Open-source News

How to install node and npm on amazon linux 2 - AWS Ec2?  H2S Media

Red Hat Enterprise Linux (pcs): IT security warning about a new ...  breakinglatest.news

Fanatical and JSAUX team up for Steam Deck game and dock ...  GamingOnLinux

Linux Notes for Professionals — free eBook download  Neowin

AMD Ryzen 7 7800X3D Linux Performance Review  Phoronix

While the AMD Ryzen 9 7950X3D and Ryzen 9 7900X3D processors went on sale at the end of February as the first Zen 4 3D V-Cache processors, today marks the availability of the Ryzen 7 7800X3D processor. I've recently been putting the 7800X3D through its paces under Linux and have a plethora of benchmark data to share for launch day.

Following this week's Qt 6.5 LTS and Slint 1.0 Rust toolkit, debuting today is GTK 4.11.1 as the first development release of the new toolkit series in leading up to GTK 4.12...

Redgate Adds Support for Open Source Software to Its Monitoring ...  Silicon UK

Ubuntu Talks Up Rust Kernel Programming Potential With Ubuntu ...  Phoronix

Ubuntu 23.04 is being talked up for how it can aide developers that want to begin programming with Rust code for Linux kernel modules. It's possible to get started with Rust kernel development on Ubuntu 23.04 thanks to its generic kernel having the necessary kernel configuration, but ultimately it's still in an early state and there isn't much to do with the stock kernel...

TUXEDO Stellaris 16 (Gen5) is The Ultimate Linux Laptop You Can ...  It's FOSS News

Color Variants & Styles Are Coming to Linux Mint 21.2  It's FOSS News

Just two months after Zstd 1.5.4 was published, Zstd 1.5.5 has been released as the newest version of this Zstandard compression algorithm implementation. Zstd 1.5.5's release is motivated by addressing a rare corruption bug fix but also has various performance optimizations...

It's been two weeks already since the release of LLVM 16.0 as the latest shiny feature update to this widely-used, open-source compiler stack. LLVM release manager Tom Stellard today issued LLVM 16.0.1 as the first point release with a wide collection of fixes and other maintenance work to LLVM and its contained sub-projects...

Building off last month's release of MidnightBSD 3.0 for this desktop-focused, FreeBSD-forked operating system the v3.0.1 update is now available...

The post How to Install LAMP Server on RHEL, CentOS, Rocky & AlmaLinux first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

A LAMP stack is a collection of four different software (Linux, Apache, MySQL, and PHP) that programmers or web developers use to create and deploy websites or applications. This tutorial will concentrate on how

The post How to Install LAMP Server on RHEL, CentOS, Rocky & AlmaLinux first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

TUXEDO Stellaris 16 - Gen5 launches as Linux gaming notebook ...  Basic Tutorials

SPIdev Tutorial for Zynq-7000 FPGA Devices  Hackster.io

Open source community analysis with actionable insights cdolfi Wed, 04/05/2023 - 03:00

Organizations are increasingly adopting open source software development models and open source aspects of organizational culture. As a result, interest in how open source communities succeed is reaching an all-time high.

Until recent years, measuring the success of open source communities was haphazard and anecdotal. Ask someone what makes one community more successful than another, and you will likely get observations such as, "The software is great, so the community is too," or "The people in this community just mesh well." The problem with these evaluations is not that they are necessarily wrong, but that they don't provide information that others can use to reproduce successful results. What works for one community is not necessarily going to work for another.

Research universities, businesses, and other organizations interested in determining what makes open source projects successful have begun to collaborate on finding ways to measure aspects of community in a qualitative and data-driven way. One of the more prominent efforts is CHAOSS, a Linux Foundation project focused on creating metrics, metrics models, and software to better understand open source community health on a global scale. Unhealthy projects hurt both their communities and the organizations relying on those projects, so identifying measures of robustness isn't just an interesting project. It's critical to the open source ecosystem.

CHAOSS is a great tool for looking at a pressing set of questions. First, how should community health be defined? Second, as metrics begin to take shape, how can we transition from reacting to one-off requests for data-based information about a given community to creating an entire process pipeline, literally and theoretically, for this work? The development of Project Aspen is the culmination of this pipeline, which will ultimately bring community data analysis to everyone.

Collecting community data

In 2017, Harish Pillay created Prospector with the aim of presenting information from core data sources in a graphical dashboard. This resonated with CHAOSS, which had a goal to better understand the health of open source communities. Prospector was donated to CHAOSS in 2017. Project Aspen builds upon that work.

Aspen is backed by a database generated from the Augur Project, a CHAOSS-based project that collects, organizes, and validates the completeness of open source software trace data. With this database, we can store all types of data points around the Git-based repositories from which we collect data, such as pull requests, reviews, and contributors. The data is already collected and cleaned, which, from a data science perspective, is where the most significant time drains occur. The continued data collection allows us to act agilely when questions arise. Over time, we will grow our pipeline to collect data from many other avenues in addition to Git-based repositories, such as Stack Overflow and Reddit.

As Augur regularly collects data on our selected repositories, the data is updated within a week and cleaned. With all the data collection and most preprocessing already completed, we are much better equipped to answer the analysis questions we receive and generate our own questions too. No matter where the questions come from, the same analysis process is necessary.

For every visualization or analysis, community leaders need to consider these questions:

• What perspective are you looking to gain or give?
• What question can you directly answer from the data available to you?
• What assumptions am I making, and what biases may I hold?
• Who can I work with to get feedback and a different perspective?

Everyone's individual experiences and expertise impact the lens through which they look at a problem. Some people have experience in code review, while others' expertise lies in community management. How can we start comparing community aspects like apples to apples instead of oranges? Quantifying what people in different roles in open source are looking at when examining a project community can address this problem.

Community metrics empower all members to communicate in a common domain and share their unique expertise. Different perspectives lead to further insights, and Project Aspen uses data to make those insights more accessible to the entire community through data visualizations.

Assumptions and analysis

Analysis is a tool for narrative building, not an oracle. Data analysis can help take the ambiguity and bias out of inferences we make, but interpreting data is not simple. A bar chart showing an increase in commits over time is not, by itself, a positive indicator of community health. Nor is a stable or decreasing number always a negative sign. What any chart gives you is more information and areas to explore.

For instance, you could build from a commits-over-time visualization, creating a graph that plots the "depth" of a commit, perhaps defined as the number of line changes. Or you could dive into the specific work of your community to see what these trends actually represent.

Comparing an issues-over-time graph (Figure 1) to an issues staleness graph (Figure 2) is a great illustration of why perspective matters. These visualizations reflect the same data but reveal completely different insights. From the issue staleness graph, we can see not only how many issues are open, but how many have been open for various time intervals.

This figure shows that over many months, there's relative consistency in how many issues are opened and closed:

Image by:

(Cali Dolfi, CC BY-SA 4.0)

On the other hand, this figure highlights the growing number of issues that have been open for over 30 days:

Image by:

(Cali Dolfi, CC BY-SA 4.0)

The same data populates each graph, but a fuller picture can only come from seeing both. By adding the perspective of the growth in issue staleness, communities can clearly see that there is a growing backlog of issues and take steps to understand what it means for their community. At that point, they will be well-equipped to devise a strategy and prioritize actions based on both good data and thoughtful analysis.

Using data wisely

Including multiple points of view also provides much-needed insight and helps guard against false positives and gamification. Economists have a saying: "When a measure becomes a target, it ceases to be a good measure." In other words, measures used to reward performance create an incentive to manipulate measurement. As people learn which measures bring attention, money, or power, open source communities run the risk of encouraging actions taken just to play the system. Using multiple perspectives to define success will keep your metrics meaningful, so they have genuine value in maintaining your community.

To that end, Project Aspen is an exciting tool for building your own knowledge and making better decisions about communities. Whether you want to understand where your community is most vulnerable or the seasonality of activity within the community, having quality data to inform your analysis is essential. To see some of the work being done around community data analysis, please check out our Git repositories or the demo 8Knot app instance.

This article was originally published with Red Hat Research Quarterly and has been republished with the author's permission.

Project Aspen plans to enable quantitative open source community health analysis for all.

Image by:

Opensource.com

Community management Data Science What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

How I learned the hard way to keep my website updated dboth Wed, 04/05/2023 - 03:00

A few days ago, I received an email from a reader of one of my books. Among other things, he said that he was having trouble getting to one of the websites I'd referenced in the book. I responded that I would check it out. Usually, something like this is due to a misprinted URL in the referring article or book, or it could be that I'd deleted or changed a page on my website.

That was not the case this time. When I clicked on the link to my website, I was faced with—horror of horrors—an online casino.

I thought this would turn out to be a simple case of DNS man-in-the-middle or something similar. Certainly, nothing would be wrong on my own server.

Finding the problem

I use Google Domains as my registrar. Before doing anything else, I checked to ensure that my IP addresses were correct. They were.

I logged into a remote Linux host that I have access to, and performed a traceroute with MTR (Matt's TraceRoute). That indicated that the route to my host was correct.

This did not look good.

Next, I looked at my httpd.conf and verified that it was correct. I did find a couple of non-related configuration issues, and fixed those, but they didn't affect the problem at hand. I isolated my network from the internet, and tried my website again. I have internal DNS that works for that. I still came up with the invasive website. That was proof positive that the problem was an infection of my own server.

None of that took long. I was just working under the assumption that the problem was elsewhere rather than on my own server. Silly me!

I finally looked at my server's WordPress installation. I was hoping that the database hadn't been infected. I could have recovered from anything by wiping it all out and restoring from backups, but I was hoping to avoid that if possible. Unfortunately, the html directory of my website had some noticeable, "extra" files and one new directory. The html/wp-admin/admin.php file had also been replaced.

I was fortunate to have multiple other websites that weren't infected, so it was easy to compare file dates and sizes. I also keep complete daily backups of my websites in order to recover from problems such as this.

Fixing the problem

The fix, in this case, was surprisingly easy. WordPress is quite easy to install, backup, move, reinstall, and restore. I started by deleting the obvious extra files and directory. I copied the known good files from my backups over the infected ones. I could have simply restored everything from the last known good backup and that would have worked as well. I compared the good backup with the recovered website and all looked good.

The database for the website was not affected in any way, which I verified with manual review of a data dump.

The real problem

After analyzing the problem, I realized that I was the root cause. My failure to ensure that WordPress was properly updated for this website allowed this to happen. I use separate instances of WordPress for each of my websites, so the others were not affected because they were being updated automatically.

A series of issues led to this failure of mine.

1. The affected website had been set up with a different email address that I'd stopped using a few months ago. This prevented me from getting the usual notices that upgrades were available.

2. I'd also failed to configure that site for automatic updates from WordPress.

3. And I didn't bother to check to see whether the site was being updated.

When it was attacked, the site was at least one full release level behind what was available. The ones that were kept up to date were not affected by this attack.

More for sysadmins Enable Sysadmin blog The Automated Enterprise: A guide to managing IT with automation eBook: Ansible automation for Sysadmins Tales from the field: A system administrator's guide to IT automation eBook: A guide to Kubernetes for SREs and sysadmins Latest sysadmin articles What I learned

Having written many books and articles in which I discuss the necessity to keep systems updated with the latest versions of operating system and application software, I'm frankly embarrassed by this. However, it has been a good learning experience for me and a reminder that I must not become complacent. I almost didn't write this article! I didn't want to admit to being negligent with one of my own systems. And yet, I felt compelled to write about it in the hope that you learn from my experience.

So, as I have learned from painful experience, it is critical to keep our systems updated. It's one of the most vital steps in the continuing battle to prevent the computers under our care from being infected. The specific details of the infection I experienced are less important than the fact that there are always attacks taking place against our systems. Complacency is one of the attack vectors that crackers can count on to aid their efforts.

My mistake was a good learning experience for me and a reminder that I must not become complacent.

Sysadmin Web development Security and privacy WordPress What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. 2 Comments Register or Login to post a comment. Don Watkins | April 5, 2023 Register or Login to like

Thanks David for a good reminder to keep Wordpress updated. I don't host my own site but just yesterday I did a security check on the site.

pdecker | April 5, 2023 Register or Login to like

If I knew the site was a Wordpress site that would be the first thing I would suspect. Wordpress is so commonly used for websites it's a huge target for hackers to attack. Updates are extra important for Wordpress sites.