Posts

Linux Foundation & Harvard Announce Free/Libre and Open Source Software (FOSS) Contributor Survey

“Open source software is everywhere. Now, more than ever, we need to get a better understanding of it to help make it even more secure.” – David A. Wheeler, Director of Open Source Supply Chain Security, Linux Foundation

In 2020, given the wide proliferation of Free/Libre and Open Source Software (FOSS), we aim to identify how to improve security, including the sustainability of the FOSS ecosystem, especially the FOSS systems heavily relied upon by organizations worldwide.

To do this, the Linux Foundation’s Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have developed a survey for contributors to FOSS. If you contribute to FOSS, we would love for you to participate in our study. This voluntary survey takes around 15-20 minutes to complete and allows you to advocate for the FOSS projects you care about. 

Please participate now; we intend to close the survey in early August. In appreciation of your participation, we would like to offer our participants the option to have your name included in the overall results. If you opt to be attributed in the final report, you will still have the opportunity to keep your detailed survey responses confidential.

The CII takes a collaborative, pre-emptive approach for strengthening cybersecurity by improving open-source software security. We aim to support, protect, and fortify open software, especially software, critical to the global information infrastructure. We take a holistic view of security; we include security risks in critical projects that are inadequately sustained or vulnerable to supply chain attacks. We intend to use this survey information to help guide this approach.

To take the FOSS Contributor Survey, click the button below:

 

Why CII best practices gold badges are important

“A CII Best Practices badge, especially a gold badge, shows that an OSS project has implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found.” – David A. Wheeler, Director of Open Source Supply Chain Security

Open source software (OSS) is now widely used by many organizations. But with that popularity, that means the security of OSS is now more important than ever. The CII Best Practices badge project — including its top-ranked “gold” badge — helps improve that security.

In June 2020, two different projects managed to earn a gold badge: the Linux kernel and curl. Both are widely depended on, and yet in many other ways, they are radically different. The Linux kernel has a large number of developers, and as a kernel, it must directly interact with a variety of hardware. Curl has a far smaller set of developers and is a user-level application. They join other projects with gold badges, including the Zephyr kernel and the CII Best Practices badge application itself. Such radically different projects managed to earn a gold badge and thus demonstrated their commitment to security. It also shows that these criteria can be applied even to such fundamentally different programs.

But what are these badges? A Linux Foundation (LF) Core Infrastructure Initiative (CII) Best Practices badge is a way for Open Source Software (OSS) projects to show that they follow best practices. The badges let others quickly assess which projects are following best practices and are more likely to produce higher-quality secure software. It also helps OSS projects find areas where they can improve. Over 3,000 projects participate in the badging project, a number that grows daily.

There are three badge levels: passing, silver, and gold. Each level requires that the OSS project meet a set of criteria; for silver and gold that includes meeting the previous level. Each level requires effort from an OSS project, but the result is reduced risks from vulnerabilities for both projects and the organizations that use that project’s software.

The “passing” level captures what well-run OSS projects typically already do, and has 66 criteria grouped into six categories. For example, the passing level requires that the project publicly state how to report vulnerabilities to the project, that tests are added as functionality is added, and that static analysis is used to analyze software for potential problems. Getting a “passing” badge is an achievement, because while any particular criterion is met by many projects, meeting all the requirements often requires some improvements to any specific project. As of June 14, 2020, there were 3195 participating projects, and 443 had earned a passing badge.

The silver and gold level badges are intentionally more demanding. The silver badge is designed to be harder but possible for one-person projects. Here are examples of silver badge requirements (in addition to the passing requirements):

  • The project MUST have FLOSS automated test suite(s) that provide at least 80% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language.
  • The project results MUST check all inputs from potentially untrusted sources to ensure they are valid (a whitelist) and reject invalid inputs if there are any restrictions on the data.

The gold badge adds additional requirements. Here are examples of gold badge requirements (in addition to the silver requirements):

  • The project MUST have a “bus factor” of 2 or more (a “bus factor” is the minimum number of project members that have to suddenly disappear from a project before the project stalls due to lack of knowledgeable or competent personnel).
  • The project MUST have at least 50% of all proposed modifications reviewed before release by a person other than the author.
  • The project MUST have a reproducible build. 
  • The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values.

Historically the LF has focused on getting projects to the passing level because projects not even at the passing level have a higher risk. But many projects are widely depended on or are especially important for security, and we love to see them earning higher-level badges.

Of course, a gold badge doesn’t mean that there are no vulnerabilities in the existing code, or that it’s impossible to improve their development processes. Perfection is rare in this life. But a CII Best Practices badge, especially a gold badge, shows that an OSS project has  implemented a large number of good practices to keep the project sustainable, counter vulnerabilities from entering their software, and address vulnerabilities when found. Projects take many such steps to earn a gold badge, and it’s a good thing to see.

We hope other projects will be inspired to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But good practices can help make our software more secure, and we want to praise and encourage projects to have good practices.

For more background information on the best practices badge, see the presentation “Core Infrastructure Initiative (CII) Best Practices Badge in 2019”.

OSS projects can go to the CII Best Practices badge website to begin the process of earning a badge. If you’re considering the use of some OSS, we encourage you to check that website to see which projects have earned a badge.

Those who wish to learn more are welcome to contact David A. Wheeler, Director of Open Source Supply Chain Security at The Linux Foundation, at dwheeler AT linuxfoundation DOT org.

Building a sustainable open source community: training and certifications

Training and professional certifications are an important part of how open source technologies establish themselves as industry-leading solutions and adopted in commercial ecosystems

Introduction

In an earlier piece, we discussed how, over the last 20 years, the Linux Foundation has grown from a single project, the Linux kernel, to an organization that has helped to convene and host hundreds of the world’s most important open source communities. 

The Linux Foundation’s support programs add value for our communities as they enable our projects to engage and grow a technology ecosystem worldwide.  

The Linux Foundation has over 1,600 member companies, representing 100% of the Fortune 100 tech and telecommunication firms, small businesses and startups, hundreds of end-user companies, and everything in between. It also has over 25,000 software developers contributing code, a shared investment that we estimate to be valued at $15.7B – and growing. Our hosted projects enable advancements in many technology areas and across many vertical industries, from security to networking, edge computing, cloud, automotive, blockchain, embedded systems, and web applications.

With the increased demand and adoption of open source technologies comes the desire for professionals with the skill sets to deploy, manage, and operate systems and support end-users. According to the Linux Foundation’s most recent Jobs Report, some key findings were revealed about open source employment opportunities:

Building a sustainable open source community: training and certifications

  • Hiring open source talent is a priority for 83% of hiring managers, a 7% increase from 76% in 2017. 
  • Hiring managers cited cloud (66%) as the technology most affecting their hiring decisions. Containers placed second at 57%, followed by security (49%) and networking (47%).
  • Finding the right mix of experience and skills is difficult for 87% of hiring managers. That included the 44% who rated it very difficult, a percentage that leaped from 34% in 2017.
  • Thirty percent of respondents working in open source technologies improved their ability to work on exciting projects, collaborate with a global community (19%), and work on the most cutting-edge technology challenges (16%). 

This report will be updated this autumn, and early indications show that these trends are accelerating given current market conditions.

The Linux Foundation provides a complete portfolio of support programs for training and certification, which align with the technologies that its communities develop. The support programs currently focus on eight primary domain areas:

  • Linux Internals
  • Open Source Developer Compliance
  • Systems Administration
  • Security 
  • Networking/Edge Computing
  • Cloud
  • Web Development
  • Blockchain

These programs are co-developed with the communities, and we add programs all the time as communities request support. 

Why training and certification are critical for open source communities

The Linux Foundation’s communities request support for training and certification because it creates a cadre of professionals that can implement solutions using their collaboratively developed technologies, with demonstrated expertise. Additionally, without trained and certified professionals, these technologies will face challenges achieving or scaling both industry adoption and commercial ecosystems supporting them. Having end-users adopt the technology, and commercial solution and support providers also provide a pipeline of future contributors back to the project’s codebase. As the open source technology is deployed, it gets tested, bugs are found, new features are requested, and all that feedback cycles its way into the upstream project, sustaining and making the project better for everyone dependent on its continued success.

For many open source projects, to gain adoption and generate a commercial support ecosystem, they will ultimately need to have training and certification programs. While this may sound similar to how other professional communities have matured and have become validated for developer and engineering certifications for commercial clouds and proprietary software systems, there are some important distinctions as to why a commitment to developing training and certification for open source technologies is critical to their long-term success.

The open source community works more organically and cyclically, which necessitates that a cadre of expertise is built for it not just to be deployed (as the commercial training and ecosystem have worked historically over the past 40 years) but also as part of its continuing development and for it and all of its participants to thrive. 

An open source software community develops software, and it gets deployed by professionals. Those professionals often eventually move on to different organizations and implement the same software. Those organizations will ultimately need more people to support deployments and write applications to extend and customize the software. These organizations also need system administration professionals and cloud providers to support solutions based on these open source software systems.

Why should communities create training and certification programs with the Linux Foundation? 

Straight from the source, and integrated into how communities are built and run. As the home of Linux and other major open source technologies, nobody is closer to these projects than The Linux Foundation itself — its training programs are uniquely integrated with our communities and projects. We understand how to align instruction with a community development model. Training is one of the support pillars that also enable the developers and engineers to focus on the open source project’s development and leave educating users and implementers of the code to the Linux Foundation’s training team. 

Accelerating community growth through free training. Thanks to our members’ support of the Linux Foundation and its projects, we are often able to provide free training courses from our communities. Free training is one of the fastest ways to bring more people into our open source communities as they learn, test, deploy and support solutions based on the open source technology, as they usually come back to offer suggestions, feedback, and fixes.

Vendor-neutral courseware. The Linux Foundation is a nonprofit organization and does not promote any particular commercial product, solution, or service.

Excess funds received go back to the project community. Although the Linux Foundation keeps pricing affordable and frequently offers further discounts, the overall program does generate a surplus. Since we are a nonprofit, the surplus is invested back into the open source community in a variety of ways: we provide scholarships to deserving individuals to become trained and certified at no cost, and the Foundation supports projects that are important to the world but do not receive individual or corporate financial support. Surplus funding is also used for linux.com as well as other digital assets and key initiatives such as CommunityBridge. 

Up-to-date Curriculum. Linux Foundation courses are current with the most recent version of the software or technology. As the host of many of the most critical open source projects that are continually changing, the Linux Foundation is in an excellent position to find experts and ensure the materials are maintained and updated alongside the project’s evolution. Additionally, enrolled students receive access to the latest course versions at no additional cost.

Current and cutting-edge technologies. The Linux Foundation hosts the fastest-growing and most influential open source projects and is the first to release courses about them. 

Expert instruction. The Linux Foundation’s courses are created and taught by some of the top developers and practitioners in open source, with decades of collective open source experience behind their belts and a deep familiarity with our open source communities.

Relevant material. The Linux Foundation’s courses are created using feedback from its massive community of open source practitioners and companies. Students can be confident that the topics they are learning are applicable in today’s business environment. Companies and organizations can integrate certifications in their hiring search and evaluations to find professionals with qualified skills.

Conclusion

With the most popular open source projects receiving upwards of 90% of their code from commercial companies, they are continually seeking trained people with the skills to deploy, support, and operate the open source technology. With Linux Foundation training, in most cases being free to access, our communities can efficiently train a vast ecosystem of people with skills companies are seeking to employ. The online delivery of our courses also makes our training accessible to people from low-income regions around the world, where access to training can provide a considerable boost to their career prospects.

Enterprises especially value certifications as evidence that employees are qualified and have demonstrated their expertise in a particular technology. Enterprises also want to train their existing employees on new technologies in an organized, efficient manner, which professional training courses can provide.

Offering training and certification is one of the best ways to scale any growing open source project community. For a project to continue growing and get more contributors involved, the community will need individuals to be able to gain an understanding of the project in a relatively quick and straightforward way. Our organized training curriculum was designed to fill this expertise gap.

The Linux Foundation’s training and certification offerings, combined with its community-organized events, provides a well rounded and neutral path to build skills and enable people to contribute back to its projects, sustaining their efforts into the future.

Building a successful open source community

Why do you need program management as part of your open source project? We asked a few of the Linux Foundation’s program managers to tell us how they each approach the task.

How does coordination and facilitation help improve my project? 

We tend to think of the primary goals of the Linux Foundation’s projects as producing open software, open hardware, open standards, or open data artifacts — the domain of participating programmers & engineers, system architects, and other technical contributors. 

However, successful projects engaging a broader ecosystem of commercial organizations, particularly when raising funds, benefit from active leadership besides pure technical contributions. Contributors often have work outside the project that often puts demands on their time. It takes real time to build and coordinate a commercial ecosystem, ensure stakeholders are engaged, recruiting and onboarding members, create a neutral governance culture (often amid competitors competing), and to keep various aspects of the ecosystem aligned such as when end users begin to participate.

Many Linux Foundation projects fundraise to provide resources for their community. This is an excellent benefit for the technical community when the business ecosystem comes together to invest and help the community obtain resources to build a thriving community and ecosystem. A typical fundraising model in our community is to offer an annual membership structure that provides a yearly fund for the project. 

The Linux Foundation’s approach to governance separates decisions about funds and business affairs from the technical project’s governance. The companies contributing money to a project’s fund can decide how those funds are spent and any related business decisions. The technical community can operate independently with open source best practices and continue to make decisions about what code to accept, how to build releases, etc. based on the technical merit of decisions in front of them and not based on what companies contributed funding.

We will always have representation from the technical community involved in the budget and business decisions to ensure funding decisions are well informed. This is how the Linux Foundation model preserves the development best practices of open source while enabling a community to benefit from the commercial ecosystem dependent on their work.

Guidance for your community

Within a technical project, there are roles for organizing how releases are built. Often some committers decide which code is accepted, and maintainers decide what to put into a release.  When scaling the project to create an ecosystem around it, there are other key roles and responsibilities that a project needs to stay on track and to continue to scale. These functions include:

    • Planning and Building.  Building a cohesive strategy is critical to the success of a project and requires investments in outcomes the core stakeholders want to see happen, and prioritize
    • Measuring KPIs. Tracking a project’s mission, goals, and objectives while moving those through the swim lanes is key to iterating on things that work and addressing things that don’t.
    • Facilitating. To be successful at facilitating, a coordinator must understand the landscape, and remain neutral. This can be difficult and is often the most challenging part of the job, NOT weighing in unless asked. 
    • Advising. Coordinators are a sounding board for these things with some expertise. To mature an organization, you must craft mechanisms for self-governance and sustainability.
    • Iterating and Reflecting. What happens along the way is that stakeholders in the community want to get things done — but when that happens without reflection, you lose sight of what and where you’re going. It’s essential to see the forest AND the trees, especially from an above-the-canopy view.

In the past, we have had a few communities with respected, neutral leaders who have provided these roles. The Xen Project is one example of a member of the community who has offered to perform this role for many years. There is a significant time investment from the community’s leadership to make it work, which is an excellent benefit for the community to have someone able and willing to spend their work time on this function. 

Many other projects are not able to find someone in the community to help. This is often where the Linux Foundation builds a support program to assist the projects we host that need help to obtain neutral coordination and facilitation professionals. We call the people who provide this support Program Manager (PM). PMs are often the first point of contact for community participants and potential members, and are usually involved in the following activities:

    • Program Managers help the governing and technical boards shape the project’s directions and goals. 
    • Program Managers will work with a project’s technical leadership to understand their technical goals. 
    • They work with the members to fill positions such as Chair and Treasurer and are involved with the voting process.
    • They ensure that both the governing and technical boards act within the agreed-upon guidelines of the project’s charter. 
    • They help onboard new members into the project community. 
    • They will engage resources from the Foundation’s Marketing, PR, Events, and Training teams to coordinate the support programs delivered for a project.  
    • Program Managers also oversee the delivery of other support programs provided by the Foundation and any services provided by vendors or contractors.
    • Program managers will pull in the Foundation’s IT service team members for a consultative discussion on the right development infrastructure, tools, and managed IT support programs based on the project community’s needs and roadmap. 
    • Program managers actively engage in community management and help the project’s leaders coordinate meetups, developer hackfests, and participation at events.

Setting strategic goals for your community

Identifying and articulating a project’s mission is essential with an open source project as it is with any business activity. Setting concrete goals enables the participants in a project to discuss and align around a single narrative that can guide their activities and inform decisions. 

Program Managers work with the project’s membership and technical leadership to define a strategy with goals, milestones, and metrics for the project. They coordinate discussions to assist the governing board in coming to a consensus on a budget that supports the technical community’s needs and aligns with the project strategy. 

For open source, very often, the goals include maximizing a project’s footprint in order to help the most people. Goals are often articulated to a fine granular level — enabling contributors to engage more easily, growing the membership from a particular sector of the ecosystem, or increase contributions from end users. 

The CHAOSS project is a community focused on defining community metrics around engagement, risks, etc. that are often helpful to project leaders in setting and establishing goals for measurably improving their ecosystem. 

Implementing a project lifecycle for your community

Open source projects often have subprojects and various efforts to innovate on new ideas that may not be ready to be included in an official release or as their independent release. We often refer to these communities as using an “umbrella” model with several coordinated sub-projects within the community. Within an umbrella community, the projects will typically follow a lifecycle. The lifecycle generally follows a path from imagination to planning to initial execution, expansion, and eventually maintenance and eventual retirement. 

Program managers often work with the technical leadership to codify this lifecycle according to milestones so that participants in the project can immediately understand where a project stands in terms of maturity and resources. CNCF, for example, has project phases that include Sandbox, Incubation, and Graduation. OpenJS Foundation has project phases that include Incubation, At-Large, Growth, Impact, and Emeritus, which map to the needs of their community.

A project lifecycle is an essential tool for a foundation to signal the maturity of multiple projects and identify for the community what the path towards a fully mature project requires. It is both a pathway and a signal, noting that projects grow and change, and what the community thinks a project should rely on to guide itself. 

In most projects, there is an entry-level, a mid-level, and a graduate level. The entry-level projects indicate a promising start for an emerging project and something to be considered. Mid Level projects show growth and development for an audience that might consider using this project, and graduated projects indicate full maturity and a project that many in the ecosystem rely upon.

“Within the Cloud Native Computing Foundation, the various project stages have been beneficial for encouraging projects to grow, not only from a development standpoint but from a community standpoint. A project looking to graduate has to demonstrate both a strong codebase and a strong community.”

Amye Scavarda Perrin, CNCF Program Manager

Linux Foundation Networking (LFN) Program Manager Trishan De Lanerolle notes how the Technical Advisory Council plays an active role in a project’s lifecycle management:

“Linux Foundation Networking project (LFN) technical leadership (Technical Advisory Council) developed and published a model that lays out criteria and checkpoints for projects in various stages of maturity, including an LFN Entry review and evaluation for new candidate projects to the LFN umbrella. The entry process provides a mechanism to amicably and fairly assess upcoming projects. In LFN, that entails asking whether a proposed project: falls within the LFN scope, provides a snapshot into the status or health of the community, and ensures the project’s documented governance is clear, complete, and easily accessible.”

Through facilitating the work of the Strategy Subcommittee, whose primary goal is to assist the Governing Board with developing and implementing Continuous Delivery Foundation (CDF) strategic planning, Program Manager Dan Lopez was able to guide CDF toward sustainable, long-lasting strategic goals. 

“The immense value of a Program Manager lies in their ability to foster a space for progress to happen. It’s not their role to necessarily make the tough decisions, but rather be the ‘glue’ of a program, ask the tough questions, and spark inspiration and critical thinking within their stakeholder group to create, in this case, sustainable goals that will create long term value for the CDF,”

Dan was able to approach strategic planning, as a neutral party who understood the landscape of the CDF, and assist the Governing Board in creating well-aligned goals that mapped to key performance indicators that can be measured and managed over time. 

The importance of open governance in your community

The Program Manager is also a vital member of the leadership team, working collaboratively to facilitate and operationalize the wants, needs, and priorities of the governing bodies. Each Linux Foundation Program Manager works with each project community to establish a transparent, open governance model for the technical community.

In open governance, a project is managed by a group of people representing the stakeholders in a project — generally project members and leaders of the project’s technical efforts. The concept of conducting a major technical effort using an open form of governance, in which all stakeholders’ needs must be addressed, and people are required to cooperate to get work done, is founded on the basic concept of democracy. It differs from closed or proprietary governance due to the transparency and coordination required to reach consensus.

Open governance provides a balance that can never be found in a proprietary, restrictive environment — the dynamics of that activity drive creativity and innovation, and significantly increase the speed of development. Program managers and community managers often guide these processes and help keep governance bodies on track with each other.

DPDK’s Program Manager Trishan de Lanerolle discusses how his project is divided into two bodies of equal responsibility:

“DPDK is one model of open governance, with co-equal governing bodies; the Governing Board has ownership and oversight, over budget, marketing, lab resources, administrative, legal, and licensing issues, and a Technical Board with ownership and oversight on technical issues including approval of new sub-projects, deprecating old sub-projects, the project’s technical roadmap, recruiting maintainers, defining the processes for contributing, testing, and managing security. The Technical Board comprises individuals from various organizations, that are not necessarily corporate members of the project, recognized for their technical contributions. The governing board comprises representatives from member organizations, who financially support the project, working hand in hand to make the project mission a reality.” 

Other projects, such as LF Energy, take a somewhat different path towards how their governance is structured. 

LF Energy represents an example of open, representative governance within a rapidly growing open source foundation. LF Energy has a board of directors, like most foundations, made up of Premier members, and includes a representative from the General members and a representative from the Technical Advisory Council (TAC), which is made up of technical project leaders. No single company has more than one representative on the board, which provides corporate as well as cultural diversity and voices from all over the industry, not just focused on one niche. 

The Linux Foundation’s neutral program management support program can help

Active program management and program management support is one of the main reasons why open source projects join an organization like the Linux Foundation. Our program management professionals provide a unique set of operational skills and capabilities that nearly all of our projects take advantage of — which is to offload operational and facilitation work from the community. 

In summary, a successful project should have community coordination and program managers that can plan and build, that can measure a project’s performance, that can act as prime facilitators and advise, and can help project stakeholders iterate and reflect to learn from their experiences in order to move a project forward.

“Managing Open source projects can be compared to nurturing a young sapling as it grows into a mature, healthy tree — or in this case, a community. Our job is to supply it with the right balance of nutrients and conditions for successful growth. Following proven governance models with strategic program management, helps increase the odds of nurturing a healthy community. Program Managers help clear the path, allowing communities to focus on the code and achieving technical goals. We are horticulturalists, toiling away in the background, and if we are doing our job correctly, you shouldn’t notice us.” 

Trishan de Lanerolle, Technical Program Manager & Community Architect, LF Networking

In 2020, we want to learn from best practices in how companies create effective open source strategies, how their open source programs are structured, and how they measure success.

The TODO Group is a set of companies that collaborate on practices, tools, and other ways to run successful and productive open source projects and programs.

Open source program offices help set open source strategy and improve an organization’s software development practices. Every year, the TODO Group performs a survey to assess the state of open source programs across the industry, and today we are happy to launch the 2020 edition.

Last year, over 2,700 people participated in the survey. As a result, we were able to learn: 

  • Adoption of open source programs and initiatives is widespread and goes beyond early adopters and; 
  • Hiring of open source developers is a prominent concern, and; 
  • Companies value their open source foundations

In 2020, we want to learn from best practices in how companies create effective open source strategies, how their open source programs are structured, and how they measure success.

We are also asking how macroeconomic conditions and COVID-19 are affecting open source. Survey closed.

GCC

As the default compiler for the Linux kernel source, GCC delivers trusted, stable performance and also builds system libraries and many of the applications in popular Linux distributions.

Software is useless if computers can’t run it. The GNU Compiler Collection (GCC) is the unsung hero of the software world, transforming high level source code into low level object code while shielding the developer from hardware dependencies. With over 30 years of continual use and development, GCC offers a robust and stable foundation for building complete systems – from the kernel upwards.  It is not surprising that GCC is still considered by LLVM.org to be “the de facto-standard open source compiler today.”

Who uses GCC?

As the default compiler for the Linux kernel source, GCC delivers trusted, stable performance and also builds system libraries and many of the applications in popular Linux distributions. GCC is also one of the most widely adopted core compilers by developers of embedded systems, with many GCC-based prebuilt toolchains enabling the software for the growing world of IoT devices. Application developers writing code for a variety of new and legacy computing environments depend on GCC since it delivers trusted performance along with support for the broadest range of hardware and operating environments.   

And why do these folks depend on GCC? With decades of development by thousands of people GCC is one of the most respected compilers in the world. It functions as a cross compiler, creating executable code for a platform other than the one on which the compiler is running. GCC is also a core component of the tightly integrated GNU toolchain, produced by the GNU Project, that includes glibc, Binutils, and the GNU Debugger (GDB). GCC delivers improved diagnostics for compile time debugging, accurate and useful information for runtime debugging, and is a well supported platform with an active, committed community that supports the current and two previous releases.

Learn more

If you are building software and not using GCC, you are missing out on the best possible solution. Check out the article “GCC: Optimizing Linux, the Internet, and Everything” to get a more comprehensive look at this amazing software tool.

Margaret Lewis is a technology consultant who previously served as Director of Software Planning at AMD and an Associate Director at the Maui High Performance Computing Center.

Register now to save $150 for Open Source Summit EU in Edinburgh.

You have TWO days left to save $150 on your ticket to Open Source Summit Europe & ELC + OpenIoT Summit Europe.

Grab your ticket and build your schedule today! Choose from 300+ sessions, deep-dive labs, and tutorials; discover new projects & technologies in the Technical Showcase, and make new connections at the Attendee Reception, and in the Speed Networking & Mentoring Event, Developer Lounges, and Hallway Tracks.

Register now, and join 2,000+ open source professionals to collaborate, share information, and learn about cutting-edge open source technologies.

The discount ends Saturday, September 22.

Sign up to receive updates on Open Source Summit Europe: 

REGISTER & SAVE $150 »

Registration includes access to Open Source Summit Europe and ELC + OpenIoT Summit Europe!

Call for Code

Learn more about IBM’s open source initiatives, including the Call for Code.

Dr. Angel Diaz is the face of open source at IBM as Vice President of Developer Technology, Open Source & Advocacy. At the recent Open Source Summit in Vancouver, we spoke with Diaz to talk about the importance of open source at IBM and how it’s changing the world around us.

LF: What’s the importance of open source in the modern economy?

Angel Diaz: We are living in a technology-fueled business renaissance — cloud, data, artificial intelligence, and the redefinition of the transaction. There is constant democratization of technology. This democratization allows us as computer scientists to innovate higher orders of the stack. You don’t have to worry about compute, storage and network; you get that in the cloud for example, but what has been driving that democratization? Open source.

Angel Diaz, Vice President of Developer Technology, Open Source & Advocacy, IBM (Image copyright: Swapnil Bhartiya)

Open source has been the fuel, the innovation engine, the skills engine, the level playing field that allows us as a society to build more, to build faster and move forward and the rate and pace of that is increasing.

What’s really nice about that is we are doing it in a controlled way with open governance and leveraging all the work that we do in consortia such as the Linux Foundation.

LF: Today, open source has become so pervasive that the question isn’t who is using it, but who is not using it. Can you point to some moments in history that changed everything and the industry realized that this is the right path for innovation, collaboration, and development?

Diaz: That’s a great question. I think there are two such moments. I addressed it in my talk here. The first such moment was in the late eighties, early nineties when, as an industry, we came together and rallied around things like Linux, Apache, Eclipse.

Our products have upwards of 75 percent open source. We are not leeches; we contribute as much as we use. Back in the nineties, we protected open source with intellectual property. It fueled innovation as it gave people the permission and freedom to go ahead and contribute without any worry.

That’s a pivot point number one. Time occurred and a lot of stardust happened. Over the past 10 years or so, we started to create centers of gravity around cloud data, artificial intelligence, transactions and so on.

These centers of gravity came together in consortia with open governance models. This is really important because what that allowed us to do was to create an open architecture and open cloud architecture.

There is one more moment, the third moment where we are now. It’s about individuals. The individual really matters and there are so many new computer scientists across a diverse set of underrepresented groups that it’s exploding.

How we behave in open source is important and that boils down to being a mentor for others. It’s around code, content, and community. So I think the next renaissance of open source is going to be grounded in our ability to connect those three things and help people celebrate their education process, their ability to connect with others like them to be mentored. And then conduct mentoring themselves.

LF: While everything looks rosy, there are some challenges.  Can you elaborate?

Diaz: Nothing is ever rosy. There’s always a lot of work as blood, sweat, and tears – the individual contributor doing the pull requests, submitting code. It’s a lot of work. If we can stick to the company side of the equation, I see organizations think that open source is something that they monetize quickly and that’s not the reality. It’s about creating an ecosystem where everybody monetizes. People need to understand the difference between a real open source, which is a meritocracy based system where everybody can contribute, vs closed source where an organization controls everything tightly. Open source is about open governance – it is not about controlling the commit process.

LF: Once in a while, we see the case of open source companies trying to change the license to survive, as they try to monetize quickly. Do you worry that we might go backward and return to proprietary software?

Diaz: No, I don’t think so. I think the process is pretty well understood, and organizations that adopt the open governance model are successful. I think there’s enough momentum. It’s just a matter of companies understanding how to behave in that world.

LF: How important is open source for IBM?

Diaz: Open source has been in our DNA for a long time, probably more than any other company that I know of. I joined IBM in the mid-nineties at IBM research. I got involved with open source in the early days working with Tim Berners-Lee on web standards. I worked on Linux and many other open source projects. Open source is how we like to create ecosystems and skills. That’s how we drive innovation for our clients helping them to be more productive.

LF: Does open source have any impact beyond the IT world?

Diaz: Yes. In fact, just recently IBM partnered up with United Nations Human Rights, The American Red Cross, and The Linux Foundation to launch something called Call for Code.

It’s not just about the code; it’s about how you use the code for good. We have launched a worldwide hack which ends on September 28, 2018. There’s still time to participate. But Call for Code is the place where developers can submit code and win a contest for good. This year we’re preparing for disasters. It is from what I can see the world’s largest hack ever, and it’s focused for the greater good. I think that really puts a good light on open source.

LF: So it’s not coding for the sake of coding, it’s for some greater good?

Diaz: Exactly. Think about it. We are going to put the winning entries into production. If it’s an app, or whatever gets built, saves one life, it’s worth it. It’ll probably save tens, hundreds, maybe thousands of lives.

IBM has committed to the project for five years. It’s just been incredible to see tens of thousands of developers registering, participating and being part of this endeavor. It doesn’t matter if you’re a developer or a data scientist or even if you’re just a subject matter expert or someone who cares about preparing for disasters, sign up and register because teams are forming. Someone may need somebody who is a professional on hurricanes, you can help. The best teams that I know of are multidisciplinary. It’s not just for developers. Join!

This article was sponsored by IBM and written by The Linux Foundation.

open source event

Don’t miss Open Source Summit & ELC + OpenIoT Summit Europe, October 22 – 24 in Edinburgh.

See why you need to be at Open Source Summit Europe and Embedded Linux Conference + OpenIoT Summit Europe next month! Hurry — space is going quickly. Secure your spot and register by September 22 to save $150.

Here are the Top 10 Reasons you’ll want to be at this event:

  1. Timely Cutting-edge Content: 300+ sessions on Linux development, embedded Linux systems, IoT, cloud native development, cloud infrastructure, AI, blockchain and open source program management & community leadership.
  2. Deep Dive Labs & Tutorials: An Introduction to Linux Control Groups (cgroups),  Building Kubernetes Native Apps with the Operator Framework, Resilient and Fast Persistent Container Storage Leveraging Linux’s Storage Functionalities,  and 10 Years of Linux Containers, are just some of the labs and tutorials included in one low registration price.
  3. 12 Co-located Events*: Come for OSS & ELC + OpenIoT Summit and stay for LF Energy Summit, Linux Security Summit, Cloud & Container Embedded Apprentice Linux Engineer tutorials, IoT Apprentice Linux Engineer tutorials, Hyperledger Scotland Meetup, Linux in Safety-Critical Systems Summit, and many more co-located events.  (*Some co-located events may require an additional registration fee.)
  4. Discover New Projects & Technologies: Over 30 sponsors will be showcasing new projects and technologies in the Sponsor Showcase throughout the event, joined by our Technical Showcase at the Onsite Attendee reception showcasing Free and Open Source Software (FOSS) projects from system developers and hardware makers.
  5. Social Activities & Evening Events: Take a break and go on a sightseeing bus tour, join the 5K fun run or morning meditation, and meet with fellow attendees through the networking app. Collaborate with fellow attendees at the attendee reception at the National Museum of Scotland and at the Onsite Attendee Reception & Sponsor + Technical Showcase.
  6. Diversity Empowerment Summit: Explore ways to advance diversity and inclusion in the community and across the technology industry.
  7. Women in Open Source Lunch &  Better Together Diversity Social: Women and non-binary members of the open source community are invited to network with each other at the lunch sponsored by Adobe, while all underrepresented minorities are welcome to attend the at the Better Together Diversity Social.
  8. Developer & Hallway Track Lounge: The highlight for many at this event is the ability to collaborate with the open source community. This dedicated lounge offers a space for developers to hack and collaborate throughout the event as well as plenty of seating for hallway track discussions.
  9. Networking Opportunities: Attend the Speed Networking & Mentoring event, OS Career Mixer, or use the networking app to expand your open source community connections by finding and meeting with attendees with similar interests.
  10. Hear from the Leading Technologists in Open Source: Keynote talks include a Linux Kernel update, a fireside chat with Linus Torvalds & Dirk Hohndel, a look at the future of AI and Deep Learning, a panel discussion on the future of energy with open source, a discussion on diversity & inclusion, a talk on the parallels between open source & video games, and insightful talks on how open source is changing banking, human rights and scientific collaboration

Sign up to receive updates on Open Source Summit Europe: 

VIEW THE FULL SCHEDULE »

REGISTER NOW »

The Real-Time Linux project team continues to prepare the remaining patches for inclusion into the mainline kernel.

Long ago in 2009, a small team of kernel developers had finished consolidating previous  prototypic developments to make Linux real-time capable into a single out-of-tree patch set, called the PREEMPT_RT patch set. This patch set can be applied to turn a vanilla mainline Linux kernel without real-time capabilities into a real-time capable Linux kernel. Many companies use this patch set to build various industrial systems that required to implement hard real-time properties at comparatively relaxed time bounds of about one millisecond precision.

BMW Car IT also used this patch set to build real-time capable prototypes for complex functions in the area of autonomous driving. However, from the beginning with the development of those prototypes, it was clear that any product with high-quality demands requires to get the PREEMPT_RT patch set in the main-line development for increased compatibility of features, stronger quality assurance and reduced maintenance. Hence, BMW Car IT started driving efforts to make Linux real-time capable in 2014.

First, BMW Car IT joined OSADL, the Open Source Automation Development Lab, as a Gold member to support real-time Linux development activities, which was collaboratively funded by the OSADL member at that time.

Second, our former colleague Daniel Wagner started to get acquainted with the existing PREEMPT_RT patch in 2014 and made a number of contributions to the Linux kernel related to real-time capabilities from 2015 until end of 2016. Due to his experience with the PREEMPT_RT patch, he is now the maintainer of the Linux 4.4 real-time stable branch, and one of the three maintainers for the real-time stable patch branches.

Since 2016, the Real-time Linux project has been a collaborative project under the umbrella of the Linux Foundation. The project’s goal is to make the mainline Linux real-time capable. The project ensures that the Linux kernel developers have the ability to continue development work, long-term support and future research for a real-time-capable Linux.

Rewriting and Refactoring

In the last two years, 2016 and 2017, the Real-time Linux development team rewrote the CPU hotplug infrastructure and refactored the timer wheel and high-resolution timers. This already reduced the out-of-tree PREEMPT_RT patch set significantly.

Due to a funding decrease that became apparent at the beginning of 2018, the development in the Real-time Linux project would have reduced its workforce. Fortunately, Intel and BMW Car IT could close this funding gap. Intel increased their membership from Gold to Platinum and BMW Car IT joined Linux Foundation and the collaborative project as Gold member in the Real-time Linux Project. So now after those project adjustments, the Real-time Linux Project team is back on track and continues to prepare the remaining patches for inclusion into the mainline development with full speed.

In 2018, the Real-time Linux kernel team will be refactoring, rewriting and generally improving the printk and soft interrupt infrastructure and other smaller other parts. This work will prepare the Linux kernel source code so that all further real-time specific changes can smoothly be merged into the mainline kernel.

The real-time functionality touches the core kernel parts (i.e., it requires significant changes in timers, schedulers, locking mechanisms, interrupt handling and more), and it also is a cross-cutting concern for all drivers (i.e., every driver has to follow a certain discipline to make the overall kernel real-time capable). Hence, it is difficult to predict the exact date when the Real-time Linux Project will finally have all its patches merged into the main-line development. However, there is no doubt that the Linux kernel will eventually become real-time capable.

“The Linux kernel is a software development project of huge invest to us. Obviously, BMW Car IT has a high interest of making best possible use of this software asset. The automotive industry has particular requirements, such as higher real-time requirements and the need for longer maintenance periods, than the general IT and consumer electronics industry. With our investments in initiatives addressing these requirements, we can ensure that Linux fits to our needs,” says Kai-Uwe Balszuweit, CEO of BMW Car IT.

Reviewing and Testing

Once the real-time capabilities have been integrated in the main-line development, the project work is of course not just finished and the Real-time Linux project cannot just be abandoned. After the final integration into the main-line development, the development activities will slowly shift its focus:

The core system will not require further changes for the real-time capability, but the Real-Time Linux development team will need to review, test and adjust new incoming features from other kernel development teams to keep the kernel real-time capable when these new features are included.

Furthermore, the already existing real-time stable trees must be further continued to be maintained until the end of life of the corresponding kernel LTS version, so commonly two years for most LTS versions, but possibly even longer. Slowly over the years, the real-time stable trees for older kernel versions will reach their end of life, while for younger LTS kernel versions, which have the real-time capabilities fully included, have no need to maintain a separate real-time stable branch. This will decrease the working effort on the current real-time stable maintainers and they can focus their work to assist in the quality assurance of the continuous main-line development.

Of course, all users and stakeholders of the real-time capability must continue to support all these activities over the next years.

This is well understood at BMW Car IT, and we expect that other companies that require the real-time capability in Linux will also follow and express this general common understanding. Beyond software development until start of production, operations and maintenance is an important software development activity that is not underestimated at BMW Car IT.

Christian Salzmann, the CEO of BMW Car IT, states it clearly: “Providing good software solutions to BMW for many years, BMW Car IT knows that continuous operations and maintenance is one of the major cornerstones for providing a great experience to our customers. The continuous activity of development and operations of software going hand-in-hand, in short DevOps, is part of BMW Car IT’s company mindset. BMW Car IT’s support for further development and operations in the Real-time Linux Project is no exception to this rule.”