An anonymous reader shares an opinion piece from Wired, written by Kevin Xu and Jordan Schneider. Xu is the author of Interconnected, investor and advisor of open source startups at OSS Capital, and served in the Obama White House. Schneider is the author of the ChinaTalk newsletter and host of the ChinaTalk podcast, posted on Lawfare. From the report: Open source is a technology development and distribution methodology, where the codebase and all development -- from setting a roadmap to building new features, fixing bugs, and writing documentation -- is done in public. A governing body (a group of hobbyists, a company, or a foundation) publicly manages this work, which is most often done in a public repository on either GitHub or GitLab. Open source has two important, and somewhat counterintuitive, advantages: speed and security. These practices lead to faster technological developments, because a built-in global community of developers help them mature, especially if the technology is solving a real problem. Top engineers also prefer to work with and on open source projects. Wrongly cast as secretive automatons, they are more often like artists, who prefer to learn, work, collaborate, and showcase what they've built in public, even when they are barely compensated for that work. But doesn't keeping a technology's codebase open make it more vulnerable to attack? In fact, exposing the codebase publicly for security experts and hackers to easily access and test is the best way to keep the technology secure and build trust with end users for the long haul. Sunlight is the best disinfectant, and open source is that sunlight in technology. Linux, the operating system, and Kubernetes, the cloud container orchestration system, are two of the most prominent examples. [...] Using open source technology is now the fastest way new products get built and legacy technologies get replaced. Yet as US policymakers develop their industrial policy to compete with China, open source is conspicuously absent. By leaning on the advantages of open source, policymakers can pursue an industrial policy to help the US compete in the 21st century in line with our broader values. The alternative is to continue a top-down process that picks winners and losers based on not just technology but also political influence, which only helps individual firms secure market share, not sparking innovation more broadly. A few billion more dollars won't save Intel from its technical woes, but a healthier ecosystem leveraging open source technology and community would put the US in a better position for the future. Open source technology allows for vendor-neutrality. Whether you're a country or a company, if you use open source, you're not locked in to another company's technical stack, roadmap, or licensing agreements. After Linux was first created in 1991, it was widely adopted by large companies like Dell and IBM as a vendor neutral alternative to Microsoft's Windows operating system. In the future, chip designers won't be locked into Intel or ARM with RISC-V. With OpenRAN, 5G network builders won't be forced to buy from Huawei, Nokia, or Ericsson. [...] By doubling down on open source, America not only can address some of our most pressing technological challenges faster and more securely, but also revive relationships with our allies and deepen productive collaborations with the tech sector.

Read more of this story at Slashdot.

Matt Asay, a former COO of Canonical now working at AWS, argues that the question of open source sustainability "is really a people problem." But to make the case, he cites comments by Tobie Langel, formerly W3C's testing lead (and a former member of Facebook's Open Source and Web Standards Team) who's now founded an open-source strategies consulting firm whose clients include Mozilla, Intell, Google, and Microsoft. Much of the "open source sustainability" discussion has focused on the one thing that really needs no help being sustained: software. As Tobie Langel rightly points out, "Open source code isn't a scarce resource. It's the exact opposite, actually: It's infinitely reproducible at zero cost to the user and to the ecosystem." Nor is sustainability really a matter of funding, though this gets closer to the truth. No, open source sustainability is really a people problem. Or, as Langel highlights, "In open source, the maintainers working on the source code are the scarce resource that needs to be protected and nurtured." Over the past several weeks, I've interviewed a number of maintainers for popular open source projects. In every case, they talked about how they contribute because it's fun, but also acknowledged that some aspects of open source development can make it decidedly "un-fun" (e.g., demanding users who complain about missing features or existing bugs but don't contribute code or fixes). Most have found ways to turn their passion into financial independence, but Langel stresses that cash is critical to keeping open source humming along... "Without revenue, there is no maintenance, and without maintenance, the commons becomes toxic very quickly... As new security issues are discovered, open source code that isn't updated becomes a security risk..." Langel is absolutely correct to argue, "In an ecosystem with infinite resources, the attention needs to be on the people taking care of and maintaining that resource, because that's where the bottleneck is." Again, that's partly a question of money, but it's even more a question of treating people with dignity and respect, while making open source communities a fun, welcoming place.

Read more of this story at Slashdot.

Slashdot reader #16,185 wrote regularly for the newsletter of a small-town computer users group. Now they've written an article for Ars Technica reminding readers that "The Homebrew Computer Club where the Apple I got its start is deservedly famous — but it's far from tech history's only community gathering centered on CPUs." Throughout the 70s and into the 90s, groups around the world helped hapless users figure out their computer systems, learn about technology trends, and discover the latest whiz-bang applications. And these groups didn't stick to Slacks, email threads, or forums; the meetings often happened in real life. But to my dismay, many young technically-inclined whippersnappers are completely unaware of computer user groups' existence and their importance in the personal computer's development. That's a damned shame... Computer groups celebrated the industry's fundamental values: a delight in technology's capabilities, a willingness to share knowledge, and a tacit understanding that we're all here to help one another... Two things primarily made user groups disappear: first was the Internet — and the BBSes that preceded them. If you could articulate a question, you could find a website with the answer. But computers also became easier to use. Once personal computers went mainstream, troubleshooting them stopped being an esoteric endeavor. The typical computer user group is gone now. For the exceptions, you can find an incomplete and mostly out-of-date list via the Association of PC User Groups, though online exploration may lead you to more options. For example, the Toronto PET Users Group (TPUG) is the longest continually operating Commodore user group. Washington Apple Pi is still going strong, as is the Triangle Linux Users Group. IBM's user group, SHARE, began in the 1950s and continues to support enterprise users, though it's primarily a conference these days... Hopefully tech will continue to inspire ways to get together with other people who share your enthusiasm, whether it's Raspberry Pi meetups, Maker days, or open source conferences such as Drupalcon or PyCon. You also continue the computer user group ethos by finding ways to help other tech enthusiasts locally. For example, Hack Club aims to teach skills to high school students. Hack Clubs are already in two percent of US high schools across 35 states and 17 countries, with about 10,000 students attending clubs and hackathons each year. So even if computer user groups largely are a thing of the past, their benefits live on. User groups were the precursor to the open source community, based on the values of sharing knowledge and helping one another. And who knows, without user groups promoting a cooperative viewpoint, the open source community might never have taken off like it did. The article includes photographs of the OS/2 community's magazine Extended Attributes, the M.A.C.E. Journal (for Atari users), the Commodore Eight Bit Boosters newsletter, and the 1979 publication Prog/80 ("dedicated to the serious programmer.") And it also includes video of a 1981 visit to the Boston Computer Society by a 25-year-old Bill Gates.

Read more of this story at Slashdot.

InfoQ reports on a new security group that launched last week: Supported by The Linux Foundation, the Open Source Security Foundation (OpenSSF) aims to create a cross-industry forum for a collaborative effort to improve open source software security. The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, and more. "As open source has become more pervasive, its security has become a key consideration for building and maintaining critical infrastructure that supports mission-critical systems throughout our society. It is more important than ever that we bring the industry together in a collaborative and focused effort to advance the state of open source security. The world's technology infrastructure depends on it." Microsoft CTO for Azure Mark Russinovich explained clearly why open source security must be a community effort: "Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. [...] Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process." Also joining the group are Intel, IBM, Uber, and VMWare, according to Foundation's inaugural announcement, which promises its governance and decisions "will be transparent, and any specifications and projects developed will be vendor agnostic."

Read more of this story at Slashdot.