Open Source Computing

Week 5 (2/13, 2/15)

Teams Reports

I want weekly emailed status reports from each team! Starting this week.

Atlantic Council Open Source Report

At www.atlanticcouncil.org/in-depth-research-reports/report/open-source-software-as-infrastructure. The issue is how to deal with open-source security. Lots of small projects get pulled into big things, and how do we handle security issues? This report is very much in favor of continued use of open source; the EU on the other hand is looking at a much more punitive model, that may make open source impossible to use in commercial projects.

Vaultwarden switches to AGPL3: www.reddit.com/r/selfhosted/comments/110t8ni/vaultwarden_relicenses_to_agplv3. Vaultwarden is a fork rewritten in Rust of Bitwarden, which is a password manager. The AGPL3 makes a lot of sense here: end users have a legitimate need to see the code.

New Hampshire once again on the cusp of enshrining Software Freedom into law
https://libreboot.org/news/usa-libre-part2.html
Mostly this particular bill means that the state government will no longer be allowed to require use of closed-source software, or require that documents be submitted in closed-source formats. This affects schools, for example, and tax filing.

Finally, the title says it most:
Is there a Correlation between the Use of Swearwords and Code Quality in Open Source Code?
Bachelors thesis of Jan Strehmel at Karlsruher Institut für Technologie: cme.h-its.org/exelixis/pubs/JanThesis.pdf
Strehmel finds the answer is yes, and conjectures that it may be due to greater emotional commitment.
Strehmel worked with the team developing the SoftWipe tool for measuring code quality.

SoftWipe runs various checks to produce a software quality score: it compiles your program using clang and checks for compiler warnings; it activates almost all available warnings here. It runs your program with clang sanitizers activated, which detect memory errors and undefined behavior. It checks for the usage of assertions. It runs the following static code analyzers: cppcheck, clang-tidy, KWStyle, and lizard. Lizard is also used to find your programs average cyclomatic complexity and code duplication.


Licensing, at the Server-Side Public License.

Wednesday:

Engaged/Experiential Learning

Locus → My Academics → Engaged Learning →Add/Edit/View. Remember that your "organization" is just Loyola University (that is, you're not going off-site), and you are working on an open-source software project.

There's a longer document, experiential_tutorial.pdf, in the Sakai Resources folder. There's also luc.edu/experiential.

After you create your entry, I'll get notified that I'm supposed to approve it.


Open Source as a business

start with Mongo

Linux history

What made Linux such a successful open-source project? Why did Linux beat BSD?
The email from Linus Torvalds to Mauro Carvalho illustrates two things:
  1. Torvalds' somewhat abusive style
  2. Torvalds' firm no-regression policy: user code that used to work should never be broken by a kernel update.

How do these factors play out in the success of Linux?

A third factor is Torvalds' policy on contributions: all are welcome, but they start out as non-mainline extensions, patches or modules.

386BSD

LibreOffice, bash


Clang

Why did Apple create the Clang compiler, and switch from gcc?

In 1989 NeXT computer apparently added support for Objective-C to gcc, and distributed the binaries but never released the source. But this isn't the whole story: Clang is a front-end that is part of the LLVM open-source compiler project, which is licensed under the Apache license.

Even that isn't the whole story: while at UIUC, Chris Lattner did major development work on the LLVM compiler collection, and wrote his PhD thesis about it. After he got his PhD, Apple hired him to turn LLVM from a research compiler to a robust production compiler. And the source is still open.

One issue is that, back when gcc was first developed, compilers were strictly black boxes, that converted your source code to object code. But this is no longer really true: most IDSs have extensive hooks into their compiler. This way they can show compiler error messages tied to line numbers, and show syntax errors before compilation (because the parser runs on your source as you type). Clang also supports code-analysis plugins; under the Apache license, such plugins can remain proprietary. Could the plugin issue be the real reason for Clang? Clang also has internal structural features that make it easier to tie late-compilation and even run-time issues back to a specific source location.