Posts

Women in Open Source will kick off a webinar series that will discuss cultivating more diverse viewpoints and voices in open source, including both inspirational ideas and practical tips the community can immediately put into action. The first webinar, “From Abstract to Presentation: How To Develop a Winning Speaking Submission” will be held Thursday, March 9, 2017, at 8 a.m. Pacific Time.

Register today for this free webinar, brought to you by Women in Open Source.

In this webinar, Deb Nicholson, FOSS policy and community advocate, will discuss how to write a winning abstract for a CFP to become a speaker. From picking interesting topics and writing a compelling proposal to the best style and format and how to get the biggest audience once chosen, Deb will summarize the most important factors to consider. And she’ll spend time answering your questions. So mark your calendars and join us!

Deb is community outreach director for the Open Invention Network, the largest patent non-aggression community in history and supports freedom of action in Linux as a key element of open source software. She’s won the O’Reilly Open Source Award, one of the most recognized awards in the FLOSS world, for her work on GNU MediaGoblin and OpenHatch.

For news on future Women in Open Source events and initiatives, join the Women in Open Source email list and Slack channel. Please send a request to join via email to sconway@linuxfoundation.org.

Communication is one of the seven essential elements to ensure the success of open source license compliance activities. And it’s not enough to communicate compliance policies and processes with executive leadership, managers, engineers, and other employees. Companies must also develop external messaging for the developer communities of the open source projects they use in their products.

Below are some recommendations, based on The Linux Foundation’s e-book Open Source Compliance in the Enterprise, for some of the best ways to communicate open source license compliance both internally and externally.

Internal Communication

Companies need internal compliance communication to ensure that employees are aware of what is involved when they include open source in a commercial software portfolio. You also want to ensure that employees are educated about the company’s compliance policies, processes, and guidelines. Internal communications can take any of several forms:

  • Email communication providing executive support and of open source compliance activities

  • Formal training mandated for all employees working with open source software

  • Brown-bag open source and compliance seminars to bring additional compliance awareness and promote active discussion

  • An internal open source portal to host the company’s compliance policies and procedures, open source related publications and presentations, mailing lists, and a discussion forum related to open source and compliance

  • A company-wide open source newsletter, usually sent every other month or on quarterly basis, to raise awareness of open source compliance

External Communication

Companies also need external compliance communications to ensure that the open source community is aware of their efforts to meet the license obligations of the open source software they are using in their products.

External communications can take several forms:

• Website dedicated to distributing open source software for the purpose of compliance

• Outreach and support of open source organizations which help the company build relationships with open source organizations, understand the roles of these organizations, and contribute to their efforts where it makes sense

• Participation in open source events and conferences. This can be at various levels ranging from sponsoring an event, to contributing presentations and publications, or simply sending developers to attend and meet open source developers and foster new relationships with open source community members.

Open Source Compliance

Read the other articles in this series:

The 7 Elements of an Open Source Management Program: Strategy and Process

The 7 Elements of an Open Source Management Program: Teams and Tools

How and Why to do Open Source Compliance Training at Your Company

Basic Rules to Streamline Open Source Compliance For Software Development

In some organizations, faster development is the primary motivation for using Open Source Software (OSS.) For others, cost savings or flexibility is the most important factor.

Last week, we detailed how OSS speeds development. Now let’s explore how open source software reduces development costs.

6 reasons OSS is lower cost                    

Using OSS can significantly reduce development costs in a number of proven ways. It can be much less expensive to acquire than commercially-licensed software or in-house developed software. These cost savings start with acquisition, but extend to deployment, support, and maintenance. Using open source software:

1. Saves 20-55% over commercial solutions, according to our Linux Foundation Consulting clients

2. Avoids functionality overkill and bundling — Many proprietary products have an overload of capabilities that clients rarely use, need, or even want. Often, they’re bundled, so that they must be paid for anyway.

● Avoids unwieldy closed system deployments – OSS eliminates the costly pricing games and traps that come with commercial sales and negotiations.

● Helps prevent vendor lock-in. Even where commercial OSS vendors provide a channel to deliver and support Open Source, customers have the freedom to switch vendors or even drop commercial support entirely, without changing the application or code in use.

● Avoids proprietary solutions consulting traps — OSS also helps with consulting, training and support costs because there is no exclusive access to the technology. You can often multi-source support, or even receive support from a vibrant community of developers who are actually working with the code on a daily basis.

● Benefits from ongoing community support — Active communities often provide higher quality support than commercial support organizations, and what’s more, community support is free.

Whether your organization chooses OSS for its speed of development, lower costs, flexibility, or because it keeps you on the leading edge of technology, OSS provides a competitive advantage.

Next up in this series, we’ll discuss why open source software is more flexible. You can also download the entire series today in our Fundamentals of Professional Open Source Management sample chapter.

Open source software management

Read more:

What Is Open Source Software?

Using Open Source Software to Speed Development and Gain Business Advantage

Why Using Open Source Software Helps Companies Stay Flexible and Innovate

This week in open source and Linux news, The executive director of The Hyperledger Project explains how blockchain can help refugees identify themselves, Nasdaq group to provide OSS platform to investors, and more! Read on to get caught up on the most important recent news!

1) Brian Behlendorf of The Linux Foundation’s Hyperledger Project speaks on the helpful importance of blockchain to refugee identification. 

Blockchain Technology Can Help Save the Lives of Millions of Refugees by Giving Them a Verified Identity– Quartz

2) A “business arm of Nasdaq, Inc” is providing a new open source platform to investor relations professionals.

Nasdaq Corporate Solutions Unveils Open Source Platform for Investor Relations– Finance Magnates

3) A new partnership between Red Hat & Ericsson to center around OpenStack, NFV infrastructure, software-defined networking, software-defined infrastructure and containers

Red Hat and Ericsson Sign Open Source Deal– NetworkWorld

4) Windows 10 Redstone 2 features major improvements for Linux users.

Microsoft Updates the Windows Subsystem for Linux with Ubuntu 16.04 Support– Softpedia

5) The JS Foundation is now a Linux Foundation collaborative project

The Linux Foundation Strives to Unite Open-Source JavaScript Community– ZDNet

There are four essential questions a company should ask before it decides to create an open source project, according to Duane O’Brien, open source programs evangelist at PayPal.

  • Who cares?

  • Are we still using it?

  • Are we committing our own resources?

  • Can we develop it all in the open?

This framework, developed by O’Brien’s boss Danese Cooper, is useful in vetting internal software for release as open source projects.

In a nutshell, a company shouldn’t open source software that no one else cares about, that they themselves are not using, that they will not commit developer resources to maintaining, or that they continue to develop in secret without community inclusion. (You can see more details and the rationale behind each question in his blog post on OpenSource.com earlier this year.)

“If no one contributes it becomes unmaintained abandonware – a pollutant in the open source ecosystem,” O’Brien said in his talk on the four questions at LinuxCon Europe yesterday.

But what if the answers to these questions are consistently “no?” This is itself a litmus test for a company’s open source knowledge and culture.  

“Use these questions as pointers about what’s going on in the company,” O’Brien said.

1. Who cares?

“If you’re consistently getting: “no one cares,” it’s a good indicator that your technical community isn’t very well connected to the industry,” O’Brien said.  Open source advocates within a company should consider engaging in programs that encourage engineers to join communities and technical discussions. Some examples are:

  • start publishing a podcast

  • start publishing blog posts

  • encourage employees to attend meetups and talks

  • provide travel stipends for employees to attend conferences

  • bring outside experts in to give talks.

2. Are we still using it?

If a company only open sources projects they’re not using anymore, that’s bad corporate practice, O’Brien said. It damages that company’s reputation in the open source community.  

Instead, he recommends looking for what has replaced that defunct code and consider that as an open source contribution.

“Look for exciting things and mine them for open source projects,” he said.

3. Are we committing our own resources?

“If we aren’t committing resources, we’re probably pushing employees and engineers too hard,” O’Brien said. “They should never be asked to maintain open source projects on their own time.”

If a company never commits resources to open source, “it’s also probable that managers don’t understand what a healthy relationship with the open source community looks like,” he said.

More management training on the importance of open source software and how to best use it strategically may be beneficial.

4. Can we develop it all in the open?

And if code cannot be released publicly because developers don’t want anyone else to see it, you may have code quality issues. Or if they’re not willing to engage with the community, which is required to develop in the open, “then there are probably culture issues,” O’Brien said.

These issues can be addressed through employee training and improved code review processes.

Regardless of a company’s answers to the four questions, one of the best things they can do is share what they’ve learned with other developers and companies. It’s good source material for blog posts, white papers, and talks: what you tried, why it didn’t work, and what you’d do next time.

“So the people who come after us can see where we went wrong previously,” he said, and the entire industry can move forward.

One of the great strengths of open source is that it provides opportunities for everyone. Regardless of background, age, gender, race, ethnicity, nationality, sexual orientation or religion, everyone can benefit from and contribute to some of the most important technologies ever developed.

Yet we know that many groups remain underrepresented in the open source community, which is why The Linux Foundation engages in efforts such as providing diversity scholarships for our training and events and sponsoring organizations such as Women Who Code, Code.org, Blacks in Technology, All Star Code and more.

As part of this ongoing effort, The Linux Foundation is proud to announce we have entered into a partnership with Girls in Tech, a global non-profit focused on the engagement, education and empowerment of girls and women who are passionate about technology.

This partnership will provide Girls in Tech with free and discounted tickets to a range of Linux Foundation events, free space to exhibit at those events and/or to host hackathons and bootcamps, and more. Our goal is to help more girls and women to become involved in, and contribute back to, the open source community.

The 15 events covered in this partnership include:

• MesosCon Europe 2016
• Cloud Foundry Summit Europe 2016
• OpenDaylight Summit 2016
• ContainerCon/LinuxCon Europe 2016
• Embedded Linux Conference/OpenIoT Summit Europe 2016
• CloudNativeCon/KubeCon 2016
• Apache: Big Data and ApacheCon Europe 2016
• MesosCon China 2016
• Node Interactive North America 2016
• Embedded Linux Conference/OpenIoT Summit North America 2017
• Open Networking Summit 2017
• Apache: Big Data and ApacheCon North America 2017
• Cloud Foundry Summit North America 2017
• OpenDaylight Summit 2017
• Open Source Summit North America 2017
• MesosCon North America 2017

Those interested in participating should follow Girls in Tech on social media for more information and offers.

There’s always more we can do to improve diversity in the open source and technology communities in general. Partnerships such as this one are just one element of that effort, and we encourage everyone in the community to contribute their time, energy and resources to making open source accessible to everyone. Learn more about The Linux Foundation’s community giving initiatives.

Xen Project technology supports more than 10 million users and is a staple in some of the largest clouds in production today, including Amazon Web Service, Tencent, and Alibaba’s Aliyun. Recently, the project announced the arrival of Xen Project Hypervisor 4.7. This new release focuses on improving code quality, security hardening and features, and support for the latest hardware. It is also the first release of the project’s fixed-term June – December release cycles. The fixed-term release cycles provide more predictability making it easier for consumers of Xen to plan ahead.  

We recently sat down with the Xen Project chairperson, Lars Kurth, to talk about some of the key features of the release and the future of Xen Project technology. Lars will be discussing this topic and more during Xen Project’s Developer Summit in Toronto, CA from August 25-26 — the conference is directly after LinuxCon North America.

Q: What was the focus on this release?

Lars Kurth: There were five areas that we focused on for this release (full details are in our blog). In summary, we focused on security features, migration support, performance and workloads, support for new hardware features, and drivers and devices (Linux, FreeBSD and other).

Security is consistently something that we focus on in all of our releases. There are a lot of people that rely on Xen Project technology and security is our top concern in any release as well as how we organize our process around security disclosures.

Q: What was the biggest feature coming out of this release?

Lars: The biggest feature for us is live patching, which is a technology that enables re-boot free deployment for security patches to minimize disruption and downtime during security upgrades for cloud admins. It essentially eliminates all cloud reboots, making cloud providers and their users much more safe. It also eliminates a lot of headaches for system and DevOps admins of the world.

Q: Xen is often associated with the cloud, but are there additional use cases that you see growing around this technology, if so why?

Lars: We are seeing a lot of growth in terms of contributions, as well as many different use cases emerging, including automotive, aviation, embedded scenarios, security, and also IoT. In addition, we continue to grow within the public cloud sector and traditional server virtualization.

On the security front, for example, a number of vendors such as A1Logic, Bitdefender, Star Lab and Zentific have released or are working on new Xen Project-based security solutions. In addition, the security focused and Xen-based OpenXT project has started to work more closely with the Xen Project community.

Long-time contributors to the Xen Project, such as DornerWorks – a premier provider of electronic engineering services for the aerospace, medical, automotive, and industrial markets – have expanded their scope and are now providing support for the Xen Xilinx Zynq Distribution targeting embedded use-cases. We have also seen an increasing number of POCs and demos of automotive solutions, which include Xen as a virtualization solution.

Growth in these sectors is largely due to the Xen Project’s flexibility, extensibility, customisability and a clear lead when it comes to security-related technologies. Over the last year, we have also seen contributions increase from developers with strong security and embedded backgrounds. In fact, this totaled nearly 17 percent of the overall contributions in this release cycle, up from 9 percent in the previous release.

Q: How did you address these uses cases in this latest release?

Lars: We introduced the ability to remove core Xen Project Hypervisor features at compile via KCONFIG. This creates a more lightweight hypervisor and eliminates extra attack surfaces that are beneficial in security-first environments and microservice architectures. Users will still be able to get the core hypervisor functions, but they won’t receive all the drivers, schedulers, components or features that might not fit their use case.

Essentially it gives people an “a la carte” feature set. They can decide what they need for compliance, safety or performance reasons.

Q: Were there any new contributors for this release that surprised you?

Lars: We had three new companies contributing to the project: Star Lab, Bosch and Netflix. I met engineers from Star Lab for the first time at the 2015 Developer Summit less than a year ago, and helped introduce them to the Project’s culture. In that short period of time, Doug Goldstein from Star Lab has moved into the top five contributors and top 10 code reviewers for the Project.

I was surprised about Netflix’s contributions; I didn’t even know the company used Xen. Netflix improved and secured the VPMU feature, which is incredibly useful for system tuning and performance monitoring. Bosch Car Multimedia GmbH added some new ARM functionality. In addition, we have seen quite a bit of Xen related development in upstream and downstream projects such as Linux, FreeBSD, NetBSD, OpenBSD, QEMU and Libvirt.  

Q: What’s next for Xen Project? Where do you think the technology is heading in the future and why?

Lars: In the last three releases, we introduced several major new features such as PVH, COLO, new schedulers, VMI, Live Patching, Graphics Virtualization, etc. and significant re-work of existing features such as Migration and the Xen Security Modules (XSM). Looking at trends within the community, I expect that stepwise evolution of large new features to continue.

Some new capabilities, such as restartable Dom0’s, and additional techniques to provide more isolation and security, are also likely to appear. In addition, it looks likely that we will see some GPU virtualization capabilities for GPUs that target the ARM ecosystem, although it is not yet clear whether these will be available as open source. I also expect that both Intel and ARM hardware features will be closely tracked.

Some areas, such as new schedulers, XSM, PVH and Live Patching, will see significant efforts to harden and improve existing functionality. The goal is to ensure their swift adoption in commercial products and Linux and BSD distributions. Some features, which are not enabled by default are likely to become part of the Xen Project Hypervisor’s default configuration.