Twitter github

Posts Tagged with “open source”

Open Container Initiative at 12 Months

Today at DockerCon 2016 I had fun speaking with colleagues on where we are with the Open Container Initiative (OCI) after about a year:

OCI

The industry needs standards around the container format/runtime to enable portability, if you’re interested in joining this effort you can find more information here: https://www.opencontainers.org/join

Companies paying it forward in open source

 

I recently saw that Mozilla launched its amazing “Open Source Support” award program:

According to some research, at least 78% of companies are using open source in some fashion (my personal guess is that the number is higher). The fact that the Mozilla corporation realizes that it needs to give back (on top of all the work they already do), is incredibly progressive and I hope sets an example moving forward for others as it can help solve the tragedy of the commons issue that many open source projects face.

For those who aren’t familiar with the concept, tragedy of the commons is:

the depletion of a shared resource by individuals, acting independently and rationally according to each one’s self interest, despite their understanding that depleting the common resource is contrary to their long-term best interests.

The key problem here is that organizations who cannot be excluded from the benefits of a good often have little incentive to contribute toward the production of that good. This is essentially known as “free-riding” and is common in open source land, even with projects that are successful.

There are many ways to tackle this problem, whether it’s through a restrictive license, guilting people to donate, or just setting up a foundation with membership rules and dues to ensure that a particular bit of software is properly funded.

These days, I’m taking a more positive outlook on this issue as I keep seeing more companies setting up open source program offices or even funding projects/developers important to their business (see this recent Capital One example below, which by the way recently established an open source program):

 

https://twitter.com/segiddins/status/659025346264567808

I think this trend will continue as long as we in the free and open source community push for it. At the end of the day, we are in it all together. The more we can convince organizations to give back, especially the ones that have strongly benefited, the more all of us will get back.

My challenge to you is to push your respective organization to give back, whether that is financially or in some other way.

FYI: #MesosCon Europe 2015

A couple of weeks ago I had the pleasure of attending MesosCon 2015 in Seattle co-located with LinuxCon. I had the honor of being on the Program Committee this year and helped draft the program with a great group of folks. It’s really amazing to see how far things have come since we helped open source Mesos… it was great to see companies like Apple, Verizon, Bloomberg, Paypal, Intel, Cisco, Twitter, AT&T and many other adopters running Mesos with serious production workloads! I was also really proud of us having a diversity scholarship as part of the conference, that worked out really well and we will do it more in the future.

Anyways, if you couldn’t make it, the good news is that all of the sessions were recorded and are available on YouTube now:

Furthermore, if Seattle was a bit too far away, we are hosting MesosCon Europe in Dublin in about a month. The program isn’t live yet as we are in the community review phase for proposals so if you would like to participate in the program selection, please get your votes in!

I look forward to seeing everyone in Dublin and chatting with people over some frosty beverages!

#OSCON 2015 and the Rise of Open Source Offices

I had a fantastic time at OSCON last week. It was a crazy busy week for Twitter announcing that we are helping form the Cloud Native Computing Foundation and unifying some of the work that has been going on in the Kubernetes and Mesos ecosystems:

It’s rare that you see two communities and the large companies behind them put their egos besides and do what is better for everyone in the long term in the infrastructure space. We also formally joined the Open Container Initiative and plan on donating an AppC C++ implementation in the future:

Thank you to everyone who came to our ping pong tournament party and learned a bit more about the sport of table tennis:

We also had a great @TODOGroup panel at OSCON discussing how different companies are running and establishing open source offices… along with what works and some lessons learned:

Finally, thank you to everyone who came to my talk about lessons learned from Twitter creating its open source office on Thursday:

It’s always amazing to see how many companies are starting to form open source offices, from my talk I tried to highlight some of the better known ones from larger companies and even startups (along with their mission statements):

I really expect this trend to continue in the future, for example Box is looking to hire their first Head of Open Source and even  Guy Martin was just hired to create and run an open source office at Autodesk… Autodesk!

At the end of the day, as more businesses become software companies to some nature, they will naturally depend on a plethora of open source software. Businesses will look to find ways to build better relationships with the open source communities their software depends on to maximize value for their business, it’s in their best interests.

SourceForge Hijacking Open Source Project Downloads

Today I read about how SourceForge is hijacking nmap downloads through their old SourceForge account…

This is just plain naughty behavior in open source land… SourceForge has previously done this with the GIMP project and inserted adware into the download. They even created a response page based on the criticism from that incident stating that:

This is a 100% opt-in program for the developer, and we want to reassure you that we will NEVER bundle offers with any project without the developers consent.

Outside of this just being dubious behavior, this looks to be a lie based on what the  nmap developers have stated. Also, what is concerning is that who knows what other open source projects SourceForge is trying to do this for.

This should be a lesson and even a wake up call to open source projects who use external services like SourceForge… there’s inherent risk if the tide of the business you depend on changes.

Furthermore, this is another reason hosting your project at a quality open source foundation can be beneficial as they generally won’t do these type of shenanigans as they protect your projects best interests. These open source foundations can also help you secure a trademark for your project which can help fight against these types of issues.

Stay diligent!

UPDATE: A response from SourceForge

Comments Closed

CFP and Sponsors: MesosCon 2015

We of the MesosCon Program committee recently launched the MesosCon 2015 Call for Papers (CFP) and early bird registration:

If you’re interested in the future of datacenter infrastructure, I highly recommend attending. The conference will be co-located with LinuxCon North America 2015 in beautiful Seattle, WA and the early bird rates are priced at a reasonable $299 to start in my opinion (we also have student rates at $99).

As part of the registration process, you’ll have an opportunity to donate to a MesosCon Diversity Scholarship program which provides support to women, people of color and people with disabilities who may not otherwise have the opportunity to attend for financial reasons. Equal access and diversity are important to MesosCon, and we aim to remove this obstacle for underrepresented attendee groups.

In the coming months, we’ll announce keynotes and the program. We’re also looking for sponsors, so if you’re interested, please feel free to reach out to me.

TravisCI Container Infrastructure: Faster Builds

Just before I disappeared for the holidays, I sent out a tweet talking about testing out the new Travis CI container infrastructure:

Last week, I spent some time moving more @TwitterOSS open source projects on GitHub to take advantage of this and have been nothing but thrilled with the results (seen build speeds improve by 30% to nearly 50%). Faster builds lower the barrier to contribution and also translate into less wasted time.

Anyways, check it out, more people need to know about this rely on Travis CI.

Malicious Open Source Contributions

Yesterday, an interesting happened within the Eclipse Foundation community where someone sent a malicious code review

We generally don’t see this type of thing in open source communities (mostly just contributions without tests), but I believe malicious contributions will continue and become more frequent. The opportunity is just there for bad actors and open source code is embedded all over the place, from your desktop, to your mobile devices to vehicles.

Looking back, there’s been some notable opportunities for bad actors to inject malicious code. One example I recall in particular is RubyGems and SSL and another more prominent example was when the Kernel.org servers were hacked:

Good times, stay diligent.

Apache (and other foundations) considered useful

I couldn’t resist writing a blog about this topic given the chance to use a witty blog title. A few years ago, I blogged about a post that Mike Rogers (@mikeal) wrote about “Apache considered harmful” in the GitHub era.

I agreed with Mike to an extent, but mostly around my frustration in how slow the ASF was in adopting newer tools (like Git) and how the organization was structured with volunteers responsible for critical infrastructure. However, we can save that frustration for another post (note: this has improved as of late).

The interesting part was that Mike recently has had some interesting thoughts about the role of companies in open source due to the NodeJS / io.js forking debacle:

In particular, his opinion is that no company alone can be trusted with the ownership of a community driven open source project. I generally agree with his thoughts however, there are solutions to his problem involving open source foundations. Open source foundations like the ASF, Eclipse Foundation and Linux Foundation (and more) are actually really useful:

The foundations I mentioned above have over a decade of experience being built for the sole purpose of allowing independent open source communities to flourish with fair governance models built on meritocratic behaviors (just take a peak at some of the Apache documentation or Eclipse development process). This is important because the incentives between individuals small companies, large companies, heavily funded companies and even academics are different and need to be accounted for in a fair open source governance structure. Some of these foundations like the Eclipse Foundation started out as the “Eclipse Consortium” and learned some of these lessons the hard way.

In particular, I would like to call out the Eclipse Foundation Working Groups and Linux Foundation Collaborative Projects concepts as some of the best ways to collaborate in the open for maturing open source projects.

On a funny note, as I was trying to get this post out last week, hilariously the container community was going through a fork of Docker with Rocket from CoreOS (in particular, this Hacker News thread was just cheeky):

What happened with Docker/Rocket was almost predictable given the way the Docker project was structured and how late to the game they were in establishing some level of governance and independence as more larger companies were getting involved. At least the competition should help container technology improve at a quicker pace.

In the end, I have to agree with this tweet from Jim Jagielski (@jimjag) about the role of open source foundations:

I hope that in the future as new open source projects become successful, they take a serious look at open source foundations (especially the ones I mentioned) as a proper place to grow and provide structure to their community. Their communities deserve it.

Naming Mars+1 (2016 @EclipseFdn Release)

It’s that time of year that members of the Eclipse Foundation Planning Council help spearhead the community-based naming process of the next Eclipse release (slated for 2016).

The rules are contained in this bug where you can submit names for consideration. Here are the guidelines for names:

The rules and procedure for naming Mars+1 will be similar to what has happened in the past. The name should be alphabetically greater than “M”

Preference will be given to “N” names, but no strict rule that others would not be considered. Preference given to names that fit the “moon”, “heavenly body gods”, or “scientists” themes we’ve had in the past.

I’m suggested Nova or Neutrino to start, but have taken a liking to Neptune as a potential option:

NeptuneHave a better suggestion for a name? Well put it in the bug before we call for an official vote in the coming weeks.

Thank you!