Category Archives: CreativeDestruction

EU-FOSSA needs your help – A free software community call to action

The EU-FOSSA project’s mission is to “offer a systematic approach for the EU institutions to ensure that widely used critical software can be trusted”. The project was triggered by recent software security vulnerabilities, especially the Heartbleed issue. An inspired initiative by EU parlamentarians Max Andersson and Julia Reda, the pilot project “Governance and quality of software code – Auditing of free and open source software” became FOSSA. Run under the auspices of DIGIT, the project promised “improved integrity and security of key open source software”. I had been interviewed as a stakeholder by the project during work package 0 (“project charter, stakeholder interviews and business case”), and later worked with the FSFE group that provided input and comments to the project to EC-DIGIT. While I believe that the parliamentary project champions and the people involved in the project at EC-DIGIT are doing great work, I am worried that the deliverables of the project are beginning to fall short of expectations. I also think the free software community needs to get more involved. Here is why.

When I was approached by the project in the early phase to be interviewed as a representative of the Open Invention Network and a European free software activist, I felt very motivated to help get the project off to a good start. Already during the initial interview doubts emerged about the approach and the apparently pre-conceived ideas of the consultants that had been tasked with the project. Essentially, it seemed they intended to audit Drupal, and wanted the European Commission to do code reviews. These doubts became stronger when the project published a survey about which programs to audit that included 7-zip as a critical free software component, and other funny choices like “Linux – selected system library” without any qualifications. Recently the project began publishing it’s deliverables, and the results gave me and others involved a pause. For example, have a look at Matthias’ comments here. The recommendations show a systematic lack of understanding of the free software/open source community process and the nature of the collaborative peer production performed by them.

Here is a highlight, a “conclusion and recommendation” from section 4.1. Project Management in deliverable 1: “FOSS communities should … use a formal methodology based on PMBOK, depending on their possibilities.” PMBOK or the “project management body of knowledge” (a fat and well-studied volume in my book shelf) is essentially the bible of waterfall project management based on the assumption of working in a large, hierarchical organisation. It is immensely useful in such environments, especially in the public sector. Just not in the wider free software community, which uses mechanisms as self-identification to distribute tasks and depend on voluntary contributions of their participants.

Here is another one, from section 4.2 Software Development Methodology: “FOSS communities should use … agile-based methodologies, according to their resources, so as to make software development more efficient”. Daily scrum anybody, and “the list” of tasks that are allowed to be worked on? Contributors to free software communities, be they individuals or companies, participate voluntarily. They especially do not take assignments or orders from a central coordinating agent, which incidentally does not exist as a role in most relevant communities. Agile methods can be extremely useful and help software teams a lot, but imposing them on a free software project is not an option. The recommendation is also questionable in its premise – that increasing efficiency in community software development is necessary. There are communities with very efficient software development processes (the Linux kernel developers, for example) and others that are not so great. However the efficiency may depend on the number of active contributors, or the complexity of the project goals, or the skill and experience level of the average contributor. Management of development efficiency is a community governance task that defies simplicistic answers like “use this method”. Those are platitudes, and taking them at face value runs the risk of damaging the community development culture.

I could point out more, but as a third example, allow me to highlight a few aspects that did not make it into the report: In deliverable 4, section 4.5 Relevant opinions and advice from interviewees, item 5 says “One possibility is for the European Institutions to do code reviews and share the results with the affected communities.” Sure, however the alternative recommended by FSFE and me and anybody I spoke to about this was for European institutions to not perform code reviews themselves because that is not their area of expertise, and instead to facilitate code reviews in the communities, in cooperation with universities and the national IT security agencies of the member states that already have similar programs in place or are working on them. The pre-conceived idea – the EC should perform the audits – shines through.

In short, the results so far are disappointing, which is sad because the idea behind FOSSA is great, and we should applaud the EU/EC project team for their work and the initiative they took. However the parties performing the research did not hear or fully understand the input and feedback provided by the community. The questionable recommendations are based on a lack of understanding that may in part be caused by tasking generalist research contractors to study the subject. Free software community management is a profession with a difficult subject matter. The fact that everybody can join and participate does not mean that the underlying social process is easy and intuitive to understand for outsiders. We don’t ask painters to recommend medical practises, either.

Because of that, I believe the EC-FOSSA project can still be fixed. The free software community needs to get closer to the project and more involved, study the deliverables and provide feedback and alternative recommendations. The project partners are encouraged to work more directly with the free software communities, and to adopt open and collaborative processes in the project similar to the once used in the communities themselfes. More direct actions to improve the process in the FOSSA project are possible. If this means for EC-DIGIT to step out of the usual procurement routine and set of suppliers of studies, so be it. After all, this is 1 million euro definitely spent for the common good.

Image credit: J. Albert Bowden II, CC-BY, unmodified.

How to campaign for the cause of software freedom


Super secret conspiracy workshop.

Free Software communities produce tons of great software. This software drives innovation and enables everybody to access and use computers, whether or not they can afford new hardware or commercial software. So that’s that, the benefit to society is obvious. Everybody should just get behind it and support it. Right? Well, it is not that easy. Especially when it comes to principles of individual freedom or trade-offs between self-determination and convenience, it is difficult to communicate the message in a way that it reaches and activates a wider audience. How can we explain the difference between Free Software and services available at no cost (except them spying at you) best? Campaigning for software freedom is not easy. However, it is part of the Free Software Foundation Europe’s mission. The FSFE teamed up with Peng! Collective to learn how to run influential campaigns to promote the cause of Free Software. The Peng Collective is a Berlin based group of activists who are known for their successful and quite subversive campaigns for political causes. And Endocode? Endocode is a sponsor of the Free Software Foundation Europe. We are a sponsor because free software is essential to us, both as a company and as members of society. And so here we are.  Continue reading

Round tables: “Open Source and Software Patent Non-Aggression, European Context”, Warsaw & Berlin, October 2015

Successful collaboration, Open Source license compliance and innovation management go hand-in-hand for large and small innovators. FSFE and Open Invention Network, with the participation of the Legal Network and the Asian Legal Network, are inviting to round table events with presentations and panel discussion of industry and community speakers, titled

Open Source and Software Patent Non-Aggression, European Context.

The events will be held in Berlin on 21 October and in Warsaw on 22 October. Attendance is limited – please confirm your attendance before October 15 to Nicola Feltrin of FSFE.


Birthday party at Endocode in Berlin: 30 years Free Software Foundation

On 3 October 2015 Free Software Foundation Europe invites you for the 30th birthday party of the Free Software Foundation. While the main event will take place in Boston/USA, there will be several satellite birthday parties around the world to celebrate 30 years of empowering people to control technology, and one of them will be at Endocode in Berlin.

FSF 30 year birthday graphic

The Free Software Foundation was founded in 1985 and since then promotes computer users’ rights to use, study, copy, modify, and redistribute computer programs. It also helps to spread awareness of the ethical and political issues of freedom in the use of software.

(See the original invitation here…)

The birthday party in Berlin, organised by FSFE, will take place from 15:00 to 18:00 on 3 October 2015 at: Endocode AG, Brückenstraße 5A, 10179 Berlin.

To make sure that Endocode can provide enough birthday cake and coffee, please register before 15 September 2015 for the event by sending us an e-mail with the subject “FSF30″.

Join us on 3 October, celebrating 30 years of working for software freedom!

Parsing Emacs OrgMode files, EU patent debate, and vacation!

After starting the year with two rather busy months, I planned to take it easy a bit. Such an optimistic plan of course never works out as intended… In times like these, it really helps that I love my job(s). It included a trip to Brussels to present the Open Source perspective on the role of patents at the European Commission Joint Research Center. Between office hunting and strategy workshops, there was also some time to hack on the OrgModeParser! See below.

I already mentioned earlier the plans to present about the situation of the Open Source community as a consumer of the patent system at the conference on “Innovation in a European Digital Single Market – The Role of Patents” in Brussels on March 17. FSFE, OpenForum Europe, colleagues at OIN and fellow Open Source supporters provided great feedback for the presentation. Many thanks to everybody who contributed! In the end, the concept for the presentation (which was a short introduction to a following panel discussion) was to explain five concrete difficulties the patent system causes in a collaborative production environment. The slides are available on the conference site. I hope to find some time to write up the presentation in a future blog post.

Sage joined the Open Invention Network. OIN is the world’s largest patent non-aggression community with the mission to protect Linux and Open Source. It speaks for the credibility that patent non-aggression has achieved and for how OIN represents that idea in the Open Source space when a publicly listed company that grew to success long before Linux really took off subscribes to it. Thanks, Sage! More large and small companies are considering this step. Your company should do so, too. If you have any questions, feel free to contact me.

The Endocode office hunt continues. We visited quite a number of available spaces, but the market is contested and suitable space is hard to come by. We are trying to have everybody involved have a say in the choice, too. This naturally leads to some quite lively discussions. An essential goal is to create a space that serves well as the home of the creative productivity our team enjoys. This includes flexible ways of working together, a mix of functional and motivational (read: fun) requirements, and generally an inviting atmosphere that one can look forward to when getting up in the morning. I think it is worth it to be picky. Hopefully we can invite for an office warming party soon…

We also continued with our series of Endocode strategy workshops. Our work revolves around Open Source form different angles – software engineering, DevOps and contributor relations. Analysing these different fields to identify a value chain that ties them all together is in a way intuitive for us that “grew up” in communities, but there is a significant gap in understandings and values from a business strategy perspective. But there must be a way, considering that Open Source is in essence a coordination mechanism for collaborative production, which is in turn a purely economic concept. We are making good progress, but I do expect it to still take significantly more effort. Still, such thought experiments are rather engaging and a great challenge to be part of.

Then, finally, I found some time to hack on a fun project of mine (woohoo!) A while ago I came up with the completely insane idea to access the content of Emacs OrgMode files from independent programs. Emacs OrgMode is hands-down about the best tool for the collection of notes, ideas, tasks, for tracking time, for writing content, and so much more. Nobody would ever argue about that :-) I wanted to be able to read OrgMode files in the programs I write, which are usually implemented in C++ and Qt. The code of OrgModeParser is on Github and LPGL 3 licensed. This week, this yielded a first working version and a demo program that integrates clocked work time data into the bash prompt:

The yellow line in the screenshot is the output of the OrgModeParser clock time demo, embedded into the bash prompt. It shows the currently clocked task, the running time of the current session, and on the right side of the screen the time clocked today and this week. One curiosity that triggered this was the inclusion of lambda functions into C++ with the recent updates of the language standard. There were quite a number of discussions of how the new C++ better supports functional programming approaches and is closer to some concepts of scripting languages, which I wanted to try out. It leads to some really interesting code:


//Find all clocklines that are incomplete (not closed):
auto const notCompleted = [](const ClockLine::Pointer& element) {
    return element.dynamicCast<CompletedClockLine>() == 0;
auto clocklines = findElements<ClockLine>(toplevel_, -1, notCompleted);
//Sort by start time, to determine the latest task that was started:
auto const startedLater = [](const ClockLine::Pointer& left, const ClockLine::Pointer& right) {
    return left->startTime() > right->startTime();
sort(clocklines.begin(), clocklines.end(), startedLater);

This finds all started, but not completed clock lines in an OrgMode file and sorts them by the start time with the last clocked-in task first in the list. Lambdas and automatic typing are a huge step forward in readability, and also from a practical point of view: The compiler prevents many mistakes, and of course a breakpoint can be set in the body of a lambda function. Good stuff, and the parser is fast enough to process a 100kByte TODO list in mere milliseconds, so it can be integrated into a typical bash prompt like this:


PS1="$PS1\$(OrgModeParser_ClockTimeDemo -p -c\${COLUMNS} ~/Org/\n"

The code builds and install with CMake and should compile on any recent Linux distribution or OSX installation. It requires Qt 5. I haven’t tried building it on Windows. If you are like me and occasionally (ahem :-) ) forget to clock into the task you currently work on, this may be of help. It is however meant to be a demo of what the parser can do: load an OrgMode file into a data structure that can be queried or filtered, updated and saved out again. Potential applications include embedding OrgMode data into GUI applications, or creating or reading TODO or CLOCK entries from other external tools like time trackers. Or even, which is one of the main long term motivations, enable integration with online project management tools like Redmine.

Next week I will be on a family vacation, which includes being offline. Offline as in no internet, no power outlets, and most of the time not even a hint of phone reception. I am so looking forward to it. I will check back in on April 13. Happy Easter holidays!