Posts

Kubernetes

In his keynote address at KubeCon, Craig McLuckie said the success of Kubernetes has been driven by the community, excited end users, and organizations that have built out the Kubernetes ecosystem.

Kubernetes is one of the highest velocity open source projects around, attracting more than 80,000 commits from nearly 3,000 developers at more than 1,180 companies over the past three years. From the start, the project has managed its success by gauging whether its users are excited about the technology and using it, which they are. Likewise, Craig McLuckie, CEO of Heptio and co-founder of Kubernetes remains excited about the technology.

That excitement was showcased at McLuckie’s KubeCon keynote address, titled The Road Ahead on the Kubernetes Journey (see video below).

McLuckie has been steering Kubernetes toward success since its origin at Google. He has seen it emerge as a standard operating environment for distributed systems development over the past few years, and watched as it has become embraced by almost every significant vendor in the ecosystem. Kubernetes is helping solve tough problems in deploying and running applications and is supporting development of new approaches to building and running applications.

In his KubeCon address, McLuckie discussed the emergence of expert operations and how Kubernetes is driving change at organizations that build and manage distributed systems. He also discussed the increasing importance of cloud native technologies.

3 Driving Factors

McLuckie said Kubernetes’ success has been driven by three things: community, excited end users, and organizations that have built out the Kubernetes ecosystem. He is also focused on efficient development around the project. “Developer productivity really matters,” he said. “Anything we can do to drive even a five percent increase in developer productivity is worth it. Developers are moving from building static code to living services. Organizations should focus on the delivery of living services.”

Organizations everywhere are implementing container technologies, and many of them are turning to Kubernetes as a solution for orchestrating containers. Kubernetes is attractive for its extensible architecture and healthy open source community, but some still feel that it is too difficult to use. For some time now, new tools have been emerging that help streamline Kubernetes and make building container-based applications easier.

Kubernetes as a Service

McLuckie also foresees new security and governance policies taking shape at organizations as they strategize around technologies like Kubernetes. Additionally, he sees them embracing the multi-cloud trend. “I want to recognize the cloud providers out there that have introduced Kubernetes-as-a-service offerings,” he said. “These are providing high levels of assurance that Kubernetes is provisioned and is running exactly as it should. The available clusters feature consistency, and have the same behavior. If you see the certification logo, you can have confidence in this consistency.”

“These services make hybrid cloud deployments more viable,” he added. “And, people are building applications that can, say, run in two clouds. People should have the flexibility to do so, and to be able to pick which clouds they want to deploy their new services into.”

McLuckie has been working directly with cloud providers such as the Azure team at Microsoft to ensure that services around tools like Kubernetes are running correctly and are optimized. He sees such optimization of services growing along with the trend toward deploying applications in multiple cloud scenarios. Players like Microsoft have also built dedicated tools to streamline use of Kubernetes. For example, Microsoft has open sourced Draft, a tool that streamlines application development and deployment into any Kubernetes cluster.

Above all, McLuckie emphasized that Kubernetes will be driven forward by the community, and not by any individual. “If we hold together, there is so much more that we can do,” he said. “We haven’t felt the full potential of Kubernetes, not just around the issues that surround the deployment of software, but as a way to build new classes of distributed systems where Kubernetes is the core development environment.”

Hear more in McLuckie’s keynote address below:

Learn more about Kubernetes at KubeCon + CloudNativeCon Europe, coming up May 2-4 in Copenhagen, Denmark.

The influence of open source software on every aspect of business has been on the rise for years, and it should come as no surprise that its influence during merger and acquisition (M&A) transactions has grown as well. In particular, open source audits are part of required due diligence in M&A or initial public offering (IPO) processes. Not only do such audits highlight potential instances of copyright infringement, but they give buyers and investors a landscape view of important open source components in their target’s technology stack.

These issues and more are covered in-depth in a new ebook, Open Source Audits in Merger and Acquisition Transactions, from Ibrahim Haddad and The Linux Foundation, which provides an overview of the open source audit process and highlights important considerations for code compliance, preparation, and documentation.

Today’s software products and technology stacks incorporate many open source components, and the implementation of these components can mean complex licensing and inter-dependency issues.  Part of the goal with a proper source code audit is to avoid unpleasant surprises post-acquisition. Source code scanning tools have the ability to discover and match snippets of open source code that have been incorporated within software tools and platforms. In addition, these tools can identify modifications to open source code that developers may have deployed.

“Every M&A transaction is different, but the need to verify the impact of acquiring open source obligations is a constant,” writes Haddad. “Open source audits are carried out to understand the depth of use and the reliance on open source software. Additionally, they offer great insights about any compliance issues and even about the target’s engineering practices.”

Haddad also notes that open source audits can expose obligations. “Open source licenses usually impose certain obligations that must be fulfilled when code is distributed,” he notes. “One example is the GNU General Public License (GNU GPL), which requires derivatives or combinations to be made available under the same license as well. Other licenses require certain notices in documentation or have restrictions for how the product is promoted.”

According to Haddad, there are three common types of open source audits that are performed in M&A situations:

  1. Traditional audit, in which the auditor gets complete access to all the code and executes the audit either remotely or on site.
  2. Blind audit, in which the auditor does the work remotely and without ever seeing the source code.
  3. “Do It Yourself” audit, where the target company or the acquirer performs most of the actual audit work themselves using the tools with the option for a random verification of results from the auditing company.

Is a merger and acquisition scenario the only time an organization should consider an open source audit? No, regular audits can provide much value, and companies such as Black Duck Software have specialized in doing them in many types of business scenarios. “While it’s undeniable that an open source audit is essential before any successful M&A or IPO, it’s no less important as part of a software team’s regular operations,” notes a blog post from White Source Software. “Put it this way, if you have license compliance or security issues affecting your open source components, isn’t it better to identify and deal with those issues sooner rather than later?”

Many important issues arise during audits, including potential security threats and lapses in version control. Everything you need to know, including recommended practices and mistakes to avoid, can be found in this ebook.

Download the ebook now.

OSLS

Keynote speakers announced for The Linux Foundation Open Source Leadership Summit.

The Linux Foundation Open Source Leadership Summit is the premier forum for open source leaders to convene to drive digital transformation with open source technologies and learn how to collaboratively manage the largest shared technology investment of our time.

Confirmed keynote speakers and panelists for this year’s event include:

  • Deepak Agarwal, VP of Artificial Intelligence at LinkedIn
  • Subbu Allamaraju, VP of Technology, Expedia
  • Dustin Bennett, Software Engineer Sr. Manager, The Home Depot
  • Austen Collins, Founder & CEO, Serverless Inc.
  • Justin Dean, SVP Platform & TechOps, Ticketmaster
  • Ashley Eckard, Sr. Software Engineer, The Home Depot
  • Dr. Mazin Gilbert, Vice President of Advanced Technology, AT&T Labs
  • Chen Goldberg, Director of Engineering, Google Cloud
  • Nidhi Gupta, SVP of Engineering, Hired
  • Patrick Heim, Operating Partner & CISO, ClearSky Security
  • John M. Jack, Board Partner, Andreessen Horowitz and Advisor to The Linux Foundation
  • Edward Kearns, Chief Data Officer, National Oceanic and Atmospheric Administration
  • Marten Mickos, CEO, HackerOne
  • Mark Russinovich, CTO, Microsoft Azure, Microsoft
  • Tarry Singh, Author, AI, ML & Deep Learning Executive, and Deep Learning Mentor, Coursera
  • Aaron Symanski, Chief Technology Officer, Change Healthcare
  • Rachel Thomas, Co-Founder, Fast.ai
  • Jim Zemlin, Executive Director, The Linux Foundation

Open Source Leadership Summit fosters innovation, growth, and partnerships among the leading projects and corporations working in open technology development. Business and technical leaders will gather at the summit to advance open source strategy, implementation and investment.

Here’s How To Join Us at Open Source Leadership Summit:

Speak

Are you a business or technical leader looking to advance open source strategy, implementation and investment? Join us and share your expertise at Open Source Leadership Summit. View the full list of suggested topics and submit a proposal by 11:59pm PST on Sunday, January 21, 2018.  

Attend

Attendance to Open Source Leadership Summit is limited to members of The Linux Foundation and LF Hosted Projects, as well as media, speakers and sponsors. If you are a member, and would like to attend, email us at events@linuxfoundation.org.  For media attendance inquiries, email Dan Brown at dbrown@linuxfoundation.org.

Sponsor

Showcase your thought leadership among a vibrant open source community and connect with top influencers driving today’s technology purchasing decisions. Learn how to become a sponsor.

open source networking

Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed open source networking trends at Open Source Summit Europe.

Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation.

“Networking is cool again,” he said, opening his keynote address with observations on software-defined networks, virtualization, and more. Joshipura is no stranger to network trends. He has led major technology deployments across enterprises, carriers, and cloud architectures, and has been a steady proponent of open source.

“This is an extremely important time for our industry,” he said. “There are more than 23 million open source developers, and we are in an environment where everyone is asking for faster and more reliable services.”

Transforming telecom

As an example of transformative change that is now underway, Joshipura pointed to the telecom industry. “For the past 137 years, we saw proprietary solutions,” he said. “But in the past several years, disaggregation has arrived, where hardware is separated from software. If you are a hardware engineer you build things like software developers do, with APIs and reusable modules.  In the telecom industry, all of this is helping to scale networking deployments in brand new, automated ways.”

Joshipura especially emphasized that automating cloud, network and IoT services will be imperative going forward. He noted that enterprise data centers are working with software-defined networking models, but stressed that too much fragmented and disjointed manual tooling is required to optimize modern networks.

Automating services

“In a 5G world, it is mandatory that we automate services,” he said. “You can’t have an IoT device sitting on the phone and waiting for a service.” In order to automate network services, Joshipura foresees data rates increasing by 100x over the next several years, bandwidth increasing by 10x, and latencies decreasing to one-fifth of what we tolerate now.

The Linux Foundation hosts several open source projects that are key to driving networking automation. For example, Joshipura noted EdgeX Foundry and its work on IoT automation, and Cloud Foundry’s work with cloud-native applications and platforms. He also pointed to broad classes of open source networking tools driving automation, including:

  • Application layer/app server technologies
  • Network data analytics
  • Orchestration and management
  • Cloud and virtual management
  • Network control
  • Operating systems
  • IO abstraction & data path tools
  • Disaggregated hardware

Tools and platforms

Joshipura also discussed emerging, open network automation tools. In particular, he described ONAP (Open Network Automation Platform), a Linux Foundation project that provides a comprehensive platform for real-time, policy-driven orchestration and automation of physical and virtual network functions that will enable software, network, IT and cloud providers and developers to rapidly automate new services and support complete lifecycle management. Joshipura noted that ONAP is ushering in faster services on demand, including 4G, 5G and business/enterprise solutions.

“ONAP is one of the fastest growing networking projects at The Linux Foundation,” he said, pointing to companies working with ONAP ranging from AT&T to VMware.

Additionally, Joshipura highlighted OPNFV, a project that facilitates the development and evolution of NFV components across open source ecosystems. Through system level integration, deployment and testing, OPNFV creates a reference NFV platform to accelerate the transformation of enterprise and service provider networks. He noted that OPNFV now offers container support and that organizations are leveraging it in conjunction with Kubernetes and OpenStack.

To learn more about the open source tools and trends that are driving network automation, watch Joshipura’s entire keynote address below:
Additionally, registration is open for the Open Networking Summit North America. Taking place March 26-29 in Los Angeles, its the industry’s premier open networking event that brings together enterprises, carriers and cloud service providers across the ecosystem to share learnings, highlight innovation and discuss the future of Open Source Networking.

Learn more and register now!

open source networking

Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed open source networking trends at Open Source Summit Europe.

Ever since the birth of local area networks, open source tools and components have driven faster and more capable network technologies forward. At the recent Open Source Summit event in Europe, Arpit Joshipura, Networking General Manager at The Linux Foundation, discussed his vision of open source networks and how they are being driven by full automation.

“Networking is cool again,” he said, opening his keynote address with observations on software-defined networks, virtualization, and more. Joshipura is no stranger to network trends. He has led major technology deployments across enterprises, carriers, and cloud architectures, and has been a steady proponent of open source.

“This is an extremely important time for our industry,” he said. “There are more than 23 million open source developers, and we are in an environment where everyone is asking for faster and more reliable services.”

Transforming telecom

As an example of transformative change that is now underway, Joshipura pointed to the telecom industry. “For the past 137 years, we saw proprietary solutions,” he said. “But in the past several years, disaggregation has arrived, where hardware is separated from software. If you are a hardware engineer you build things like software developers do, with APIs and reusable modules.  In the telecom industry, all of this is helping to scale networking deployments in brand new, automated ways.”

Joshipura especially emphasized that automating cloud, network and IoT services will be imperative going forward. He noted that enterprise data centers are working with software-defined networking models, but stressed that too much fragmented and disjointed manual tooling is required to optimize modern networks.

Automating services

“In a 5G world, it is mandatory that we automate services,” he said. “You can’t have an IoT device sitting on the phone and waiting for a service.” In order to automate network services, Joshipura foresees data rates increasing by 100x over the next several years, bandwidth increasing by 10x, and latencies decreasing to one-fifth of what we tolerate now.

The Linux Foundation hosts several open source projects that are key to driving networking automation. For example, Joshipura noted EdgeX Foundry and its work on IoT automation, and Cloud Foundry’s work with cloud-native applications and platforms. He also pointed to broad classes of open source networking tools driving automation, including:

  • Application layer/app server technologies
  • Network data analytics
  • Orchestration and management
  • Cloud and virtual management
  • Network control
  • Operating systems
  • IO abstraction & data path tools
  • Disaggregated hardware

Tools and platforms

Joshipura also discussed emerging, open network automation tools. In particular, he described ONAP (Open Network Automation Platform), a Linux Foundation project that provides a comprehensive platform for real-time, policy-driven orchestration and automation of physical and virtual network functions that will enable software, network, IT and cloud providers and developers to rapidly automate new services and support complete lifecycle management. Joshipura noted that ONAP is ushering in faster services on demand, including 4G, 5G and business/enterprise solutions.

“ONAP is one of the fastest growing networking projects at The Linux Foundation,” he said, pointing to companies working with ONAP ranging from AT&T to VMware.

Additionally, Joshipura highlighted OPNFV, a project that facilitates the development and evolution of NFV components across open source ecosystems. Through system level integration, deployment and testing, OPNFV creates a reference NFV platform to accelerate the transformation of enterprise and service provider networks. He noted that OPNFV now offers container support and that organizations are leveraging it in conjunction with Kubernetes and OpenStack.

To learn more about the open source tools and trends that are driving network automation, watch Joshipura’s entire keynote address below:
Additionally, registration is open for the Open Networking Summit North America. Taking place March 26-29 in Los Angeles, its the industry’s premier open networking event that brings together enterprises, carriers and cloud service providers across the ecosystem to share learnings, highlight innovation and discuss the future of Open Source Networking.

Learn more and register now!

open source program

Gil Yehuda, Senior Director of Open Source at Oath (which owns the Yahoo and AOL brands), describes the company’s open source goals.

For seven years and counting, Gil Yehuda, Senior Director of Open Source at Oath Inc. (which owns the Yahoo and AOL brands), has led the open source program at Yahoo. Now with an expanded scope, he is gearing up to grow his team and improve the program. The company’s formal open source program office serves as a hub to connect all open source activities across the company, he says, but it didn’t start out that way.

As with many other companies, the open source program started informally with a group of diligent engineers and a few legal people. But the ad hoc group soon realized it needed a more formal program if it was going to be able to scale to address more issues and achieve specific business goals. With a formal program in place, they are poised to achieve its goals.

The top five of Oath’s numerous open source goals, according to Yehuda, are:

  1. Keep aligned with the industry on open source technology standards by avoiding creating unique tech stacks that Oath alone would have to manage at its own expense.
  2. Make it easy for engineers to interact with open source as users and as contributors.
  3. Be viewed as an open source friendly company for partnerships and collaborations.
  4. Be known as a great place for engineers to work on open source projects.
  5. Give back to the Open Source community by sharing code and practices.

Measuring and monitoring success requires the right tools and attitudes. Yehuda says at Oath they actively solicit and listen to the needs of their many engineering teams, track all their work transparently in Jira, and spread the work across many teams who help with the process.

“We have custom tools we use to check code and manage projects, but we’re hoping to work more with our peers in the TODO Group on tooling we can share across many of our peer open source program offices,” he said.

Success comes from being open, at scale

Yahoo helped make Apache Hadoop the cornerstone of the big data revolution when it took the early code and created a team around it to help it scale to Internet-scale. They agreed to publish it all as open source. When the need for real-time processing came to the forefront, Yahoo created S4 and open sourced it too, but then discovered Storm was just published, too, and it looked more promising. The team ditched their own code and put their efforts into helping make Storm even better.  

“We applied to Apache Storm what we learned from Hadoop and S4,” Yehuda said. “Our goal was to make it great, even though it kind of competed with our own first stab.”

Storm is a success today, and the company runs it alongside Hadoop to power many of its products. They added machine learning and high-scale data serving capabilities by adding Vespa Engine, to their platforms, and then published that too. And they helped other machine learning projects scale better too, all by publishing open source.

“We’ve leveraged our expertise with Storm to help both Caffe and TensorFlow achieve better scalability. We don’t own these solutions exclusively. Rather we share our code and help others — all the while we get to leverage our expertise to build one of the industry’s most scalable platforms for our use,” he said. “This saves us money while making us a fantastic place to work on projects that impact hundreds of millions of people.”

The program office worked on strategy, legalities, and execution of these and similar projects. Leveraging open source licensing and processes effectively was a key element throughout. Now as Oath, this work continues and expands.

Yehuda cited three key lessons he learned managing an open source program:

  1. Be a service to the engineers, not a barrier.
  2. Accept that challenges will be never-ending.
  3. Run the program office like you run an open source project: Be transparent in the way decisions are made and be open to input and collaboration from everyone.

“There are so many edge cases that come up — partnerships, acquisitions, unclear contract terms — and we simply need to be open to learn, explore, and come up with an answer to every open source related question. But the most rewarding part of my job is when people tell me they joined our company because they knew about our open source friendly culture. You know, we’re always looking for open source talent, and I’m hiring into the program office.” added Yehuda.

compliance

There are generally two teams involved in achieving open source license compliance within an organization: a core team and an extended team of individuals from various departments.

No individual, no matter how adept, can successfully implement open source compliance across an entire organization. Keeping track of where and how open source code is used, approved, and shipped must be a cross-functional team effort.

From core engineering and product teams, to legal counsel and upper management, compliance involves individuals in many roles from various departments throughout the company.

In this article, highlighting a chapter of The Linux Foundation ebook Open Source Compliance in the Enterprise by Ibrahim Haddad, we’ll give an overview of the roles and responsibilities that any open source compliance program should include. Together, these are the individuals who will make sure your company stays current and compliant with the open source licenses in the code you use and ship.

3 Key roles on an open source compliance team

There are generally two teams involved in achieving compliance: a core team and an extended team, with the latter typically being a superset of the former. The core team, often called the Open Source Review Board (OSRB), consists of three key representatives from engineering and product teams, one or more legal counsels, and the compliance officer/ open source program office manager.

Legal representative: A legal counsel or paralegal, depending on the task. Reviews and approves usage, modification, and distribution of free and open source software (FOSS); provides guidance on licensing; contributes to compliance training; reviews and approves open source notices; and more.

Engineering and product team representative: Follows compliance policies and processes; requests approval to use (and/or contribute) to open source projects; responds quickly to all questions; conducts design, architecture, and code reviews; prepares software packages for distribution; and more.

Open source compliance officer, manager, or director: Not necessarily a dedicated resource, this person drives all compliance activities; coordinates source code scans and audits and distribution of source code package; contributes to compliance training and creation of new tools to facilitate automation and FOSS discovery in a dev environment; and more.

Others involved in open source compliance

The extended team includes a larger group of individuals from across multiple departments who contribute on an on-going basis to the open source compliance efforts. However, unlike the core team (in substantial organizations), members of the extended team are working on compliance only on a part- time basis, based on tasks they receive from the core review board. Roles and responsibilities include:

  • Documentation – Includes open source license information and notices in the product documentation including license text, written offer, copyrights and attribution notices
  • Supply Chain – Mandates third-party software providers to disclose open source in licensed or purchased software components and assists with ingress of third-party software bundled with and/or including open source software
  • Corporate Development – Requests open source compliance be completed before a merger or acquisition, or when receiving source code from outsourced development centers or third-party software vendors.
  • IT – Provides support and maintenance for the tools and automation infrastructure used by the compliance program and creates and/or acquires new tools based on OSRB requests
  • Localization – Translates basic information in target languages about open source information related to the product or software stack
  • Open Source Executive Committee (OSEC) – Typically includes executives representing Engineering and Legal. The OSEC reviews and approves proposals to release IP and proprietary source code under an open source license.

Read other articles in this series:

The 7 Elements of an Open Source Management Program: Strategy and Process

The 7 Elements of an Open Source Management Program: Teams and Tools

How and Why to do Open Source Compliance Training at Your Company

Basic Rules to Streamline Open Source Compliance For Software Development

How to Raise Awareness of Your Company’s Open Source License Compliance

Establishing a Clean Software Baseline for Open Source License Compliance

Ibrahim Haddad (Ph.D.) is Vice President of R&D and the Head of the Open Source Group at Samsung Research America. He is responsible for overseeing Samsung’s open source strategy and execution, internal and external R&D collaborations, supporting M&A and Corporate VC activities, and representing Samsung towards open source foundations. He is currently serving as Vice President of the Open Connectivity Foundation and the Director on the Board representing Samsung Electronics.

open source reading list

Check out the list of 21 must-read books for open source program managers, recommended by members of the TODO Group.

Is your organization looking to build out an open source program or are you already managing one? If so, you’re probably already considering the kinds of tools and guidance that can make your program a holistic success. That is why, in this article series, we have been covering tools for managing open source programs and providing advice from leading experts.

Now, to take your program to the next level, we offer a free guide containing an essential open source reading list. This list can help any organization launch and maintain a thriving open source program.

Specifically, the guide provides 21 must-read books for open source program managers, recommended by members of the TODO Group. These books can help your organization build a strong foundation and avoid missteps in developing your open source program.

Advice from experts is key to running a successful open source program. “It took us years of constant discussion and negotiation to break from the traditional IT setup into a more flexible environment that supports our open source development,” said Ibrahim Haddad, Vice President of R&D and Head of the Open Source Group at Samsung Research. “We made it work for us and with enough persistence you also can make it work for your open source team.”

The book in this list provide expert advice on how to get your open source tool collection started, how to approach issues such as licensing and governance, and much more. “A well-designed open source compliance process should simultaneously ensure compliance with the terms of open source licenses and also help companies protect their own intellectual property and that of third-party suppliers from unintended disclosure and/or other consequences,” notes Haddad.

Here are just some of the titles on the essential open source reading list:

Codev2 by Lawrence Lessig: A classic treatise on Internet regulation and the role of code as a form of law

New Frontiers in Open Innovation by Henry William Chesbrough: A thorough examination of research conducted to date on open innovation

Managing 3rd-Party Software Licenses by Giles Middleton: Covers not only license types, but methods of handling and tracking components and their licenses

Open Source for Business: A Practical Guide to Open Source Software Licensing by Heather Meeker: A downloadable ebook on licensing and legal terms

Producing Open Source Software: How to Run a Successful Free Software Project by Karl Fogel: From your mission statement to project fruition, don’t miss these guidelines

The Art of Community: Building the New Age of Participation by Jono Bacon: Sound advice from one of the most respected of all community managers

The free reading list can help you navigate all kinds of common open source-related challenges. It covers everything from evaluating ROI to optimizing practices, and it explores how to seamlessly and safely leverage existing tools to complement your open source creations. It is one of a new collection of free guides from The Linux Foundation and The TODO Group that are targeted at organizations running open source programs or considering them.

The guides are available now and they can help you run an open source program office where open source is supported, shared, and leveraged. They can also, in many instances, keep your program out of trouble, where trouble can range from licensing skirmishes to lawsuits.

These free resources were produced based on expertise from open source leaders, including advice from many members of The TODO Group, which includes Autodesk, Comcast, Dropbox, Facebook, Google, Intel, Microsoft, Netflix, Red Hat, Salesforce, and Samsung.

Also, don’t miss the previous articles in the series:

How to Create an Open Source Program

Tools for Managing Open Source Programs

Measuring Your Open Source Program’s Success

Effective Strategies for Recruiting Open Source Developers

Participating in Open Source Communities

Using Open Source Code

Launching an Open Source Project: A Free Guide

Practical Ways to Improve Your Open Source Development Impact

dropbox

One of the most important things when building an open source community is making sure that your own processes are open, according to Dropbox’s Luke Faraone.

The open source program at Dropbox was initially just a mailing list, where some interested engineers wanted to open source projects and develop with open source. Over time, things became more formalized, with a focus on ensuring that the company was consistent about what code it would release versus what code was best kept internal.

They also wanted to ensure that the things they were releasing were things that would actually provide value.

“We set minimum standards for what we would release as open source projects, including a review process, and our program just started to drive a lot of value,” said Luke Faraone, Security Engineer at Dropbox.

What drives Dropbox’s open source program

It’s important to ensure that the metrics and goals you track are not just related to volume, such as measuring the number of open source projects that you’re releasing or the number of lines of code you’re releasing. Those sort of metrics don’t necessarily provide business value or community value.

“We make sure to be thoughtful with our program’s goals, focusing on things that either provide back some business through external contributions or otherwise indicate that others are getting value out of our projects,” said Faraone. “We want to make sure that the community is connected back to us. Also, it is good to make sure to have fun and not have a process that is too onerous. We want people to feel comfortable working with us, and we want to be partners with folks as they work on projects. Ensuring that we have good relationships is really important.”

How Dropbox measures community success with open source

One of the most important things when building an open source community is making sure that your own processes are open.

“The more transparent you can make your decision-making processes, the more of a sense of ownership your community will have. You also want to make sure that your process doesn’t become a blocker. If your open source process for either inbound or outbound contributions is onerous, people will look to bypass the process or simply decide that contributing is too difficult,” said Faraone.

How Dropbox tracks contribution and release metrics with open source

It is important to track metrics related to contributions to projects, including such questions as:

  • What rate of contribution are you getting on a per-contributor basis?
  • Do people tend to come back to contribute to particular projects or would they also be interested in contributing to other projects that we are involved with?
  • How likely is a contributor who provides one patch to come back?

At Dropbox, according to Faraone, they also monitor the time between releases and the amount of churn that occurs between releases, where the goal is to encourage releases early and often. They also check in with teams if they have gone several months without committing to a new version.

Zulip stands out

Among Dropbox’s open source successes — if you look at the number of contributions — a project called Zulip stands out. Zulip was an open source chat system that the company acquired in 2014, but eventually they decided that they wanted to release it to the community.

“As an open source project, members of the community had set up hosting services for the chat system, and we eventually sunsetted our hosted service. We offered all of our users an opportunity to elect to have their data migrated to one of the community-operated hosting providers. What’s really impressive is that the Zulip open source project has a higher commitment velocity than it did when it had 10 or 15 employees working on it full time,” said Faraone.

Key lessons for open source program managers

Faraone offers the following tips to help ensure success when developing an open source program.

  • Community involvement can often give a project higher commitment velocity than dedicating a lot of full time employees to the project.
  • In driving community around projects, it is critical to make sure that your own processes and decisions are open and not too onerous.
  • Track metrics related to community contributions closely, including whether contributors participate in more than one project, and whether releases are arriving early and often.
  • When compared to tracking community ecosystem health and evaluating whether your program is creating business value, tracking metrics such as lines of code created has less value.
  • Evaluate whether you are choosing highly restrictive licenses, and if you are, what impact that will have as you start receiving external contributions.

You can read more TODO group case studies on GitHub.

Open Networking Summit

Speak at the largest open networking and orchestration event of 2018.

The Linux Foundation has just opened the Open Networking Summit North America (ONS NA) 2018 Call for Proposals, and we invite you to share your expertise with over 2,000 technical and business leaders in the networking ecosystem. Proposals are due by 11:59pm PT on Jan. 14, 2018.

Over 2,000 attendees are expected to attend ONS North America 2018, taking place March 26-29 in Los Angeles, including technical and business leaders across enterprise, service providers, and cloud providers. ONS North America is the only event of its kind, bringing networking and orchestration innovations together with a focus on the convergence of business (CIO/CTO/Architects) and technical (DevOps) communities.

Sign up to get the latest updates on ONS NA 2018!

Open Networking Summit NA conference tracks will include the following topical areas:

Track 1: (General Interest) Networking Futures in IoT, AI, and Network Learning. Including discussions on the progress in standards and open source interworking to drive the industry forward. We’re also seeking topics on networking as it relates to Kubernetes, cloud native, network automation, containers, microservices, and the network’s role in connected cars and connected things.

Track 2: (General Interest) Networking Business and Architecture. We’re looking for proposals on how to effectively evaluate the total cost of ownership of hybrid (public/private, SDN/NFV + traditional, proprietary/open source) environments, including acquisition strategies and good cost models for open source solutions. We’re also interested in case studies of open source business models for solution providers.

Track 3: (Technical) Service Provider & Cloud Networking. We want to hear what you have to say about the containerization of service provider workloads, multi-cloud, 5G, fog, and edge access cloud networking.

Track 4: (Business & Architecture) Service Provider & Cloud Networking. We’re seeking proposals on software-defined packet-optical, mobile edge computing, 4G video/CDN, 5G networking, and incorporating legacy systems (legacy enterprise workload migration, role of networking in cloud migration, and interworking of carrier OSS/BSS/FCAPS systems).

Track 5: (Technical) Enterprise IT & DevOps. Share your experience on scale and performance in SDN deployments, expanding container networking, maintaining stability in migration, networking needs of a hybrid cloud/virtualized environment, and figuring out the roadmap from a cost perspective.

Track 6: (Business and Architecture) Enterprise IT (CXO/IT Architects). Do you have use cases to share on IoT and networking from the retail, transportation, utility, healthcare or government sectors? We’re looking for proposals on cost modeling for hybrid environments, automation (network and beyond), analytics, security and risk management/modeling with ML, and NFV for the enterprise.

View here for more details on suggested topics, and submit your proposal before the January 14 deadline.

Get inspired! Watch presentations from ONS 2017.

See all keynotes from ONS 2017.

Not submitting but planning to attend? Register by Feb. 11 and save $800!