Tag Archives: Linux

EU-FOSSA needs your help – A free software community call to action

The EU-FOSSA project’s mission is to “offer a systematic approach for the EU institutions to ensure that widely used critical software can be trusted”. The project was triggered by recent software security vulnerabilities, especially the Heartbleed issue. An inspired initiative by EU parlamentarians Max Andersson and Julia Reda, the pilot project “Governance and quality of software code – Auditing of free and open source software” became FOSSA. Run under the auspices of DIGIT, the project promised “improved integrity and security of key open source software”. I had been interviewed as a stakeholder by the project during work package 0 (“project charter, stakeholder interviews and business case”), and later worked with the FSFE group that provided input and comments to the project to EC-DIGIT. While I believe that the parliamentary project champions and the people involved in the project at EC-DIGIT are doing great work, I am worried that the deliverables of the project are beginning to fall short of expectations. I also think the free software community needs to get more involved. Here is why.

When I was approached by the project in the early phase to be interviewed as a representative of the Open Invention Network and a European free software activist, I felt very motivated to help get the project off to a good start. Already during the initial interview doubts emerged about the approach and the apparently pre-conceived ideas of the consultants that had been tasked with the project. Essentially, it seemed they intended to audit Drupal, and wanted the European Commission to do code reviews. These doubts became stronger when the project published a survey about which programs to audit that included 7-zip as a critical free software component, and other funny choices like “Linux – selected system library” without any qualifications. Recently the project began publishing it’s deliverables, and the results gave me and others involved a pause. For example, have a look at Matthias’ comments here. The recommendations show a systematic lack of understanding of the free software/open source community process and the nature of the collaborative peer production performed by them.

Here is a highlight, a “conclusion and recommendation” from section 4.1. Project Management in deliverable 1: “FOSS communities should … use a formal methodology based on PMBOK, depending on their possibilities.” PMBOK or the “project management body of knowledge” (a fat and well-studied volume in my book shelf) is essentially the bible of waterfall project management based on the assumption of working in a large, hierarchical organisation. It is immensely useful in such environments, especially in the public sector. Just not in the wider free software community, which uses mechanisms as self-identification to distribute tasks and depend on voluntary contributions of their participants.

Here is another one, from section 4.2 Software Development Methodology: “FOSS communities should use … agile-based methodologies, according to their resources, so as to make software development more efficient”. Daily scrum anybody, and “the list” of tasks that are allowed to be worked on? Contributors to free software communities, be they individuals or companies, participate voluntarily. They especially do not take assignments or orders from a central coordinating agent, which incidentally does not exist as a role in most relevant communities. Agile methods can be extremely useful and help software teams a lot, but imposing them on a free software project is not an option. The recommendation is also questionable in its premise – that increasing efficiency in community software development is necessary. There are communities with very efficient software development processes (the Linux kernel developers, for example) and others that are not so great. However the efficiency may depend on the number of active contributors, or the complexity of the project goals, or the skill and experience level of the average contributor. Management of development efficiency is a community governance task that defies simplicistic answers like “use this method”. Those are platitudes, and taking them at face value runs the risk of damaging the community development culture.

I could point out more, but as a third example, allow me to highlight a few aspects that did not make it into the report: In deliverable 4, section 4.5 Relevant opinions and advice from interviewees, item 5 says “One possibility is for the European Institutions to do code reviews and share the results with the affected communities.” Sure, however the alternative recommended by FSFE and me and anybody I spoke to about this was for European institutions to not perform code reviews themselves because that is not their area of expertise, and instead to facilitate code reviews in the communities, in cooperation with universities and the national IT security agencies of the member states that already have similar programs in place or are working on them. The pre-conceived idea – the EC should perform the audits – shines through.

In short, the results so far are disappointing, which is sad because the idea behind FOSSA is great, and we should applaud the EU/EC project team for their work and the initiative they took. However the parties performing the research did not hear or fully understand the input and feedback provided by the community. The questionable recommendations are based on a lack of understanding that may in part be caused by tasking generalist research contractors to study the subject. Free software community management is a profession with a difficult subject matter. The fact that everybody can join and participate does not mean that the underlying social process is easy and intuitive to understand for outsiders. We don’t ask painters to recommend medical practises, either.

Because of that, I believe the EC-FOSSA project can still be fixed. The free software community needs to get closer to the project and more involved, study the deliverables and provide feedback and alternative recommendations. The project partners are encouraged to work more directly with the free software communities, and to adopt open and collaborative processes in the project similar to the once used in the communities themselfes. More direct actions to improve the process in the FOSSA project are possible. If this means for EC-DIGIT to step out of the usual procurement routine and set of suppliers of studies, so be it. After all, this is 1 million euro definitely spent for the common good.

Image credit: J. Albert Bowden II, CC-BY, unmodified.

How to campaign for the cause of software freedom


Super secret conspiracy workshop.

Free Software communities produce tons of great software. This software drives innovation and enables everybody to access and use computers, whether or not they can afford new hardware or commercial software. So that’s that, the benefit to society is obvious. Everybody should just get behind it and support it. Right? Well, it is not that easy. Especially when it comes to principles of individual freedom or trade-offs between self-determination and convenience, it is difficult to communicate the message in a way that it reaches and activates a wider audience. How can we explain the difference between Free Software and services available at no cost (except them spying at you) best? Campaigning for software freedom is not easy. However, it is part of the Free Software Foundation Europe’s mission. The FSFE teamed up with Peng! Collective to learn how to run influential campaigns to promote the cause of Free Software. The Peng Collective is a Berlin based group of activists who are known for their successful and quite subversive campaigns for political causes. And Endocode? Endocode is a sponsor of the Free Software Foundation Europe. We are a sponsor because free software is essential to us, both as a company and as members of society. And so here we are.  Continue reading

Hyundai Kia Motors joins the Open Invention Network as the first global automotive manufacturer

Today Hyundai Motor Company and Kia Motors Corporation are joining the Open Invention Network as community members. Linux and Open Source software are becoming a mainstay in automotive computing. With the first global automotive companies joining OIN, a trend has been set towards Open Source collaboration and patent non-aggression in the automotive industry. The news is in the press here on Yahoo Finance, here on Fortune.com and in many other places.

OIN’s community practices patent non-aggression in core Linux and adjacent open source technologies by cross-licensing Linux System patents to one another on a royalty-free basis. Patents owned by Open Invention Network are similarly licensed royalty-free to any organization that agrees not to assert its patents against the Linux System. Within OIN, I am responsible for the maintenance of the Linux System Definition, the field of use for OIN’s patent non-aggression pledge. I am very proud of the great work the OIN team does to protect Linux and Open Source.

The OIN license can be signed online. Ask your company to join the Open Invention Network community, please!

Round tables: “Open Source and Software Patent Non-Aggression, European Context”, Warsaw & Berlin, October 2015

Successful collaboration, Open Source license compliance and innovation management go hand-in-hand for large and small innovators. FSFE and Open Invention Network, with the participation of the Legal Network and the Asian Legal Network, are inviting to round table events with presentations and panel discussion of industry and community speakers, titled

Open Source and Software Patent Non-Aggression, European Context.

The events will be held in Berlin on 21 October and in Warsaw on 22 October. Attendance is limited – please confirm your attendance before October 15 to Nicola Feltrin of FSFE.


Endocode is hiring: Linux and Systemd Engineer

Endocode is looking to add skilled engineers to its existing team of Linux and systemd experts. We want engineers who are excited to contribute to projects that form the basis of modern Linux systems and have the experience and skills to do so.

Our engineers work at the cutting edge of Linux kernel development. Kernel features like cgroups and namespaces introduce exciting new capabilities like containers and lightweight Linux distros ideal for clustered environments, and these are areas we focus heavily on.

Another technology that Endocode focuses on is systemd, which makes use of many features that are unique to the Linux kernel, often driving the development of new kernel features or improvements to existing ones. Its adoption has seen rapid acceleration over the past couple of years. and this has driven increased demand for systemd expertise, one that Endocode is well positioned to meet. We work closely with upstream developers to make sure that we can provide the best support possible for our clients and improve systemd for everyone.

Considering all this, an ideal candidate would be someone who describes themselves as comfortable in both user and kernel space.

You’ll be joining a team of experienced, motivated engineers and have the chance to work with and/or on open source software on a daily basis. You’ll have the chance to do this in Berlin, a city with a vibrant technology scene, excellent nightlife, and ideal conditions for families.

Deadline for applications:

28th Aug 2015