Archive for the 'Development' Category

Why TransferSummit appeals to a broad audience

Published by Sander van der Waal on June 21, 2010 in Community and Development. Comments

We are only two days away from the start of TransferSummit/UK, the conference on open innovation and innovation in open source software that is sponsored by OSS Watch. TransferSummit is the perfect opportunity for academia to meet business and vice versa. We hope that everybody will find something valuable to take away from this conference, whether it’s about innovation, collaboration or development on open source software.

The three themed tracks provide a very diverse programme which allows attendees to pick and choose. If you’re coming for inspiration, you will have to make sure not to miss the keynotes by Steven Pemberton and Roland Harwood. And hear about the ‘thoughts from the frontline’ by Simon Phipps.

Are you more interested in open source software foundations? We’ve got speakers from the Mozilla Foundation, GNOME Foundation, LiMo Foundation and The Apache Software Foundation. Not to mention the new CTO of the CodePlex foundation, Stephen Walli, who will be talking about the direction CodePlex is heading.

Perhaps you have a more technical background and are running your own open source software project. In that case you may want to know more about ‘Managing IP’ which will be the topic of OSS Watch’s Rowan Wilson’s talk, and go hear more about project governance by Ross Gardler.

Or are you from a business background and would you like to know more about how to make money out of open source? Then the session on ‘FOSS business models’ by Sirius’s Mark Taylor is for you, and you should hear from Bertrand Delacretaz why his company Day Software open sources most of their code.

And this is only scratching the surface of what the programme at TransferSummit has to offer. There are still a few places available so come down to Oxford on Thursday and Friday.

In case you are not able to come to TransferSummit, make sure you bookmark our live page where you will find two live blogging streams as well as the Twitter feed (hastag #TS10).

Is UK research ‘wired for innovation’?

Published by Gabriel Hanganu on June 4, 2010 in Business, Community, Development, Discussion, Event and Strategy and Policy. Comments

Apparently French research is not ‘wired for innovation’. The reason, according to Presans who reports from a recent Lyon round table, is the low levels French public research score on the Technology Readiness scale. Technology Readiness is a model used in the aerospace and defence sectors to evaluate the maturity level of a new technology. According to this model, levels 1-2 correspond to basic research, 3-6 indicate intermediary stages as the project moves from demonstrator to prototype, and 9 is assigned to a technology ready to be released on the market. According to Florin Paun, Deputy Director for Industrial Innovation at ONERA, technologies produced by public research should reach at least level 4 on the Readiness scale in order to attract industry partners, but most French research units, with some notable exceptions, tend to score below this mark. Research and industry do not speak the same language, the author of the post concludes, therefore there is a need for translation and  reformulation of the needs of businesses and of the solutions provided by research laboratories.

The lack of a common language for all categories of research stakeholders was also identified in studies of UK research infrastructure, as OSS Watch pointed out. Despite an impressive array of online systems and services aimed at helping researchers carry out their research, these technologies are often employed below their full potential. One way to improve this situation is to take stock of some key lessons from open source development, which include providing an open space for expressing the needs and concerns of researchers, software developers, service providers, and indeed all external partners, including businesses, who may wish to join the community.

OSS Watch conceived TransferSummit precisely to address this lack of mutual understanding between the academic and business research stakeholders interested in open development and open innovation. Two of the academic projects we advised recently have started to benefit from collaborating with non-academic partners. TexGen’s decision to make their research software freely available resulted in attracting supplementary grants and facilitating industry collaboration, while Wookie’s choice to join the Apache Software Foundation’s Incubator attracted interest from both the academic and commercial sectors. Both these and other academic projects will feature at TransferSummit, along with key representatives from open source businesses and software foundations, including in no particular order, Red Hat, Sourcesense, Sirius, WSO2, Indiginox, Day, HP, Amazon, Gnome, Apache, Codeplex, Mozilla, LiMo, Wikimedia, who will discuss the challenges and opportunities associated with academic-industry partnerships.

French research may not be ‘wired for innovation’, but is UK ready to reap the benefits of open innovation emerging from the dialogue of the academic and business sectors? Join us at TransferSummit to find out.

Open source allows innovation on Microsoft products

Published by Ross Gardler on May 25, 2010 in Community, Development and Strategy and Policy. Comments

For many people, Microsoft and open innovation may not seem the most obvious of bedfellows. However,  in 2008 the company’s deputy general counsel for IP, says that is exactly what they are.

In our our article “Microsoft: an end to open hostilities?” we observed that that “FOSS activists remain split over how to respond to Microsoft’s forays in open source.” Those splits remain today.

On the one hand we have postiive moves such as the releasing of key tools for interacting with Microsoft Outlook files. This allows third parties to build products that can interoperate with Microsoft Outlook files more easily.

On the other hand we have Darren Strange, Head of Open Source Engagement, Microsoft UK, telling us “patents are a good thing and they help to fuel the industry. Patents drive innovation and they drive openness actually,” a point that is in strong opposition to the opinions of most FOSS supporters.

How should you approach open source and patents in order to maximise opportunities without limiting or compromising your own research efforts?

Come and hear some of the greatest thinkers and leaders tackling these kinds of issues at our Transfer Summit conference in June (early bird registration ends on May 27th, so register now).

Build a better Facebook through open innovation

Published by stevelee on May 13, 2010 in Business, Development, Event, Standards and Strategy and Policy. Comments

There is a rapid groundswell of concern about Facebook. The main issue is privacy, or rather Facebook’s attitude to individual privacy and data ownership. Over the years the default settings have relaxed from most items being private, to virtually none being so. Unless the user makes a concerted effort to change settings. Accordingly, there is a lot of talk about creating an alternative to Facebook. As is often the case, many are looking towards a more ‘open’ version, though what they mean by that may not always be clear.

One example that currently stands out is Diaspora*, a project idea to create a distributed system where each person manages their own data rather than trusting it to a central hub run by a business. In a few days the four NYU students behind the project have gained a lot of interest and an awful lot of micro funding pledges. As noted above, it is not surprising that they propose to use open standards, open source and open development in their descriptions. But could there be a better form of ‘open’ to consider here?

As Social Hacking points out, if you are going to build another open Facebook you might as well make sure it is an improvement. While the author makes several points for how to make sure you surpass the existing Facebook, one really stuck out when I read it.

3. Learn from Academic Researchers

Many people in the academic community are producing research that addresses how people interact both offline and online, as well as how people understand concepts of privacy and social networking. As websites continue to reshape the fabric of our society and Facebook in particular affects notions of privacy, you simply can’t afford to ignore these studies.

My interest was piqued not only because we at OSS Watch are based in academia and support research projects. Rather, I was interested as it hints at, but does not make explicit, a powerful opportunity from being ‘open’. Taking it at face value it’s possible to interpret the comment as a suggestion to read papers and be influenced by the ideas they contain. I was struck by a more powerful way to embrace the ideas, namely through open innovation in software, or open development of open source software.

Open Innovation allows companies and developers to directly engage with academics in a collaborative relationship likely to be much more fruitful than just consuming papers. This can lead to a win-win where the project gains from the theory, leading to more profitability, and the academic gets a working implementation of their work, not to mention exposure and validation. Hopefully the Diaspora* project will take steps to actively engage some of the listed academics in their project, and so reap the rewards.

There are some hurdles to overcome on the road to open innovation. Not least are issues of trust and cultural differences, along with the need to find the right people. However there is growing understanding of how to manage these issues, building on the wealth of experience learnt in those open source projects that have successfully crossed boundaries. JISC are also encouraging pilot studies of open innovation through the recent JISC Grant Funding 1/10: Access to Resources and Open Innovation.

On June 24/25/26 in Oxford there is an excellent opportunity to directly explore open innovation with the people who are actively engaged in it. The TransferSummit, provides a forum for business executives and members of the academic and research community to discuss requirements, challenges, and opportunities in the use, development, licensing, and future of Open Source technology. I hope to see you there.

Free academic passes for TransferSummit/UK

Published by Ross Gardler on May 4, 2010 in Business, Community, Development, Discussion and Event. Comments

We’ve been posting about the importance of open development in sustianble open source projects for a long time. We’ve been running well attended workshops on the topic for almost as long. Now we are stepping up a gear and bringing you a three track, two day conference with a barcamp thrown in.

What’s more, if you are an academic we’re even giving you free tickets (mail us for a discount code).

Showcasing an array of presentations, the two-day conference comprises three content tracksinnovation; development and collaboration – each containing six sessions a day. The Innovation track, aimed at executive-level attendees, provides a top-level immersion into the world of Open Source. Topics cover foundations, infrastructure, licensing, governance, community-building and more.

Sessions on the Innovation track include:

  • Dissemination beyond academic circles: Scott Wilson, Assistant Director, JISC CETIS,looks at how open source has taken work from the University of Bolton well beyond the usual academic circles
  • Are developers important?: Paul Walk, Deputy Director, UKOLN, discusses the important of developers in the innovation cycle
  • Is my community too small for success?: Gianugo Rabellino, CEO Sourcesense, dissects a typical large community and considers the assumption that projects need to be large in order to succeed
  • FOSS business models: Mark Taylor, CEO Sirius IT, examines common strategies for sustaining FOSS and the licensing and community models that support them
  • The economics of innovation in mobile technolgies: Andrew Savory, Open Source Manager LiMO Foundation, evaluates FOSS in the mobile ecosystem

Register now on the conference website (don’t forget to ask for your discount code if you’re working on academic projects)

Open innovation builds success at LEGO

Published by Ross Gardler on April 28, 2010 in Business, Community and Development. Comments

Six years ago, LEGO was on the brink of bankruptcy, as reported by PRESANS on the “Open Your Innovation” blog. LEGO had suffered in the 1990s at the hands of video games and computers, and had negelected its relationship with its users during difficult times. Today, under new CEO Jorgen Vig Knudstorp, it has turned its fortunes around and the familiar little coloured bricks are as popular as ever.

Knudstorp achieved this dramatic turn-around by establishing an innovative client relationship through the creation of a social network dedicated to children and LEGO bricks. This user community – accesssed through 40 ‘LEGO ambassadors’ in over 20 countries – provides valuable market information and is completely integrated in the design of new products.

Young adult interest has also been harnessed, through LEGO Mindstorms, which are programmable by computer. When advanced users began hacking the system in ways LEGO hadn’t foreseen, LEGO decided to utilise their ‘collaboration’ instead of fighting it. This enabled it to benefit from cloudsourcing and draw on the creativity and intelligence of a large number of users.

By opening the companies innovation processes to the outside world LEGO have recovered from its near-death experience. At the Transfer Summit we feature practical discussion, case studies and networking to enable you to realise the benefits of open developent within and beyond your own projet boundaries.

Using version control to manage Intellectual Property

Published by stevelee on April 23, 2010 in Development. Comments

Intellectual Property (IP) management is one of the least glamorous activities required when running a software project. And yet it may just provide critical evidence for a quick resolution when a project is forced to defend itself against an IP dispute. A recent example of an attack on a open source project can be seen in the high profile JMRI.org defence against fraudulent claims of patent violations. Proper IP management not only provides peace of mind for the core project team, it also ensures contributors are not individually liable for costs. IP management is particularly important in healthy open source projects as they may received contributions of uncertain copyright status from a wide range of people of varying and possibly unknown background.

Fortunately, while IP management may seem daunting, not to mention complex, in actual fact a large chunk of the requirements are met almost for free as a side affect of using common development tools. When used wisely, version control systems provide the auditing required to keep track of IP, especially copyright. This is indeed fortunate when you consider that a single contribution may touch a very significant number of the files or other constituent components of a large mature project.

When contributions are accepted into the project code base there is the possibility that some of the code was in fact not usable for legal reasons. Such contamination may come from IP violations such as the process being covered by an enforceable software patent (in the USA), or the contributor being neither the copyright holder nor having been granted appropriate rights. Even if, as recommended, contributors are required to sign a Contributor Licence Agreement to assign ownership to the project itself, there is still a need to track individual contributions in case of dispute.

So a project needs to track who contributed each individual bit of code as it is accepted into the core code base. As a brief aside, the projects governance model will describe who can commit into the core and under what circumstances. The other requirement for IP management is the ability to make various queries about who made a change and when. Any decent version control worth it’s salt will provide the basic facilities which when combined with simple processes provide basic IP management.

Version control tools by their nature keep track of changes and allow queries to be performed. A project need only ensure that every change is clearly marked with the contributors identity, bearing in mind that the commiter may not be the same person as the contributor. This also implies that commits should be carefully managed so as not to mingle changes from different authors; but that is bad practice anyway for basic auditing purposes. A simple approach is to insist that all modifications include the email address of author. Some tools such as the distributed version control system git make it possible to get such owner stamps to appear automatically in the patches made and submitted as a contribution.

For auditing purposes it may be useful to generate a list of dates of change per contributor and merge that with a list of IP agreements. If any specific part of the code is disputed then the facility to see who made a change and when is useful (often call the ‘blame’ feature). If a particular change is in dispute it is easy to find out the extent and which files are effected. Finally most version control systems allow notifications to be generated on commits which can be useful for notifying those responsible for checking IP.

Our article What is version control? Why is it important for due diligence provides more detail on using version control.

TransferSummit/UK: 24-25 June 2010

Published by Elizabeth Tatham on April 22, 2010 in Business, Community, Development, Event and Uncategorized. Comments

Every two years, OSS Watch hosts an international conference, and registration has just opened for our 2010 event. At TransferSummit/UK, business executives, technologists and members of the academic and research communities will be able to meet and discuss requirements, challenges and opportunities in the use, development, licensing and future of open source technology. In an array of presentations – from quick-start sessions to real-world case studies to emerging showcases – international speakers from the worlds of commerce and academia will cover a host of topics. These will be divided into three tracks:

- Innovation: aimed at executive-level attendees, this track provides a top-level immersion into the world of open source. Topics include foundations, infrastructure, licensing, governance, community-building and more.
- Development: aimed at technologists, this track highlights the day-to-day practice of putting open source into action. Topics include version-control, IP tracking, user engagement and more.
- Collaboration: aimed at both technical and non-technical audiences, this track offers real-world case studies, proofs of concept, first-hand accounts and market trends, and analyses what’s up-and-coming in open source.

In addition, attendees will enjoy a keynote presentation, breakout sessions, a gala dinner at Keble College, ample networking opportunities and, an optional extra at no additional cost, a BarCamp on Saturday 26 June.

To be held in the historic city of Oxford, TransferSummit is being organised by OSS Watch, in partnership with key individuals and organisations from the open source community, including the Joint Information Systems Committee (JISC) and the University of Oxford.

Registration is now open (note we have 100 free tickets for people from the academic space; drop us a mail with your credentials to get the discount code).

Making your open source software releases more secure

Published by Sander van der Waal on April 21, 2010 in Community and Development. Comments

When you’re writing code in an open source software project, you are generally using some version control system (you should!). Hosting websites like SourceForge and Google Code usually provide one free of charge, eg. a Subversion repository. All developers or other people interested in the source code use a client application to download the code and synchronize with the repository on the server. Users can download the source code using http or https.

Making your code available for external parties by using a version control system is a very good idea. But if you want to attract more kinds of users than just developers, you should also periodically create a release of your source code and make these separately available for download. Less or non-technical users will then find it easier to use your software and get involved in the project more easily if they don’t have to build the executables themselves.

However, if you release executables through your own (or a hosting) website, this is not entirely risk-free. If someone tempers with your binaries, eg. by adding malware to the code, your users may be downloading malicious code to their computers by using your software, and of course you would want to prevent that. Two ways of doing this are to hash the download and make the checksum available as a separate file, or by signing the release with a PGP signature.

Adding a checksum to your download
Several algorithms have been developed to generate a hash checksum for a file, eg. MD5 or the SHA family (SHA1, SHA128, SHA512). The purpose of creating this message digest is to assure that the file you downloaded is exactly the same file that was offered, so no one byte can be different. This does not only help against infringement from outsiders, but also helps you detecting technical errors in the transmission of the file. An easy, simple-to-use tool to generate hashes is the open source application GNU Privacy Guard. It supports MD5 as well as several SHA algorithms. In general you should use the algorithm with the longest hash key, as they are more secure. With brute force it is possible to break all hash keys, but a short key like from MD5 is much easier to crack than one like SHA512. The process is fairly simple. You create the checksum file for the generated download and upload them both to your website. The user interested in the download also downloads the checksum and uses a similar tool as GNU PG to check if the checksum is correct.

Signing your release with a PGP signature
Another way to protect your released binaries is to sign them with a PGP signature. You can use the same tool GNU Privacy Guard for that. When you start using it, you first need to generate a public/private key combination. You will have to publish the public key in a file, commonly this is one KEYS file for the whole project that contains the public keys of all relevant developers. Next, you can sign a release binary using your own key, which will result in a signature file, which is quite similar to a hash key file. Now anybody that can download the binary, your public key and the signature file, can check whether the signature matches with the public key and the binary. This will ensure that the file that has been downloaded is the same file that has been created by you, the release manager.PGP signatures can provide an extra level of protection by identifying that the public/private key combination that signed the binary indeed is linked to the individual. It works in a decentralised way (as opposed to the PKI method that needs a certifying authority). Once you have created your own keys you can exchange your public key with other users and thereby add them to your web of trust. You do that by signing each other’s keys, but you should really do this in person to make sure you know who you are dealing with, eg. at a conference.

Finally, if you’d like to know more the Apache page on signing is an excellent resource. For more technical details about signing Henk Penning’s page is very informative.

Then, as a really final note, I should add that these mechanisms of securing your releases are not error-free and don’t fully guarantee that people with malicious intentions can do harm, because they usually always can. However, the described mechanismsdo make your releases saver than not using any security and it’s therefore a good idea to use them.

More open source accessibility news from CSUN10

Published by stevelee on April 5, 2010 in Community, Development, Event and Software. Comments

In my previous post on the CSUN10 conference I concentrated on the GNOME accessibility team hackfest and booth. An audio version of that post recorded while at CSUN has also ended up in the new Access Collective podcast from David Banes of AbilityNet. This time I want to describe the exciting activity of the Project:Possibility who encourage computer science students to work on open source accessibility projects through competitive events. I’m on the board of Project:Possibility and this year we worked with the GNOME accessibility community to offer the students a chance to work on established projects to the teams, gaining sort after skills. Accordingly this post is largely written with my Project:Possibility hat on.

However before that I like to mention news announced at CSUN that Adobe will be adding support for IAccessibile2 to Reader and Acrobat. IAccessible2 is an enhanced accessibility API for Windows that is an open standard maintained by the Linux Foundation, so the announcement by Adobe is a good affirmation of the standard’s position.

At the other end of the corporate-to-personal scale, BryenY who was with GNOME at CSUN and also used a number of signing interpreters, describes how these interpreters clearly explained all they had learnt about open source through performing their work.

As for the Project:Possibility student teams from USC and UCLA who won the SS12 accessibility coding competition? Well the CSUN organisers arranged for 2 events to showcase the programs they had created. The first was an informal ‘meet and greet’ requested by Dan Hubbell of Microsoft, who sponsor of CSUN. Dan wanted to meet us all and suggest the students also consider the Microsoft Imagine cup for future activity. We invited the GNOME accessibility team and others who we thought would be interested and the event was very successful. The students presented themselves very well indeed, stimulating interested discussion. Project:possibility gave a brief introduction to our work as well.

After the meeting, Willie Walker presented the students with Friends of GNOME t-shirts and the CSUN students stayed with Ben Konrath, Caribou maintainer, to work on further improving their winning code to make it suitable for submission into to the GNOME code base. This was key as the reason for offering GNOME projects to this years SS12 teams was to make sure the code they produced did not stay on the shelf, but rather lived on as something useful for users. Although we were concerned the students might find it daunting to work with an existing open source project, we were very pleased to find the students said this was actually a positive draw, as was the chance to have a mentor experienced with existing code. We are hoping that the USC team complete the work getting their code submitted, and indeed they expressed a great interest in seeing their code in a standard Linux distro like Ubuntu. If they do we’ve arranged that they will get a GNOME certificate from Stormy Peters that will bolster their resumes.

The students were also given an opportunity to present their work on the Saturday along with students from San Diego State University. I tried out both the mobile currency scanner running on a Nexus One phone and the new binary input mode for Caribou. There was quite some interest and again the students gave a very good impression.

CSUN University have stated they will definitely enter the SS12 next year and we hope to see their students in the finals. There is also much interest in the idea of having the SS12 finals as part of the CSUN conference next year. Other ideas include working with high schools and having many more SS12 competitions. So along with the clear interest we saw for GNOME’s accessibility solutions, I’m pleased to say Project:Possibility are also raising awareness of open source accessibility and the benefits it offers to users and developers alike.

Finally I’d like to thank OSS Watch for sponsoring my visit to CSUN10 and so enabling me to experience and contribute to the success of open accessibility this year. We also raised the profile of OSS Watch as a experts in open source development.