This week’s news is exciting with cool new stuff and pretty bonkers because we narrowly avoided a security nightmare! A backdoor was discovered hidden in a common Linux utility, and it could have infected millions of devices. We’ll break down how this almost happened, and what it means for you. Then, we’ll switch gears and talk about some exciting upcoming features in Linux Mint 22. Fedora Linux might be getting a whole new look – we’ll discuss a proposal to switch the default desktop environment. Flathub is making some changes to make it easier to indentify whether or not a Flatpak is official. Plus there is a new campaign for video game preservation that targets companies effectively breaking their games after an arbitary amount of time. All of this and more on this episode of This Week in Linux, Your Source for Linux GNews!
Sponsored by:
Kolide – thisweekinlinux.com/kolide
Want to Support the Show?
Become a Patron = https://tuxdigital.com/membership
Store = https://tuxdigital.com/store
Chapters:
00:00 Intro
01:06 XZ backdoor found in widespread Linux utility – [link, link]
10:26 Flathub adds Unverified Badge to Flatpaks – [link]
14:42 Sponsored by Kolide – [link]
16:05 Stop Killing Games.com – [link, video]
20:28 Linux Mint 22 Update, Future of Linux Mint – [link]
23:23 Fedora Change Proposal for KDE Plasma Default – [link]
25:24 Redis Changes Their Licensing Model – [link]
28:23 Serpent OS Hopes To Ship Pre-Alpha ISOs Soon – [link]
30:42 Flowblade 2.14 Video Editor Released – [link]
32:57 Outro
Hi Michael
With regards to the Redis license change: have you considered that those small companies might be forced to change their model because they are exploited. They provide the tech and the big cloud provides make the money.
In recent years there have been multiple instances of such license changes: Elasticsearch, Terraform, Akka, and now Redis.
The topic of explotation was brought to my attention by this recent talk at NDC London conference.
Maybe that is a topic you could discuss on Destination Linux.
Just to give an example I experienced recently at a big governmental client in Germany. After Docker changed their model for Docker Desktop to a paid model, all developers (they have a couple of thousand) have been forced to move to WSL without Docker Desktop (something I dont mind in general). At the same time, they are luckily paying (probably) millions to Oracle and Microsoft.
The topic is probably very nuanced because you cannot apply this to all Open Source projects. The Kernel is developed by many big and small corporations as well as individuals. The problems seems to be for small tech stacks which are mainly exploited by companies and cloud providers.
Hey @Brainspiller, welcome to the forum! Thanks for sharing your thoughts and I agree with a lot of what you said as I do think there is an element of taking advantage of open source projects that should be considered. This kind of thing can happen fairly easily but in the cases of Elasticsearch, Terraform, Akka, and Redis; I think these companies are much to large to be defended by this and they chose bad licenses in the first place that made it all possible.
First, Redis is not really small. Redis has raised a net amount of $347 million in funding to-date. We don’t know what their revenue is because it is not shared publicly but we do know they raised this much through funding rounds. Redis was originally made by a single individual who left the project in 2020 however Salvatore was involved with the project when the license was originally switched to SSPL in 2018. The biggest issue for Redis in my opinion was they originally licensed it under BSD which is one of the worst licenses for anyone who wants to protect intellectual property. However, it could be argued that it being BSD licensed was the very reason it gained as much popularity in the enterprise sector because some companies avoid GPL software due to the restrictions on them. Double-edged sword kind of thing.
Second, Elasticsearch is far from a small company because they reported a revenue of $1.2 Billion last year. They also originally released under the Apache 2.0 license which effectively has the same pros and cons that the BSD licenses have.
Third, Terraform is made by Hashicorp and they are also far from small with an annual revenue of $583 Million. Terraform was licensed under MPL which is much better than Apache and BSD but still offers some leniency that the GPL doesn’t.
Fourth, Lightbend raised funding of $42 million making it the smallest of the bunch but still not small. Akka was released under Apache license so similar situation as the others.
With all that said, I do think that a lot of open source projects are exploited and taken advantage of by companies. I think these companies or projects chose bad licenses that helped them grow and ultimately hurt them in the long run.
Continue the discussion at forum.tuxdigital.com