Posts

Transparency, openness and collaboration will never go out of fashion, says HackerOne’s Mårten Mickos.

Mårten Mickos has been around the open source world for a long time. He has seen the early days when open source was not taken very seriously, but now he is heading HackerOne, a company that’s building a massive community of white hat hackers to help companies create secure systems. Security and open source might seem like different worlds, but Mickos sees strong influences from one to the other.

Mårten Mickos, CEO of HackerOne

Today, open source has become the de facto software development model, but it has not always been that way.  “In 2001, when I joined my MySQL as its CEO, people didn’t believe in open source. It looked cute, like a toy. We looked like a small startup. They didn’t have the courage to follow us, but slowly and surely it started growing,” said Mickos.

Now the question is not who is using open source but who is not using it. 

Open source impact

Many people may see the benefits of open source from a technological perspective, but open source has had a deeper impact on people, culture, and our society.

“One of the greatest benefits of open source is that it has created a model where smart people who disagree with each other can collaborate with each other. It’s easy to collaborate if we agree, but open source enables collaboration even when people disagree,” Mickos said. “That is the true beauty of this model.”

A common myth about open source is that it survives out of altruism and selfless work by some community members. It might have been true in the beginning, but it’s not true anymore. “It’s not dependent on any charity. It’s not dependent on altruism. It’s not dependent on friendship. It’s not dependent on being kind. I mean, hopefully we are kind and friends, but it’s not dependent on it,” said Mickos, “It’s so smartly built that even as we are yelling and screaming at each other, we can still get work done.”

Open source is powerful but that doesn’t mean it will survive without effort. Like any other component of our civilization, it takes work. “We have to educate everybody, like any civilization needs to keep educating the population on what’s important. You educate them about history, language, mathematics, and other things. We have to do that and the new generation will completely get it,” he said.

Open source and security

Open source is known for being more secure than proprietary technology, but there is no magic there either. Just openness and hard work. “It’s more secure than closed source because you are developing it in the open. Your code is subject to the scrutiny of everybody, and I think it has been scientifically shown to be correct,” he said.

Another factor that contributes to the security of open source is the fact that the community is not afraid of talking about its problems. “It also means we know about all the problems in open source. You might think there are a lot of problems, a lot of serious problems, but as a percentage of the total number of lines of code, I would argue that open source is much more secure than closed source because when there is a vulnerability or a weakness in open source software, everybody will know about it. On the contrary, if there is something like that in closed source, it is kept secret and not fixed,” he said.

Mickos thinks the security industry can learn something from open source. “It can learn how to better collaborate on vital initiatives,” he said.

Conclusion

Today, our world is powered by open source. New technologies are arriving and new business models are evolving, yet, proprietary software will persist.

When asked if our future will be powered by open source, Mickos replied, “Transparency, openness and collaboration will never go out of fashion. It’s also true that every now and then, evolution will go backwards; it will be less open, less collaborative. But open source is an unstoppable force. It will come back and break those models and bring back collaboration, openness and sharing.”

Mickos concluded with these words, “I don’t think we can change it because we are humans and our evolution has made us such. Every now and then, there will be self-centered people driven by their own desire, driving us in a different direction so they can be in power, but then we come back. We are bigger in numbers, we never give up and it is the most productive way to build and sustain a society. That’s what we’re here on this planet to do.”

Open Source Summit

Greg Kroah-Hartman talks about the importance of community interaction, and the upcoming Open Source Summit.

People might not think about the Linux kernel all that much when talking about containers, serverless, and other hot technologies, but none of them would be possible without Linux as a solid base to build on, says Greg Kroah-Hartman.  He should know. Kroah-Hartman maintains the stable branch of the Linux kernel along with several subsystems.  He is also co-author of the Linux Kernel Development Report, a Fellow at The Linux Foundation, and he serves on the program committee for Open Source Summit.

Greg Kroah-Hartman (right) talks about the upcoming Open Source Summit. (Image copyright: Swapnil Bhartiya)

In this article, we talk with Kroah-Hartman about his long involvement with Linux, the importance of community interaction, and the upcoming Open Source Summit.

The Linux Foundation: New technologies (cloud, containers, machine learning, serverless) are popping up on weekly basis, what’s the importance of Linux in the changing landscape?

Greg K-H: There’s the old joke, “What’s a cloud made of? Linux servers.” That is truer than most people realize. All of those things you mention rely on Linux as a base technology to build on top of.  So while people might not think about “Linux the kernel” all that much when talking about containers, serverless and the other “buzzwords of the day,” none of them would be possible without Linux being there to ensure that there is a rock-solid base for everyone to build on top of.  

The goal of an operating system is to provide a computing platform to userspace that looks the same no matter what hardware it runs on top of.  Because of this, people can build these other applications and not care if they are running it locally on a Raspberry Pi or in a cloud on a shared giant PowerPC cluster as everywhere the application API is the same.

So, Linux is essential for all of these new technologies to work properly and scale and move to different places as needed.  Without it, getting any of those things working would be a much more difficult task.

LF: You have been involved with Linux for a very long time. Has your role changed within the community? You seem to focus a lot on security these days.

Greg K-H: I originally started out as a driver writer, then helped write the security layer in the kernel many many years ago.  From there I started to maintain the USB subsystem and then co-created the driver model. From there I ended up taking over more driver subsystems and when the idea for the stable kernel releases happened back in 2005, I was one of the developers who volunteered for that.

So for the past 13 years, I’ve been doing pretty much the same thing, not much has changed since then except the increased number of stable trees I maintain at the same time to try to keep devices in the wild more secure.

I’ve been part of the kernel security team I think since it was started back in the early 2000’s but that role is more of a “find who to point the bug at” type of thing.  The kernel security team is there to help take security problem reports and route them to the correct developer who maintains or knows that part of the kernel best.  The team has grown over the years as we have added the people that ended up getting called on the most to reduce the latency between reporting a bug and getting it fixed.

LF: We agree that Linux is being created by people all over the map, but once in a while it’s great to meet people in person. So, what role does Open Source Summit play in bringing these people together?

Greg K-H: Because open source projects are all developed by people who work for different companies and who live in different places, it’s important to get together when ever possible to actually meet the people behind the email if at all possible.  Development is an interaction that depends on trust, if I accept patches from you, then I am now responsible for those changes as well. If you disappear, I am on the hook for them, so either I need to ensure they are correct, or even better, I can know that you will be around to fix the code if there is a problem.  By meeting people directly, you can establish a face behind the email to help smooth over any potential disagreements that can easily happen due to the lack of “tone” in online communication.

It’s also great to meet developers of other projects to hear of ways they are abusing your project to get it to bend to their will, or learn of problems they are having that you did not know about.  Or just learn about new things that are being developed in totally different development groups.  The huge range of talks at a conference like this makes it easy to pick up on what is happening in a huge range of different developer communities easily.

LF: You obviously meet a lot of people during the event. Have you ever come across an incident where someone ended up becoming a contributor or maintainer because of the exposure such an event provided?

Greg K-H: At one of the OSS conferences last year, I met a college student who was attending the conference for the first time.  They mentioned that they were looking for any project ideas that someone with their skill level could help out with. At a talk later that day, a new idea for how to unify a specific subsystem of the kernel came up and how it was going “just take a bunch of grunt work” to accomplish.  Later that night, at the evening event, I saw the student again and mentioned the project to them and pointed them at the developer who asked for the help. They went off to talk in the corner about the specifics that would be needed to be done.

A few weeks later, a lot of patches started coming from the student and after a few rounds of review, were accepted by the maintainer.  More patches followed and eventually the majority of the work was done, which was great to see, the kernel really benefited from their contribution.

This year, I ran into the student again at another OSS conference and asked them what they were doing now.  Turns out they had gotten a job offer and were working for a Linux kernel company doing development on new products during their summer break.  Without that first interaction, meeting the developers directly that worked on the subsystem that needed the help, getting a job like that would have been much more difficult.

So, while I’m not saying that everyone who attends one of these types of conferences will instantly get a job, you will interact with developers who know what needs to be done in different areas of their open source projects.  And from there it is almost an easy jump to getting solid employment with one of the hundreds of companies that rely on these projects for their business.

LF: Are you also giving any talks at Open Source Summit?

Greg K-H:  I’m giving a talk about the Spectre and Meltdown problems that have happened this year.  It is a very high-level overview, going into the basics of what they are, and describing when the many different variants were announced and fixed in Linux.  This is a new security type of problem that is going to be with us for a very long time and I give some good tips on how to stay on top of the problem and ensure that your machines are safe.

Sign up to receive updates on Open Source Summit North America:

Call for Code

Todd Moore, Vice President Open Technology, IBM, speaks about the Call for Code initiative.

Open source is about community. At IBM, we have a commitment to open source and our developers are passionate about contributing back to open source. I’ve had the privilege to work with organizations like The Linux Foundation, Cloud Native Computing Foundation, Node.js Foundation, JS Foundation, Cloud Foundry Foundation, and many others. I’ve witnessed firsthand the power of communities to come together to grow an ecosystem, develop technology, and accelerate innovation. There’s also a human part to open source – a collective responsibility that we have to the world. There is work we can do that goes beyond developing platforms to grow our businesses and solve technical challenges. We can do more by focusing our combined developers, who already work together in open source, on critical problems that face humanity.

David Clark Cause is a company that creates purpose based initiatives and brings stakeholders together to tackle a common cause. Last year, David Clark Cause came to us with an opportunity to rally developers around a common cause and have a lasting impact.  We’ve done work like this before – for example, our IBM Foundation is working with the Open Medical Records (OpenMRS) project to create an oncology suite for use in countries in Africa and other regions using this open technology. The IBM Corporate Citizenship Office has helped deploy software from the Sahana Foundation’s open source disaster management solutions in over a dozen countries.

Given 2017 was one of the worst years on record for natural disasters, we decided to focus the efforts of 22 million developers around the world on this cause through the Call for Code initiative. David Clark Cause gave us the inspiration, and other partners like the United Nations, the American Red Cross, and The Linux Foundation came together to pool our collective efforts. Since 2000, natural disasters have directly affected 2.5 billion people, with 1.5 trillion in economic impact since 2003. And over the last 30 years, flooding is up over 240%. As developers, we can help people be more prepared, help them during a natural disaster, and help them recover afterward. We can make communities more resilient together.

Call for Code judges include iconic developers like Linus Torvalds and Tim Berners-Lee. The winning team and two semifinalists will receive support from The Linux Foundation to host their submission as an open source project and build a community around it, ensuring that it is deployable around the world in the areas of greatest need. Please join us- learn more at callforcode.org.

Share your expertise! Submit your proposal to speak at ELC + OpenIoT Summit Europe by July 1.

For the past 13 years, Embedded Linux Conference (ELC) has been the premier vendor-neutral technical conference for companies and developers using Linux in embedded products. ELC has become the preeminent space for product vendors as well as kernel and systems developers to collaborate with user-space developers – the people building applications on embedded Linux.

OpenIoT Summit joins the technical experts paving the way for the new industrial transformation, industry 4.0, along with those looking to develop the skills needed to succeed, for education, collaboration, and deep dive learning opportunities. Share your expertise and present the information needed to lead successful IoT developments, progress the development of IoT solutions, use Linux in IoT, devices, and Automotive, and more.

View Full List of Suggested Topics and Submit Now >>

Get Inspired!

Watch presentations from  ELC Europe 2017

View All ELC Europe 2017 Keynotes »

Join us at Embedded Linux Conference + OpenIoT Summit Europe in Edinburgh, UK on October 22-24, 2018. Sign up to receive conference updates.

OS Summit

Register now for Open Source Summit NA and save $300 through June 17.

Join us in Vancouver in August for 250+ educational sessions covering the latest technologies and topics in open source, and hear from industry experts including keynotes from:

  • Ajay Agrawal, Artificial Intelligence & Machine Learning Expert, Author of Prediction Machines, and Founder, The Creative Destruction Lab
  • Jennifer Cloer, Founder of reTHINKit and Creator and Executive Producer, The Chasing Grace Project
  • Wim Coekaerts, Senior Vice President of Operating Systems and Virtualization Engineering, Oracle
  • Ben Golub, Executive Chairman and Interim CEO, and Shawn Wilkinson, Co-founder, Storj Labs
  • Preethi Kasireddy, Founder & CEO, TruStory
  • Window Snyder, Chief Security Officer, Fastly
  • Imad Sousou, Corporate Vice President and General Manager, Open Source Technology Center, Intel
  • Sana Tariq, Senior Architect, E2E Service Orchestration, TELUS


Additional keynotes and the full schedule of 250+ sessions will be announced next week. Details on co-located events, evening activities, and other activities—including Speed Mentoring, First-Time Attendee Breakfast, Women in Open Source Lunch, Diversity Mixer, Kids Day, and more—will be announced shortly as well.

Register now and save $300 through June 17!

Register Now>>

Open Networking Summit

Speak at Open Networking Summit Europe – Submit by June 24.

Share your expertise and speak at Open Networking Summit Europe, happening September 25-27 in Amsterdam. Proposals are due June 24, 2018. Submit now.

Suggested Topics:

Networking Futures: Innovative ideas on the disruption and change of the landscape of networking and networking enabled markets in the next 3-5 years across: AI, ML, and deep learning impact to networking, SD-WAN, IIOT, Data Insights, Business Intelligence, Blockchain & Telecom, and more.

General Network: Common business, architecture, process or people issues that are important to move the Networking agenda forward in the next 1-2 years.

Service Provider & Cloud Networking (Technical): The containerization of service provider workloads, multi-cloud, 5G, fog, and edge access cloud networking.

Service Provider & Cloud Networking (Business & Architecture):Software-defined packet-optical, mobile edge computing, 4G video/CDN, 5G networking, and incorporating legacy systems behind (legacy enterprise workload migration, role of networking in cloud migration, and interworking of carrier OSS/BSS/FCAPS systems).

Enterprise IT DevOps (Technical): Scale and performance in SDN deployments, expanding container networking, maintaining stability in migration, networking needs of a hybrid cloud/virtualized environment, and figuring out the roadmap from a cost perspective.

Enterprise IT (Business & Architecture): Use cases on IoT and networking from the retail, transportation, utility, healthcare of government sectors, specifically on cost modeling for hybrid environments, automation (network and beyond), analytics, security and risk management/modeling with ML, and NFV for the enterprise.

Get Inspired!

Watch presentations from Open Networking Summit North America 2018

LC3

Register Now for LinuxCon + ContainerCon + CloudOpen China 2018

Join 3,000 open source technologists and business leaders for education and collaboration to drive open source innovation at LC3.

VIEW THE FULL SCHEDULE>>

REGISTER NOW >>

Top 3 Reasons to Attend

  1. Visionary Keynote Speakers: Hear from thought leaders from Accenture, Alibaba, Baidu, China Mobile, Huawei, IBM, Intel, Red Hat, Tencent and more.
  2. Workshops for Additional Learning Opportunities: Attend DPDK China Summit, OpenChain Workshop, The Arm Innovator Tour, Tencent Workshop Series, or Apache ServiceComb (incubating) Day.
  3. 175+ sessions: LC3 will feature use cases, project and technology updates, and other learnings on Cloud Native, AI, IoT, Linux Systems and Development, Networking and Orchestration, Blockchain, Open Source Leadership and more.

Need assistance convincing your manager? Here’s a letter that can help you make the request to attend LC3. Register now to save $40USD/255RMB through June 18.

REGISTER NOW >>

和三千多位科技企业领导人一同加入LC3论坛,共同合作打造开源创新时代。

三大参会理由:

  1. 有远见的主题发言人:聆听来自埃森哲、阿里巴巴、百度、中国移动、华为、IBM、英特尔、红帽、腾讯等企业的专家讲座。
  2. 提供额外学习机会的会议及工作坊:参加DPDK中国峰会、OpenChain 研讨会、Arm亚洲创新巡展、腾讯研讨会系列和华为云Apache ServiceComb 孵化日。
  3. 175场以上会议:LC3论坛将涵盖与云原生、人工智能、物联网、Linux系统与开发、网络与协调、区块链、开源领导力等主题相关的用户案例,项目和科技更新报告。

查看完整的日程安排 »

立即注册 »

building leadership

The latest Open Source Guide for the Enterprise from The TODO Group provides practical advice for building leadership in open source projects and communities.

Contributing code is just one aspect of creating a successful open source project. The open source culture is fundamentally collaborative, and active involvement in shaping a project’s direction is equally important. The path toward leadership is not always straightforward, however, so the latest Open Source Guide for the Enterprise from The TODO Group provides practical advice for building leadership in open source projects and communities.  

Being a good leader and earning trust within a community takes time and effort, and this free guide discusses various aspects of leadership within a project, including matters of governance, compliance, and culture. Building Leadership in an Open Source Community, featuring contributions from Gil Yehuda of Oath and Guy Martin of Autodesk, looks at how decisions are made, how to attract talent, when to join vs. when to create an open source project, and it offers specific approaches to becoming a good leader in open source communities.

Leadership Mindset

According to the guide, the open source leadership mindset involves:

  • Influence, not control
  • Transparency as a means of crowd-sourcing solutions, not as exposure
  • Leading, not herding

Building leadership can happen at all levels — from managers to developers to volunteers. Developers, for example, are often highly motivated to contribute to open source projects that matter to them and to build their reputations within the community. According to the guide, “open source is so hotly in demand that developers actively seek opportunities to develop or hone their open source chops.”

Guy Martin, Director, Open at Autodesk, Autodesk, says that when interviewing developers, he is frequently asked how the company will help the developer build his or her own open source brand.

Increase Visibility

“Raising your own company’s visibility in its open source work can thus also help recruit developers. Some companies even offer open source training to add to the appeal. Presenting the company’s open source projects at conferences and contributing code in communities are the best ways to raise your company’s visibility. Asking your developers to network with other developers and invite them aboard also tends to work well,” the guide states.

Read the complete guide to Building Leadership in an Open Source Community online now. And, see the list of all Open Source Guides for the Enterprise to learn more.  The information contained in these guides is based on years of experience and best practices from industry leaders. They are developed by The TODO Group in collaboration with The Linux Foundation and the larger open source community.  

open source summit

Submit your proposal to speak at Open Source Summit Europe in Edinburgh. Proposals due July 1.

Share your expertise and speak at Open Source Summit Europe in Edinburgh, October 22 – 24, 2018. We are accepting proposals through Sunday, July 1, 2018.

Open Source Summit Europe is the leading technical conference for professional open source. Join developers, sysadmins, DevOps professionals, architects and community members, to collaborate and learn about the latest open source technologies, and to gain a competitive advantage by using innovative open solutions.

As open source continues to evolve, so does the content covered at Open Source Summit. We’re excited to announce all-new tracks and content that make our conference more inclusive and feature a broader range of technologies driving open source innovation today.

This year’s tracks/content will cover the following:

  • Cloud Native Apps/Serverless/Microservices
  • Infrastructure & Automation (Cloud/Cloud Native/DevOps)
  • Artificial Intelligence & Data Analytics
  • Linux Systems
  • Open Collaboration and Diversity Empowerment
  • Emerging Open Technologies/Wildcard
  • Innovation at Apache
  • TODO/Open Source Program Management

View Full List of Suggested Topics & Submit Now >>

Get Inspired!

Watch presentations from Open Source Summit Europe 2017.

View All Open Source Summit 2017 Keynotes >>

 

open source AI

Download this new ebook to learn about some of the most successful open source AI projects.

Open source AI is flourishing, with companies developing and open sourcing new AI and machine learning tools at a rapid pace. To help you keep up with the changes and stay informed about the latest projects, The Linux Foundation has published a free ebook by Ibrahim Haddad examining popular open source AI projects, including Acumos AI, Apache Spark, Caffe, TensorFlow, and others.

“It is increasingly common to see AI as open source projects,” Haddad said. And, “as with any technology where talent premiums are high, the network effects of open source are very strong.”

Open Source AI: Projects, Insights, and Trends looks at 16 open source AI projects – providing in depth information on their histories, codebases, and GitHub contributions. In this 100+ page book, you’ll gain insights about the various projects as well as the state of open source AI in general. Additionally, the book discusses the importance of project incubators, community governance, project consolidation, and presents some observations on common characteristics among the surveyed projects.

For each of the projects examined, the book provides a detailed summary offering basic information, observations, and pointers to web and code resources.  If you’re involved with open source AI, this book provides an essential guide to the current state of open source AI.

Download the ebook now to learn more about the most successful open source AI projects and read what it takes to build your own successful community.