Posts

open source AI

We look at three open source AI projects aimed at simplifying access to AI tools and insights.

At the intersection of open source and artificial intelligence, innovation is flourishing, and companies ranging from Google to Facebook to IBM are open sourcing AI and machine learning tools.

According to research from IT Intelligence Markets, the global artificial intelligence software market is expected to reach 13.89 billion USD by the end of 2022. However, talk about AI has accelerated faster than actual deployments. According to a detailed McKinsey report on the growing impact of AI, “only about 20 percent of AI-aware companies are currently using one or more of its technologies in a core business process or at scale.” Here, we look at three open source AI projects aimed at simplifying access to AI tools and insights.

TensorFlow

Google has open sourced a software framework called TensorFlow that it spent years developing to support its AI software and other predictive and analytics programs. TensorFlow is the engine behind several Google tools you may already use, including Google Photos and the speech recognition found in the Google app.

Google has also released two new AIY kits that let individuals easily get hands-on with artificial intelligence. Focused on computer vision, and voice assistants, the two kits come as small self-assembly cardboard boxes with all the components needed for use. The kits are currently available at Target in the United States, and, notably, are both based on the open source Raspberry Pi platform—more evidence of how much is going on at the intersection of open source and AI.

Sparkling Water

H2O.ai, formerly known as OxData, has carved out a niche in the machine learning and artificial intelligence arena, offering platform tools as well as Sparkling Water, a package that works with Apache Spark. H2O.ai’s tools, which you can access simply by downloading, operate under Apache licenses, and you can run them on clusters powered by Amazon Web Services (AWS) and others for just a few hundred dollars. Never before has this kind of AI-focused data sifting power been so affordable and easy to deploy.

Sparkling Water includes a toolchain for building machine learning pipelines on Apache Spark. In essence, Sparkling Water is an API that allows Spark users to leverage H2O’s open source machine learning platform instead of or alongside the algorithms that are included in Spark’s existing machine-learning library. H2O.ai has published several use cases for how Sparkling Water and its other open tools are used in fields ranging from genomics to insurance, demonstrating that organizations everywhere can now leverage open source AI tools.

H2O.ai’s Vinod Iyengar, who oversees business development at the company, says they are working to bring the power of AI to businesses. “Our machine learning platform features advanced algorithms that can be applied to specialized use cases and the wide variety of problems that organizations face,” he notes.

Just as open source focused companies such as Red Hat have combined commercial products and services with free and open source ones, H2O.ai is exploring the same model on the artificial intelligence front. Driverless AI is a new commercial product from H2O.ai that aims to ease AI and data science tasks at enterprises. With Driverless AI, non-technical users can gain insights from data, optimize algorithms, and apply machine learning to business processes. Note that, although it leverages tools with open source roots, Driverless AI is a commercial product.

Acumos

Acumos is another open source project aimed at simplifying access to AI. Acumos AI, which is part of the LF Deep Learning Foundation, is a platform and open source framework that makes it easy to build, share, and deploy AI apps. According to the website, “It standardizes the infrastructure stack and components required to run an out-of-the-box general AI environment. This frees data scientists and model trainers to focus on their core competencies and accelerates innovation.”

The goal is to make these critical new technologies available to developers and data scientists, including those who may have limited experience with deep learning and AI. Acumos also has a thriving marketplace where you can grab and deploy applications.

“An open and federated AI platform like the Acumos platform allows developers and companies to take advantage of the latest AI technologies and to more easily share proven models and expertise,” said Jim Zemlin, executive director at The Linux Foundation. “Acumos will benefit developers and data scientists across numerous industries and fields, from network and video analytics to content curation, threat prediction, and more.” You can learn more about Acumos here.

maintainer

At Embedded Linux Conference, Sony’s Tim Bird discussed some of the challenges faced by maintainers of open source projects.

What are some of the challenges open source project maintainers face? One common issue is “The Maintainer’s Paradox,” which refers to the fact that open source maintainers are presented with more ideas along with more challenges as their communities grow. This occurs even when they take very minor patches from contributors. This topic was recently tackled by Tim Bird, Senior Software Engineer at Sony, in a keynote address at the Embedded Linux Conference.

The Maintainer’s Paradox is referenced in Eric Raymond’s seminal work “The Cathedral and the Bazaar,” and Bird opened his keynote address by citing the reference. “Raymond said that with enough eyeballs, all bugs are shallow,” Bird noted, adding that the reference applies to large open source communities.

Diversity of thought

“When I do training at Sony, I use a light bulb metaphor for this,” he said. “If you have five or 10 light bulbs that are similar to each other and you turn them on, there will be some good ideas represented by those light bulbs. But if you have a thousand light bulbs of different shapes and sizes, it’s more likely that there are going to be thousands of good ideas represented. So there are probabilities involved here. It’s the diversity of thought that is important. Diversity has a lot of upside.”

“Of course diversity has costs,” he added. “It takes time to assimilate different ideas and integrate them into the existing code path.”

Bird is the maintainer of the Fuego test system, which provides a framework for testing embedded Linux. During his keynote, he provided examples of challenges that maintainers face,  within the context of maintaining Fuego.

Tread carefully

“I learned things becoming a maintainer,” he said. “The Maintainer’s Paradox is that the maintainer is really excited about new contributions, but there is also fear and trepidation. Sometimes when I see a patch set on the mailing list I say, ‘Oh no, another patch set.’ I just might not have time to look at it. You want to review patches carefully and give appropriate feedback, but being a maintainer is sometimes overwhelming.”

Bird displayed a large photo of a puppy as he said: “Every time you get a patch that implies a new feature branch, that is something that has to be cared for indefinitely. As a maintainer, your incentive can be to not take too many of these things.”

Bird also noted some important social dynamics involved with how maintainers interact with community members. For example, differing personalities can create challenges. “People can get frustrated, and there can be miscommunications.” Additionally, although many maintainers want to reward contributions on a meritocracy basis, it can be difficult to achieve that goal.

What are Bird’s recommendations for optimizing tasks and communications? He supplied the following tips:

  • Call out negative communication
  • Route around offenders
  • Listen carefully, actively clarify and act on feedback
  • Assist by helping others
  • Become a maintainer

Finally, for more on active management of open source projects, including free tools, check this post.

Watch the entire presentation below:

Join us at Open Source Summit + Embedded Linux Conference Europe in Edinburgh, UK on October 22-24, 2018, for 100+ sessions on Linux, Cloud, Containers, AI, Community, and more.

LC3

LC3 Schedule Announced | Register Now to Save $90USD/505RMB | 日程表已公布 | 立即注册可节省 90 美元/ 505 元人民币

Join us in Beijing June 25 – 27, for three days of education across 175+ sessions, collaboration opportunities with open source technologists and professionals from around the globe, and the chance to learn about the newest trends and topics in open source.

Conference tracks include:

  • Cloud Native, Serverless & Microservices
  • Infrastructure & Automation for Cloud, Cloud Native & DevOps
  • Artificial Intelligence & Deep Learning
  • Internet of Things & M2M
  • Linux Systems & Development
  • Networking & Orchestration
  • Blockchain
  • Emerging Technologies & Wildcard
  • KVM
  • Open Source Leadership

In addition, LC3 will feature an Executive Business Leadership track on Tuesday, June 26. The schedule for this track will be announced shortly.

VIEW THE FULL SCHEDULE 

Keynote speakers include:

  • Kelsey Hightower, Developer Advocate, Google
  • Abby Kearns, Executive Director, Cloud Foundry Foundation
  • Greg Kroah-Hartman, Linux Kernel Maintainer
  • Michelle Noorali, Senior Software Engineer, Microsoft
  • Linus Torvalds, Creator of Linux & Git, in conversation with Dirk Hohndel, VP & Chief Open Source Officer, VMware
  • Jim Zemlin, Executive Director, The Linux Foundation

Additional keynotes from companies including Alibaba, Baidu, Huawei, Intel and SUSE will be announced shortly.

REGISTER NOW

Need assistance convincing your manager? Here’s a letter that can help you make the request to attend LC3. Register now to save $90USD/505RMB through April 30.

参加 LC3 在北京召开的为期三天(6 月 25 日至 27 日)的开源教育与合作会议。

参加我们将于 6 月 25 日至 27 日在北京召开的为期三天的 超过175场的会议,与来自世界各地的开源技术专家和专业人士进行合作,并有机会了解开源的最新趋势和主题。

会议主题包括:

  • 云原生,无服务器与微服务
  • 云、云原生和 DevOps 的基础结构和自动化
  • 人工智能和深度学习
  • 物联网与 M2M
  • Linux 系统与开发
  • 网络与编制
  • 区块链
  • 新兴技术与通配符
  • KVM(基于内核的虚拟机)
  • 开源领导力

此外,LC3 将于 6 月 26 日(星期二)召开以“执行业务领导力”为主题的会议。我们将尽快公布此主题的时间表。

查看完整的时间表

主讲人包括:

  • Kelsey Hightower,开发者倡导者,Google
  • Abby Kearns,执行董事Cloud Foundry Foundation
  • Greg Kroah-Hartman,Linux 内核维护者
  • Michelle Noorali,高级软件工程师Microsoft
  • Linus Torvalds,Linux 和 Git 的创始人,并与 VMware 副总裁兼首席开发官 Dirk Hohnde 进行交谈
  • Jim Zemlin,执行总监,The Linux Foundation

近期还将公布包含阿里巴巴、百度、华为、英特尔和 SUSE 等公司的其他主题演讲。

现在注册

需要我们帮助您说服您的经理?这封信可以帮助您提出参加 LC3 的申请。4 月 30 日前注册,即可节省 90 美元/ 505 元人民币。

software security

Software security requires discipline and diligence, said Mårten Mickos, speaking at the Open Source Leadership Summit.

Achieving effective security takes constant discipline and effort on everyone’s part – not just one team or group within a company. That was Mårten Mickos’s message in his keynote speech appropriately titled, “Security is Everyone’s Responsibility,” at The Linux Foundation’s recent Open Source Leadership Summit (OSLS).  

Mickos, CEO of HackerOne, which he described as a “hacker-powered security company,” told the audience that $100 billion has been spent on cybersecurity, yet, “Half of the money is wasted. We’ve been buying hardware and software and machines and walls and all kinds of stuff thinking that that technology and [those] products will make us secure. But that’s not true.”

Even if you ply your network with hardware to create a perimeter around it, it won’t make your organization any more secure, Mickos said. The answer is much simpler, he maintained, and the magic bullet is sharing.

“You share the defense, you share information, you work together,’’ he said. “You can’t have secure software if just some of your software engineers are in charge of security. You can’t just delegate it or relegate it to a security team. If you do that it won’t happen.”

Mickos likened that approach to the 1990s, when companies had quality managers and people got ISO certifications. “It didn’t help. It reduced quality in the companies, because people felt that quality now was the job of somebody else, not of you.”

Discipline

Software security, Mickos said, “only happens when we’re very disciplined.”

Mickos’ company has 160,000 contributors, including security researchers, ethical hackers and “white hats;” people who have signed up to find flaws in software, he said.  Security vulnerabilities can emanate from situations even when there are no bugs, he noted, adding that HackerOne hacked the U.S. Air Force in eight minutes.

“We found 200 vulnerabilities in the Air Force’s systems, 20 of those were found by Jack Cable, a 17-year-old high school student from Chicago, Ill.,” he said.

HackerOne has fixed over 65,000 security vulnerabilities, Mickos claimed. “So that has removed a lot of holes where criminals could have entered. But there are still tens of millions of vulnerabilities; no one knows the exact number. But if we deploy 100 billion lines of code every year … there’s a lot of security to look after.”

Pooled Defense

In his speech, Mickos promoted the notion of a “pooled defense;” the idea that “the number of defenders is far larger than the number of bad guys.’ He said there are far more white hats in the world than there are cyber criminals or “black hats.”

Cyber threats are often characterized as being asymmetric, he said, in the sense that one single criminal attacker can cause a lot of harm — so much so that a company needs 100 people to defend against it.

“If companies can get together and pool their defense, you … suddenly you have 10 times the power of the attackers,’’ he said. “If you share information, share the defense, share best practices, and share the act of responding to threats, then you overcome the asymmetry and you turn it around.”

It takes discipline and diligence, Mickos said, recalling how Equifax had “so many failures and acts of negligence or … omissions in the way they handle security,” and that “it was one single software vulnerability that led to the data breach in their systems.” Meanwhile, he added, “There’s nobody here who has a software system with just one vulnerability.”

While people often complain about long passwords or having to use multi-factor authentication because it is so time-consuming, they had better get used to it, he cautioned.

“Security doesn’t come for free. The only thing that … acts against these threats is the discipline and diligence [and] remembering long passwords,’’ Mickos said. “Even when somebody invents a method where we don’t need passwords anymore, you will be asked to do something else which is burdensome and every day, and where you’re not allowed to miss it one single time.”

Mickos also had a message for educational institutions: “Don’t call it computer science and software engineering unless there’s security in it. Today, you can graduate in CS without taking a single course in security.” He said he didn’t pay attention to the importance of security when he was in college, but different times call for a different approach. Today, security “has to become part of everything we do.”

We Can Turn the Ship

When everyone recognizes that security is a shared responsibility, he stressed, “the ship will turn. It’s a big ship, so it turns slowly, but it will turn, and we will get to a state that is similar to what we have with airline safety or hospital hygiene or … automotive safety, where today it all works. But it works because we do it together and we jointly take responsibility for it.”

Watch the complete presentation below:

linux kernel developer

Linux kernel developer Steven Rostedt maintains the Real Time Stable releases of the Linux kernel.

Linus Torvalds recently released version 4.16 of the Linux kernel. These releases typically occur every nine to ten weeks, and each one contains the work of more than 1,600 developers representing over 200 corporations, according to the 2017 Linux Kernel Development Report, written by Jonathan Corbet and Greg Kroah-Hartman. In this series, we’re highlighting some of the developers who contribute to the kernel.

Steven Rostedt, Open Source Programmer at VMware, maintains the Real Time Stable releases of the Linux kernel, among other things. Rostedt is one of the original developers of the PREEMPT_RT patch and began working on it in 2004 with the goal of turning Linux into a real-time designed operating system. He is also the main author, developer, and maintainer of Ftrace, a tool designed to help developers find what is going on inside the kernel. According to the Ftrace wiki, the tool can be used for debugging or analyzing latencies and performance issues that take place outside of user-space.

Linux kernel dev

Steven Rostedt

Additionally, this past year, Rostedt found time to speak at various events and serve on The Linux Foundation’s technical advisory board. Here are Rostedt’s responses to our questions.

Linux Foundation: What role do you play in the community and what subsystem(s) do you work on?

Steven Rostedt: I partake in a lot of the Linux Foundation events as well as Kernel Recipes, Linux Plumbers, sometimes Linux Tag and other events. I’m on The Linux Foundation’s Technical Advisory Board (TAB) and was on the Linux Plumbers programming committee. I’m an Open Source advocate and try to communicate to people what that means. I maintain the Real Time Stable releases, and the Ftrace (Linux kernel tracer) subsystem, as well as ktest, localmodconfig, and Ftrace tools like trace-cmd and KernelShark.

Linux Foundation: What have you been working on this year? / What’s one way you have contributed to the 4.8 to 4.13 releases?

Rostedt: I’ve been working on having ftrace trace init functions in both the main kernel core as well as in modules. Between 4.8 and 4.13, I rewrote the function tracing trigger code to be able to be expanded and used to enable function filtering for tracing on modules before they are loaded.

Linux Foundation:  What do you think the kernel community needs to work on in the upcoming year?

Rostedt: I think more focus should be on eBPF and helping it be easier to use as well as having an eye on security. Running a VM within the kernel can be very dangerous, and people need to use caution and be extra careful during development.

Linux Foundation: Why do you contribute to the Linux kernel?

Rostedt: Because it is the one place that you have total control over your computer.

At the recent Embedded Linux Conference, Rostedt presented a session on “Maintaining a Real Time Stable Kernel,” in which he explained what’s required to maintain a stable RT tree, which is a bit different from maintaining a normal stable tree. In this talk, he covered various tools that can be used and described the current tests performed to ensure that the RT stable kernel is fully functional.

You can learn more about the Linux kernel development process and read more developer profiles in the full report. Download the 2017 Linux Kernel Development Report now.

open source project

Matt Butcher provides tips for managing open source projects based on experience with Kubernetes Helm.

As open source technology has become more strategically important for organizations everywhere, many tech workers are choosing to or being asked to build out and oversee their own open source projects. From Google, to Netflix to Facebook, companies are also releasing their open source creations to the community. These efforts require more management than may seem apparent at first, and there is also a particular kind of “nice problem to have” that can arise. Specifically, a new open source project can suddenly take on a life of its own, growing far faster than ever imagined.

That nice problem to have was the subject of an Open Source Summit 2017 session presented by Matt Butcher, Principal Software Development Engineer at Microsoft. We covered some of his advice for open source projects in a previous post. And, here, we discuss specific project management issues Butcher has faced.

In his talk, Butcher cited examples from the Kubernetes Helm project, which grew to involve hundreds of contributors and thousands of active users in a span of 18 months..

Minefields and sparring matches

One thing Butcher and his collaborators on the Helm project learned is that managing governance and standards is an ongoing challenge. They also learned that code reviews can become “minefields of interaction,” where community members may have unexpected motives behind their messages. “I have been involved in situations where code reviews become a sparring match,” said Butcher.

“With Helm, we developed guidelines for them. They can develop in such a way that some people will just want to weigh in and show that they’re right. In some cases it’s very important to acknowledge contributions We actually have an internal rule in our core maintainers guide that says, ‘Make sure that at least one comment that you leave on a code review, if you’re asking for changes, is a positive one. It sounds really juvenile, right? But it serves a specific purpose. It lets somebody know, ‘I acknowledge that you just made a gift of your time and your resources,” he said.

Shifting perspective

Butcher also noted that team dynamics can change quickly as internal focus shifts to external focus. “At some point you’re going to release your project out into the wild, and then you’ll hit your stability marker, which might be, say, your version 1.0,” he said. “At that point your perspective changes and you say, ‘Hey, instead of huddling together to work on our team dynamics, we’re all going to face outward. That can be a touchy border to be on.”

In the case of Helm, team members reached out in unexpected ways during the early growth phase. “We did some crazy stuff when we were launching it,” Butcher said. “We actually had kind of an internal semi-formal policy that you would pair with people who came in and had big problems, which resulted in random people from the team joining meetings with people they’d never met and saying, ‘Hey, tell me about your problem and let me see if I can help.’  The whole point of this was to try and actively pull people into the community and get them engaged right away.”

Timelines are guidelines

Butcher stressed that project managers should “know what they’re building and be ruthless about sticking to it.” That means, in some cases, that timelines are guidelines. “You want to commit to timelines, because that’s respectful to the community,” he said. “On the flip side, you also are trying to keep your core contributors motivated. You don’t want them to feel undue pressure. In many cases the community understands that you are at the liberty of the contributors and sometimes something does come up. At times, we had to go back to the community and say, ‘we couldn’t do it because the Kubernetes team isn’t ready for us yet, so we’re going to have to wait a little while.”

You can learn more about open source project management in The Linux Foundation’s growing collection of Open Source Guides for the Enterprise. These free online guides cover starting an open source project, improving your open source impact, participating in open source communities, and more.

Share your knowledge and expertise at Open Source Summit North Americahappening August 29-31 in Vancouver BC. Proposals are being accepted through April 29th.

Open Source Summit

Submit your proposal to speak at OS Summit before the April 29th deadline.

Share your knowledge and expertise by speaking at Open Source Summit North America, August 29-31 in Vancouver BC. Proposals are being accepted through April 29th.

As the leading technical conference for professional open source, Open Source Summit gathers developers, sysadmins, DevOps professionals, architects and community members from across the globe for education and collaboration across the ecosystem.

As open source continues to evolve, so does the content that Open Source Summit covers, and we’re excited to announce new content areas that will be covered this year in addition to those that continue to be of critical importance to our attendees.

This year’s tracks/content will cover the following areas:

  • Cloud Native Apps/Serverless/Microservices
  • Infrastructure & Automation (Cloud / Cloud Native / DevOps)
  • Linux Systems
  • Artificial Intelligence & Data Analytics
  • Emerging Technologies & Wildcard (Networking, Edge, IoT, Hardware, Blockchain)
  • Community, Compliance, Governance, Culture, Open Source Program Management (in the Open Collaboration Conference tracks)
  • Diversity & Inclusion (in the Diversity Empowerment Summit )
  • Innovation at Apache/In Apache Projects (in the Apache Software Foundation track)
  • Cloud & Container Apprentice Linux Engineer Tutorials Track (geared towards attendees new to using Linux and open source based cloud & container technologies)

SUBMIT YOUR TALK  >>

Our program chairs are ensuring that we increase content for our sysadmin, devops and software architecture audience this year as well, based on feedback received from 2017, so please submit talks geared towards any of these audience types, as well as community managers, program office management, and of course developers.

On that note, we are pleased to announce our 2018 Program Chairs, Track Chairs and Program Committee:

Program Co-Chairs:

  • Robyn Bergeron, Ansible Community Architect, Red Hat
  • Donnie Berkholtz, VP, IT Service Delivery, Carlson Wagonlit Travel
  • Greg Kroah-Hartman, Linux Kernel Developer
  • Bryan Liles, Staff Engineer, Heptio

Track Chairs:

  • Jono Bacon, Community Strategy Consultant, Author & Speaker (Open Collaboration Conference)
  • Rich Bowen, Vice President of Conferences, Apache Software Foundation (Innovation at Apache)
  • Nithya Ruff, Senior Director, Open Source Practice, Comcast (Diversity Empowerment Summit)
  • Behan Webster, Converse in Code (Apprentice Track)

Program Committee:

  • Laura Abbott, Fedora Kernel Engineer, Red Hat
  • Zaheda Bhorat, Head of Open Source Strategy, Amazon Web Services
  • James Bottomley, Distinguished Engineer, IBM
  • Joe Brockmeier, Senior Evangelist, Linux Containers, Red Hat
  • Jessie Frazelle, Software Engineer, Microsoft
  • Michelle Noorali, Software Engineer, Microsoft
  • Daniel Whitenack, Data Scientist, Lead Developer Advocate, Pachyderm

Register & Save

Not submitting, but planning to attend? Register now and save $300 with early bird pricing.

Interested in sponsoring?

Showcase your thought leadership among a vibrant open source community and connect with top influencers driving today’s technology purchasing decisions. Learn more »

Xen hypervisor

When it comes to automotive software, there are three key things to think about: safety, safety and safety.

Open source moves into most industries in the same way. First, it is seen as unimportant, then too risky, and suddenly, it becomes essential.

Just think about some of the fundamental building blocks of the connected economy – Linux, HTTP, SSL, Apache Web Servers and so much more. Each of these major open source platforms were combined and refined by many companies to provide a business platform, leading to billions upon billions of dollars in growth. Banking, Commerce, Media, Agriculture, Energy and other massive industry sectors are wholly dependent on the widespread use of open source software to function.

Of course, each industry is different and faces its own set of unique challenges and requirements. In particular, the automotive industry is rightfully cautious about all software, not just open source. However, the industry has come to trust proven platforms that have shown results over time, rather than novel capabilities.

Xen Hypervisor

So, it is no surprise that the open source Xen Hypervisor is quickly moving to the forefront of open source technology for automotive. With a history that stretches back to the late 1990s, Xen is one of the oldest “new” technologies around. Starting as a research project at Cambridge University, Xen was first made open source in 2002 and then became deeply integrated into major Linux distributions in 2011.

When it comes to automotive software, there are three key things to think about: safety, safety and safety. Stability and maturity matter in automotive software. This is where the combination of Xen maturity, 14 years and counting, running in major data centers around the globe, and open source software development have come together to ensure a stable base for new innovations in connected vehicles.

Then there is the basic architecture of the open source Xen Hypervisor. No one wants anything interfering with mission-critical functions. If businesses don’t want to allow software to communicate with hardware, then take out the hardware drivers as driver disaggregation is a basic concept of Xen.

Additionally, there’s the matter of ensuring that the code itself is manageable and does not consume too many system resources. Computers in vehicles are not particularly powerful and their local storage capacity is limited, which can be challenging. However, refining the open source code to the “essentials” is not only possible, it is a best practice. Consider that Xen is about 90K lines of code. It’s small enough to manage and consumes very little computing power, which is a huge benefit for any embedded engineering project with constrained resources.

Open Source in Automotive

Another reason automotive companies often overlook open source is because organizations believe that there’s no economic value to participating in its development and distribution. The hundreds of billions of dollars made each year by hundreds of companies (including Apple, Facebook, Google, Amazon, RedHat and thousands of others) prove otherwise. There are a myriad of benefits – cost reduction, speed of deployment and simplification of change management – that come with utilizing open source software, and the industry could accelerate business value by leveraging these tools.

2018 is shaping up to be an important year for open source in automotive, but there are still a few major concerns that need to be resolved. Out of all the challenges that the industry faces, the primary concern involves third-party safety certification. Attaining third-party certification for any software project (open source or not) is difficult.

However, the argument that open source software, by its nature, can’t be certified or used in life safety applications is invalid. For example, open source software has been behind image-guided surgery equipment since 2006, spurring innovation and advancement in robotic-assisted platforms and improving patient outcome. In 2018, you can expect to see the transition from “useful” to “essential” for more and more open source projects, especially as the whole industry steps up and learns how to use software as a competitive differentiator in the marketplace.

Martin Focazio is Managing Principal, Business Consulting, EPAM

Modern open source projects rarely consist solely of all new code, written entirely from scratch. More often, they are built from many sources. And, each of these original sources may operate under a particular license – which may also differ from the license that the new project uses.

license scanning and complianceA new publication, called License Scanning and Compliance Programs for FOSS Projects, aims to clarify and simplify this process. This paper, written by Steve Winslow from The Linux Foundation, describes the benefits of license scanning and compliance for open source projects, together with recommendations for how to incorporate scanning and compliance into a new or existing project.

Winslow runs The Linux Foundation’s license scanning and analysis service, and he advises projects about licenses identified in their source code and dependencies.

He says that getting license compliance right early can help attract contributors and users to an open source project. However, he notes that license scanning and compliance are not end goals; rather, they are processes that can serve other objectives, including:

  • Protecting the project’s developers.
  • Assisting downstream compliance efforts.
  • Demonstrating project maturity.  

According to Winslow, “any project that implements license scanning and compliance should aim to make it sustainable” and should set realistic goals to avoid being overwhelmed by the number of options and issues that may arise.

Winslow also explains how using tools, such as FOSSology for license scanning and Software Package Data Exchange (SPDX) to help package scan results into meaningful reports, can help projects succeed in compliance efforts.

Learn more and download this free publication now.

When it comes to launching an open source project, free information abounds online, on topics ranging from picking the right license to building a community. But what about when an organization needs to shutter or move away from an unneeded project? There are many complexities to handling this situation correctly, and many companies with successful open source programs plan for the end of a project even before launching one. Now, The Linux Foundation has published a free online guide for the enterprise examining the various considerations: Winding Down an Open Source Project.

“By shutting down a project gracefully or by transitioning it to others who can continue the work, your enterprise can responsibly oversee the life cycle of the effort,” the guide notes. “In this way, you can also set proper expectations for users, ensure that long-term project code dependencies are supported, and preserve your company’s reputation within the open source community as a responsible participant.”

The free guide includes sound advice on the following topics:

  1. Life cycle planning for your open source project
  2. What does a dead open source project look like?
  3. Why plan for the end of a project, before you even launch it?
  4. Deciding when to end or pull out of a project
  5. How to end an open source project

You’ll also find direct advice from open source experts in the guide. Contributors include: Guy Martin, Director of Open at Autodesk, Autodesk; David A. Wheeler of Core Infrastructure Initiative (CII); Jared Smith, Open Source Community Manager, Capital One; Christine Abernathy, Open Source Developer Advocate, Facebook; and Chris Aniszczyk, COO of Cloud Native Computing Foundation.

“When you’re starting your project, you’re trying to get people to trust you and allay their fears about joining the project and using your code,” David Wheeler notes, in the guide. “Later, if you say, ‘Hey, this project’s going to go away soon,’ that is not going to help with trust. Instead, you should say you’re going to do your best to make it work out if it will ever be ended, and that you promise not to just drop users. Tell them you’ll let them know what is happening at each step. Give them time to transition, and work on ways to help with the transition. That can be very helpful.”

“It doesn’t happen all the time, but in the past with one of our projects we moved it over to a different company,” Abernathy noted, in discussing Facebook’s practices. “We don’t have any hard and fast rules about doing this. Typically, we’ll just move it to a different organization. When it comes to moving within groups, we sort of shop around internally and find out whether it is still being used by someone. With our open source projects, we strive toward internal adoption. So, it might be used by an entirely different team. If they are willing to maintain it, then we move it to a different team, and that’s very easy. That just means changing a label somewhere where it says who’s the owner.”

Are you interested in more good advice? Check out the free online guide today. Additionally, The Linux Foundation and The TODO Group (Talk Openly Develop Openly) have published an entire collection of enterprise guides to assist in developing open source programs and understanding how best to work with open source tools. The guides are available for free, and they cover everything from How to Create an Open Source Program to Starting an Open Source Project.