OSS Archives - SD Times https://sdtimes.com/tag/oss/ Software Development News Mon, 07 Jun 2021 16:30:55 +0000 en-US hourly 1 https://wordpress.org/?v=6.1.1 https://sdtimes.com/wp-content/uploads/2019/06/bnGl7Am3_400x400-50x50.jpeg OSS Archives - SD Times https://sdtimes.com/tag/oss/ 32 32 The battle of open-source licenses https://sdtimes.com/open-source/the-battle-of-open-source-licenses/ Mon, 07 Jun 2021 16:26:54 +0000 https://sdtimes.com/?p=44294 Earlier this year, Elastic reignited the open-source licensing debate when it announced it would be changing its license model to better protect its open-source code. Over the last couple of years, a number of companies — including Redis Labs, MongoDB, Cockroach Labs, and Confluent — have been switching their open-source licenses to avoid what they … continue reading

The post The battle of open-source licenses appeared first on SD Times.

]]>
Earlier this year, Elastic reignited the open-source licensing debate when it announced it would be changing its license model to better protect its open-source code. Over the last couple of years, a number of companies — including Redis Labs, MongoDB, Cockroach Labs, and Confluent — have been switching their open-source licenses to avoid what they call “the big code robbery,” where cloud providers like Amazon take their successful open-source project, adopt and profit off it as a cloud service without giving back to the community. 

“Cloud vendors do not care about monetizing FOSS projects, they are about getting more workloads running on their infrastructure — hence, to be the preferred destination for such workloads,” said CloudBees’ co-founder and chief strategy officer Sacha Labourey.

Confluent created a new community license, and MongoDB announced its Server Side Public License (SSPL) to combat cloud providers. In January, Elastic announced it would move its Kibana and Elasticsearch open-source projects to a dual license under the Elastic License v2 and SSPL. 

RELATED CONTENT: Open source is a community, not a brand

However, these new licenses that companies are switching to are not considered open source by the Open Source Initiative’s standard, leaving many in the industry to wonder where these companies now stand with open source.  

“These new ‘source available’ licenses contain restrictions to prevent cloud infrastructure providers from building a service out of their code. Early efforts like the commons clause limited ‘commercial use’ broadly and users found that the license language ‘created some confusion and uncertainty.’ Recent efforts by Elastic and others are more surgical. They simply attempt to restrict users from standing up the software alone as a service. The goal of these new licenses is to continue to capitalize on the widespread availability of the software and its source code to gain future customers while shutting out competing SaaS services based on the same code,” Justin Colannino, director of developer policy and counsel at GitHub, wrote in a post

According to Stephen O’Grady, principal analyst and co-founder of the developer analyst firm RedMonk, while it can be upsetting, the cloud providers are not actually abusing open-source projects if they are still abiding by the rules of the open-source license. “If project owners don’t want certain parties to be able to use their software, they shouldn’t be using open-source licenses,” he said. 

MongoDB argues that under SPPL, developers are still able to access, use, modify and redistribute its code. “We adopted the SSPL license to protect our right to build an innovative business in the Cloud era. We wanted to counter the threat of hyperscale cloud vendors taking our free product and offering it as a service without giving anything back,” said Dev Ittycheria, CEO and president of MongoDB.

Tomer Levy, CEO of Logz.io, a cloud observability platform provider, argues that changing licenses shakes the entire foundation of the open-source philosophy and shows that those in control of popular projects have the ability to take these projects away from the community at any time. “We were disappointed to hear about Elastic’s decision to change to a license which is not truly open source. This is a slap in the face to the engineers that helped build the community and make the open source software the staple that it is today,” he said. 

O’Grady added that changes like these have the potential to blur the definition of what is and isn’t open source, creating more uncertainty in the space. “If these companies genuinely want to protect open source, they would actively and aggressively maintain a bright line of distinction between their source available, proprietary licenses and genuine open source alternatives.,” he said.

Elastic made the decision to no longer refer to Elasticsearch or Kibana as open source and instead refer to the project’s as free and open. “While we have chosen to avoid confusion by not using the term open source to refer to these products, we will continue to use the word ‘Open’ and ‘Free and Open.’ These are simple ways to describe the fact that the product is free to use, the source code is available, and also applies to our open and collaborative engagement model in GitHub. We remain committed to the principles of open source — transparency, collaboration, and community,” the company explained in a post

Red Hat’s Haff actually thinks it can be a good thing if a project is successful and popular enough that a big public cloud provider is going to try to compete with it. “There’s a saying in the open-source space that your biggest challenge isn’t to be competed with, it’s to have no one know or care what you do,” he said. 

Some ways to combat the cloud providers, other than changing your software licensing model, is to form innovation partnerships with the cloud vendor so there’s a window where they can’t just steal your functionality and hopefully during that window the project innovates and moves past the threat. 

Drupal’s Bryon thinks creating a form of Creative Commons for open source could help categorize open-source projects into projects that are free to use, projects that require attribution and so on and so forth. “That sort of thing around open-source licenses could be really interesting to explore, because it would allow the expression of what these different projects are trying to do, but through the singular lens of this organization that has proven its importance and it’s credibility within the community,” she said. 

She also suggested creating social pressures on these companies to do better. WSO2’s Newcomer thinks we are already seeing Amazon react and change. In response to Elastic, the company created OpenSearch, an open-source fork of Elasticsearch and Kibana, and it is working with the industry to support and maintain the project long-term. Additionally, New Relic recently contributed Pixie, the open-source project for Kubernetes-native observability, to the Cloud Native Computing Foundation, and expanded its relationship with Amazon to run Pixie on AWS. 

Amazon “is the lead right now in this market. They have the capability to just take a leadership position in solving new problems through collaboration and open source,” said Newcomer. “What we need is more standard ways of interacting with them, standard platforms that all cloud providers should implement to solve the problems in the way of people so they’re not in this situation of having to pick and choose, which is difficult for everyone.”

The post The battle of open-source licenses appeared first on SD Times.

]]>
Open source is a community, not a brand https://sdtimes.com/open-source/open-source-is-a-community-not-a-brand/ Mon, 07 Jun 2021 13:34:07 +0000 https://sdtimes.com/?p=44280 It’s no longer a question of why should you use open source. The tables have turned and businesses are asking themselves why aren’t they using open source? But an even bigger question has been left unanswered, and that is how are they using open source? Are they staying true to the open source meaning?  As … continue reading

The post Open source is a community, not a brand appeared first on SD Times.

]]>
It’s no longer a question of why should you use open source. The tables have turned and businesses are asking themselves why aren’t they using open source? But an even bigger question has been left unanswered, and that is how are they using open source? Are they staying true to the open source meaning? 

As open source has become increasingly more popular, companies have begun to adopt open source for the brand, but then try to go against the purpose of open source, according to Gordon Haff, a technology evangelist at open-source company Red Hat. “I’ve definitely been on a lot of calls where one of the first things I’ll ask business leaders is why do you want to be open source, and often the answer is: because our customers seem to like that, but we don’t want Amazon to compete with us. We don’t want someone else to compete with us. We want to be able to maintain some proprietary parts of our software,” he said.   

RELATED CONTENT: The battle of open-source licenses

Open source itself has never gotten away from its meaning, according to Vicky Brasseur, author of the bookForge Your Future with Open Source.” The problem, she said, is that people haven’t bothered to learn or understand the true meaning of open source. “They make up their own definitions of open source, or they do it via the telephone game…and so the definition they’re working under in no way relates to what it actually is,” she said. According to Brasseur, the Open Source Initiative (OSI) defined open source over 20 years ago, and that is the one true meaning there is.

The Open Source Initiative’s definition of open source

OSI’s open source definition states that open source goes beyond just accessing the source code. To be open source, the software must comply with the following 10 criteria: 

  1. Free redistribution, 
  2. Source code, 
  3. Derived works, 
  4. Integrity of the author’s source code, 
  5. No discrimnation against persons or groups, 
  6. No discrimination against fields of endeavor, 
  7. Distribution of license, 
  8. License must not be specific to a product, 
  9. License must not restrict other software, 
  10. And the license must be technology-neutral.

“That is the one, the only, the worldwide recognized standard,” said Vicky Brasseur, author of the bookForge Your Future with Open Source.” “Standards are very important because otherwise we can be using the same words and mean completely different things, and from a business perspective, that can be devastating for people to be using different words or the same word open source and meaning different things. There is no other definition of open source.”

Creating a business model around open source

According to Robin Schumacher, vice president of product at open-source monitoring solution provider Netdata, the reason why open source has been so successful is because of the social aspect of it. Unlike proprietary software, it’s collaborative. It’s community-oriented and community-driven.

There are ways for a business to successfully use open source to their competitive advantage while staying true to the nature of open source, but open source shouldn’t be adopted just because it makes a company look good. “Your primary responsibility as a business owner, as a founder, as a manager of an organization, of a business, of a company, is not necessarily to open source. It is to your business,” said Brasseur. “If you are starting from open source and then trying to reverse engineer a business out of that, you’re coming at it from the wrong direction.” 

RELATED CONTENT: Making open source work for you and your business

A business should be looking at what the user needs, what the environment is they are targeting, what the trends are, whether or not they can meet those user needs or do it better than someone else, and then decide if it makes sense to use open source or release software to open source, Brasseur explained. If open source makes sense for the business goal, then companies need to put the effort into building the community around open source and understanding what the goal of releasing to open source is going to be. “If you don’t know your business goals, you won’t be able to maintain and guide that open-source project in a way that you can actually meet your business goals,” said Brasseur. 

According to Sacha Labourey, co-founder of enterprise software delivery company CloudBees, there are a number of models and tools today to make sure organizations are able to properly manage and govern the use of free and open-source software (FOSS). “We talk a lot about FOSS, but the reality is that it has been incredibly stable in how it operates and the value it provides. What has really been evolving fast are the various business models around FOSS,” he said. 

One of the best and most proven models out there is the open core model, according to Schumacher. In the open core development model, vendors open-source a portion of their software, but surround it with proprietary offerings. While it is valid from a business model perspective, Red Hat’s Haff noted that it’s important to recognize the open core model makes things a lot harder for the community to do collaborative open development.  

It takes a lot of time for people to figure out how to use the code, set it up properly and then maintain it, explained Angie Byron, core co-maintainer of the Drupal project, an open-source web content management framework. What companies like Acquia, a digital experience platform built around Drupal, and Red Hat do is provide a cloud platform that takes all the guesswork out for users and provides users with professional services and a support system. 

When projects and vendors commercialize open source, they have to understand there are various levels of commitments and contributions they are going to get from the community. It’s not always about code contributions, Schumacher said. There are other ways the community can help out;.for instance, by doing testing, quality assurance, performance testing, bug reports, feature requests, forum contributions, meetups, and sharing best practices and pitfalls.

Giving back to the open-source community

Technology giants like Google, Red Hat and others have been the most successful in the open-source world because they embrace the developer. “The love of the developer, the understanding that the developer is the set of ground troops that takes the technology into a particular enterprise, ingrains it into the lines of business, then it begins to bubble up to the higher-ups who see the benefits of what’s going on or just the proliferation of this software, and have no choice but then to make a commitment to it,” said Netdata’s Schumacher. 

A successful open-source vendor will provide a very smart and qualified developer relations staff, he explained. “You are going to need people who understand the spirit, mindset and everything of the developer community, of open source in general…” he said. 

Schumacher has three pillars for a successful developer relations staff:

  1. Community managers who are active in the industry and evangelizing the software, participating and scheduling meetups and events, are present on social media, and are broadcasting the benefits of projects to the open-source community
  2. Skilled technical members who are responsible for helping the community implement the open-source software and providing best practices, jump-starts, sample apps, and code contributions
  3. Lastly, you need an educational aspect that goes beyond how to use the software and talks about the next steps in terms of how to utilize the software to the user’s advantage. This area should include videos, written content and other resources to provide users with a pass to success. 

“The developer relations staff is absolutely critical for any vendor that wishes to work with open-source software, commercialize and be successful,” said Schumacher.

However, author Brasseur warns that while developer relations and open-source program offices can be beneficial, you have to make sure you are hiring the right or qualified people. “There are great people out there for this, but there aren’t nearly as many experienced people for this.” You can’t just hire internally because a developer contributed to an open-source project once, she explained. 

Other ways organizations can give back or get involved in the community include getting involved in industry initiatives or open-source foundations. Organizations “have to change their mindset from, we’re just going to develop what we think we need to be competitive to let’s help develop what the industry needs,” said Eric Newcomer, CTO at WSO2, an API management company. “One of the reasons open source is so successful is because people can collaborate on a shared vision of a common problem that everybody has.”

It’s not as easy as telling organizations to give back though, Drupal’s Byron explained. She said you have to incentivize companies to give back.

At Drupal, the project created a contribution record where contributors and committers can show how they are helping to sustain the project and the Drupal Association. “Hammering on that is probably the best way to do it because companies are probably not going to contribute out of the kindness of their heart. They need to have an incentive that matches with their return on investment,” Byron said.

She also explained that contributing to open source not only helps solidify an organization as an expert in their field, but it helps gain and retain talent because many developers want to work for companies that make time for open source. Contribution credits can help weed out the true open-source experts from the pretenders. “If you are selling yourself as an AWS vendor, but you have no record of ever contributing to anything around the AWS ecosystem, it’s sort of like, well did you just take a test and now you’re calling yourself an expert versus if you can see the trail of this person making contributions, writing blog posts and such, it’s easy to choose between the two. One is literally establishing themselves as an expert,” Bryon added.

The challenges facing open source today

Vicky Brasseur, author of the book “Forge Your Future with Open Source,” sees three main issues plaguing the open source landscape today. 

  1. The influx of open-source projects: According to Brasseur, there has been a flood of new projects being released. While that can be a good thing, it can also be problematic if organizations are just releasing things into open source to be trendy. She explained it makes the signal-to-noise ratio off-balance and makes it difficult to find useful projects. “It’s contributing to this age-old problem of reinventing the wheel, rather than perhaps contributing back to the existing wheel that’s already there,” she said. It’s tempting to want to release something rather than contribute to something, but you don’t necessarily have to start everything from scratch. Support what’s already out there, fork it, or take it into a different direction, according to Brasseur. 
  2. Lack of knowledge: Knowledge should go beyond just the definition of open source and free software. Businesses and developers need to understand the copyright and licensing details that go behind open source. Developers that “play fast and loose” with the laws, Brasseur said, make it difficult for companies to use their software because they have to take the time to figure out what the license is and how they can use the software. Too many hours are wasted just talking about and chasing down licensing information.
  3. Monocultures: Brasseur sees a number of monocultures plaguing the open-source ecosystem through fiscal sponsors, tooling and foundations. “These monocultures are a problem. All you need to do is watch Twitter on any day when GitHub is down. All of open source screeches to a halt. That is a huge problem. People equating open source with GitHub, that is a problem… I like GitHub, they do good things, but from an ecosystem point of view, that’s a problem. Projects that assume the only place I can go to have somebody support me from a foundational level is the Linux Foundation, that is a problem. There are lots of different options. The Linux Foundation does a very good job in many ways, but it’s not the be-all and end-all. Companies that think in order to participate in open source, I have to pay to become a member of a foundation, that is a problem,” she explained.  — Christina Cardoza
Open-source software in the enterprise

Red Hat’s 2021 State of Enterprise Open Source report found 90% of IT leaders are using open source in the enterprise, and 79% expect their use of enterprise open-source software for emerging technologies (edge, IoT, AI and ML) to increase over the next couple of years. The main drivers for adopting open source are infrastructure modernization, digital transformation, higher quality software, access to latest innovations, and better security. 

This year, the company decided to ask respondents whether or not they look to see if a vendor contributes back to open source when looking to implement a new solution. Surprisingly, the report found that IT leaders not only care, but they are much more likely to choose a vendor who contributes. “That means the IT leaders are starting to appreciate the virtuous cycles that you have in open-source development,” said Gordon Haff, a technology evangelist at open source company Red Hat.

But barriers still remain with respondents citing level of support, compatibility, and lack of internal skills as top challenges to adopting open source. 

Software solutions provider Perforce, which recently released a report on open-source opportunities with Forrester Research, believes that while open source has cemented its role as a critical agenda driver in the enterprise, not enough organizations are taking the necessary steps to optimize their OSS strategies. 

“Without comprehensive and optimized strategies that govern the critical pillars of running OSS, organizations risk missing out on the benefits it can deliver, including greater flexibility and better efficiency, time to market for products, customer and employee experiences, and more,” the report stated. 

While free and open, open source can be complex and require expertise to maintain, support and operate. According to the Perforce report, it’s important to partner with industry leaders to maximize open-source success through migration help, ongoing management and support. Additionally, an open-source strategy that can clarify the open source initiatives, governance, role of internal resources and external support can help pave the way for open source in the enterprise. 

“Finding success with open-source software as an enterprise organization requires a fully formed strategy – especially as it applies to critical areas like support,” said Rod Cope, CTO at Perforce Software

The post Open source is a community, not a brand appeared first on SD Times.

]]>
The top open source licenses https://sdtimes.com/open-source/the-top-open-source-licenses/ Tue, 07 Apr 2020 15:11:54 +0000 https://sdtimes.com/?p=39551 Open-source security and license compliance management platform provider WhiteSource has released a complete guide for understanding and learning about open source licenses.  According to the guide, open-source licenses can be categorized under copyleft or permissive. Under a copyleft license, users who use a component of the open-source software must make their code available to others. … continue reading

The post The top open source licenses appeared first on SD Times.

]]>
Open-source security and license compliance management platform provider WhiteSource has released a complete guide for understanding and learning about open source licenses

According to the guide, open-source licenses can be categorized under copyleft or permissive. Under a copyleft license, users who use a component of the open-source software must make their code available to others. Under a permissive open-source license, the open-source software can be free to use, modify or redistribute, but it also permits proprietary derivative works.

In addition, the guide reveals permissive open-source licenses are on the rise.

RELATED CONTENT: Making open source work for you and your business

“This can be explained by the continuous rise in open-source usage. Open source has become mainstream, and the open source community is embraced and supported by the commercial software community,” the guide states. “With companies like Microsoft and Google standing behind some major open-source projects, the ‘Us’ vs. ‘Them’ mentality that ruled in the early days of open source is long gone. In the interest of this widespread cooperation, and encouraging open source usage, permissive licenses are winning.” 

The top open-source licenses, according to WhiteSource, are:

  1. MIT
  2. Apache 2.0
  3. GPLv3
  4. GPLv2
  5. BSD 3
  6. LGPLv2.1
  7. BSD 2
  8. Microsoft Public
  9. Eclipse 1.0
  10. BSD

“The copyleft movement carried the interests of Open Source well, but pressure has grown recently due to it being either too restrictive or not restrictive enough in the eyes of creators. For those whose main motivation is seeing widespread use, permissive licenses work best even if that allows the possibility of being modified for use in closed source. Meanwhile for those who have an ideological motivation such as preventing the use of their code in weapons, copyleft is not restrictive enough because it forbids that type of discrimination,” said  Rhys Arkins, director of product management at open source security and license company WhiteSource. “Finally, you see creators of open source who want to make their software free except for usually a very narrow concept of direct commercial competition – this is again something not supported by traditional licenses. The latter two use cases chip away at the dominance of not just copyleft but also permissive licenses too.”

The post The top open source licenses appeared first on SD Times.

]]>
premium Making open source work for you and your business https://sdtimes.com/open-source/making-open-source-work-for-you-and-your-business/ Tue, 07 Apr 2020 13:30:14 +0000 https://sdtimes.com/?p=39548 Open-source software continues to win over developers and enterprises. A recent report found that 92% of applications use open-source components, and open source is the de facto standard for software development.  The report, which was conducted by managed open-source company Tidelift, found open source exceeds proprietary software in technology flexibility and extensibility, developer satisfaction, total … continue reading

The post <span class="sdt-premium">premium</span> Making open source work for you and your business appeared first on SD Times.

]]>
Open-source software continues to win over developers and enterprises. A recent report found that 92% of applications use open-source components, and open source is the de facto standard for software development. 

The report, which was conducted by managed open-source company Tidelift, found open source exceeds proprietary software in technology flexibility and extensibility, developer satisfaction, total cost of ownership, development speed, quality of code, security, functionality, and performance and stability. The only area open source did not outperform proprietary software was under reliable support and consulting services, but it was a close fight with 36% of respondents saying open source was better in this area and 38% saying proprietary software was better. 

While open source seems to be dominating the industry, Dries Buytaert  the creator of the open-source project Drupal and founder/CTO of the SaaS company Acquia, believes the only other place open source hasn’t won yet is in creating a business model. “Successful open-source businesses are extremely rare. Figuring out these business models around open source is the last hurdle that prevents open source from taking over the world. It has already won with developers, but hasn’t won as a business model yet,” he said. “Cracking the code would be really valuable because it allows us to solve problems that exist in the world that are very hard to do now.” 

RELATED CONTENT:
Creating and maintaining trust with open source software
The realities of running an open-source community
What does it take to commit to 100% open source?

Open-source business models are ways companies try to create revenue around free and open-source software. Some models include providing support and services for projects, creating advertisement partnerships, adding paid additional features, and selling cloud-based software as a service.

Open source as a business model
According to Buytaert, the reason why successful open-source businesses are so rare is because as an open-source project and its adoption starts to scale, it becomes harder and more complex to maintain. Some of the ways the Drupal project deals with the growth of the community and project is by assigning roles and responsibilities as well as providing contributors and maintainers with the tools necessary to complete those roles. For instance, there is a security team assigned, which is given access to security tools to perform things like audits. 

Donald Fischer, co-founder and CEO of Tidelift, said there are three things companies, or even individuals, who want to be successful using and commercializing open source should pay attention to: security, licensing and maintenance. 

When it comes to security, open-source users need to be able to trust and verify who the source code is coming from as well as identify any security vulnerabilities. It’s also important to understand whose job it is to find security vulnerabilities within the project and how fast the project responds to those threats. 

Licensing is also a complex topic in the open-source word, Fischer explained, and it requires speciality knowledge. Some things open-source users should understand are: what license policies make the most sense for them, what licenses does the company use and can be used, and if those licenses are compatible. 

Lastly, maintenance and quality have become a big issue. In the old days, software came from vendors like Microsoft and Oracle who ensured certain standards and support. In today’s modern era where businesses and individuals are utilizing open source, not all projects have maintenance or support in place, Fischer explained. This is troubling because those looking to utilize open source want to make sure projects have longevity. It is important to look at how the software keeps working and evolves as well as visibility into the actively maintained versions. Project owners should communicate and provide advanced notice when things retire so open-source users are not left stranded. 

“The ability of businesses to move faster is dictated by their ability to maintain, comply and secure their systems,” said Kevin Wang, founder and CEO of FOSSA, an enterprise open-source management solution provider. “Just understanding what third-party software they depend on, and how they can strategically use that to improve their business is crucial. In order to be really fantastic modern software companies, you have to be really good at using open source.” 

However, VM Brasseur, director of open-source strategy at networking and cybersecurity company Juniper Networks, warns against viewing open source as a business model. According to Brasseur, open source is just one of many tools that help execute business models. She worries thinking about open source as a business model will make people think that the fundamental definition of open source needs to be changed in order to add a revenue stream.

Open-source software in the cloud era
Another concern open-source businesses have is how to transform business strategies as technology evolves.  

Towards the end of 2018, a new license sparked major controversy among the open-source community. The Commons Clause was drafted to put “conditions” or “limitations” on open-source software. 

The controversy was that this was not an open-source license, and went against the definition of open source by adding restrictions to open-source software.

“Through the past decade of open-source history, there has been this huge stigma generated around any attempt to license software in a not purely open source way. The purpose of the Commons Clause in the beginning was basically to give a super lightweight alternative,” said FOSSA’s Wang. “It was this thing in between proprietary code and open-source code.”

At the time, Juniper’s Brasseur stated: “By restricting people from making money from a project where it is applied, the Commons Clause directly violates Item 6 in the Open Source Definition. As the Open Source Definition is no longer applicable to those projects, they—quite literally by definition—are no longer open source. At best they can be called ‘source available.’”

However, the Commons Clause was created to address a larger problem in the community which was to close the “cloud loophole” where cloud providers were taking advantage of open-source projects without giving back to the community or giving credit to the project. 

“What has happened in the last five years is the rise of cloud computing, and in particular cloud computing providers who have made very successful businesses of taking successful open-source projects someone else invested most of the research and development, and then harvested most of the revenue via cloud offerings,” said Ajay Kulkarni, CEO of Timescale, a time-series data company. “Essentially, what we realized was in order to be a successful open-source business in the cloud era, we had to think about things a little differently.”

Kulkarni went on to explain that the cloud era has changed the way software is consumed, and cloud providers like Amazon are now able to download open-source software and run it for users in the cloud at a price. 

Following all the controversy surrounding the Commons Clause, many other open-source projects started to change their licenses. Timescale developed the Timescale License, which aims to prevent cloud and SaaS providers from hosting a database-as-a-service version of TimescaleDB and OEMs who don’t provide value on top of the database. According to Timescale, a majority of its open-source software is still available under the Apache 2 license. 

“We did not make this decision lightly, and we kind of did it because we felt like we needed to, not because we wanted to. What we saw was the software world was moving faster than the licenses could keep up,” Kulkarni said. “We believe this decision really allowed us to build towards a self-sustaining open-source business where we can control our own destiny and keep reinvesting in the product.”

Database company MongoDB created the Server Side Public License (SSPL), and actually tried to go through the Open Source Initiative (OSI) to get it approved as an OSI-approved license. After realizing that the license was not going to get the broad support it needed to be approved, MongoDB withdrew the SSPL from the OSI-approval process, but continues to use it. 

“While it’s not OSI approved, MongoDB users are free to review our code, modify our code, distribute our code or redistribute modifications to our code in compliance with the license,” said Eliot Horowitz, cofounder of MongoDB.

Cockroach Labs, makers of CockroachDB, took a different approach, and adopted the Business Source License (BSL). With the BSL, source code is freely available and on the path to become open source at a certain point in time. 

“We think of it as patent protection. You can decide what protections you want and for how long, and what happens is when that term is up what was formally licensed as BSL becomes Apache in our case,” said Spencer Kimball, co-founder and CEO of Cockroach Labs. “The exclusion is you can’t run Cockroach as an external database as a service. You can think of that fundamentally as an anti-AWS provision.”

Other companies in this wave of license changes included Redis, which was one of the first to adopt the Commons Clause and also introduced the Redis Source Available License for Redis Modules; MariaDB, who also adopted BSL; and Confluent, who announced the Confluent Community License. 

Heather Meeker, the lawyer who drafted the Commons Clause, also created the Polyform Project, which aims to draft and make freely available plain-language source-code licenses with limited rights. 

“Until now, there has been no standardization of this kind of source-code license, even though it has become increasingly common. This has resulted in confusing and overlapping licenses, which need to be analyzed one at a time. Lack of standardization has used up the time and resources of many in the software industry, as well as their lawyers. The objective of the PolyForm Project is standardization and reduction of costs for developers and users,” the project’s website states. 

Timescale’s Kimball hopes one day a better way will be provided to protect open-source projects. “We are not lawyers. We didn’t want to create a license. This is not our business model, and it was a huge time stuck and had a huge expense, but it is also not our job to try to convince the open source entities to make this huge shift.”

Drupal’s Buytaert  suggests experimenting with licenses and creating new licenses that can help support the creation, growth and sustainability of new projects. Licenses should encourage sharing, but discourage unfair competition, he explained. 

“A lot of the open-source licenses we use today are 20 years old, and I think it is a little naive to think something that worked 20 years ago is still perfect today,” said Buytaert. “New licenses are worth exploring. It can be game-changing and provide a breakthrough for how we think of sustaining open source.” 

Tidelift’s Fischer has other thoughts. “We think the bigger opportunity is around creating some net new value around the open-source software without putting additional restrictions around the use of open-source software or creating a license and debating about the open-source definition. All these things fly over the heads of most organizations trying to use this stuff. Let’s go over this opportunity to create new value that didn’t exist in the world before,” he said. “A great example of that is if there is some open-source code that folks are using but there hasn’t been commercial support or maintenance available for it, let’s start making that available for that software and if it is valuable, organizations will come and pay for it.” 

Open source sustainability
According to Juniper’s Brasseur, there are much bigger problems in the open-source world that we should be worried about. While it is great that businesses are taking an interest in open source, a more important issue is being able to sustain open source for years to come. 

Brasseur explained many companies and individuals will often just donate money to a project in order to help it grow because “throwing money at the problem is easy for people to do,” she explained. “We are conditioned to equate money with stability.” The problem with this is that no one follows up on those donations or sees how it was used. Project owners also don’t understand what to do with the money. 

While Brasseur does understand it is important to do things like pay and support maintainers, sustainability needs to be more than just money.

“If your maintainer or core contributors ran away to join the circus, how many of those would it take to put your project in a bad position,” she said. “That is something we need to be focusing on for sustainability a lot more than we need to be focusing on just getting money into the hands of contributors.” 

She suggested taking a look at the book “Our Common Future,” also known as the Brundtland Report, which examines corporate sustainability planning, and how the corporate world grows an economy while growing and sustaining the environment. 

What the book does is define what sustainability is, which can be applied to the open-source world. According to the book, sustainability is “development that meets the needs of the present without compromising the ability of future generations to meet their own needs.” 

The book also identifies key areas for successful sustainability and how each one is an interlocking crisis that needs to be addressed simultaneously. According to Brassuer, the benefits of having a corporate sustainability plan include a more reliable supply chain, collaboration between groups internally and externally, improved communication, increased innovation, and improved employee retention and recruiting. 

“Free and open source software needs to follow the open source way, and build on the contribution from those who came before us,” she said in a keynote at PyCon Australia last year. For open source, she explained the three elements of sustainability planning are: contributing back, human environmental diversity, and community safety. 

Contributing back refers to giving back to the open-source project or community whether that be in the form of time, talent or treasure. “Since the very beginning of free and open source software we have had people and organizations who use free and open source but don’t contribute back. We call them ‘free riders,’” she said in her keynote. “We use it in a very negative way and we dismiss them. They are no good. These organizations may not understand that what they are doing… is degrading the longevity and success of the free and open source software that they rely on.”

It is important to note that contributions don’t have to come in the form of code. Some ways to contribute time are by doing things like volunteering at events or helping to organize events; through talent by doing things like security audits, redesigns, or improving accessibility; or through treasure it can be donating money. 

In addition, there are many different roles that go into a project, such as documentarians, designers, security, infrastructure, testing and marketing, but too often open-source guides are focused just on programmers. “It is fine as a developer to scratch your own itch and release it, but if you want your software to be usable and adopted, you need to bring people with other expertise,” she said. 

“Events around open-source projects, documentations, marketing and legal advice, these are all things that go into marking a project successful,” added Drupal’s Buytaert. “Having a lens that is more than developer-centric is really important.”

Human and environmental diversity involves getting more and varied people involved in the community. This will help provide more resources, innovation and stability, because the more people involved, the less you have to worry about the bus or circus factor. In addition, diversity does not only mean gender, but can be geographic and language diversity. Allowing people from different parts of the world who speak different languages can open up the door to millions of new contributors in those areas, Brasseur explained. 

And then, open-source communities can cultivate that diverse contributor base by making sure they feel safe to contribute. “As an open-source participant, you have the power. You are in a position to witness unprofessional and unwelcoming behavior and take action,” said Brasseur.

For individuals, a way to ensure community safety is to restrict any contributions to projects that don’t have a code of conduct. Project owners and maintainers should make necessary steps to enforce the code of conduct. 

According to Tidelift’s Fischer, there has also been a rise of ethical licenses to promote community safety. For instance, the Hippocratic License 2.0 was just released, which follows the Hippocratic Oath in medicine, which implies first do no harm; however, Fischer notes it may be hard to get these licenses noticed by contributors.

“People are trying to have their work used in a context that they endorse from a moral or ethical standpoint, but it is really complicated to figure out how to achieve that without having unintended second-order consequences,” he said. “We are trying to figure out what those unintended consequences are, and how it works in practice. It is still a work in progress.”

Drupal’s Buytaert believes projects need not be afraid to innovate. For instance, when the project started 19 years ago, technologies like mobile and social media didn’t exist. Projects have to be able to ride different innovation waves to stay relevant. 

The Drupal project tracks all code and non-code contributions to the project and gives contributors credits or points. Those points are then stacked up and ranked so others can see who participates the most. “The Drupal website gets about 2 million unique visitors a month, which is a crazy number for an open-source community website. Not only do you get leads from potential customers, but also it speaks to the expertise of the organization or individuals.” 

There is also an ongoing trend where companies are acquiring open-source projects instead of starting them. According to Rhys Arkins, director of product management at open source security and license company WhiteSource, this can be a positive trend that promotes more open-source projects in the future. “The best open source is usually that which first comes out of an internal or personal need first, so if starting open-source projects was too intimidating or mostly for large companies alone, we’d miss out on a lot of innovation compared to one where small projects can flourish,” he said. 

To successfully flourish under corporate stewardship, Arkins recommended company interest aligns with community goals and directs. “If there is any direct conflict between the company’s intended business model (e.g. limiting features in the open source and selling advanced features commercially licensed) then it’s unlikely to end well. If on the other hand, even long-term open source use of the project is still of benefit to the company, then it reduces the chances of conflict and increases the likelihood of a win-win situation,” he added.

The post <span class="sdt-premium">premium</span> Making open source work for you and your business appeared first on SD Times.

]]>
premium What does it take to commit to 100% open source? https://sdtimes.com/open-source/what-does-it-take-to-commit-to-100-open-source/ Thu, 27 Feb 2020 18:02:27 +0000 https://sdtimes.com/?p=39093 Open source is arguably the most successful approach to developing and distributing business-critical infrastructure software. By removing all barriers to entry and giving developers absolute freedom, open source allows organizations to take software and implement it across their businesses in a truly seamless and customizable way. This can then lead to exponential adoption growth, which … continue reading

The post <span class="sdt-premium">premium</span> What does it take to commit to 100% open source? appeared first on SD Times.

]]>
Open source is arguably the most successful approach to developing and distributing business-critical infrastructure software. By removing all barriers to entry and giving developers absolute freedom, open source allows organizations to take software and implement it across their businesses in a truly seamless and customizable way. This can then lead to exponential adoption growth, which in turn powers the rapid feedback loops required of high-velocity, collaborative, community-driven development of feature-rich software. Open source can also strengthen security hardening, ecosystem integrations, extensibility frameworks and other essential enterprise capabilities, while also maintaining high quality and reliability.

While experts in the database market in particular agree that open source is becoming the norm, the question remains, just how open is this sector’s open-source software? Can software providers realistically succeed with a company that’s 100% open source? Furthermore, would a proprietary infrastructure software provider with a freemium tier be able to achieve the same benefits as those committing to open source?

RELATED CONTENT:
The realities of running an open-source community
Creating companies that sustain our open-source community

The short answer is, yes — a proprietary infrastructure software company with a freemium tier could theoretically achieve the same benefits as companies going fully open source. However, it’s important to recognize that it would take a freemium model company a significantly longer period of time for its software to mature to the same level as that of an open-source company. Also, the loss of collaborative development and slower feedback loops would likely lead to a higher probability of the software never achieving market traction and ultimately fading away into oblivion. 

3 models for monetizing open-source projects
What more companies need to recognize is that open-source software (OSS) and a for-profit motive are not at odds with each other. After all, a healthy commercial business is a must-have for continued investment in open source, especially in the context of single-vendor OSS projects. In fact, there are three non-mutually exclusive models of monetizing open-source infrastructure software, including:

  1. Service, Support and Training
  2. Open Core
  3. Managed Service

Numbers 1 and 3 are well understood at this point; however, the open core monetization model has incited a fair amount of licensing debate. For database and data infrastructure companies, open core has traditionally involved reserving a certain class of enterprise features for a separate commercial edition. This class of features might include the ability to build new data models, back up the data stored, secure data in-flight and at rest through encryption, and offer multi-datacenter replication, among other features.

Managed cloud services and open source:  A winning combination
Management software that sits outside the core and offers automated cluster creation, scaling, upgrades, backups and monitoring is also usually included in this enterprise class of features. In fact, managed cloud services should be viewed as hosted management software with built-in cloud infrastructure orchestration. For some database companies that recently modified their licensing, their efforts to monetize OSS directly were marginally successful. However, their efforts to monetize the cloud service were wildly successful. The takeaway, then, should be that users take a long time to build trust with a business-critical database, but once that trust is established, users are willing to pay top dollar for the convenience of the cloud Database-as-a-Service (DBaaS) — especially when their adoption reaches scale.

If managed services based on OSS projects are a winning combination, it would be a major hurdle if AWS chose to adopt the same approach. And there’s almost nothing that can be done to stop AWS from doing so. In fact, competition from AWS is simply the price to pay for developing OSS. Yes, restrictive licensing including AGPL might be able to slow down AWS, but the real impact of such licensing is lower user adoption. Even if AWS were to build a service on top of OSS, what’s important to focus on is not the competition aspect but rather the validation of the staying power of OSS. In other words, AWS entering the space would provide users more confidence that their investment would remain protected through multi-party competition.

Still, at the end of the day, commercial OSS companies will have to compete with giants like AWS on the merits of an exceptional DBaaS experience, rather than on the merits of the core OSS database. For this reason, it’s crucial to draw a clear line of separation between an OSS database project and commercial DBaaS offerings. In doing so, OSS companies can capitalize on a potent competitive advantage of no cloud vendor lock-in, proprietary features, same-day releases, higher configurability, lower costs and the ability to bank on the expertise of the software creators themselves. Couple those advantages with a passionate user community and a few well-known reference customers, and open-source companies have an opportunity to thrive — even amidst the constant threat of innovative cloud providers. 

The post <span class="sdt-premium">premium</span> What does it take to commit to 100% open source? appeared first on SD Times.

]]>
Report: The benefits of open-source software go beyond cost https://sdtimes.com/os/report-the-benefits-of-open-source-software-go-beyond-cost/ Tue, 18 Feb 2020 17:05:34 +0000 https://sdtimes.com/?p=38971 Open-source adoption is not slowing down within enterprises. A recent report found 95% of enterprises are taking open source seriously, with 75% of them reporting that open-source software is extremely important to their IT strategies. That number is up from 69% last year. The 2020 State of Enterprise Open Source by Red Hat is based … continue reading

The post Report: The benefits of open-source software go beyond cost appeared first on SD Times.

]]>
Open-source adoption is not slowing down within enterprises. A recent report found 95% of enterprises are taking open source seriously, with 75% of them reporting that open-source software is extremely important to their IT strategies. That number is up from 69% last year.

The 2020 State of Enterprise Open Source by Red Hat is based off of 950 interviews conducted with IT leaders worldwide. 

“For our second annual report, we wanted to know more. With 95% of IT leaders agreeing that enterprise open source is important to their enterprise infrastructure software strategy, it’s safe to say we don’t need to ask ‘if’ anymore. We need to ask ‘why’ and ‘how,’” Jim Whitehurst, president and CEO of Red Hat, wrote in the report. 

RELATED CONTENT: Creating companies that sustain our open-source community

The report also found that the amount of enterprises looking to increase their use of enterprise open-source software grew from 59% to 77% this year. In comparison, proprietary software adoption is declining. Last year, about 55% of respondents reported using proprietary software. This year, that number is at 42% and Red Hat expects it to go down to 32% in the next two years. 

“Maybe it doesn’t surprise you that proprietary software is losing favor—expensive and inflexible proprietary software licenses result in high capital expenditures (CapEx) and vendor lock-in. However, the rate at which organizations are abandoning proprietary software is notable, especially given how slowly change usually comes to the enterprise software space,” the report stated. 

The top areas where open-source software is being applied within the enterprise are security, cloud, database, and big data and analytics. Enterprises are also looking to leverage open source for IT infrastructure modernization, application development, and DevOps.

“When asked to choose the top three benefits of enterprise open source, the IT leaders we surveyed highlighted three areas. The first was the quality and security of the software. In other words, traditional enterprise software attributes. The second was forward-looking capabilities. So benefits like access to the latest innovations and working with cloud-native technologies. The third was lower cost of ownership,” Gordon Haff, technology evangelist at Red Hat, told SD Times. 

However, despite the growth and interest in open source, there still are challenges when adopting it. The report found security of the code, level of support, compatibility, and lack of skills as the top perceived barriers of adoption. 

“To be sure, some of these responses could apply to just about any type of software. But open source can tempt companies to try to self-support even though they don’t really have the expertise and even though building infrastructure isn’t a core competency of theirs. That’s where enterprise open source comes in,” said Haff. “In terms of using open source software–but really software generally–security is an ongoing challenge. Many tools exist to help with securing software and its supply chain. However, they’re not deployed as widely and systematically as they should be and there are probably too many tools solving narrow point problems.”

Haff suggested looking at trusted sources for software and dependencies as well as having automated tools built into the pipeline that can detect any unpatched vulnerabilities.

Beyond cost, the benefits of open-source software include: higher quality of software, lower costs of total ownership, better security, and access to latest innovations, according to the report.

“I think at least some people still look at open source through the lens of downloading code off the internet and assembling it themselves. It’s important to know that most organizations will get the greatest net value from open source by primarily using supported enterprise open source,”said Haff.

The report also looked at how enterprises are dealing with their legacy applications compared to more modern applications. Cloud-based apps outnumber legacy apps 61% to 39%, according to Red Hat.  

When it comes to replacing legacy apps, 47% of legacy apps are being re-architected or modernized. In addition, 31% of legacy apps are being left as is with plans to sunset or decommission some of them. 

“While open source is still a new concept to some, it has been and will continue to be, the driving force behind much of the innovation we are seeing today around cloud computing, automation, artificial intelligence, big data, and machine learning. All of the megatrends happening in technology are user-driven and playing out in open source first,” Whitehurst wrote.

The post Report: The benefits of open-source software go beyond cost appeared first on SD Times.

]]>
Organization-backed projects vs. smaller, independent projects https://sdtimes.com/open-source/organization-backed-projects-vs-smaller-independent-projects/ Thu, 09 Jan 2020 17:30:13 +0000 https://sdtimes.com/?p=38446 Open-source projects come in all different shapes and sizes. Some projects have just the project creator and maintainer, while other projects have thousands of developers. Additionally, some projects are independently managed and other projects are backed by large organizations. While open-source projects are meant to promote innovation, how each project goes about it will be … continue reading

The post Organization-backed projects vs. smaller, independent projects appeared first on SD Times.

]]>
Open-source projects come in all different shapes and sizes. Some projects have just the project creator and maintainer, while other projects have thousands of developers. Additionally, some projects are independently managed and other projects are backed by large organizations. While open-source projects are meant to promote innovation, how each project goes about it will be different. 

“For one, smaller, independent projects don’t need sophisticated workflows or community management practices at the onset, and often, that premature optimization can stifle community growth. We think of project growth through a ‘community maturity model.’ Projects should often wait to establish formal or documented processes as they mature, and not before they need them,” said Ben Balter, senior product manager of community and safety at GitHub. 

RELATED CONTENT:
The realities of running an open-source community
The ethical side of open source

Balter explained individual developers prototyping a new library don’t need a code of conduct or forms for bug reports, however once the first outside pull request has been established, the individual developer might want to start looking deeper at their documentation and start to formalize contribution and review processes to get ready for additional contributors. 

“That’s not necessarily true for organization-backed open-source projects that can either anticipate the success of a project or have teams dedicated to establishing cross-project practices,” he explained, “If you’re Facebook or Google and you’re starting an open-source project, it may make sense to include a standardized code of conduct or contributing guidelines for all your projects on day one to start things off on the right foot and set yourself up for success as the project grows.”

Open-source projects also differ with the willingness to invest in community infrastructure, according to Balter. For instance, it may not make sense for an individual developer maintaining an open-source project to provide technical support, but an organization-backed project with lots of developers can easily add new channels and categories that foster community engagement. 

Additionally, Balter suggested corporate-backed open-source projects be an internal developer advocate. “If your corporate lawyers are asking each developer to print, sign, and fax an agreement before they can contribute, it’s unlikely your project will gain many contributors. Similarly, if you can showcase contributors in your corporate communication, appreciation goes a long way when it comes to open source,” he said. 

The post Organization-backed projects vs. smaller, independent projects appeared first on SD Times.

]]>
The ethical side of open source https://sdtimes.com/open-source/the-ethical-side-of-open-source/ Thu, 09 Jan 2020 17:00:28 +0000 https://sdtimes.com/?p=38447 When developers contribute, collaborate, or obtain open-source code, they look at how the code will help bolster their other projects as well as ensure they are complying with any open-source licenses. One thing that doesn’t get enough attention is the ethics of that open-source project, according to Heikki Nousiainen, CTO and co-founder at Aiven, an … continue reading

The post The ethical side of open source appeared first on SD Times.

]]>
When developers contribute, collaborate, or obtain open-source code, they look at how the code will help bolster their other projects as well as ensure they are complying with any open-source licenses. One thing that doesn’t get enough attention is the ethics of that open-source project, according to Heikki Nousiainen, CTO and co-founder at Aiven, an IT service management company. 

“Some of the ethical considerations one needs to take when using open-source code are checking for bias or exclusion, accuracy, crediting your collaborators and sharing code or finished projects in return,” he said. 

RELATED CONTENT:
The realities of running an open-source community

Over the summer, Facebook’s open-source JavaScript library React was under fire after racism and harassment were discovered within its community. The incident is known as #Reactgate and it ended with the designer Tatiana Mac, who raised awareness of some of the issues, resigning from the industry, and React software engineer Dan Abramov and library author Ken Wheeler deactivating their Twitter accounts temporarily. 

According to reports, the drama unfolded after a talk Mac gave at Clarity Conf about the broader impacts designing systems can have and how to design in a more ethical and inclusive way. After the talk, users commented that she was talking at a social justice conference, not a tech conference, and another user tweeted that React developers were into weights, Trump and guns — things spiraled from there. 

“People care more about protecting the reputation of a **framework** than listening to **multiply marginalised** people that you have actual **white supremacists** in your niche community and our broader community,” Mac tweeted in response to the backlash

Abramov deactivated his account, stating “Hey all. I’m fine, and I plan to be back soon. This isn’t a ‘shut a door in your face’ kind of situation.  The real answer is that I’ve bit off more social media than I can chew. I’ve been feeling anxious for the past few days and I need a clean break from checking it every ten minutes. Deactivating is a barrier to logging in that I needed. I plan to be back soon.” When he returned to Twitter, he said deactivating his account was “desperate and petty.” 

Wheeler also returned to Twitter, stating, “Moving forward, I will be working to do better. To educate myself. To lift up minoritized folks. And to be a better member of the community. And if you are out there attacking and harassing people, you are not on my side.”

As a result, Facebook has adopted a new code of conduct and vowed to combat online harassment. The code of conduct states: “In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.”

According to Nousiainen, other ethical issues in the open-source community include using code for profitable reasons without contributing in return. “But this is true in any online group, unfortunately, and I think the issues are limited considering the size of the open-source movement. However, businesses and developers should always be ensuring that they’re following the code of conduct for the community and playing fair,” he said. 

In order to ensure an open-source project promotes innovation while balancing ethics, Nousiainen explained that ethics should be ingrained into projects and initiatives from the beginning. “By understanding the open-source community’s code of conduct and implementing best ethical practices throughout the entire project, ethical considerations won’t be compromised in the name of innovation. In this way, the hope is that breaches of conduct or unethical acts are not suddenly revealed later down the line, but prevented beforehand.” 

“Our role is to empower maintainers to grow healthy and welcoming communities around their open-source projects. The goal isn’t just to prevent or reduce the visibility of disruptive behavior (blocking users, hiding content, etc.), but to actively encourage maintainers to adopt inclusive behaviors, even if they don’t have previous community management expertise,” added Ben Balter, senior product manager of community and safety at GitHub. “We want to encourage users to be good ‘online citizens,’ and can do that by either adding friction to disruptive behavior or reducing friction for inclusive behavior, with friction being how easy or hard it is to do something on the platform.”

The post The ethical side of open source appeared first on SD Times.

]]>
The realities of running an open-source community https://sdtimes.com/open-source/the-realities-of-running-an-open-source-community/ Thu, 09 Jan 2020 14:30:45 +0000 https://sdtimes.com/?p=38445 There is no question that open source is the backbone of software today. Mike Milinkovich, executive director of the Eclipse Foundation, explained that about 80% of all software written is open-source software. The benefits of using open-source software is immeasurable, but it’s not the code itself that makes open-source software an invaluable resource.  According to … continue reading

The post The realities of running an open-source community appeared first on SD Times.

]]>
There is no question that open source is the backbone of software today. Mike Milinkovich, executive director of the Eclipse Foundation, explained that about 80% of all software written is open-source software. The benefits of using open-source software is immeasurable, but it’s not the code itself that makes open-source software an invaluable resource. 

According to Ben Balter, senior product manager of community and safety at GitHub, software and technology is the easy part. The hard part is creating and fostering a culture around an open-source project.

RELATED CONTENT: Creating and maintaining trust with open source software

“The superficial promise of open source is that if you publish your code, others will make it better. Strictly speaking, that’s not the case. To reap the benefits of open source, maintainers must seek to grow communities around their project, a step often overlooked when ‘publishing’ code,” Balter wrote in a blog post

Open-source project creators and maintainers take on a difficult role when they decide to release an open-source project. Balter told SD Times that maintainers should think of themselves as managers rather than engineers. Their primary contribution to the project often won’t be in the form of code, but in terms of community management, marketing, recruitment, evangelism, automation, tooling and support. 

“You often start a project to solve a specific technical problem, but as the community grows, in order to scale your own efforts and to have the biggest impact on your project, your role often shifts to solving the human and the workflow side of open source, rather than the technical,” said Balter.

What it takes to run an open-source project
GitHub’s Balter explained that open-source creators and maintainers should think of projects as a distributed dinner party. “Just as you would at a dinner party, as the host, you want to welcome guests as they arrive, take their coat, offer them refreshments, and introduce them to other party goers to ensure they have a good time. Open source is no different, except instead of taking coats or offering hour d’oeuvres you’re offering documentation and your responsiveness,” he said.

When starting a project or releasing code into open source, software owners should think about the developer experience of their project much like developers think about the user experience of an application, according to Balter. 

“How can you make it easier for developers to contribute? This includes documentation, setting up their local environment, writing tests, and following style guides to get their code included in the project,” he said. 

Once you have a plan or process set, the next step is to let developers know you want them to contribute. “There are a lot of projects on GitHub that might just be published source code, so distinguish your project from the others by letting potential contributors know that you’re looking to start an open-source project and welcome their contributions,” Balter explained.

In addition, project creators and maintainers should be open and welcoming to new contributors. It is helpful to take the extra time to welcome developers to the community and thank them for their contribution, Balter explained. 

According to Eclipse’s Milinkovich, part of the secret sauce at the Eclipse Foundation is that it has an open collaboration model that allows some of the largest companies in the world to work together with individual developers who are just interested in the technology. “Our ability to weave together contributions from many different people and organizations and in many cases direct competitors into something that delivers great value to the industry is definitely part of our success,” said Milinkovich

The project should also be sustainable. Milinkovich explained that even though open-source software is free to use, there is still a risk for organizations adopting open-source technology because if a piece of software is not sustainable in the long term, the users will be forced to switch up their application. 

“There is real business value in enterprises putting their logo to a project or community to say yes we are using this stuff, it is very important to us. We really want to help support its sustainability and in addition to that, if they actually put some developers in to participate then that is actually a better path to sustainability,” Milinkovich said. 

Once project adoption and contribution starts to pick up, it is important to focus on changes, Milinkovich explained. “Let’s say you built some great software, you are getting a lot of attention and you are suddenly getting an influx of contributions… you really have to focus on making the path to contribution as easy as possible. Maybe this started out as a one-person project, but now you want to start taking some of these contributions and turning them into committers and maintainers so you can grow the team a little bit.”

Mike McQuaid, software engineer at GitHub and open-source project Homebrew maintainer, explained most maintainers start out as a contributor and user, and should continue to be a user “to maintain context, passion and empathy.”

If a project gets very widespread adoption, or commercial adoption, project owners now have to think in terms of the stakeholders as well as the consumers. Each person is going to have different concerns about the provisioning of the code, licensing, support and maintenance.

Balter explained the definition of stakeholders should be continually expanded and include non-technical, non-users, potential users, veteran users, subject matter experts, technical users, active developers and potential developers. 

“Think about an in-person community you’re part of. It could be the neighborhood or town you live in, the congregation at your place of worship, or your local bowling league. Communities are about groups of people coming together to solve a shared challenge (having a nice place to live, practicing one’s beliefs, or socializing). Each community has its leaders (elected officials, clergy, team captains) and some form of codified ideals (legal code, religious teachings, league regulations). When you move that community online, the social norms that build a sense of comradeship also follow,” he said.

Overcoming the challenges: 
It’s not only about maintaining good relationships with developers and providing an open space to collaborate. Project creators and maintainers also have a number of different challenges they will have to deal with on a daily basis. 

Scarce resources. Starting a project or open-source community can be hard, especially when you don’t have backing from a company or organization, so resources are limited. Eclipse’s Milinkovich believes users should focus on a couple of areas where the project shows energy and forward motion. In terms of prioritization, projects and features should be grouped together into programs. “At the Eclipse Foundation, we always start from the projects. There are other open-source organizations that start off with consortia and press releases and marketing efforts, but we always start the other way. We work hard to recruit interesting and innovative projects and then we work hard to help make them successful, including recruiting companies that are participating in them and/or making sufficient investments in their own organizations, relying upon them that they want to help make sure that the project is sustainable,” said Milinkovich.

Security: Security will always be an issue in open-source software, so it is important to have a repeatable build process where you can demonstrate that the code being delivered is derived from the code being published, according to Milinkovich. “People want to ensure they are getting the real thing when they are downloading code,” he said. In addition, project maintainers should follow up with patches to make sure users are getting the latest and greatest stuff.

Burnout. It can be a challenge for developers to keep up with the demands of the community when they are responsible for maintaining code, moving the platform forward, keeping up with the release cycle and dealing with feedback constantly, according to Milinkovich.

To avoid burnout, GitHub’s Balter suggested to keep the community informed, set expectations, take a break or find someone to help. “You may find that finding ways to monetize your efforts through sponsorships, premium features, or support may help you to find that spark once again,” he said. 

The bus factor: “How many developers need to win the lottery tomorrow (or tragically get hit by a bus) for the project to fail? If it’s just you, that number is one. As a project grows and matures, you want that number to be as high as possible. Humans get sick or take vacations or get locked out of their account and a project shouldn’t grind to a halt as a result. It can be hard to know when a project goes from ‘my’ project to a community project, but as early as possible, move the project to a dedicated organization and empower contributors you trust to take on additional responsibility,” said Balter.  

Attracting and retaining talent: “Just as you might think of a sales funnel in terms of marketing to potential customers, engaging prospects, etc., the idea is to convert users to contributors and contributors to maintainers by lowering the activation energy required at each phase and thus growing your project by attracting and nurturing users, contributors, and eventually fellow maintainers,” said Balter.

The post The realities of running an open-source community appeared first on SD Times.

]]>
OIN, IBM, Microsoft and the Linux Foundation team up against open-source patent trolls https://sdtimes.com/os/oin-ibm-microsoft-and-the-linux-foundation-team-up-against-open-source-patent-trolls/ Tue, 19 Nov 2019 17:23:18 +0000 https://sdtimes.com/?p=37911 The Open Invention Network (OIN) is strengthening its fight against patent trolls. The organization has announced it is partnering up with IBM, Microsoft and the Linux Foundation to protect open-source software from Patent Assertion Entities (PAEs), or patent trolls. The OIN was created to provide patent non-aggression cross-license in the “Linux System.” “Open source development … continue reading

The post OIN, IBM, Microsoft and the Linux Foundation team up against open-source patent trolls appeared first on SD Times.

]]>
The Open Invention Network (OIN) is strengthening its fight against patent trolls. The organization has announced it is partnering up with IBM, Microsoft and the Linux Foundation to protect open-source software from Patent Assertion Entities (PAEs), or patent trolls.

The OIN was created to provide patent non-aggression cross-license in the “Linux System.”

“Open source development continues to expand into new products and markets, delivering unrivaled innovation,” said Keith Bergelt, CEO of OIN. “Its use continues to spread, and patent trolls increasingly look to leverage questionable patents against open source. Our mandate is to educate business leaders about the benefits of open source and shared innovation while providing a ‘patent no-fly zone’ for Linux and adjacent open source technologies. Teaming with IBM, the Linux Foundation and Microsoft to support Unified Patents’ Open Source Zone adds another key patent non-aggression initiative to our efforts.”

As part of the partnership, the companies will support Unified Patents’ Open Source Zone and provide an annual subscription. According to OIN, this should expand patent non-aggression activities and deter PAEs from targeting Linux and OSS technologies. Unified Patents is an international membership organization with a mission to improve patent quality and deter invalid patent assertions. The organization works to fight against invalid patents, never pays non-practicing entities (NPE) and deters future NPE activities through monitoring, analytics, and USPTO challenges. 

“Linux and open source technologies have become the backbone of modern computing and the systems we all rely upon,” said Jim Zemlin, Executive Director at the Linux Foundation. “We see significant value in partnering with OIN, IBM and Microsoft to support Unified Patent’s new Open Source Zone, deterring the activities of patent trolls working against the communities we all depend on.”

The post OIN, IBM, Microsoft and the Linux Foundation team up against open-source patent trolls appeared first on SD Times.

]]>