Monthly Archives: May 2011

An open letter to OSS developers: thank you!

This guest post is contributed by Donna Reish, who writes on the topic of best universities.

Dear OSS developers,

I wanted to write to say thank you for the work that you do. Thank you for the hours you put into your projects. Thank you for developing them and updating them. Thank you for keeping them free! And thank you for thinking up and creating the tools that make my job easier.

As a freelance writer, I cannot earn a living without having excellent tools: a working computer, pens and paper, internet access, image-editing abilities, and a word processor. The health of my business depends on how well these tools work for me as I complete my projects.

At the same time, I’m appalled by the cost associated with some of the options out there. Adobe InDesign and Microsoft Office Suite are both quite expensive, and I have a hard time justifying diverting my money to pay for those when my income is already squeezed as tightly as it is.

Instead, I have found that products created as openly as possible and provided for free have done wonders for my business. I’m speaking, most specifically of course, about, which, as you well know, has a writer program that more than allows me to accomplish all of my basic writing tasks.

I think one of the beautiful things about open source applications, like OpenOffice’s word processor, is that they integrate with other applications almost seamlessly. In the case of word processors, I can save a document that I’m working on in such a way as to allow someone with Microsoft Word to read and edit it just as easily. When I coordinate with my clients, I don’t have to jump through a lot of hoops in order to make the file a certain kind in order to help them read it or edit it. As someone who doesn’t quite know how computer programming works, I treat such compatibility like a miracle on earth!

Another open sourced application that I’ve found incredibly helpful for my freelancing business is GTD-free, an open sourced productivity application that basically helps me implement the ‘getting things done’ method of personal productivity management. When I freelance, I often juggle multiple projects, many of which have different deadlines and requirements. I need to have a great method of keeping all of it tracked in one place. I used to use a Moleskine notebook, but I found that the exercise of constantly writing down things was getting to be a task in and of itself. The switch to this application made my life so much easier.

Finally, I know I owe open source developers a lot, but if you have better suggestions regarding productivity apps, feel free to share your comments! I’ve been really happy so far with the tools I’m using, but I’m always looking for ways to improve.

Anyhow, these are some of the real world benefits for which the work you do is indirectly responsible! Thank you again.

Donna Reish

Editor’s note: Donna’s letter is an excellent example of someone acting in the evangelising role. The evangelist is an important role within an open source community and is discussed, along with all the other community roles, in the OSS Watch briefing note ‘Roles in open source projects‘.

Rave in Context

At OSS Watch we recommend that software be split into reusable components wherever possible. Furthermore, we argue that projects should work to make their components attractive to third parties. This is good software engineering and open development practice that can lead to more sustainable software since it enables open innovation.

Unfortunately, software development teams often claim that the effort required to properly architect reusable components and to build community interest in those components requires resources beyond those available within a typical research project’s budget. It’s hard to argue against this view when the research team is only tasked with solving the immediate problem, and not tasked with the long-term sustainability of the software involved.

Since we were not having significant success in making this point, we set out to demonstrate through practice. We wanted to show that it is possible to solve the immediate problem as well as ensure the long- term sustainability of software outputs and, perhaps more importantly, the research team. All that is required is some forward planning and some new skills.

Our first step was to work with the University of Bolton, who had implemented a W3C Widget server as part of a much larger EU project. We helped the Bolton team, headed up by Scott Wilson, to take their code into the Apache Software Foundation’s Incubator. Since Wookie’s entry into the Incubator we’ve been working to build a community around the project. Bolton alone has received in excess of £700k in further funding relating to Wookie and the project itself has received many code enhancements from the community.

Our work on Wookie led directly to the extraction of more code components from three separate projects, two in the US and one in the Netherlands. This created a second project in the Apache Incubator called Apache Rave, which provides a platform for the creation of web applications built with OpenSocial Gadgets (reusing Apache Shindig) and W3C Widgets (via Apache Wookie). This is a relatively new project, but already the collaboration of all partners is leading to yet more reuse and collaboration.

One example of this is a new project (funded by the JISC) called Rave in Context. This project uses both Wookie and Rave to provide a new user interface to the popular MyExperiment scientific workflows application. By leveraging the widget features of Rave and the API provided by MyExperiment we will be demonstrating how user interfaces can self-adapt to different hardware devices and user environments. We’ll also be building widgets for accessing Simal and OpenDOAR with the same interface.

Of course, this project is itself an open development project. We will be extracting a series of generic widget templates for common web application features. These templates will be donated back to the Apache Wookie and Rave projects (as appropriate), whilst feature-specific implementations will be offered to the MyExperiment, Simal and OpenDOAR projects.

It’s taken us nearly two years to reach this point. Along the way various sub-projects and related teams have secured funding. Each of these projects has highlighted the open development approach as a major component of its sustainability plans. We’ve also engaged commercial partners in these projects, providing further resources to ensure the ongoing support of the open source code and the research teams that depend on it.

We hope that this practical demonstration of openness as  a sustainable academic research practice will encourage you to budget for sustainability in future proposals. Of course OSS Watch is here to help you at bid-writing stage.

PS We’ve just had a third project relating to the Open Grid Computing Environment (OGCE) accepted into the Apache Incubator. Watch this space for more info on Apache Airavata.

The power of community – open source and otherwise

I broke my arm while ice-skating with the kids back in February half-term. For the first few days and weeks after the accident, life was turned upside-down. I couldn’t dress myself or butter a slice of toast – how was I going to look after two children, run a household and hold down a job?

I need not have worried. My circle of friends immediately took over, bringing round meals, taking care of the children and ferrying me to and from the hospital. They rearranged their lives to accommodate our activities, cheerfully dividing the swimming and ballet runs among themselves. I didn’t even have to ask. My employer also made life easier by being flexible and allowing me, once I was well enough, to work from home if necessary, and never putting any pressure on me.

Of course my husband carried the biggest load, but he calmly accepted the situation and just got on with it, almost always with patience and good humour. He did much of the childcare, all of the driving and made the packed lunches – though didn’t take to cooking in the way that I hoped he might! All this while doing his own job, renovating the house and planning a move to Australia – but that’s another story, perhaps for a future blog.

Mercifully, I wasn’t totally helpless for very long. Pretty quickly I managed to find a way of doing almost everything. My methods were unorthodox but they worked: I could open toothpaste with my good hand, while clamping the tube between my knees; I folded washing using one hand and my teeth; I anchored a loaf of bread with the elbow of my broken arm so that I could slice it. (It was either that or gnaw the end of the loaf.) I became quite proud of my ability to improvise and master the myriad practical challenges that daily life now presented. Like a toddler, I was fiercely independent about doing things for myself – though, thanks to the fact that I hadn’t broken my dominant arm, could feed myself less messily.

So, the experience, while I wouldn’t wish to repeat it, has had its benefits. It has reminded me how lucky I am to have the friends and family I have: although I’m pretty resilient, I could not have managed without them. I’ve also realised that even in good times we all draw strength from each other. In short, it has underlined the value and power of the community I have around me.

Here at OSS Watch, we are interested in the communities surrounding open source projects, which are no less vital to the survival of those projects. For more information on the importance of the open source community, read our briefing documents How to build an open source community and A guide to participating in an open source community.

The PSN hack and open source

I’m one of the people who has recently (perhaps in an excess of caution) cancelled their credit card because of the security breach of the Sony Playstation Network. Now you might wonder what this has to do with open source, but bear with me. Back in 2004 I went to a conference in The Hague about open source in the secondary software sector (meaning industrial sectors where software was a part of their product but not the core offering). One of the companies there was Sony Computer Entertainment. The presenter explained that Sony was a very open source-friendly company, and that within the development division in Japan Linux desktops were the norm. The presenter also pointed to the Linux installation kit that Sony had released for their then-current games console the Playstation 2 (PS2), and advised us to look out for more Linux-related tie-ins in future games consoles. True to their word, two years later the Playstation 3 launched with the facility to install Linux in the basic model. True, you could not access most of the console’s advanced hardware via this ‘Other OS’ option, but it was a nice gesture, and generally appreciated by the open source community.

Unfortunately, three years later, when Sony released the revised ‘slim’ version of the console, they decided to remove the option to install Linux. Sony said that the change was necessary as they wished to focus on the gaming side of their console, and could no longer support the work necessary to create and test Linux drivers for the new hardware revision. Cynical observers commented that the removal was more likely due to the progress that hobbyist developers had made in unlocking access to the PS3’s more advanced hardware features via the ‘Other OS’ feature, thereby threatening the monopoly over the approval of advanced software that Sony then had. Indeed, shortly after the release of the PS3 slim, hobbyists succeeded in circumventing the PS3’s security features and progressively gained full control of the machine.

This brings us to the first open source-related lesson of this story – withdrawing freedom is hard. As the technical team who finally overcame the PS3’s security pointed out the removal of the ability to install Linux drew their attention to the console. Having sold the console as – in part at least – a venue for open development and hobbyist coding, Sony’s removal of this capability struck some as unjust, and motivated them to forcibly right what they saw as a wrong. Now I am not trying to equate the open source community with technologists who overcome third-party control mechanisms like the protection of the PS3; while there is some cross-over, the activities are essentially distinct. It can be said, though, that Sony used freedom to develop and open-source friendliness as marketing tools (particularly effective in a market where their chief gaming rival was perceived open source opponent Microsoft) and their decision to withdraw that freedom was (a) highly resented and (b) in the end ineffectual.

Moving to Sony’s more recent problems, their decision to take robust legal action against one of the technologists responsible for overcoming their console security angered many, and led to so-called DOS or Denial of Service attacks against the Playstation Network (PSN) – the service which enables online gaming and sales of downloadable content for Sony consoles. In the wake of these DOS attacks, Sony deactivated the PSN for a long period of maintenance. Many surmised that this was intended to allow changes to the system that mitigated the loss of control of the console platform itself that Sony had experienced. In fact, as the first link above shows, Sony’s PSN had been hacked and the personal details of approximately 100 million users such as myself had been accessed by unknown third parties. At the time of writing Sony has not given details of how the hack was effected, but rumours on the internet – many pre-dating the closure by several months – claimed that Sony may have been using outdated versions of popular open source software on their PSN servers. Professor Eugene Spafford of Purdue University gave some of the details of these rumours when testifying yesterday to the US House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade. Professor Spafford mentions outdated versions of the Apache httpd server as a potential attack vector in the hack, basing his remarks seemingly on unspecified postings to security-related mailing lists. While I have not been able to locate the postings he is talking about, it is certainly true that purported logs of the efnet IRC channel #ps3dev have been circulating that contain claims very similar to those Professor Spafford raises.

This brings us to our second open source-related lesson from this ugly situation – even the best- maintained open source is only as secure as its last release. Clearly we have no way of knowing what happened in the PSN hack, but no-one should rely on the security of open source – or indeed any software – who does not also commit to keeping their installations up to date.

PS. Professor Spafford’s prepared remarks for the subcommittee (pdf)) are also interesting in that they recommend a system of consumer data protection that closely mirrors the UK’s own Data Protection Act.