About Mark Johnson

Mark Johnson is Development Manager as OSS Watch

OggCamp14

Last weekend I organised the first OggCamp to be held in Oxford. OggCamp is an annual free culture unconference, where 300 people with a variety of interests related to open source, open hardware, creative commons and more meet up to share projects, ideas and experience.

OggCamp name plate made with a Handibot CNC router

OggCamp name plate made with a Handibot CNC router

As an unconference, the vast majority of the scheudle is decided on the day. This means that we never really know what’s going to happen, but we always have a great range of interesting talks, and this year was no different. Talks this year included a demo of a hydrogen-powered Raspberry Pi, the beginnings of a project to create an open source wireless presentation dongle, software-defined radio, and several live podcast recordings.

Alongside our 3 presentation tracks, we had a fantastic exhibition hosting stands from the events sponsors as well as a number of local hackspaces. Projects being showed off included a vintage teletype connected to Twitter, an open source CNC router, a home heating automation system, and a persistance-of-vision display using a bike wheel.

The result of all of this was a fantastic weekend full of fun an inspiration. Next year’s event isn’t in the works yet, but I’m already excited for next time.

Summer round-up

We’ve decided to change the way we publish our newsletter, so instead of having a separate site over at http://newsletter.oss-watch.ac.uk, from now on we’ll be posting a monthly round-up of our activities on this blog.  If you’re only interested in these round-ups, you can subscribe to the feed for the Newsletter category.  We’ll still be publishing event reports, analysis and opinion pieces on this blog as before.

This month is a bumper edition covering what we’ve been up to over the summer.  With Kuali announcing its move to a company-based governance model, Scott has looked at whether this means the end of “community-source”, and whether its choice of an AGPL license poses a risk of vendor lock-in.

We’ve also continued our work with the VALS project, helping over 60 FOSS organisations submit over 250 project ideas.  The participating universities have now signed up for the programme, and students are submitting their project proposals.

Finally for this month, Mark attended the first AGM of the Research Software Engineers UK group, who are seeking to champion and support software developers working with researchers.

Research Software Engineers AGM report

Last Monday I attended the first (hopefully of many!) AGM of The UK Community of Research Software Engineers.  The group has been formed to champion the cause of software engineers producing software of research, be they developers who are embedded in research groups, or academics who have found themselves developing and maintaining software.  Throughout the day, there were a number of issues debated by the group.

While the career path for academics hinges on them publishing papers, developers contributing to research through their work often find that they dont get the opportunity to publish.  One of the problems that RSE seeks to address is finding an alternative way of universities giving recognition to the contribution of software engineers to research.

Should universities seek to support development of research software centrally, or is it better done in departments?  At UCL, they’ve formed a central group of developers, partly from core funding and partly from project funding, who can provide development effort to research projects.  While this provides a useful core of development expertise, a central service can’t provide the same level of domain-specific knowledge that some research groups will require, and some institutions simply don’t have the skills base in central IT to provide the development support that researchers would find valuable.

Another approach for central support for research software engineers is to provide training and tools to support good software engineering practice.  Version control, continuous integration and other common tools can be instilled in researchers’ workflows through collaboration with experienced developers, or through training initiatives such as Software Carpentry.  Provisioning systems like GitLab and Jenkins centrally provides easy access to infrastructure which supports these practices.

These issues and more were discussed in groups over the day, and will continue to be discussed by the RSE community.  If you’re a research software engineer, or just want to help champion their cause, you can visit the website and join the discussion group.

Over 20 FOSS projects join the VALS Semster of Code pilot

As we’ve mentioned before, OSS Watch is involved in the VALS Semester of Code project, enabling university students to participate in open source projects as part of their degree course.  There’s a week left for FOSS projects to sign up and submit their mentored projects for the pilot, before the students can sign up and submit their proposals.  As reported on the Semester of Code website, there’s been a fantastic response so far:

Organisations that Semester of Code students will have the opportunity to work with include the NASA Jet Propulsion Laboratory, Moodle, OpenMandriva and Lime Survey.  The project ideas submitted so far cover topics such as audio processing, HTML parsing, API design, web development and many more.

You can read the full announcement on the Semster of Code site.

VALS Semester of Code open for project idea submissions

As we’ve mentioned before, OSS Watch is working as part of the VALS Project to run a Semester of Code, engaging students with FOSS projects as part of their studies.  This week, our Virtual Placement System went live, allowing projects to register and submit ideas for student projects.

If you’re part of a FOSS project and would like to participate, make sure you’re signed up to the mailing list, then head over to http://vps.semesterofcode.com and follow these steps:

Firstly, a member of your organisation to sign up as an Organisation Administrator and register your organisation;

  • Go to http://vps.semesterofcode.com/ and click “Create New account” under the login form
  • Fill in your basic details and select “Organisation Administrator” as your role
  • Enter the following sign-up key: AHGLL765OW
  • Click “Create New Account”
  • You will recieve and email with a one-time login link. Log in and set your password.
  • Click on the “Dashboard” link
  • Click “Managed Organisations” and complete the form.

You will now see your organisation’s details with 2 codes: One to allow your mentors to sign up, and one to allow additional administrators for your organisation to sign up.

Once registered, you and your mentors can submit ideas;

  • Log in and click the Dashboard link
  • Click “Manage your project ideas”
  • Fill the form (You may have to click the “Add” tab if you have already submitted ideas”
  • When entering the description, please consider the following guidance:
    At a minimum, please include the expected outcome of the project, a  potential mentor, the skills and/or languages required to  complete the project, and a general “difficulty” level.

    The project should take about 3 months to complete. Please bear in mind that it’s better to start with a smaller project that can be extended if your student proves to be capable rather than have an over-ambitious idea which can’t be completed in time.

  • Include a link to a bug tracker issue or somewhere in your project’s workflow system that this project will be tracked

If you have any questions or feedback about the Virtual Placement System or the Semester of Code programme, please get in touch on the mailing list.

Thoughts on TYPO3

Last month, OSS Watch delivered a series of sessions on communication and participation with open source communities at the TYPO3 Developer Days event in Eindoven.

One of the sessions in our series looked at the theory of communities, the varieties of the communities we form and the motivations involved in each.  The core message of the session is that a FOSS community should be a community of interest, with the interest being the problem solved by the community’s outputs.  While many people in a FOSS community are developers, it’s wrong to view it as a community of practice, since other skills are required for a sustainable community.

What’s unusual about the TYPO3 community, is that while it is presented to the world as a single group, the brand actually encompasses 2 distinct groups. One group produces the TYPO3 CMS system, while the other produces the TYPO3 Flow framework and the TYPO3 Neos CMS.

The original development of Flow/Neos was funded by the TYPO3 Association as the “next generation” of the TYPO3 CMS. Indeed, it was originally called TYPO3 v5.  However, after the initial development of v5, TYPO3 v4 usage and development continued.  When it became clear that v4 wasn’t going away v5 became TYPO3 Neos, and the next version based on the v4 codebase became TYPO3 CMS v6.

The situation now stands that the TYPO3 brand is used by 2 distinct projects which have different development teams, different stated values and different cultures.  While the TYPO3.org website makes the history of the project and the branding guidelines clear, I feel that the TYPO3 community as a whole still has an issue to address.

The Sakai community (now part of the Apereo foundation) experienced a similar situation not long ago.  A sub-group of the Sakai 2 community decided it was time to produce a next-generation system, and called it Sakai 3.  However, it soon became clear that many  institutions funding Sakai didn’t agree with the goals of the Sakai 3 project, which created a rift in the community.

Several key partners withdrew their funding for Sakai 3 (which was rebranded Sakai Open Academic Environment, now called Apereo OAE) and continued to use and develop Sakai 2 (rebranded Sakai Collaboration and Learning Environment, now just Sakai).  The 2 projects now co-exist within the Apereo Foundation, a foundation created to foster software projects which support the goals of higher education.  While the projects have survived, the community suffered.

When a community moves from being a single-project to a multi-project community, as both Sakai/Apereo and TYPO3 have, it’s important that the resulting community identify what key commonality make them a single group.  A FOSS community should be a community of interest, and if projects are to share a community, they should have a shared interest.

Apereo has identified its shared interest in software that supports higher education, within which Sakai and Apereo OAE can now co-exist. With this identity, they’ve now taken on additional projects such as Matterhorn and uPortal, with an incubation programme foster new projects in the future.

If the TYPO3 community doesn’t identify the shared interest of TYPO3 CMS and Neos/Flow, they risk suffering further turbulences as Sakai’s community experienced several years ago.

Fortunately, the TYPO3 community are not blind to these issues. Members of the TYPO3 projects have formed a Community Working Group to look into the issues discussed here and steer the community towards a positive future.

It’s my hope that by learning from Apereo and similar multi-project communities, TYPO3 could become a successful umbrella organisation in its own right.

For more on the history of Sakai and the Apereo OAE, check out the “Sakai” tag in Michael Feldstien’s blog archives from 2010 onwards.

Linux Voice launches Moodle hacking competition

The latest issue of Linux Voice included a cover feature on common security flaws in web applications and how they can be exploited.  Alongside this, they are running a competition to win a Linux Voice t-shirt.  To win the competition, you need to be the person who finds the most security vulnerabilities in one of my favorite open source projects, Moodle.

I’ve got a lot of experience of working with Moodle’s codebase, and I know that its developers have taken security seriously.  There’s APIs in there to protect against SQL injection, cross-site scripting and the other common attack vectors.  This is vital in a system like Moodle which might hold a wealth of personal data about students, as well as assignments and assessment systems.

While these APIs exist, Moodle has a huge codebase maintained by a large community of contributors.  You can write a query using the database API which will be protected against attacks, but a lazy or less experienced programmer might have written vulnerable code which hasn’t been replaced.  Equally, you might be able to think of an attack that no-one thought to defend against.  In the wake of Heartbleed and similar high-profile vulnerabilities, it great to see a competition like this encouraging scrutiny of a popular project’s security.

The prizes in the competition will go to whoever has the most security issues verified on the Moodle tracker, whoever can successfully access a specific file in the site’s web root, and whoever can successfully access a specific file outside the site’s web root.  The competition runs until 8th July (unless the server gets destroyed before then), and you can find out the full details on the competition’s website. Happy hacking!

An OSS Watch for your wrist!

At OSS Watch, our name means we get a lot of spam offering to sell us watches, so I decided to find out if there really is an “OSS Watch”. It turns out there is, or at least, an “OS Watch” since it’s more about the watch being open than the software it runs.

The Open Source Watch website provides details of the components to buy, the tools you’ll need, and schematics for 3D-printing the casing. It then has detailed step-by-step guides with photos showing assembly of your own homebrew smartwatch.

The device as built on the site features a 1.3″ OLED screen (the site also suggests other options), bluetooth connectivity, vibration and LEDs for notifications. The whole thing is powered by an Arduino-compaitble microduino (underclocked to save power), and runs off a 500mAh battery with micro USB charging. You get 3 tactile push buttons, a power switch and a port for programming the arduino.

The site doesn’t provide dimensions for the finished device, but by my esimates the face is 40x60mm, and the casing is about 30mm deep. So it’s fairly chunky as you’d expect from a smartwatch, but doesn’t look over the top considering it’s a DIY job.

The software to run on the watch is in development and available on Github. There’s currently some code to display the “watch face” using the arduino, and the beginnings of an iOS app which will presumably send notifications and data via bluetooth.

VALS Semester of Code – FOSS Projects Wanted

The VALS Semester of Code is an upcoming project that will work with universities and FOSS communities to give students real-world experience working in software projects.  Unlike Google Summer of Code, Semester of Code students will be participating for academic credit as part of their degree courses, and we hope that after completion of their project will go on to be effective contributors to the FOSS community.

The VALS initiative is a partership of European universities and SMEs who have been working for several months to plan the pilot of Semester of Code, which will run during the next academic year.  We have now reached the stage where we are signing up FOSS projects who are willing to provide mentored projects of students. We have already seen interest from smaller, single-company projects to larger software foundations, and would like to see more.

If you are part of a FOSS project, large or small, that would be willing to provide one or more mentored projects, we’d love to talk to you about joining Semester of Code.  In return, you’ll get an enthusiastic student providing a valuable contribution to your project.  The VALS team will be on hand throughout the project to answer any questions and help unblock communication issues between mentors, students and academic supervisors.

If you’re interested in taking part, you can email me on mark.johnson@it.ox.ac.uk, or you can sign up to our mailing list directly using this form.

More details about the Semester of Code are available on our FAQ page. If you have any other questions, don’t hesitate to ask on the mailing list, and one of the VALS team will get back to you!

Open source lecture capture at The University of Manchester

We received an excellent contribution to our Open Source Options for Education list this week, in the shape of a real-world usage example of Opencast Matterhorn at the University of Manchester.  The previous examples of Matterhorn usage we’ve had on the list have been documentation of pilot projects, so it’s great to have such an in-depth look at a full scale deployment to refer to.

Cervino (Matterhorn) by Eider Palmou (CC-By)

Cervino (Matterhorn) by Eider Palmou. CC-BY

The case study looks at the University’s movement from a pilot project, with 10 machines and the proprietary Podcast Producer 2 software, to a deployment across 120 rooms using Opencast Matterhorn.  During the roll-out, the University adopted an opt-out policy meaning all lectures are captured by default, collecting around 1000 hours of media per week.

The University has no policy to preferentially select open source or proprietary software.   However, Matterhorn gave the University some specific advantages.  The lack of licensing or compulsory support costs kept the costs down, and combined with the system’s modularity allowed them to scale the solution from an initial roll-out to institution wide solution in a flexible way.  The open nature also allowed for customisations (such as connecting to the University timetable system) to be added and modified as requirements developed, without additional permissions being sought.  These advantages combined to provide a cost-effective solution within a tight timescale.

If your institution uses an open source solution for an educational application or service, let us know about it and we’ll include it in the Open Source Options for Education list.