這是回應之前社群對 GitHub 的請願 (or 抱怨?) 而生的新功能,(參考先前的文章「GitHub 對 Open Source Community 請願的回應」):「Add Reactions to Pull Requests, Issues, and Comments」。
這避免了在討論時大量的 +1 與導致混亂的情況。
Tag: source
GitHub 對 Open Source Community 請願的回應
大約一個多月前 (2016 年一月 15 日),一群用 GitHub 發展 Open Source 軟體的人對 GitHub 提出請願,要求重視 Open Source Community 在 GitHub 平台上遇到的問題:「An open letter to GitHub from the maintainers of open source projects」。
這個請願在卡了將近一個月後,陸陸續續有相當多要搬出 GitHub 的討論,像是 eslint 就直接在 GitHub 開了 issue,討論搬出 GitHub 會遇到的問題以及可能的解決方法:「Investigate switching away from GitHub」。
在二月 13 日的時候,GitHub 透過 pull request 發出回應說「我們在處理了」,但也沒講正在處理什麼,看起來就是個很 PR 的回應:「Dear Open Source Maintainers」。
直到昨天,三個主要的請願中關於 issue 範本的問題 (也就是下面這段) 總算有進展了:
Issues are often filed missing crucial information like reproduction steps or version tested. We’d like issues to gain custom fields, along with a mechanism (such as a mandatory issue template, perhaps powered by a newissue.md in root as a likely-simple solution) for ensuring they are filled out in every issue.
為了解決使用者在開 issue 時有時會忘記給出完整的環境資訊 (以及其他有用的資料),GitHub 推出了新的功能,在開 issue 或 pull request 時利用 template 讓使用者有個範本可以照著填寫,同時 template 也支援 Markdown,讓填寫的方式會更豐富一些:「Issue and Pull Request templates」。
這總算開始有進展了。但也開始感覺到 GitHub 的動作已經開始慢下來了...
CloudFlare 有計劃要放出對 nginx 的 HTTP/2 + SPDY patch
nginx 在 1.9.5 後移除了對 SPDY 的支援,只支援 HTTP/2,剛剛找其他資料的時候在「HTTP/2 is here! Goodbye SPDY? Not quite yet」這邊發現 CloudFlare 的人有打算放 patch,讓 nginx 可以同時支援 HTTP/2 與 SPDY:
同時也可以看到有人抱怨 caniuse 上面的資料與實際使用的情況有蠻大的差距,拿 caniuse 來說服人不太準確。
另外也發現我自己的 blog 有時候 HTTP/2 不會啟用 (透過「HTTP/2 and SPDY indicator」觀察),不知道是什麼原因,也許 nginx 的時候還是有 bug?
微軟的 CodePush
看到微軟推出的 CodePush,針對 Cordova 或 React Native 類透過 WebView 跑的程式提出的方案。原因是 Apple 的 App Store 審核都要很久,透過 CodePush 可以直接更新程式:
CodePush is a cloud service that enables Cordova and React Native developers to deploy mobile app updates directly to their users’ devices. It works by acting as a central repository that developers can publish certain updates to (e.g. JS, HTML, CSS and image changes), and that apps can query for updates from (using our provided client SDKs). This allows you to have a more deterministic and direct engagement model with your end-users, while addressing bugs and/or adding small features that don’t require you to re-build a binary and/or re-distribute it through any public app stores.
FAQ 文件裡提到了這點:(Frequently Asked Questions · CodePush)
Does the Apple App Store allow developers to perform these types of updates?
According to section 3.3.2 of Apple’s developer agreement, as long as you are using the CodePush service to release bug fixes and improvements/features that maintain the app’s original/presented purpose (i.e. don’t CodePush a calculator into a first-person shooter), then you will be fine, and your users will be happy. In order to provide a tangible example, our team published a (pretty cheesy!) CodePush-ified game to the Google Play Store and Apple App Store, and had no problems getting it through the review process.
Because Cordova apps are executed within a WebView, and React Native apps are executed within JavaScriptCore, from a technology perspective, these runtimes are unique in their ability to leverage dynamic code downloads according to the aforementioned Apple developer agreement.
同樣的想法如果真的可行,應該會有其他更開放的 open source 方案可以用 (而非綁定性的服務,而是可以掛到自己的 CDN 上下載更新),先觀察一陣子...
TPP (The Trans-Pacific Partnership) 對 GPL 的影響
TPP (The Trans-Pacific Partnership,跨太平洋戰略經濟夥伴關係協議) 的黑箱作業在 Wikileaks 揭露後 (TPP Treaty: Intellectual Property Rights Chapter - 5 October 2015) 才被大量解讀,而與預期的一樣,既然會黑箱當然就是見不得人,違反公眾利益的事情。
EFF 有導讀專欄分析,有興趣的可以從這邊下手:「Trans-Pacific Partnership Agreement」。
這邊要講的是 TPP 裡對 GPL 的影響:「TPP has provision banning requirements to transfer of or access to source code of software」。
其中這組條款對原始程式碼 (source code) 的約束直接衝擊 GPL 類強制要求 open source 的約束:
Article 14.17: Source Code
No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory. For the purposes of this Article, software subject to paragraph 1 is limited to mass-market software or products containing such software and does not include software used for critical infrastructure. Nothing in this Article shall preclude:
(a) the inclusion or implementation of terms and conditions related to the provision of source code in commercially negotiated contracts; or
(b) a Party from requiring the modification of source code of software necessary for that software to comply with laws or regulations which are not inconsistent with this Agreement.This Article shall not be construed to affect requirements that relate to patent applications or granted patents, including any orders made by a judicial authority in relation to patent disputes, subject to safeguards against unauthorised disclosure under the law or practice of a Party.
使用 WordPress 的內容佔有全 Web 的 25% 比率
WordPress 的 Matt Mullenweg 在他的 blog 上提到了 WordPress 的內容建構了 Web 上的 25% 內容:「Seventy-Five to Go」,出自 W3Techs 的「 Historical yearly trends in the usage of content management systems for websites 」這邊的資料。
WordPress 從 2004 年 MovableType 的 license 爭議事件後崛起 (Commitment to a Free Version, while getting our pricing right),後來就愈站愈穩了,而 MovableType 在 2007 年又宣布 open source (Movable Type Open Source),但也已經無法挽回了...
而且 WordPress 的比率目前還在緩緩攀升...
Google Chrome 上面的畫面截圖套件
記得之前有提到最多人裝的那幾個 extension 都有嵌入各種 malware 或 spyware,所以試著找有哪個是正常的... 後來想到用 Google 找 GitHub 上的 open source 專案,找到這個:「One-click full page screen captures in Google Chrome」,官方說明頁面在「Full Page Screen Capture Chrome Extension」:
It’s open source (on github) and malware free.
看起來這個應該是可以用的... 看起來很久沒更新了,不過實際測試還是會動的 :p
又一個 Open Source 版本的 Slack Clone:Mattermost
在「Open source Slack-alternative reaches 1.0: Self-host ready, Slack-compatible, MIT licensed」這邊看到 Mattermost 這套 Slack clone,而 Mattermost 的標語是:
Mattermost is an open source, on-prem Slack-alternative
D-Link 的 open source package 內包含了拿來簽名用的 Private Key
D-Link 在 DCS-5020L 的 open source package (因 GPL 要求) 裡放了簽名用的 private key:「D-Link spilled its private key onto the web – letting malware dress up as Windows apps」。
而這把 key 由 Verisign 所簽,因此被 Windows 所信任,所以這把 key 可以用來簽 malware:
而不幸的是,這把 key 已經洩漏出來超過半年了:
The D-Link key was leaked in late February, and expired on September 3, it appears.
又是一連串的 revoke 過程... orz
Facebook 更新在 Open Source 軟體裡的專利授權條款
Facebook 的 Open Source 專案一般都採用 BSD licenses 放出,而由於 BSD licenses 並沒有專利授權,所以 Facebook 自己附帶專利授權條款讓使用者不用擔心在使用時侵犯到 Facebook 的專利。
而前陣子這個條款更新了:「Updating Our Open Source Patent Grant」,範例可以參考 osquery 裡的檔案:舊版的可以參考「PATENTS」這裡,而新版的可以參考「PATENTS」這裡,差異可以看「Update patent grant」這個 commit。
不過看起來還是不怎麼友善...