Twitter github

Category “work”

Eclipse Code of Conduct

At the recent Eclipse Foundation board meeting this week in Toulouse as part of EclipseCon France, the committer representatives helped move forward a code of conduct for the Eclipse community. As for a bit of background, the request for this initially came from bugzilla and also the LocationTech working group which was looking for a code of conduct for its community. The board opted for a simple code of conduct based on the Contributor Convenant, see this email from Mike Milinkovich:

I am very pleased to announce that the Eclipse Foundation Board of Directors approved a Community Code of Conduct[1] at their meeting earlier this week at EclipseCon France. This brings the Eclipse community in line with the best practices for open source communities around the world.

Our community already has a strong culture of respect and professionalism. Neither I nor the Board expect anyone’s behaviour to change as a result of this. This is simply codifying the high expectations we already meet in terms of professionalism, respect, and simply courtesy.

I agree with Mike and couldn’t have said it better, we have a great community and this simply codifies our high expectations.

SourceForge Hijacking Open Source Project Downloads

Today I read about how SourceForge is hijacking nmap downloads through their old SourceForge account…

This is just plain naughty behavior in open source land… SourceForge has previously done this with the GIMP project and inserted adware into the download. They even created a response page based on the criticism from that incident stating that:

This is a 100% opt-in program for the developer, and we want to reassure you that we will NEVER bundle offers with any project without the developers consent.

Outside of this just being dubious behavior, this looks to be a lie based on what the  nmap developers have stated. Also, what is concerning is that who knows what other open source projects SourceForge is trying to do this for.

This should be a lesson and even a wake up call to open source projects who use external services like SourceForge… there’s inherent risk if the tide of the business you depend on changes.

Furthermore, this is another reason hosting your project at a quality open source foundation can be beneficial as they generally won’t do these type of shenanigans as they protect your projects best interests. These open source foundations can also help you secure a trademark for your project which can help fight against these types of issues.

Stay diligent!

UPDATE: A response from SourceForge

@ApacheParquet Graduating and Mesos with Siri

The last week for me has been fun in open source land outside of me getting two of my wisdom teeth pulled out of my face. On the bright side, I have some pain killers now and also, two notable things happened. First it was nice to finally graduate Parquet out of the Apache Incubator:

It’s been a little over two years since we (Twitter) announced the open source columnar storage project with Cloudera. It’s a great feeling to see a plan come together and see this project grow over the years with 60+ contributors while hitting the notable achievement of graduating out of the Apache incubator gauntlet. If there’s any lesson here for me, it’s much easier to build an open source community when you do it an independent fashion with at least someone else in the beginning (thanks Cloudera).

Another notable thing that happened was that Apple finally announced that they are using Mesos to power Siri’s massive infrastructure.

In my experience of building open source communities, there are usually your public adopters and private adopters. There are companies that wish to remain private about the software they use at times and that’s fine, it’s understandable when it can be viewed as a competitive advantage. The challenge is how you work with these private adopters when they use an open source project of yours while wanting to collaborate behind the scenes.

Anyways, it’s a great feeling to see Apple opening up a bit about their infrastructure and open source usage after working with them for awhile. Hopefully this is a sign of things to come from them. Also, it would be nice if Apple just updated Siri so when you ask what Mesos is, it replies with a funny response and proclaims her love of open source infrastructure technology.

Overall, it’s been a great last week.

Thoughts on running an open source program (via @TODOGroup)

I recently posted on the @TODOGroup blog on why we run an open source program at Twitter:

Outside of just my experience, it’s been great to see other companies participating in this effort so you can hear from them too on running open source programs:

There should be more blog posts from us in the future about this topic, on top of us discussing other issues pertinent to companies working with open source communities.

Anyways, I hope you learned something new from these posts and if you’re a fan of company open source programs, please consider pushing your company or others to establish an official open source program or office. We all should give back as it’s in our best interest.

FoundationDB and Open Source Foundations

Just like any other day, I saw a funny tweet across my timeline this morning:

Not sure if you heard the news, but FoundationDB was a company with a decent amount of open source projects around a NoSQL database. They recently were bought by a much larger company and decided to close down the project, including removing the source and binaries from distribution channels.

I don’t want to sound like a broken record, but open source foundations are really useful. As a consumer, it helps you ensure that there is an independent governance structure in place along with fair ownership of the code (usually the foundation). This means that code won’t disappear overnight since an independent entity owns it, along with the broader community. From a producer point of view, you can build diversity in ownership and committers which will help you in the long run in building a sustainable open source community.

Oh well, c’est la vie.

Quick update and nice set of genuine tweets from the CouchDB folks who saw the benefits of having the code exist at an open source foundation:

Linux Kernel’s Code of Conflict

The Linux Kernel recently has come up with an aptly named “Code of Conflict” to deal with some of the criticism inside that community:

There’s also an interview from the Linux Foundation Executive Director, Jim Zemlin about this topic:

While not perfect in my opinion, it is the step in the right direction to ensure a well behaving community. While most people will be excellent to each other, there will also be outliers. Also, it’s important to set expectations within a open source community and really just set the ground rules.

Finally as a prediction (and hope), I expect to see more open source communities, foundations and even companies start implementing these code of conduct style guidelines this year.

FYI: Open Source Initiative (@OpenSourceOrg)

If you aren’t aware of the Open Source Initiative (OSI), you should be. They are fantastic not-for-profit organization responsible for the Open Source Definition (which everyone should read once in their lives), they maintain a a list of compliant license definitions on top of promoting open source across the world.

They are also membership driven organization, which is supported by individuals and affiliates. As far as I know, they are the only organization that brings together a variety of open source individuals/institutions to cross-promote ways to work together improve the adoption of open source software:

AffiliateLogosFinal_6

They are also in the last month of their membership drive, so if you’re interested in supporting their cause, I highly recommend you consider joining as a member:

Also more selfishly, the OSI currently has nominations open for the board of director election which I’m partaking in. The current group of nominations include a great group of folks from all over the open source ecosystem and I’d love to have the opportunity to serve, my plans include expanding corporate membership and more.

So please consider supporting the OSI and vote your interests, they really make the greater open source community a better place.

Comments Closed

CFP and Sponsors: MesosCon 2015

We of the MesosCon Program committee recently launched the MesosCon 2015 Call for Papers (CFP) and early bird registration:

If you’re interested in the future of datacenter infrastructure, I highly recommend attending. The conference will be co-located with LinuxCon North America 2015 in beautiful Seattle, WA and the early bird rates are priced at a reasonable $299 to start in my opinion (we also have student rates at $99).

As part of the registration process, you’ll have an opportunity to donate to a MesosCon Diversity Scholarship program which provides support to women, people of color and people with disabilities who may not otherwise have the opportunity to attend for financial reasons. Equal access and diversity are important to MesosCon, and we aim to remove this obstacle for underrepresented attendee groups.

In the coming months, we’ll announce keynotes and the program. We’re also looking for sponsors, so if you’re interested, please feel free to reach out to me.

TravisCI Container Infrastructure: Faster Builds

Just before I disappeared for the holidays, I sent out a tweet talking about testing out the new Travis CI container infrastructure:

Last week, I spent some time moving more @TwitterOSS open source projects on GitHub to take advantage of this and have been nothing but thrilled with the results (seen build speeds improve by 30% to nearly 50%). Faster builds lower the barrier to contribution and also translate into less wasted time.

Anyways, check it out, more people need to know about this rely on Travis CI.

Malicious Open Source Contributions

Yesterday, an interesting happened within the Eclipse Foundation community where someone sent a malicious code review

We generally don’t see this type of thing in open source communities (mostly just contributions without tests), but I believe malicious contributions will continue and become more frequent. The opportunity is just there for bad actors and open source code is embedded all over the place, from your desktop, to your mobile devices to vehicles.

Looking back, there’s been some notable opportunities for bad actors to inject malicious code. One example I recall in particular is RubyGems and SSL and another more prominent example was when the Kernel.org servers were hacked:

Good times, stay diligent.