Tag Archives: Open Governance

EU-FOSSA needs your help – A free software community call to action

The EU-FOSSA project’s mission is to “offer a systematic approach for the EU institutions to ensure that widely used critical software can be trusted”. The project was triggered by recent software security vulnerabilities, especially the Heartbleed issue. An inspired initiative by EU parlamentarians Max Andersson and Julia Reda, the pilot project “Governance and quality of software code – Auditing of free and open source software” became FOSSA. Run under the auspices of DIGIT, the project promised “improved integrity and security of key open source software”. I had been interviewed as a stakeholder by the project during work package 0 (“project charter, stakeholder interviews and business case”), and later worked with the FSFE group that provided input and comments to the project to EC-DIGIT. While I believe that the parliamentary project champions and the people involved in the project at EC-DIGIT are doing great work, I am worried that the deliverables of the project are beginning to fall short of expectations. I also think the free software community needs to get more involved. Here is why.

When I was approached by the project in the early phase to be interviewed as a representative of the Open Invention Network and a European free software activist, I felt very motivated to help get the project off to a good start. Already during the initial interview doubts emerged about the approach and the apparently pre-conceived ideas of the consultants that had been tasked with the project. Essentially, it seemed they intended to audit Drupal, and wanted the European Commission to do code reviews. These doubts became stronger when the project published a survey about which programs to audit that included 7-zip as a critical free software component, and other funny choices like “Linux – selected system library” without any qualifications. Recently the project began publishing it’s deliverables, and the results gave me and others involved a pause. For example, have a look at Matthias’ comments here. The recommendations show a systematic lack of understanding of the free software/open source community process and the nature of the collaborative peer production performed by them.

Here is a highlight, a “conclusion and recommendation” from section 4.1. Project Management in deliverable 1: “FOSS communities should … use a formal methodology based on PMBOK, depending on their possibilities.” PMBOK or the “project management body of knowledge” (a fat and well-studied volume in my book shelf) is essentially the bible of waterfall project management based on the assumption of working in a large, hierarchical organisation. It is immensely useful in such environments, especially in the public sector. Just not in the wider free software community, which uses mechanisms as self-identification to distribute tasks and depend on voluntary contributions of their participants.

Here is another one, from section 4.2 Software Development Methodology: “FOSS communities should use … agile-based methodologies, according to their resources, so as to make software development more efficient”. Daily scrum anybody, and “the list” of tasks that are allowed to be worked on? Contributors to free software communities, be they individuals or companies, participate voluntarily. They especially do not take assignments or orders from a central coordinating agent, which incidentally does not exist as a role in most relevant communities. Agile methods can be extremely useful and help software teams a lot, but imposing them on a free software project is not an option. The recommendation is also questionable in its premise – that increasing efficiency in community software development is necessary. There are communities with very efficient software development processes (the Linux kernel developers, for example) and others that are not so great. However the efficiency may depend on the number of active contributors, or the complexity of the project goals, or the skill and experience level of the average contributor. Management of development efficiency is a community governance task that defies simplicistic answers like “use this method”. Those are platitudes, and taking them at face value runs the risk of damaging the community development culture.

I could point out more, but as a third example, allow me to highlight a few aspects that did not make it into the report: In deliverable 4, section 4.5 Relevant opinions and advice from interviewees, item 5 says “One possibility is for the European Institutions to do code reviews and share the results with the affected communities.” Sure, however the alternative recommended by FSFE and me and anybody I spoke to about this was for European institutions to not perform code reviews themselves because that is not their area of expertise, and instead to facilitate code reviews in the communities, in cooperation with universities and the national IT security agencies of the member states that already have similar programs in place or are working on them. The pre-conceived idea – the EC should perform the audits – shines through.

In short, the results so far are disappointing, which is sad because the idea behind FOSSA is great, and we should applaud the EU/EC project team for their work and the initiative they took. However the parties performing the research did not hear or fully understand the input and feedback provided by the community. The questionable recommendations are based on a lack of understanding that may in part be caused by tasking generalist research contractors to study the subject. Free software community management is a profession with a difficult subject matter. The fact that everybody can join and participate does not mean that the underlying social process is easy and intuitive to understand for outsiders. We don’t ask painters to recommend medical practises, either.

Because of that, I believe the EC-FOSSA project can still be fixed. The free software community needs to get closer to the project and more involved, study the deliverables and provide feedback and alternative recommendations. The project partners are encouraged to work more directly with the free software communities, and to adopt open and collaborative processes in the project similar to the once used in the communities themselfes. More direct actions to improve the process in the FOSSA project are possible. If this means for EC-DIGIT to step out of the usual procurement routine and set of suppliers of studies, so be it. After all, this is 1 million euro definitely spent for the common good.

Image credit: J. Albert Bowden II, CC-BY, unmodified.

KDE Frameworks 5 Tech Preview released, with updated ThreadWeaver

Today, the KDE Community released a tech preview of the upcoming KDE 5 Frameworks, the new, modularised incarnation of what was previously distributed simply as the KDE libraries. The new frameworks are drop-in extensions to Qt applications, with minimal and well-documented dependencies for easier deployment. The tech preview contains two frameworks that are marked as mature, namely KArchive and ThreadWeaver. The updated ThreadWeaver was my major piece of library coding work in 2013, and was finished just in time for the release. Even though it is a tech preview, it is stable, and no major (or even significant but minor) changes in the current API are expected until the final release. Programmers are already encouraged to use it, and provide feedback and bug reports.

2897019812_c6bddd5fb1_oThreadWeaver is a concurrent execution scheduler written in C++. Available for all target platforms of the Qt framework, including desktop, mobile and embedded environments, ThreadWeaver delivers concurrent execution of tasks, load balancing with regard to user-defined criteria, multiple independent queues, processing graph modelling, aggregate jobs and other comprehensive features. As all other KDE frameworks, ThreadWeaver is Free Software. Its only dependency is Qt, which makes it a tier 1 framework in KDE’s lingo.

A number of the new features of ThreadWeaver were announced at Akademy 2013. Jobs, the unit of concurrent execution in ThreadWeaver, are now managed by the queue using shared pointers, meaning that auto-delete behaviour is implicit and controlled by the user. Helper templates are available to queue stack or member variables, so allocation of jobs can be static or dynamic. Functors or lambda functions can be used to construct jobs. Job aggregates like collections and sequences now execute their own run() method before queueing their elements, so that aggregates can generate their own elements. Success and queueing state of jobs are now integrated into a single status. Jobs can signal the result of execution by setting a status, but also using exceptions, simplifying error reporting in more complex job classes. Jobs can be decorated, and no more inherit QObject by default. Decorators can be used to add signals, change priorities or modify just about any behaviour of jobs independently of the actual job class used. The construction of the global queue can now be customised using a queue factory. The QueueStream API greatly simplifies queueing jobs with a familiar iostream-like C++ syntax.

ThreadWeaver follows the Unix idiom of doing one thing, and doing it right. Similar to how small Unix programs can be combined to create an practically infinite space of computing solutions, ThreadWeaver offers itself to programmers as an add-on module with minimal dependencies. Including it extends an application with concurrent scheduling capability. But the same Unix idiom is also applied in a second sense. Within ThreadWeaver, a few basic concepts – jobs and their aggregates, queues and policies – are implemented that again provide simple building blocks that can be combined creatively, offering a vast space of potential solutions within the scope of the application.

The history of ThreadWeaver goes back to KDE 3. The idea of implementing a thread pool based execution scheduler that manages dependencies between jobs was implemented as a proof of concept using Qt 3. However it turned out to be difficult to implement and use because of the lack of thread-safe reference counting of the implicitly shared classes at the time. These fundamental problems have been solved with the release of Qt 4. Additionally, the introduction of cross-thread signal-slot connections further simplified the communication between jobs and the application’s user interface. The first production ready version of ThreadWeaver was released as part of KDELibs with KDE 4.0. For KDE Frameworks 5, it was almost completely re-written to simplify memory management of jobs, make use of new Qt 5 features like atomic variables, and in part to reflect new language constructs in C++11 like lambda functions. ThreadWeaver comes with an extensive set of unit tests that all pass in the tech preview (hear, hear).

In the following weeks and months, the framework will be polished and debugged based on user feedback. Also, a series of posts here on this blog will introduce individual ThreadWeaver concepts and features in depth, mostly based on example programs, including contrasting it to thread handling in Qt using QThread or Qt Concurrent. ThreadWeaver is very close to production quality, having been tested continuously in the last couple of months. There may still be smaller, source compatible changes to the framework. We ask interested programmers out there to provide feedback and bug reports to make ThreadWeaver what it should be — a worry-free, easy to use and powerful add-on to Qt that programmers enjoy using. Have fun!

[Image by Shannan Sinclair, thanks: http://www.flickr.com/photos/originalbliss/2897019812%5D


Google+

Frismakers Festival Berlin – “Open Source as a corporate culture”

Is it possible to convey an idea comprehensively  in 5 minutes? The Frismakers movement seems to think so. I had a chance to try it at the recent Frismakers Festival in Berlin, where I presented on how we apply the Open Source way to build Endocode and its corporate culture. This was a challenge for the five minute format because it is just not a trivial idea.

Endocode Frismakers PresentationThe question I raised in the talk was how experienced Open Source contributors would design a company. When asked about what motivates them, contributors often say it is the sense of creative accomplishment and working with others that share their interests. When we started Endocode, we wanted to retain and channel that kind of intrinsic motivation. While others are searching for the Open Source business model, we wanted to create a business that allowed us to work in the Open Source Way, a place where contributors like us would want to work. Among other things, this means implementing meritocracy, open governance and attribution. Meritocracy boils down to having influence that matches your contributions. In our case, it means for example that all employees gather share in the company according to how long they have been with us. Open governance is not anarchy, quite contrary it is implemented by having well defined, inclusive decision making processes. Attribution is a bit harder to implement, the contributions of individuals in Endocode should be visible, instead of the individuals disappearing in the machine like cogs. At Endocode, we actively strive to follow these principles while the company is growing. So far, our employees agree with us that Endocode is a great place to work.

The idea of creating a place for meaningful contributions and calling that a company induced a number of thoughtful questions and comments. It also raised attention in unexpected places, for example TechNet. One attendee raised doubts on whether our goals can be achieved. To that the answer is we do not know yet. Building a work place driven by purpose is a process, not a one-time effort. Companies change and grow. What we do want to do is keep these ideals in mind for future design decisions, and strive for it. I hope we can review the results in ten years time.

The festival was expertly organized by Anna-Lena König and Daniela Bentrup of newthinking communications, who together with host Gallup Germany made it a great experience.

So does the Frismakers concept work? During the preparation of the talk, I found it quite hard to identify those bits of the train of thought that absolutely have to be presented to the viewer. Of course that enforces the presenter to weed out all the cruft. On the other hand I had the feeling that it would have been easier to understand the presentation in ten minutes than in five. For example, when removing a few of the comments I usually add, I firmly expected that interested people in the audience will ask questions about that after the talk. And that is exactly what happened. This means that those who did not have time to ask afterwards won’t get the full picture, or go home unsatisfied. Consequently, I am sure that there is a class of ideas that can nicely and profoundly presented in five minutes. This class however is a subset of all (potentially interesting) ideas, and I have the impression that it does not contain all the really fascinating ones. The five minute concept seems to be more suitable for product presentations and start-up pitches. Not bad per se, but something to keep in mind. TED talks have been claimed to “turn scientists and thinkers into low-level entertainers”, and they last 15 minutes. Given the current enthusiasm for brevity, make sure the selected format is appropriate for the content presented.

“Open Source in Wirtschaft und Gesellschaft” an der Sommeruni 2013 des evangelischen Studienwerks

Jedes Jahr wieder findet die Sommeruni des evangelischen Studienwerks statt. In diesem Jahr mit dabei war das Seminar “Open Source in Wirtschaft und Gesellschaft” von Mirko Boehm. Paul Adams unterstützte als Ko-Referent. Karsten Gerloff, Präsident der FSFE, trat als Gastredner auf. Da sich die Teilnehmer ihre Seminare nach eigenem Interesse selbst aussuchen, fand sich ein bunte Mischung von Medizinern über Naturwissenschaftlern bis zu Theologen zusammen. Die Verbindung aus Neugier, Heterogenität der Gruppe und inspirierender Umgebung sorgte für explosive Debatten, hitzige Diskussionsrunden und eine wie Flug vergangene Woche.

Schwerpunkte des Seminars waren die Fragen, wie Open-Source-Communities eigentlich funktionieren, was Einzelne zur Mitwirkung motiviert, wie sich freie Produkte in die Wirtschaftsordnung integrieren und welche politischen Herausforderungen und Veränderungen zu bewältigen sind. Während schnell Einverständnis herrschte darüber, das der Open Source Way ein gesellschaftliches und kein technisches Problem ist, wurde zu anderen sonst in der Netzgemeinde als selbstverständlich vermutete Ansichten wie “das Internet gehört den Benutzern” gut argumentiert hinterfragt. Wer trägt die Verantwortung für durch unvorsichtige Bewertungen beschädigte Reputation, muss alle Teilhabe in Zukunft im Netz stattfinden, braucht es eine Internetpolizei, das Strafrecht der realen Welt erweiternde Sanktionen, die Regulierung des Netzes? Durch die diversen Blickwinkel war manchmal nicht klar, wer mehr von wem lernte, die Seminarleitung oder die Teilnehmer.

Karsten Gerloff berichtete über die politische Bedeutung von Freier Software und offener Innovation, die Bedrohung durch Softwarepatente und die Kampagnenarbeit der FSFE.

CAM00409

Paul, Karsten und Mirko bei der Sommeruni

Die Beschäftigung mit der Materie war dabei von deutlicher Ernsthaftigkeit geprägt. Zum Beispiel brauchten die Teilnehmer etwa fünf Minuten, um den systematischen Unterschied bei der Integration von Copyleft- oder Permissive-lizensierten Beiträgen zu verstehen – ein Prozess, der bei nicht wenigen Freie-Software-Communities entweder gar nicht oder erst recht spät verstanden wird. Paul Adams war sichtlich beeindruckt. Dieses tiefe Eintauchen ins Thema steht beispielhaft für das allgemein starke Engagement der Stipendiaten, die ihr Studienwerk in weiten Bereichen selbst verwalten – bis hin zur Zusammenstellung des Programms der Sommeruniversität selbst.

Bei der traditionell turbulenten Abschlussveranstaltung am Donnerstagabend wurden die Vier Freiheiten anhand der kollaborativen Beschwörung des Geists von Villigst illustriert – wenn das nicht eine erfolgreiche Wissensvermittlung verdeutlicht… Unser einstimmiges Fazit – definitiv eine Woche lohnend investierter Zeit, die Paul Adams und ich in guter Erinnerung behalten werden. Neben den Teilnehmern war auch das Organisationsteam (ebenfalls sich freiwillig engagierende Stipendiaten) ausgesprochen engagiert und sorgte für einen reibungslosen, angenehmen Ablauf von insgesamt sechs parallel verlaufenden Seminaren. Sehr beeindruckend.

KDE Community Working Group is looking for a new member

The KDE Community Working Group is crucial to KDE’s open and inviting culture. It’s mission is to maintain an environment in which contributors feel welcome and get their work done comfortably. The Community Working Group is looking for a new person to join it after one of it’s long term team members recently resigned. Continue reading