12 October 2019

These 3 licenses are best for Open Source?

Choosing an open source license is confusing.  There's so many!  But I've narrowed it down to the 3 best ones for me nowadays.

I'm not a lawyer, so take this as entertainment.  :)
  1. Apache License 2.0 --- Apache-2.0 @ SPDX, ChooseALicense
  2. Mozilla Public License 2.0 --- MPL-2.0 @ SPDX, ChooseALicense
  3. GNU General Public License 3.0 or later --- GPL @ SPDX, ChooseALicense
Which you use depends on what kind of sharing you want to do.

Use Apache 2.0 license if:
    1. you want anyone to be able to use your code however they want
    2. including building bigger projects based on your code with the bigger work licensed however they want (including possibly "all rights reserved" proprietary licensing), 
    3. without expecting them to share anything back in return,
    4. without expecting them to acknowledge they used your code,
    5. and without expecting them to share your code that they used.
Use MPL 2.0 if:
    1. you want anyone to be able to use your code however they want,
    2. including building bigger projects based on your code with the bigger work licensed however they want (including possibly "all rights reserved" proprietary licensing),
    3. but you expect that any changes they make to your files are shared back in return,
    4. you expect that they will acknowledge they used your code,
    5. and you expect they'll make available your code that they used.
Use GPL if:
    1. you want anyone to be able to use your code,
    2. including building bigger projects based on your code but with the bigger work also GPL licensed,
    3. and any changes they make to your code, as well as any code added to your code even if in other files or modules, are all shared back in return,
    4. you expect that they'll acknowledge they used your code,
    5. and you expect they'll make available your code they used, and also any code they add, even if they added them in other files or modules.
Notice the big distinguishing point is in how much you want users of your code to share back changes or additions.  From zero sharing required (Apache 2), to sharing changes or additions to your files (MPL 2), to sharing all changes or additions whether they be in your files or in other files linked (dynamically or statically) to your files (GPL).

If you want help navigating to which license to use, this License Selector I found the best (except it's missing EPL-2.0).  While the Choose a License site from GitHub has the slickest UI, they make some questionable suggestions from my point of view, like highly suggesting the MIT (a.k.a Expat*) License instead of the Apache license.

One reasonable advice from ChooseALicense though is to choose the license common in the community you want to share in, but that's really only true if there is an equivalent license to what you'd otherwise want to use.

For example, if you want to use the MPL-2.0, but you're wanting to share in the Clojure community, then you're probably better off using the EPL-2.0 (Eclipse Public License) instead, despite the EPL 2 being very likely not as "good" as the MPL 2 by some metrics.  But EPL is only even an option as it's basically equivalent to the MPL as far as I could tell.

If for some reason you really wanted to GPL license your Clojure code, then EPL isn't going to cut it anyway because they're not at all equivalent.
    * this is different from the MIT / X Consortium License.

    14 September 2019

    How to fix a corrupted VMDK VirtualBox disk image

    I was testing a VMDK VirtualBox disk image created as a dynamically sized sparse disk.  And I tested putting data into it to grow its size until my disk ran out of space on the host OS --- while inside the guest OS the disk image still had space.

    It crashed and corrupted the VMDK disk image.  And VirtualBox doesn't have a way to fix it.

    VMDK is actually a VMWare format.  They have a utility to fix it.

    Just download the vdiskmanager from the Attachments section of this page [1].  Then use it as sudo /path/to/vmware-vdiskmanager -R /path/to/broken.vmdk to fix it as documented here [2].

    [0] Can I fix corrupted vmdk image? VERR_VD_VMDK_INVALID_HEADER
    [1] Repairing a virtual disk in Fusion 3.1 and Workstation 7.1 (1023856)
    [2] Repairing a sparse virtual disk in Fusion (1023888)

    06 September 2019

    Migrating to Lubuntu again - tips and fixes

    I like Lubuntu, and it just keeps getting better.  My old migration notes is mostly outdated as the new Lubuntu uses LXQt instead of the previous LXDE.  So here's some new things I made note of as I migrate to Lubuntu 19.04:

    Time Clock Auto Update Synchronization Problem
    Lubuntu uses by default timedatectl as the tool for setting time including synchronization via NTP Network Time Protocol.  It doesn't seem to have much manual controls though, like forcing an update.

    You could instead use chrony.

    See Keep Your Clock Sync with Internet Time Servers in Ubuntu 18.04  and Ubuntu Docs on Time Synchronization.

    It lets you do things like chronyc sources to see the currently available and selected time sources.  Perhaps your network is blocking NTP updates?

    Or chronyc sourcestats to see your clock's time offset from the various NTP sources.

    You could do a single time offset check, without setting the time: sudo chronyd -Q

    Or manually force a time synchronization with: sudo chronyd -q

    Screen Saver Lock Screen Madness
    There are at least 3 places to set the screen saver / lock screen / sleep settings:
    1. Preferences > LXQt Settings > Session Settings
    2. Preferences > LXQt Settings > Power Management
    3. Preferences > Screensaver
    They seem to interact with each other, and each has slightly other settings and uses.

    My default Screensaver sometimes ran the CPU real hot, so maybe set that to something less energy intensive first.  I used Deco with settings to reduce framerates.

    I'd suggest using Screensaver purely for setting the screensaver and when it turns on.

    Set when the screen locks using Power Management (Idle tab).

    Use the Session Settings to set whether the screen locks before suspending the OS (I think it defaults to locking after suspending).

    Microsoft Fonts

    Install ttf-mscorefonts-installer.  Some instructions for this but it's straightforward from the package manager.  Just use sudo apt install ttf-mscorefonts-installer.

    Download your own software to get the latest versions
    The default package manager using the default Ubuntu software sources are pretty good at keeping up with the versions.  I like doing that most of the time to reduce on maintenance.

    Some things are worth the manual install though.

    1. LibreOffice is at 6.3, but the default installed version is currently only 6.2.6.  Small difference but 6.3 has major efficiency and compatibility updates!  Actually, you don't need to download and install manually.  Just add this PPA to get the freshest version by doing sudo add-apt-repository ppa:libreoffice/ppa and using your package manager to upgrade.
    • LibreOffice has a extension I rely on a lot:  MultiFormatSave.  Let's me save a document to multiple format at the same time, great for supporting MS Office compatibility.
    2.  Google Chrome is self-updating.  I prefer Firefox but anyway, sometimes you need it.

    3. Apache NetBeans.  This requires as a dependency the Java JDK at least version 8.  Version 11, the default on Lubuntu right now, works fine so far.
    • And get the "Maven Remote Search" plugin before Netbeans starts downloading and extracting the maven index that's apparently more than 1 GB in size (froze my computer since I have very little disk space...).

    File compression archiver tool

    The default Ark works fine, but when compressing folders, it likes to compress the entire directory tree from root down to the folder you actually want to compress.  There must be a setting for it in Ark but I can't find it.

    So just install file-roller instead from the muon package manager.  The default file explorer PCManFM-Qt has a preferences option to integrate with file-roller instead as well for ease of use.

    Markdown editor

    I like Ghostwriter so far.  And it could even be installed from the default muon package manager.  Even better!

    Basic graphics editing
    The default graphics viewer LXImage has some annotation tools, I guess, but nothing more.  I miss the Mac Preview tool.

    Anyway, ImageMagick or the more updated GraphicsMagick fork is quite useful (but beware it has a very... historic?... dated?... GUI).  It can be installed via the muon package manager, but it doesn't seem to install a default app launcher icon --- well, it's meant to be used from the terminal, but I like to deal with the GUI.

    So I added a blank file to ~/.local/share/applications called "GraphicsMagic display.desktop" with the following text saved to it:

    [Desktop Entry]
    Name=GraphicsMagick display
    Comment=GraphicsMagick display
    Exec=/usr/bin/gm display %F

    Now you can use it like LXImage (in fact, it uses the LXImage icon because, why not?).

    If I need more intensive graphics editing, I'll use GIMP.

    29 August 2019

    VeraCrypt download: how to verify its PGP signature

    VeraCrypt's download page has a link to a clear explanation on how to verify its download.  But I noticed the PGP signature/key has changed since version 1.22.

    They've also since moved their website from the old Codeplex page to the new download page here: https://www.veracrypt.fr/en/Downloads.html

    VeraCrypt is apparently sponsored by IDRIX (https://www.idrix.fr) and you can verify the new PGP signature/key from them too: https://www.idrix.fr/Root/content/category/7/32/60/

    Their open source development has moved to GitHub where you can see when PGP signature/key update occurred: https://github.com/veracrypt/VeraCrypt/commit/3e25b07646fdb5f01f48da329b91b0553f54a396

    On Macs
    Make sure Homebrew is installed (or else you can install these yourself from source).

    brew install gnupg
    brew install gpg2

    Get VeraCrypt PGP key ID from:

    In the terminal, run the following with the VeraCrypt PGP Key ID you got above:

    gpg --recv-keys 0x680D16DE

    That should import the public key and say "VeraCrypt Team (2018 - Supersedes Key ID=0x54DDD393)" etc.

    gpg --fingerprint 0x680D16DE

    That should display the key fingerprint, which you should compare with the key fingerprint that's posted on:
    and on:

    Now to verify your download, run the following in Terminal for your downloaded version of the files:

    gpg --verify veracrypt-1.23-setup.tar.bz2{.sig*,}

    The message displayed should say the signature used key ID 0x680D16DE (make sure it's the key ID found from above!), or that the primary key fingerprint is 5069A233D55A0EEB174A5FC3821ACD02680D16DE (matching the fingerprints from the above links).

    And it should say the signature is a "Good signature" from the VeraCrypt Team.

    That's it!

    On Linux or Windows

    Similar instructions apply for Linux, but install GnuPG and GPG from your system's package management system instead.

    You can see similar instructions for setting up VeraCrypt on Kubuntu here.

    Similarly for Windows, but you'll have to figure out how to install GPG yourself --- see the Tor project's manual on doing that (that's what helped me piece together the above):

    23 July 2019

    Create React Native App using TypeScript compiled with Babel

    Here's every step to creating a React Native app, written in and type checked with TypeScript, but compiled with Babel 7.

    You're assumed to have some proficiency with using the terminal.

    Tools to Install on your PC

    I'm on a Mac, but the steps shouldn't be much different on Ubuntu Linux or Windows.
    1. Install Homebrew.
      It's a package manager for Macs, and Linux too, but if you're on Ubuntu or Debian, I suggest just use the built-in one like APT.
    2. Install Node thru brew.
      Installing Node should include the NPM package manager with it, which is needed below.
    3. Some say to next install Yarn thru brew.
      Yarn is yet another node package manager... you can skip this if you want, it's not strictly needed, and I won't use Yarn in this tutorial.
    4. Fix NPM if you installed Yarn.
      I actually mentioned Yarn at all only because with Homebrew, you might now need to fix the Node NPM install as it might be broken by installing yarn.  Simply[1] run: yarn global add npm.  Remember, we don't need Yarn in this tutorial though.
    5. Install React Native CLI thru npm:npm install -g react-native-cli
      This is basically a template that creates a RN project for you to start from.
    [1] https://stackoverflow.com/questions/33870520/npm-install-cannot-find-module-semver/49422151#49422151

    New Project with React Native

    1. Create a React Native project:
    $ react-native init CoolProject

    1.5. Upgrade core-js:
    I got an error like this:
    warning react-native > create-react-class > fbjs > core-js@1.2.7: core-js@<2.6.8 is no longer maintained. Please, upgrade to core-js@3 or at least to actual version of core-js@2.

    You just need to upgrade core-js.  Go into your CoolProject folder and run:
    npm install --save core-js@^3

    2. cd CoolProject to go into the new project's root directory, then install Babel:
    $ npm install --save-dev @babel/core @babel/cli
    I assume this will install for you Babel 7 or above.  We'll need it later to migrate to TypeScript.

    3. Create a lib folder in the project root.
    $ mkdir lib
    The lib folder will be used to contain the App's JavaScript files. Traditionally, the folder would be called "src", but looking forward, these JavaScript files eventually will be produced by the TypeScript compiler for us.

    So instead, we're going to reserve "src" for later when we migrate to TypeScript, instead of calling it "src" right now when we're still dealing with just JavaScript JS, or JSX, files.

    Separating the TypeScript and the compiled JavaScript files is a technique to avoid in-source builds (a usual technique used in compiled languages like C++: see e.g. in-source vs out-of-source builds).