Also included in this week’s FOSS Week in Review: OpenPubkey goes to Linux Foundation, adding vector support to MySQL for AI, and the results of last week’s rolling release poll.
There’s plenty of news in this roundup, plus we have last week’s poll to look at, so let’s get right to it…
Red Hat’s Shutting Down Security-Announcement List
In another move that looks as if it might be aimed at making life difficult for the Red Hat Enterprise Linux clones, or companies that offer third-party support for RHEL, Red Hat announced on Tuesday that it’s “disabling” its rhsa-announce mailing list on October 10. The list has been around for something akin to forever, and is used to broadcast security advisories for Red Hat Enterprise Linux and related products. The list’s archives will continue to be available at https://listman.redhat.com/archives/rhsa-announce/, according to Red Hat.
If you have a Red Hat subscription, not to worry, Red Hat has your back and says that “to continue receiving information about released security advisories” you can set up notifications at https://www.redhat.com/wapps/ugc/protected/notif.html after logging into your account. The rest of us (and I assume that includes the Rocky/Oracle/SUSE consortium as well) “can make use of the Red Hat Security Errata RSS feed” at https://access.redhat.com/security/data/metrics/rhsa.rss, which I suspect won’t be quite as good a source as what the subscription holders get.
IBM owned Red Hat looks more like IBM and less like Red Hat with each passing day.
With Crypto Down, Brave Browser’s Making Layoffs
I’m not sure that it has anything to do with the current depressed state of the cryptocurrency market, but the folks behind the mostly open-source but cryptocurrency funded Brave browser have laid off 9% of the company’s workforce. TechCrunch, which broke the story today, said the folks at Brave have confirmed the information, but didn’t give them much else, such as how many people have been affected.
I’m guessing this is less of a deal than the headlines would have you believe, and that at most only a couple of employees got a pink slip. I say this because how many employees can an independent browser have? If the company has 11 employees and one of them was let go, that would represent 9.09% of the company’s workforce, which would round down to 9%. Double the number of employees to to 22 — or even 23 — and two layoffs would still round to 9%.
If the Brave folks have more employees than that, I’d be surprised.
Brave is based on Chrome, or Chromium, and like Vivaldi (another Chrome-based browser) has souped it up with a lot of special features. The company will also pay you to browse through a program called Brave Rewards, which serves unobtrusive ads that can easily be clicked away and remits payment in a cryptocurrency called BAT, which evidently can be easily converted into something better known like Bitcoin or Etherium.
A couple of years back we ran an experiment here at FOSS Force to see just how much could be earned by browsing with Brave, and after about six or seven months of using the browser we found that we’d earned something shy of $2.00 US. When checking for the sake of this article (we don’t use Brave as a daily driver anymore, although we still use it to run a couple of web apps), I saw that our account currently has BATs with a value of $2.72 US. There was also a notice telling us that we have to do something with those BATs by October 30 or lose them.
Happy Halloween from the folks at Brave!
OpenPubkey Is Linux Foundation’s Latest Adoptee
Surprise! Surprise! The Linux Foundation, which pretty much wants to own every project that’s even a little connected with Linux, has a new project.
Announced as an LF project on Wednesday, OpenPubkey until now has been a collaboration between Docker and the access solution company BastionZero, intended to be used for Docker container signing with zero-trust passwordless authentication. Now that it’s in the hands of a foundation however, which opens it up to other devs, the software is likely to find uses outside the Docker ecosphere, especially since it’s designed to augment OpenID Connect.
“We introduced OpenPubkey as its own standalone protocol to make it easy and secure to use digital signatures with OpenID Connect,” Ethan Heilman, co-founder and CTO of BastionZero said in a statement. “We are excited to partner with Docker to offer its community of software developers and open source contributors a simple and convenient way for users, service accounts, machines, or workloads to create digital signatures using their identity.”
As usual, LF’s executive director Jim Zemlin thinks that having this new project under the foundation’s umbrella is just nifty.
“The Linux Foundation is proud to host the OpenPubkey Project,” he said in a statement. “We believe this initiative will play a pivotal role in strengthening the security of the open source software community. We encourage developers and organizations to join this collaborative effort in enhancing software supply chain security.”
Information on how to get involved, contribute, and join the community can be found on the project’s GitHub page.
Did PlanetScale Just Fork MySQL to Give It Vector Support?
On Tuesday, you might have seen a headline or two screaming that PlanetScale has forked MySQL, the worlds most used open-source relational database, in order to give it vector support.
Actually, those headlines are just a bit on the inaccurate side. You see, PlanetScale has been around since 2018, and it’s been a fork of MySQL since its beginning.
In fact, in a blog published on Tuesday, Nick Van Wiggeren, PlanetScale’s VP of engineering said, “PlanetScale already maintains a fork of MySQL and we’ll be adding vector types and indexes to it. When released, we’ll run that MySQL fork in PlanetScale as we do today. We will publish packages and containers for our PlanetScale-flavored MySQL that will allow users to test and develop locally.”
So, what’s the big deal with adding vector support to MySQL? The AI folks need it. Van Wiggeren explains in his blog.
The Rolling vs Scheduled Release Distros Poll
You might remember that in our last week-in-review I published a poll that asked: “Do you prefer distros that are released on a fixed schedule, as a rolling release, as a slowed-down rolling release like Slowroll, or something else?”
Do you prefer distros that are released on a fixed schedule, as a rolling release, as a slowed-down rolling release like Slowroll, or something else?
Total Voters: 88
The winner, no matter how you look at it, goes to the traditional fixed-scheduled release, which got 38% of the vote.
Coming in at second place with 30% of the vote was the kind of non-answer that the preference is determined by whether the machine in question is going to be used as a server or desktop. Those who preferred a rolling release accounted for 16% of the vote, and the numbers for “a slower approach to the rolling release, like openSUSE is doing with Slowroll” came in at 14%. Only 2% of you said that you don’t care how its released.
Again, no matter how you look at the, the traditional scheduled release wins. If we combine those of you who like a plain vanilla rolling release like openSUSE Tumbleweed with those of you who like openSUSE’s plans for a slowed-down rolling release with Slowroll, then 30% of you like some form of a rolling release, meaning you’re tied for second place with the “it depends” non-answer.
We’re not going to do a poll this week, but we’ll probably do one next week. Stay tuned.
Until then, may the FOSS be with you…