instead we request via the e-commerce search bar. Add job search, dating search, enterprise search, food delivery, grocery, legal, real estate, and so on, and you get a picture where search is indeed eating the world. What human activity will exist that won’t involve a search bar?

The statement is accurate. In the context of the article, search also means looking for information on a public facing Web site, not just locating a pizza restaurant or checking the weather. Here’s another statement we noted:

As users are reaching more-and-more for search, supporting the community collectively helps ensure positive outcomes for society as a whole. We’ll collectively help doctors find the right diagnosis for a suffering patient; support a purchasing agent find the right parts for an airplane they’re manufacturing; uplift lawyers seeking to hold the powerful accountable by helping them find solid legal precedent for their arguments.

Again, an accurate observation.

The article includes a list of suggestions for companies and others; for example, Do open source correctly and create search talent.

Several observations:

  • For most people, including those in organizations, search occurs on mobile devices. Either form factor or the location in which the user runs the search is not conducive to the “library style” of information retrieval and review. The habituation to mobile and on the fly searching is going to be difficult to change. As my eighth grade teacher said, “Habits are like a soft bed: Easy to get into and hard to get out of.” Her grammar may have been questionable, but her comment applies to search today.
  • You can learn more about the “open everything” initiative in the DarkCyber video news program which will become available on January 28, 2020. A former CIA professional reveals his commitment to “open everything.” The remarks may spark some fresh thinking.
  • The introduction of the word “ethical” into the article raises some interesting questions; namely, “In today’s environment, what does ‘ethical’ mean? This is a surprisingly difficult word to define across contexts.

To sum up:

  • There are different search and retrieval systems. Some are ignored like Qwant; others are misunderstood because they are metasearch systems; still others are proprietary systems swathed in buzzwords like artificial intelligence and machine learning; and even more are “sort of” open source like Amazon’s search system which was influenced by defectors from Lucid Imagination, now LucidWorks. Plus there are other variations. Search remains confusing and tangled in the shoe laces of worn out sneakers.
  • The dominance of Google means that Google is in charge of presenting information to people using computing devices. The market penetration in some countries is over 95 percent which is the reason that most estimates of search share beat the drum for marginal players like Bing, Qwant, and DuckDuckGo. The thinking is, “A percent or two of share means some money. But the money is not Google scale.”
  • Google is not about to change unless the search business is regulated, Google implodes which is possible but not in the next year or two, or billions of people change their “habits.”

Advertisers go where the eyeballs are. Money can alter the meaning of ethics. And that money issue may be the reason Web sites are not indexed comprehensively, US government Web sites are indexed infrequently and superficially, and why Google ignores certain types of content.

Stephen E Arnold, January 24, 2020


Is Open Source Changing and Rapidly?

January 7, 2020

Open source technology is what some perceive as unencumbered, handcuff free code. For outfits eager to slash costs, open source software is a foot stool for some developers and organizations. One interpretation of open source operates on the premise that the technology should be free and available for anyone. The social contract is that users “give back” to the open source community.

Some Amazon Web Services’ critics appear to suggest that the company is not giving back. Not surprisingly, some AWS-ers are not happy campers. ZDNet shares more on the story in the article, “AWS Hits Back At Open-Source Software Critics.”

Also, the deeply technical New York Times was not kind to AWS, when it stated that AWS, a giant cloud computing provider, consistently integrated open source software that non-AWS developers created. Vice President of AWS analytics and ElasticCache Andi Gutman claims that AWS is giving its customers what they want. Gutman says that Was customers want technology and services based off open source technology, so AWS is not strip mining, but truly answering their clients’ desires. He continued:

“The story is largely talking about open source software projects and companies who’ve tried to build businesses around commercializing that open-source software. These open-source projects enable any company to utilize this software on-premises or in the cloud, and build services around it. AWS customers have repeatedly asked AWS to build managed services around open source,” Gutman said.

He noted that AWS contributes to open-source projects such as Linux, Java, Kubernetes, Xen, KVM, Chromium, Robot Operating System, Apache Lucene, Redis, s2n, FreeRTOS and Elasticsearch.”

The complaints apparently come from AWS’s rivals, who have also discussed filing antitrust complaints against the company. One rival CEO, Matthew Prince of Cloudflare, is afraid Amazon’s ambitions are endless and might overpower or monopolize the entire cloud computing market.

Will open source return to its roots? Will some open source developers not permit big companies to privatize the community technology?

Which will triumph? Open source precepts or the needs of a publicly-traded company?

Elastic, the developers of open source Elastic, the write up “Why Elastic Stock Dropped 19% in December” may presage the impact of efforts to change the definition of open source.

Whitney Grace, January 7, 2020

Oracle, Amazon, and Maybe Soon Open Source Excitement?

January 6, 2020

Remember the on going Google-Oracle Java dust up? Oracle may. According to “Oracle Copied Amazon’s API. Was That Copyright Infringement?”:

Among the companies offering a copy of Amazon’s S3 API is Oracle itself. In order to be compatible with S3, Oracle’s “Amazon S3 Compatibility API” copies numerous elements of Amazon’s API, down to the x-amz tags. Did Oracle infringe Amazon’s copyright here? Ars Technica contacted Oracle to ask them if they had a license to copy Amazon’s S3 API. An Oracle spokeswoman said that the S3 API was licensed under an Apache 2.0 license. She pointed us to the Amazon SDK for Java, which does indeed come with an Apache 2.0 license. However, the Amazon SDK is code that uses the S3 API, not code that implements it—the difference between a customer who orders hash browns and the Waffle House cook who interprets the orders.

DarkCyber thinks the author is saying, “Yep, we copied.”

But… and this is interesting.

the Amazon SDK is code that uses the S3 API, not code that implements it.

Is this going to have an impact on API use? A court may decide.

In the meantime, let’s approach this from a different angle.

What’s the future of software? In DarkCyber’s opinion the future of software is a mix of open source code with proprietary components. DarkCyber doesn’t have a nifty Waffle House analogy for this trajectory.

The idea is that the technical constructs we know and love as FANG for Facebook, Amazon, Netflix, and Google want to reduce costs, create a glide path for young open sourcey developers, and lock in big spending customers.

One way to think about the Oracle copying Amazon move is in the context of the 2020 version of proprietary software. The APIs and the need for lock in are essential to the persistence of certain big companies.

Net net: What looks open is not? What looks like wordsmithing is a prelude to more aggressive maneuvers.

The name of the game is revenue and growth. Losers will eat in a Waffle House. Winners will not.

Stephen E Arnold, January 6, 2020

Open Source: Big Company Point of View

January 2, 2020

DarkCyber noted a quite good and meaty Slashdot write up called “CNBC Reports Open Source Software Has Essentially ‘Taken Over the World’”. What makes the information interesting is that a big media company reports that other big companies are definitely into open source software. The sources for the information include:

  • The Google
  • Microsoft GitHub
  • IBM Red Hat

There are a couple of slightly less power entities referenced as well; namely, the executive director of the Linux Foundation and a real live open source maintainer.

The main idea is encapsulated in this quote:

Jim Zemlin, Executive Director of the Linux Foundation, even tells CNBC that 10,000 lines of code are added to Linux every day. “It is by far the highest-velocity, the most effective software development process in the history of computing… As the idea of sharing technology and collaborating collectively expands, we’re moving into open hardware initiatives, data-sharing initiatives. And that’s really going to be the future…

The write up does not mention the business actions underway to make open source into a 21st century type of proprietary software.

Perhaps this is not important? DarkCyber’s research team thinks this is important. Oh, there’s one open sourcey outfit not mentioned in the write up. Amazon is beavering away on open source forests as well.

Also, probably not important. Well, maybe Amazon is just a source for T shirts and electronic version of books?

Stephen E Arnold, January 2, 2020

Open Source: A Good to Be Exploited?

December 25, 2019

Is Amazon Web Services taking undue advantage of open source software, or is it simply giving its users what they want (or perhaps both)? It seems to be a matter of perspective. ZDNet reports, “AWS Hits Back at Open-Source Software Critics: Claims that AWS is Strip-Mining Open-Source Software is ‘Silly and Off-Base,’ Says Exec.” The defense is in response to a piece (paywalled) in the New York Times in which open-source creators complained the company takes the liberty of freely integrating their work into its profitable platform. Writer Liam Tung specifies:

“According to the New York Times report, several rivals have discussed bringing antitrust complaints against AWS. Bloomberg reported this month that the Federal Trade Commission has asked software companies about AWS. Cloudflare CEO Matthew Prince told the NYT that ‘people are afraid that Amazon’s ambitions are endless’. Cloudflare operates a large content distribution network, which competes with a subsection of AWS.”

We also learn that open-source firms are shifting their licensing terms in response to such cloudy business practices from IBM and others, as well as Amazon. MongoDB’s Server Side Public License is one example. Elastic, maker of Elasticsearch, has also placed limits on how cloud companies may use its software.

AWS VP Andi Gutmans, however, insists this is much ado about nothing. Tung quotes the executive:

“‘The [Times] story is largely talking about open source software projects and companies who’ve tried to build businesses around commercializing that open-source software. These open-source projects enable any company to utilize this software on-premises or in the cloud, and build services around it. AWS customers have repeatedly asked AWS to build managed services around open source,’ Gutmans said. He noted that AWS contributes to open-source projects such as Linux, Java, Kubernetes, Xen, KVM, Chromium, Robot Operating System, Apache Lucene, Redis, s2n, FreeRTOS and Elasticsearch.

“‘A number of maintainers of open-source projects build commercial companies around the open-source project. A small set of outliers see it as a zero-sum game and want to be the only ones able to freely monetize managed services around these open-source projects,’ he added.”

And the remediation process? Lawyers are standing by.

Cynthia Murrell, December 25, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta