Posts Tagged ‘Gouvernance’

Position des candidats à la présidence sur le Logiciel Libre

2012/04/14

Après candidats.fr (et les réponses de J.L. Mélanchon et N. Dupont-Aignan), c’est le CNLL qui publie un document sur la position respective de N. Sarkozy et F. Hollande quant aux logiciels libres que vous trouverez sur http://www.cnll.fr/sites/default/files/cp-positions-floss-ump-ps-3d.pdf. Cela comble en partie un manque qui m’inquiétait précédemment.

Dommage que des candidats qui représentent plus de 10% des électeurs selon les sondages, n’aient pas le temps (je n’ose penser que ce serait le désintérêt) de se positionner sur ce sujet important à l’heure des économies budgétaires, du produire français/européen, de notre implication dans la mondialisation (un fait pour le logiciel libre), des considérations sur la liberté en général et les libertés numériques en particulier.

Néanmoins il est intéressant de voir que ceux crédités du plus de chance de l’emporter ont répondu, avec parfois de nombreux détails qui méritent la lecture du document, et que hormis sur le sujet du brevet logiciel (ou pour moi la position de F. Hollande, qui plus est, clairement argumentée, est celle que devrait tenir la France tant au niveau européen, au parlement, au conseil et à l’OEB, qu’au niveau mondial à l’OMPI) il est réconfortant de voir que notre domain de prédilection est (enfin) soutenu par les politiques.

Maintenant il y a loin de la déclaration d’intentions aux actes, et malheureusement, sous le présent quinquenat, les LOPSI, DAVDSI et autres lois similaires n’ont pas clairement démontré qu’il y avait une bonne compréhension des valeurs que nous défendons et que nous avion encore besoin de l’APRIL, de l’AFUL, de la Quadrature du Net pour défendre nos positions et les faire entendre, et éviter que des lois défavorables aux logiciels libres et aux formats ouverts ne passent.

Donc, adhérez à ces associations pour les soutenir, les aider par des moyens financiers à défendre les positions auxquelles vous croyez, et votez, surtout votez pour pouvoir après demander des comptes si cela n’évolue pas favorablement. Celui qui ne vote pas n’a pas voix au chapitre.

Pour moi toute personne intéressée par les logiciels libres, doit s’intéresser au fondement que représentent les licences qui les régissent, et par voix de conséquence aux aspect de gouvernance que cela recouvre, et encore par conséquence aux aspects politiques au sens étymologique (vie de la cité) du mot. Donc aux votes qui se préparent. La législative étant de ce point de vue extrêmement importante, car ce sont nos députés que nous pouvons contacter pour leur demander d’infléchir telle ou telle loi.

Réservez lors des 22 Avril, 6 Mai, 10 et 17 juin prochains les 15 minutes qui suffisent à vous exprimer. Et le vote par correspondance n’a jamais été aussi simple (ma femme a accouchée prématurément en cherchant à avoir une procuration il y a 15 ans, mais maintenant c’est bien plus facile). Bon vote :-)

Logiciel Libre et présidentielle

2012/04/04


Candidats.fr

S’il est un domaine étrangement absent du débat public et des discours des présidentiables, c’est bien le domaine de l’informatique :-( Et pourtant, c’est un domaine touchant de nombreux français, tant dans leur travail quotidien, de par l’utilisation toujours plus prégnante des technologies du numérique, que dans leurs activités privées (gestion de photos, de musiques, de films, d’associations, navigation Internet, courrier électronique, bureautique, gestion de comptes, …).

Et s’il est un domaine où des économies drastiques peuvent être effectuées, c’est bien celui du logiciel dans le secteur informatique. Bien sûr en tant qu’utilisateur de technologies libres, et de distributions Linux depuis 1993, je suis particulièrement conscient de ces aspects, et du reste, c’est un des facteurs, avec la maîtrise technologique, qui poussent les clients avec lesquels j’interagis pour HP à adopter de plus en plus massivement ces technologies (et de façon plus importante que ce que les chiffres ne montrent, en raison du mode de diffusion du logiciel libre).

De plus en plus de résultat montre également que le secteur public bénéficie fortement de son adoption: Notre gendarmerie nationale, comme la ville de Munich sont deux exemples chiffrés et parfaitement analysés.

Et cela n’est pas difficile, ni pour un politique, ni pour un citoyen de comprendre la raisonnement: la réduction des coûts importants sur les licences (réduits à 0), la mise en concurrence sur les aspects support et prestation intellectuelle (amenant un prix de marché raisonnable et une qualité obligatoire), la meilleure maîtrise de l’environnement informatique par les équipes en charge (ou en infogérance si préféré), la meilleure sécurité apportée par la transparence du code, l’interopératbilité par le respect des standards et normes, tout contribue naturellement à ce que tous les partis et citoyens analysant honnêtement la situation tirent la même conclusion: il faut adopter massivement ces technologies, pour améliorer tant notre indépendance nationale, produire localement en bénéficiant de la production des autres, créer des emplois à forte valeur ajoutée, réduire les bugdets de l’état comme celui des entreprises (même en comptant les investissement dûs à la formation complémentaire), remettre le facteur humain au coeur des choix et replacer les technologistes qui ont permis ces avancées à leur juste niveau dans les chaînes de décision.

Pourtant, personne n’en parle. Ou si peu. ni de l’importance des données et formats ouverts !

Avec le si faible nombre de réponses obtenues au texte de candidats.fr (et aucun des 6 candidats que les sondages annoncent comme majeurs), comment se déterminer ? J’engage donc les candidats à la présidentielle, mais aussi ceux pour les législatives qui suivront à faire non seulement part de leurs intentions dans l’adoption de standards ouverts et des logiciels libres, mais aussi à les promouvoir dans les discours, comme l’un des moyens de réduire la dette de notre pays, d’améliorer l’emploi ainsi que notre indépendance technologique.

En 2012, votez FLOSS !

Droit d’auteur, l’avis d’un auteur parmi d’autres

2012/03/26

Suite à la lecture de l’article de François Élie, Bernard Lang et Franck Macrez sur la gestion des droits d’auteur sur les oeuvres orphelines, j’ai décidé de signer la pétition contre la loi qui renforce une fois de plus le droit des éditeurs (et on des auteurs) au détriment du public, et même des auteurs.

En tant qu’auteur de logiciel libre, musicien amateur, auteur d’articles de blog ou quoi que ce soit d’autre issu de mon esprit et représentant ainsi ma propriété intellectuelle, je trouve navrant le tour que prennent les événements. Après tout, pourquoi les créations d’un auteur devraient-elles être protégées au delà de sa mort ? On peut comprendre que l’on souhaite léguer des biens matériels aux siens, pour les protéger en partie des aléas de la vie, mais il faut aussi les laisser l’affronter et créer leur propre sillon.

En cela, s’ils peuvent en partie souhaiter défendre le droit d’auteur de leurs ascendants, pour qu’il n’y soit pas fait outrage, je ne vois pas pour quelle raison ils devraient bénéficier des droits financiers s’y rattachant de façon aussi excessive. Les bénéfices de la réputation de l’auteur initial sont bien suffisants non ? Et s’ils veulent en tirer profit, ils ont eux-même à faire preuve de leur talent pour reprendre le flambeau et mener leur barque.

Qu’en tant qu’auteur, on me protège du plagiat honteux, oui. Mais pas du pastiche ou de l’hommage non ! (La 8è symphonie de Chostakovitch pour le premier ou Les variations de Rachmaninov sur un thème de Corelli pour le second sont un des multiples exemples que la musique nous donne en ces domaines). Et à sa mort, que ses oeuvres puissent éternellement (tant que l’on sera en mesure de les conserver du moins) bénéficier au plus grand nombre me semble logique. C’est le principe même d’artiste qui invite au partage de l’émotion artistique par le plus grand nombre.

De quoi vit un musicien classique de nos jours. Pas Jordi Savall, ou Maurizio Pollini. Le musicien de rang, celui qui joue dans un quatuor, un orchestre baroque. De ses activités de musique vivante: concerts, animations, enseignement. Le disque en général ne leur rapporte guère (si ce n’est au forfait), et seul une poignée pourrait imaginer en vivre. Du reste, le disque a été originellement conçu pour conserver une trace d’interprètes majeurs pour qui cela valait la peine de d’investir (genre Caruso ! pas la soupe actuellement mise en boite). Ceci est aussi une des raisons de la désaffection pour ce medium, les éditeurs ne jouant plus leur rôle de sélection, mais enregistrant non pour conserver mais pour faire de l’argent (il y a aussi des exceptions en classique, comme le label de Jordi Savall, Alia Vox, qui fait oeuvre de mémoire, ou nombre de petits labels courageux comme les Hyperion, Harmonia Mundi, Alpha, Zig Zag, … qui le font aussi).

Le fait que je ne souhaite pas interpréter de la musique contemporaine tient certes de mon goût pour la musique ancienne, mais aussi par la complexité légale mise en place pour protéger les éditeurs (et prétendument les auteurs) et qui aboutit à l’impossibilité pour les interprètes de jouer les oeuvres de leur temps (et pas qu’en raison de leur complexité, car il reste du répertoire accessible).

Il est temps que les auteurs, les interprètes fassent preuve, de par leur vote pour des gens qui ne soient pas tous avocats de formation (et ne veulent tout résoudre que par une nouvelle loi), de leur souci de léguer d’eux la même image de générosité dont ils témoignent dans leur jeu musical. Qu’ils se prononcent en majorité pour la mise dans le domaine public de leurs oeuvres après leur mort. Que l’on change ces lois iniques pour favoriser l’échange culturel, comme les auteurs de logiciels libres ont su le faire dans leur domaine, quitte à adopter de nouvelles licences de diffusion. Leur talent est aujourd’hui leur gagne pain.

Quant on voit comment les “ayant-droits” de Charles Trénet se battent pour son héritage, ils sont bien loin de la joie de vivre transmise par le fou chantant, mais très proches de sa chanson l’héritage infernal. Ah l’héritage des droits d’auteur, vaste fumisterie en fait !! Idem avec le changement des dates de péremption des droits d’auteur pour continuer à couvrir le Boléro de Ravel, vache à lait de la Sacem (souhaitons bon courage à l’anti-sacem au passage).

Souhaitons que dans tous les sujets abordés lors de ces campagnes présidentielle et législative, les points précedemment évoqués fassent l’objet d’un large débat et que d’autre vision de notre société puissent émerger pour le partage de la culture, comme pour celui de la connaissance.

First day at OWF 2011 – Afternoon

2011/10/03

After lunch, it was time to come back in the “Open Source for industrial users” track lead by Gaël Blondelle.

Increasing industries speed to innovate with FLOSS by Dominique Toupin, Ericsson

  • Dominique started by asking a question: Does speed really matter ?
  • He rapidly concluded that yes, of course. He gave some examples of projects initiated by Elon Musk, such as Zip2 sold to Compaq in 1999, Paypal. Or Tesla (Electricity car) and also SpaceX. All were very complex systems elaborated in a short time thanks to Open Source. Same is true for Google/Android.
  • You end up with better features by doing Open Innovation and teaming up experts from different companies.
  • This is also valid inside your company: whole greater than the sum of the parts. And you’re not locked in.
  • Only 15% of RFE are really implemented in commercial products. In FLOSS, when a feature is key, you can do it yourself or buy someoneelse’s time so that it is realized at 100%.
  • People tend to oppose FLOSS to commercial, make to buy. It’s not the case. FLOSS is commercially supported, so just take the best of both worlds to fullfill your need of speed.
  • Requiring tools across the whole chain (and expensive ones) slow down your service activity, whereas using FLOSS tools in development brings speed to the service part. And you gain time with existing knowledge from universities or company acquired.
  • FLOSS allows to dedicate the extra budget gained on licenses costs into the features you need.
  • E/// has an Open Source Core team.

A very pragmatic approch exposed by Dominique, showing clearly tradeoffs needed at industrial level.

Efficient and safe FLOSS strategy by Michel Ruffin, ALU (on behalf of Philippe Richard, VP of Corporate CTO)

  • Size matters: 79000 employees, 27900 patents, 27000 developers, 130 countries, numerous suppliers and outsourcing, multiple acquisitions per year (=> deal with legacy), life cycle from 1 to 20 years. Makes developing the Governance process “interesting”.
  • Trend towards becoming an integrator of FLOSS with more complex SW stacks, reducing however the development costs during time.
  • ALU’s strategy is going to FLOSS to remove supplier lock-in, much more than to reduce costs.
  • Between 20%-80% of FLOSS components in their products (40% in average). Importance to create internal communities to discuss FLOSS related topics. FLOSS adoption means innovation, speed, freedom, new business model (moving from a HW/SW supplier into a service supplier)
  • ALU is a contributor of FLOSS (even if not known). By paying providers (10+MUSD), providing patches/bug fixes to tools, Corba/Mico, Plan9. Also sponsoring OWF, FOSSBazaar, Systematic, OVA, Carrier Grade Linux (LF).
  • For ALU, it matters to respect the philosophy behind the words of the license and thus contribute.
  • Strong FLOSS Governance process started in 2002. Process evolving constantly (taking in account new techno/licenses/acquisition/…) 160 people trained 1 week to be FLOSS validators. 1000 people trained on a basic tutorial. 3500 FLOSS components in ALU DB. Clauses in supplier contracts (propagation to their own suppliers). ALU willing to share the governance process with other companies. ALU would like to standardize these clauses with the Compliance group of the LF.
  • R&D is declaring FLOSS usage. ALU is also automating the BoM by scanning code (BlackDuck/protex and FOSSology)
  • All this is available as much as possible on the Internet (However, I was not able to find easily the oprtal mentioned in Michel’s slides :-()
  • On top of the process, you need to check that it’s applied (start with CxO, R&D – even if they think they know), Communication). Then improve the process, deal with exceptions, stay flexible, and stronger during time.
  • Resources to support the process needs to be allocated accordingly. Use tools to automate and to detect issues and inform executives.
  • Challenges around stuff like Maven, SPDX adoption, partnership with other companies …

ALU presented a strong Governance model, including now suppliers, and is willing to share best practices with others in order to improve the ecosystem. Network Equipment Providers are clearly taking seriously this area.

Business model of co-development on FLOSS by Denis Pillat, Service Delivery Manager for ALM at ST Microelectronics and Laurent Charles, Enalean

  • Custopmer (ST) funded the development and save on the maintenance by contributing to the product Tuleap (a FLOSS ALM).
  • Customers’ developments are also supported by the partner (Enalean).
  • Strong internal usage of the forge (120000/40000 users) so central, with requirements around robustness and availability (ran 24×7) and long life cycle, but with an improved TCO. If budget is cut, needs independance from provider.
  • ST is not an ISV, team role is to support deployment and integration in ST landscape.
  • Solution retained is a mix of in-house and outsourced solution.
  • Using and adapting a FLOSS costs as it requires backporting features each time with new versions, and ST is not scaled to cope with the rythm of a FLOSS project.
  • Code and features from ST are reviewed with Enalean so easy to integrate. The partnership is of good quality. And also good quality of contributions.
  • For ST, FLOSS increases motivation of contributors with their work recognized and exposition, and they work more on creative parts, and less on maintenance tasks.

I think the presentation would have been more effective if ST would have been the only speaker (or speak more). The track isn’t aimed at promoting companies, but really share return of experience around FLOSS adoption.

TopCased return of experience (http://www.topcased.org) by Pierre Gaufillet, Airbus

  • Pierre first presented some characteristics of an airplane development in size throughout the years:
    • 4 kB for Concorde
    • 4 M for the A320
    • 12M for the A330
    • 500MB for A380
    • Life cycle: 40 years – A300 family (started in 1972 and production stoped in 2007 and support till 2050 = 78 years). Tools need to be there for a very long time.
  • Code is increasing. Quality is mandatory
  • Historically, development of their own tools to check quality. Not their core business. Moved to a buy approch.
  • Internal tools transfered to editors, who tried to sell them on larger scale, which failed as too costly and too specific. Some examples:
    • For Autan (Airbus name) => Attol (Marben) => Attol (Attol-Testware) => RTRT (Rational) => RTRT (IBM)
    • For RTRT they succeeded, but Airbus has anyway problems with the life cycle of this tool.
    • Scade (Airbus + Schneider) => Verilog => CS => Telelogic => Esterel Tech.
    • Geode (Airbus) => Verilog => Telelogic even died !
  • no more control on these tools by Airbus anymore. Sometimes can’t even buy a license anymore.
  • Topcased started in 2004. Reduce dev costs using model based System Engineering.
  • Integrated universities and academic partners.
  • Topcased aims to produce tools for embedded domain on critical system, on the descending branch of the V life cycle.
  • Community around topcased includes Airbus, CS, CNES, Thalès, EADS, Atos, AdaCore, INSA, EnSEEIHT, Toulouse Univs, Inria, Irisa, Laas, Onera at start. Now additional new partners such as Turbomeca, Continental, Obeo, Carnegie Mellon, CEA
  • 2006: First FLOSS release. (One year to solve licensing aspects)
  • 2007: V1.0 and then one major version per year synchro with Eclipse. Minor every 2 months.
  • 45 subprojects from model editors to code plan generator, model simulator to property generator.
  • 2011 first TopCased conference (> 100 persons)
  • Allows competitors to work jointly on components.
  • 12 components are in use today (A350)
  • However, an organization is missing to improve quality and IP control, maturity assessment, VLTS build system, roadmaps. OPEES (ITEA project) aims at fixing that.

I really like this presentation (that I first heard partly during the Think Tank 2010). It clearly shows the huge problems that software development still needs to solve in order to support such life cycles. Raises questions such as how to motivate a community to maintain software for so long time, typically. Also how to preserve build environement, especially when the hardware is changing as rapidly as it is today.

It was then time for me to change session and move to the Governance track lead by Martin Michlmayr.

I contributed briefly to a join talk with Antelink.

Tools for developers to ensure legal integrity of their code by Freddy Munoz, Antelink and Bruno Cornec, HP.

Freddy explained in more details what Guillaume covered in his talk of the morning, and went through the details of Antelink Notifier, Reporter and Search. For myself I covered rapidly FOSSology, giving its main features and also the latests developments realized. Of course, as the project is hosted by the Linux Foundation, as long as they keep the systems away from Internet for forensic, it will be difficult to have access to the project :-( But hopefully, it will be back soon.

Identify the obligations of FLOSS by Benjamin Jean

  • a License (or contract) is a tool made of rights and obligations, a scope and trigger
  • Writers can be foundations or Companies
  • Number of licenses increases (70 referencesd by OSI, >50 by FSF, 1000 by Black Duck, 400 FOSSology)
  • Benjamin gave some statistics:
    • For Black Duck 43% is GNU GPLv2, 11% is MIT, 7% is Artistic
    • For OpenLogic 32% is Apache, 21% is LGPLv2.1, 14.4% is GPLV2
  • We need clarification: a common nomenclature (detailed and scalable) & descriptive
  • International standardization body is a good way, but very expensive, and not driven
  • Benjamin proposes a first classification based on obligations (to give, to do, to not do.)
  • Rights are harmonized across definitions (some more rights depending on licenses or some missing)
  • The real differences are around trigger, scope and obligations. Benjamin then detailed those:
  • Obligations have no common definition whereas a standard would be useful for projects, industry
  • Scope can be very limited (permissive), limited (GPL/GPL sometimes, CeCILL-C, MPL), standard/legal (EPL, EUPL, OSL) or large (GPL, CeCILL)
  • Trigger: Distribution (GPL), Usage (RPL), External deployments (AGPL, EUPL, …)
  • License compatibility could also be classified between limited and extended. Cf also work done at the Inria, described on their Web site in the Innovation part, Free Software then the guide.
  • This classification can also easily be valid across countries and thus not being dependant of local legal rules.

Benjamin’s approach was extremely sharp and that session was really deserving belonging to the ‘Think’ part of the OWF ! This approach by obligations could really improve the situation of licenses compatibilities and help all the actors of our FLOSS ecosystem.

I had still a bit of time to discuss with him, Martin and Marc Picornell before leaving the event and benefot from the fact I was in Paris to attend a concert at the Chatelet Theater performed by the National Orchestra lead by D. Gatti. Ravel, Dukas, Debussy and Enesco made a radical change for the end of the day !

You can see some of the pictures took during OWF 2011 at https://picasaweb.google.com/112434061686721373729/OWF2011

First day at OWF 2011 – Morning

2011/09/30

As usual, this event started with a number of keynotes in the morning. Eric Besson was, I must say, boring, just reading a paper, visibly without any idea of what all that was about :-( Too bad he is the ministery in charge. When will France really take seriously IT and FLOSS in IT in particular !! When everybody is talking about debt reduction, FLOSS is such an opbvious way to contribute, that I’m still puzzled no political voluntarism is in place.

On the contrary, the region and the city showed more willingness to promote FLOSS and to report around their practice. Jean-Paul Planchou, and more over Jean-Louis Missika clearly articulated why FLOSS is so beneficial to the public sector, and why using FLOSS and Open Data is a no-brainer for a public policy, and thus why they will increase its adoption in the future.

Louis Montagne and Jean-Pierre Laisné then opened officially the OWF 2011. We then had a short presentation from Systematic, and jumped to the adoption of Open Data in UK by Nigel Shadbolt, which mentioned clearly that even if a governement doesn’t know what to do of some public data, a lot of citizens do know ! And develop tools to analyze them. This is not just about IT, but really about citizenship and politics in the original sense of the greek work polis !

Werner Knoblich, VP EMEA of Red Hat, then presented the Cloud offering at Red Hat and how its products were to the cloud, what RHEL is to a Linux distribution, or what RHEV is to KVM+libvirt… Stéphane Fermigier interrupted him during his keynote to mention that the Red Hat offering was not Open Source because he had been unable to download the software. Werner insisted on the fact it was as Open Source as the rest of what Red Hat delivers (as soon as it can) and that both CloudForms and DeltaAPI as soon they’ll be out of beta will be available largely for download.

Was then time to chose a session, and I picked up the “Open Source for industrial users” lead by Gaël Blondelle as I tried to contribute to its setup, and I’m interested by the topic, and the fact that some Governances talks were planned during it.
Here are the notes taken during these talks, and some personal comments.

Proper Tooling critical for FLOSS by Philippe-Arnaud Harranger, Atos (http://www.drakkr.org)

  • FLOSS is attractive
  • Some risks involved (IP, disappearance of projects, security, licenses, …) and addressed by the Governance approach.
  • Need to audit. The key is a proper process. But without tools, they won’t be respected.
  • Mentioned various tools (Antelink, Blackduck, FOSSology, OpenLogic, Palamida, Protecode) – Indicated that most are commercial except FOSSology.
  • P.A.H. introduced Drakkr: methodology and tooling for the Governance, to address the various risks (IP, security, tracking). All this is FLOSS as well. It contains:
    • OpenSource Cartouche (alternative to SPDX). More easy to use, and more community oriented, rather than legal. License Cartouche. rights and obligations linked to FLOSS
    • QSOS is another part. Spider charts available to compare FLOSS components. Competitors openBRR, OSMM, Quallos seem at their end.
    • StratOS: maturity and Strategic analysis of a FLOSS. Based on QSOS.
    • eCos: financial indicators around FLOSS ROI, costs analysis, comparison with proprietay. Other tool is WIBE
    • Also mentioned NVD for security flaws analysis
  • P.A.H Insisted on the fact that tooling (whatever) has to be used to support the process and the governance.

I already mentioned Open Cartouche previously, and I find that whole work of creating a coherent tool set around FLOSS Governance interesting and promising. Probably needs more adoption outside of France.

How to help development team manage FOSS during the whole industrial process by Guillaume Rousseau, Antelink (http://www.antelink.com)

  • How to develop best tools for dev teams.
  • Antelink helps you keep control of your SW integration and supply chain. Spinoff of Inria. Inria a major customer (10000 users around the forge).
  • Guillaume mentioned the challenge of dealing with on-shore/off-shore dev teams, contractors and FLOSS.
  • Dev is generally made of internal code, 3rd party FLOSS & commercial and Outsourced dev.
  • Adressing licensing issues asap is key to reduce costs. So needs to be done at the software factory level.
  • Also management of updates and security is key as well (especially 3rd party components).
  • Dev team and lawyers should talk to each other. You have to provide the right tools for dev teams.
  • Antelink is Part of OW2 SQUAT (SW Quality Assurance and Trustworhtiness).
  • Part of the Linux Foundation Open Compliance program working on SPDX.
  • Provides a large FLOSS DB (~1M projects, yes 1.000.000, twice as much as BlackDuck !!). Around the database, they developed a tool suite: Antepedia Notifier, Search and Reporter.
    • Antepedia Notifier plugged around VCS to detect introduction of FLOSS components and act accordingly
    • Antepedia Reporter does on demand analysus and produces reports
    • Antepedia Search allows you to upload components and check their content.

Antelink is clearly to be followed closely, with regards to their ability to store the largest base of code and provide information out of it.

Good Governance drives Innovation by Andrew Aitken, Olliance Group (Blackduck) (http://www.blackducksoftware.com)

  • BlackDuck has 75% of the market.
  • FLOSS is ubiquitous (85% of enterprises uses it) => management complex.
  • Took Mobile market as an example of growth. Impact of Android (taking the lead in less than 2 years) also on competitors. Complexity of building a complete Smartphone.
  • It’s not easy to manage FLOSS. Need policy (succint, flexible), process and automation (management with spreadsheet doesn’t work anymore).
  • Process is: Acquire, Approve, Catalog, Validate and Monitor.
  • FLOSS ecosysem is too abundant, spread across multiple repos (own ecosystem), thousands of projects (own governance), however more demand for FLOSS developers time than what is available.
  • Transparency, collaboration, meritocracy and OSI licensing are the keys for communities to innovate.
  • Example of innovation:
    • Danish government with its portal.
    • AOL is revamping itself fully based on FLOSS.
    • US Veterans health system open sourced (5 BUSD allocated to it, they pay 0,5 BUSD just for support)
    • New areas: Open Source Ecology, Open Prothetics, Oilgae (algue eating oil), Open Cola, Tropical Disease

Even if Andrew (who is leading the Open Source Think Tank) has lots of connections in the FLSOS ecosystem, and generally interesting talks, this time I didn’t find the presentation much interesting. Too generic, not entering in any level of detail, probably too BlackDuck oriented (original speaker planned was Tim Yeates) and not speaking enough about FLOSS projects. A deception.

FLOSS licensing in the supply chain by Didier Patry, HP (http://opensource.hp.com)

As an introduction, Didier introduced himself as leading a worldwide team of 12 persons working in Legal at HP around FLOSS. Dider then covered the following topics:

  • At HP compliance is not an option, it’s mandatory. Working with the HP open Source Review Board (OSRB).
  • IP infringement (Contract break) can be in some countries a criminal offense.
  • We could break HP’s reputation if we are not compliant with FLOSS license.
  • We’re seeing new license models coming up, creating compatibility issues.
  • This is also impacting all the digital information world (data, knowledge, …)
  • All that will keep lawyers busy (good for him of course :-).
  • HP puts requirements on suppiers around FLOSS compliance (our telco provider e.g.) which may not completely control the production chain.
  • Risk is not too much with our employees (trained), but with acquisitions (Autonomy e.g. atm) and procurement and the supply chain (thus the requirements on suppliers). Hard to scan fully. So need other way to manage the situation. So HP created a risk rate and identified high risk activities. Didier gave some concrete examples:
  • Usage risks:
    • Internal use is low risk
    • OEM-in/out is high risk
    • Reselling high revenue/volume product is high risk
    • Redistribution via channel partners is medium risk (depends on partner education)
    • Incorporation of critical FLOSS elements into flagship product is high risk
    • Company with single product (WebOS e.g. for Palm) is critical for them so non-compliance is high risk
    • Distribution with no-access to elements afterwards (e.g. to Army/NATO) is high risk
  • Licenses non compliance risk:
    • BSD/MIT and Apache are low risk
    • GPLv2 and 3 is higher risk
    • MPL is also higher risk
    • New FLOSS license are more risky
    • Items without licenses are very risky
  • Suppliers compliance:
    • SW from FLOSS project is low risk
    • SW from entity with strong FLOSS culture is low risk
    • SW from entity with strong corporate partnership is low risk
    • SW from entity with new or weak culture is high risk
    • SW from entity with start-up is high risk
  • Didier from that creates a 3 axes matrix to evaluate the global risk. Example huge difference between internal use of a BSD component vs high volume mixed of licenses SW.
  • Risk mitigation. Legeal protection is:

    • Representation (termination of the contract): good but does not address reputational risk
    • Warranties (damages): better but insufficient to compensate for reputational risk
    • Commitments: best proactive measures:
      e.g. list of FLOSS components in each package. Or easier Identify fully FLOSS components, licenses. Or even more easier again create a critical (black) list of licenses for you or ask for scanning (FOSSology – probably not easy, problem of confidentiality) or ask for external scan report or SPDX certification in the future.
    • Creating local agreements with partners around Governance.

In my opinion (not neutral of course as I’m another HP employee), it was the most interesting talk of the morning. I never had met with Didier before, just had him on the phone, and I was very impressed by his clear and didactic presentation, with the large set of examples he was giving live, and even if I’m aware of it, by the quality of the FLOSS Governance model in place at HP. Definitely worth sharing, and I’m convinced lots of entities could benefit from our views more.

It was then time to take a lunch box and start the set of afternoon sessions !

Meeting during LinuxCon in Prague or OWF in Paris

2011/09/05

I’m happy to have been informed that my proposal of presentation around FOSSology for LinuxCon 2011 in Prague has been accepted (too bad the others on MondoRescue or Project-Builder.org weren’t. Hopefully a next time).

However, for Project-Builder.org you can attend the presentation during the upcoming Open World Forum in Paris and discuss with me about everything Open Source and Linux and HP !

So some way to meet across Europe soon with you :-)

Second day at Solutions Linux 2011

2011/05/12

I attended in the morning the round table on Governance lead by ALexandre Zapolsky (Linagora)

3 companies were represented:

Alterway (created in 2006) – 10 MEUR – 120 people (Represented by Véronique Torner)
Activities: Consulting – Hosting – Training
Governance for large enterprise (Open CIO Summit)

Smile (created in 1991) – 33 MEUR – 10 years on FLOSS – 540 people (Represented by Patrice Bertrand)
Activities: FLOSS integration, Web site/Intranet development,
Leading the FLOSS Working Group at Syntec Numérique.

Linagora (created in 2000) – 13 MEUR – 130 people (Represented by Michel Marie Maudet)
Activities: SW Editor (OBM) – OSSA – Consulting

Véronique said that 3 years ago in the CIO Summit, CIOs thought they had no Open Source.
This year, they have representatives from Safran, Ministère de la Justice, PriceMinistère, Nature et Découverte, La Poste, Auchan. Hidden before at infra level. Now seen at CIO level. So will to control and govern.

Patrice said 3 years ago that Gartner revealed the presence of FLOSS in the enterprise.
Contacts were performed with Carrefour, Véolia, EDF. Enterprises do not see how to do Contributions.
Purchasingdepartment is one of the entities interested by the governance aspects. CIOs want to rationalize.

Michel-Marie mentioned that Linagora worked with Carrefour, Air France, Renault on these topics.
CIOs have to mitigate risks wrt Oracle, Microsoft, SAP, IBM (MISO) which represent 80% of their budgets and thusthey have a policy of diversification and of cost reduction.

Véronique mentioned that the recent crisis revealed Open Source and allowed to dialog with CEOs on the topic. FLOSS was considered as an entry level/low cost solution before. It’s now considered for its true qualities, creating value in the enterprise.

Patrice reported that studies put quality before price, even if price remains in the scope.
Price reduction is coming from the packaged offered proposed by the various actors. Cost reduction is done due to the economy of scale (when deploying hundreds, thousands of SW).

Véronique underlined that in the infrastructure space, FLOSS has been key for deployment. On some other areas (apps like CMS), the cost difference may be less important. Sharepoint may be at 0EUR inside a large enterprise, so what is the benefit of a drupal there. This has to be worked in other ways. Some customers said that Red Hat is sometimes more expensice than a proprietary solution.

Michel-Marie asked what is the value here: lots of SW are deployed but 80% of its functions is unused. CIOs today consider more the value brought. In the management/monitoring area, the BMC/IBM offerings are like Christmas trees but stick less to customer needs. The right term is to be cost effective. Some customers say today that they have more problems to find competencies around commercial solutions than on FLOSS ones, because engineer schools have adopted massively FLOSS technos. It’s now the reverse of what it was still 5 years ago.

La Poste Governance representative precised that the goal is to work on technical cost reduction (Nagios praised), but they realized rapidly that they should work on value analysis more precisely, and that the value is in the people (more agile), so cost is similar to proprietary solutions, but FLOSS gives much less problems on the long run (open formats, archiving constraints, …)

Alexandre then orientated the discussion now around the Governance aspects themselves, and what policy to put in place.

Patrice said that FLOSS governance consists of writing in a document what the enterprise want in term of FLOSS adoption, derived in term of support, RH, contributions, … Maturity is not there on his side in France.

Véronique has seen organizational models in place, with people dedicated to FLOSS governance (La Poste is precisely an example with a FLOSS IT central group + dedicated teams recommending solutions + a small legal aspect). In the Société Général Bank, there is no split, it’s handled as commercial products. Safran has on his side a more formal legal approach on FLOSS.

Michel-Marie mentioned a methodology that has been developed to help CIOs. Around 10 weeks of assessment (20 architects of Air France e.g. were met and interviewed) to summarize needs, what worked, what didin’t and which FLOSS Solutions could be involved. Recommandations from other customers are shared and expected. Second step is to benchmark per vertical, size of company, usage models (simple user or OEM providers such as ALU). Third step is to build the governance (technology program, policy doc, solution reference architectures). Bouygues Telecom has positioned Oracle for critical DBs, and FLOSS ones (PostgreSQL) for non-critical ones. Then there is a need to measure, during time, FLOSS adoption. They recommend to put in place a FLOSS Center of Expertise (ALU has 150 persons for that).

Commercial SW vendors do the evangelization by meeting refgularly with customers to present new versions, evolutions, … in the FLOSS area, enterprise sneed to put in place a specific team to monitor the FLOSS ecosystem, create reference architecture and also to support themselves (or not) and deal with it. Véronique presents that CIOs hope to give the support to a single actor, and also fear the lack of an editor behind the Software.

Smile teamed up with OpenLogic to solve the support aspects for enterprises (L1-2,5 done by Smile and L3 by OpenLogic – having commiters in a large set of communities).
Patrice also mentioned the importance of the inventory with tools (such as Black Duck, FOSSology), and new models of FLOSS development (mutualized development with FLOSS such as GENIVI or OPEES)

Michel-Marie precised that they specify reference architectures with customers, creating a base of a large number of components and work on the support as a single point of contact (Note that HP and Linagora have partnered in France to use this model for customers). Re-insurance and patch reversion to the communities/editors is then handled by that actor in charge of support. Currently OSSA offering from Linagora is used by 50 customers. Air France created a “Blue Hat” base.

Véronique has around 10 customers for support, and some other more specific contracts. Patrice mentioned 10 customers as well with a starting offering.
Véronique also insisted on industrialization of FLOSS, with their experience around PHP. Voyage-SNCF is one of the customers benefiting from their work in that area.

Patrice mentioned that this is an area (customer developing Software) where governance on FLOSS is key. There are legal constraints, licenses and IP to respect, training to be performed up to the developer.
Michel-Marie explained that there is a need to guide developers with Software Engineering frameworks, e.g. pointing to the right versions of libraries, forcing a ticket for evolution.
Véronique thought that there is a lack of knowledge of FLOSS usage in the enterprise. They miss “geeks” and legal background.

Guillaume Rousseau (Antelink) made a testimony of what leaded INRIA to identify IP rights on their SW base (660000 bricks). What is the tooling to put in place to manage hundreds of thousands of components ? Patrice indicated that putting in place a central repository is a goal of the governance process, but it creates frustration at developer level by controling them tightly (pre-dev control), or pass tools that control a posteriori (afterwards) the conformity to rules (in a continuous build chain). Véronique mentions that another approach is to integrate developers to the governance program, in order to gain adoption.

Michel-Marie mentioned they have a much smaller base (300) that they are monitoring, but consider they have the one really used by their customers. Only a small part of customers embed FLOSS in their products and need more fine control. Others are users of bricks, more well-known and less risky.

Question from the audience on how to Open Source an internally developed SW. Recommandations from Patrice are that there is a need to be pro-active on the topic (Case of EDF). Véronique had requests from ISVs, more on a marketing aspect. They can help around the development aspects, quality aspects, licensing aspects.

Then some conferences where made:

Open Source Cartouche by Philippe-Arnaud Haranger (Atos Origin – Team Pascal Pujo)

Study made around an Aerospatial customer.
9 years of devs, and strong willingness to use FLOSS components.
Study showed incompatible licenses. Copy/Paste of code in 2000+ bricks.
Quote: “My God ! What have been done ?”

Licensing wasn’t a priority (they already didn’t document)
Code contamination is made on purpose, because they need it, and is due to local teams, outsourcing, and external application maintenance.
Consequences: licenses not respected, proprietary code tainted (PI loss)
Open Source was favoured, but in reality they created risks.

Solutons: Strong governance (creates too many constraints in general) or Tooling (cost, but efficient) or Manual Audit (cost, complex, impact) or take risk (costs and impact) or open source the SW (anyway conformity required, but impact as irreversible).
The earlier it’s done the less it costs.

Solution is Open Source Cartouche (what is around the Pharaon) – derived from QSOS.
Identify licenses and the recursivity of components integrated
It’s a structural approach beforehands, instead of scan afterwards (even if this is also required)
Put more trust in the FLOSS, Avoid contamination and protect community works.
Presenter asked the possibility of using this formalism in FOSSology ?

Some Remarks on my side:
I asked the question: What is the position vs SPDX ? I think they are probably in competition, and that they forget to consider it before launching something on their side. What is important is to have a standard adopted. The answer was that there is a fear of Blackduck that may create problems for communities. Their standard proposal is simpler than SPDX so more pragmatic, and thus propably easier to adopt by FLOSS projects. And the team is open to make required adaptations. However, it won’t work as a franco-french stuff !! I think we need an SPDX lite if we aim at being adopted by FLOSS projects, as the current status of the project is just only understandable by lawyers. I’ll try to generate some discussions around that on the SPDX ML.

Thinking about all this I think it would be valuable as well to lauch a new initiative to create the CERT/CVE base of licenses violations, working on the same model (disclosure after problem is solved).

Governance deployment return of experience by Guillaume Degroisse (Consulting Lead Linagora)

Goal Today: being independant from MISO.
Quality and Interoperability are considered before price.
Problems of adoption: Using standards of the market. Lack of performant FLOSS solution on some specific areas.

Bouygues has 150 own persons developing using Agile methods with lots of FLOSS components (not outsourced, and localized in France)
CIOs have to consider organisation, competence management, purchasing, legal and providers aspects. All these topics ar part of the FLOSS governance plan he has to put in place.
Guillaume also detailed what was covered during the round table around LInagora’s approach (Assessment, OSSA, CoE)

FOSSOlogy by … Bruno Cornec (HP)
25′ around the reasons of its creation/open sourcing, features and focus on upcoming 1.4.0

Return of experience on mutualization by David Duquenne (OpenWide Technology)

Enterprise have to deal with apps modernization.
Presentation focused on value creation at apps dev.

From innovation to industrialization: Technology assessment, R&D, Architecture and Integration, method and tools for industrialization. These leads to a framework definition
The goal is to share that Java Framework (Improve Foundations) across enterprises (having an Open Source base and community driven, and specificities intergated as components in this framework).
He insisted on the lack of java competencies. They deliver some Cobol to java trainings, espeically in-house.

Alliance Informatique has developed 100+ apps using Improve Foundation.
RSI wanted to fusion different IT systems.
Renault looked at homogeneize hundreds of projects (International). More interested to contribute. Renault will help Open Wide to develop the framework at international level
Atos Origin is also using it for 3000 screnn migrations

Gains: integration of non-java devs. and mobility of resources is key.

Passed the rest of the day discussing with various people. Had in particular a long and very interesting discussion with Erwan Velu who work at Zodiac, where they are developing a SIT (Seat Integrated Technology) all based on FLOSS (Linux/Debian, vlc, webkit, ELF, …) and have done an impressive job at making a nice looking, very responsive interface. I just hope that most companies I’m traveling with will adopt it soon ! And good news: they’re hiring :-) So if you want to work in a interesting area, way to go !

And they’re not the only one trying to recruit. I know that Wallix and Linagora at least are looking for good profile. All good news for our sector, which show indirectly the wealth of FLOSS !

First day at Solutions Linux 2011

2011/05/12

Summary of my first day at Solution Linux 2011. I was in charge of co-leading the community track with Anne Nicolas. We hosted the following sessions for which I took some notes:

Mageia
Mickael Scherer (Mageia) presented “a Fork of a distribution: Mageia derived from Mandriva”
(He made an interesting relationship between Forks and Catholicism vs Protestantism as an historical reference)
Reason of fork => community vs entreprise
History of relationships:

  • 2000: cooker: R&D opened from Mandrake/Mandriva and idea of foundation considered
  • 2003/2004: resources sharing (compile cluster)
  • 2005: conspiracy@zarb.org sharing problems met.
  • 2006: Steering committee between employees and contributors.
  • 2007: Foundation mentioned at RMLLs – fondation@zarb.org
  • 2008: AUFML – Assoc of users.
  • 2009: Assembly to followup on
  • 2010: Mageia created to avoid Mandriva closure. Going further than a distro.

Mageia details:
More open governance – Association created + contributors (not creating a company as unfair wrt Mandriva) – Model based on a Council + Board. Renewed by 1/3
Mickael then mentioned some issues:

  • Pb1: Infrastructure: Not starting from nothing. Want to reuse and be at a high level from scratch.
    Code reuse is easy. Bugs reused is more complex (Customized bugzilla under Mandriva control).
    Hosting ? Gandi, Lost Oasis, Dedibox helped a lot.
  • Pb2: Brand management: Audit of code to remove mandriva – manual, underestimated.
  • Pb3: Comm: with original project. Even if angry vs some people, it’s better to avoid hostility. Split of identity (contributing to Mageia vs Mandriva) – Press contact is required for a distro
  • Pb4: Community. Feedback was important – 1100 mails just the first week ! Managing the enthusiasm. => Split tasks – People want to change everything ! DO a planning. Avoid the Vaporware effect (as said by LWN that will need to review that)
  • Pb5: Details management.

Logo: guidelines posted. Process to listen and need of transparency. Even if their choice is not chosen, they know why and get explanations. No blund choice.

OPEES
Presentation made by Gael Blondelle. Works for Obeo (Obeo is Strategic member of Eclipse) – OPEES Project Lead

OPEES goal is Open Source for long life cycle projects.
It’s an Open Platform for thre Engineering of Embedded systems

Ensure the long term availability of FLOSS tools for Critical systems (life impact, very high costs).
Example: A300 Airbus life cycle: 35 Years. Support = 78 years
(1972 project started -2007 production stopped) – Support till 2050
On board software development for very long life cycle products.

Ericsson: Base station for mobile – General life cycle of 30/40 years (electro-mecanical telephony centrals created in 1920 and still used in 1980)

Will FLOSS bring success is not yet known. But what is known is that commercial SW failed (example: Verilog made Geode, then bought by Telelogic, then bought and killed by IBM) Not counting the change of support contracts, costs, …

Decision by Airbus and Aerospace Valley in 2004: Adopting FLOSS with Topcased
(UML modelers and code generation). Used since 2008 to write code in A350 (next generation).
In 2009 the main Topcased contributor was bought, and TopCased devs stopped there. But thanks to the FLOSS approach, other contributors were found to lead the project.

Problem: How to create a community ?

In a classical commercial world: 20% of requests from customers accepted, control in editors hands.
Industrial users have specific constraints. So creating a FLOSS community made of individuals, companies, VARs, vendors should allow to cover 80% of users needs in a generic fashion. The 20% remaining implemented as specific devs.
OPEES is coming from a traditional industrial world, not even a SW world. But they come to the FLOSS approach based on the 4 liberty of the GPL.
It also helps manage IP issues.
Open Code and Open Formats enable migration, interoperability, extensibility, and protect from vendors lock-in.
But FLOSS isn’t sufficient. There are needs for:

  • Community management
  • Ecosystem dev
  • Very Long Time support (10+ years) – Virtualization is a possibility
  • Need to have technology vendors oriented towards industrial users

OPEES mission is to ensure cross users company ecosystem (not one for Airbus, one for Thalès, …)
Governance near from Eclipse one. In Eclipse 1,5 years of maintenance. LTS support added (7/8 Years).
What adds OPEES: maturity assessment, industry oriented governance, labels, certification process enablement, Very Long Time SUpport
OPEES: ITEA research center 35 EMEA members – AdaCore, Obeo, Airbus, Inria, E///, CNES, EADS Astrium, Linagora, Atos, Thalès, + Universities

Next steps:
Have a legal entity to sustain the effort after 2012 (end of ITEA project).
Grow the community (transportation – rail, cars, energy – nuclear, …) made of researchers and employees, not individuals

Coclico

Convergence of the FLOSS forges communities.
Re-dynamising SW forges (Minalogic and Systematic support)
Coordination by Bull + Orange Labs, Xerox, Inria.

Forge: collaborative platform for sw dev (born in 1999 with sf.net). Means both the service and the SW itself
Partners: Codendi (Xerox), FusionForge (ex GForge), Novaforge (Bull)

Problems to solve: Identity management (SSO + roles), interoperability (with other forges – avoids data locking – not the first concern), tracability of specs, continuous integration, use SCRUMM method, work station integration (Eclipse plugin addition)
Specificities of the forges:

  • Codendi: Application Life cycle management (sf.net fork in 2001) GPLv2, 25000 users, 4000 projects, on http://www.codendi.org Fully opened 2 years ago => increased download numbers.
  • NovaForge: TM of BULL. Based on lots of FLOSS bricks (SVN, Mantis, PHPBB, Hudson, ExoPLatform) AGPL. Focus on data project confidentiality (due to BULL work activities). Migration of OW2 ongoing. Bull business model is around services (internal tool open sourced)
  • FusionForge: Fork os sf.net named GForge. Lack of evolutions around GForge after some years. Some french admins created FusionForge in 2009. Integration of extensions. More EMEA contributions (Germany), mediawiki integration, incr”easing # of commits.

Community of Xchanges: PlanetForge.org (Wiki, ML, planet, µ-blogs)
Organisation of forgers meetings ;-)

Mainly convergence between Codendi and FusionFOrge (common plugins, projects models). Problems to sync release cycles between company supported ones vs community based ones (evolution of projects vs customer needs).

OSLC-CM (Open Services for Life Cycle – Change Management): interoperability standard and ontology used for forges interoperability (coclico, trac, redmine)
OSLC + Eclipse/Mylyn for work station dev/forge integration
Exchanges with Qualipso and Helios. Contributions to ForgePlucker (based on E. Raymond rant originally, and now sustained by coclico) and Mailman.

Following these 3 presentations, I animated a round table to cover the topic of this track: 2011, year of the forks. We had various natures of speakers Rodrigue Le Gall from BonitaSoft and Julien Mathis from Merethis who where representing Open Source projects having a strong relationship with their respective company, Charles Schulz representing the Open Document Foundation, and Jean-Marc Fontaine for the AFUP, french association of PHP users, both of them representing direct communities.
We were able to cover various topics, from animation of communities, relationship of companies with the ommunity around the underlying projects, reason of forks, support from tools to maintain communities, brand management impact, the LibreOffice vs OpenOffice latest news, I found it very lively and interesting in content, and I hope visitors enjoyed it as I did.

Rest of the day was passed evoking Mageia evolutions, and discussing with various relationships that I can meet only once per year during this event. In particular I had a long chat with Guillaume Rousseau from Antelink, which is the firm behind Antepedia, database gathering more than 660 000 projects for reference. (too bad mine are not in it :-)) Among other things we discussed of governance, market needs, and I tried of course to convince him to open source his product in order to ease the integration in forges, and allow its easy adoption by large corporation who are the natural consumers of such a product, in the line of FOSSology. Of course, this is always more difficult for a young and starting company, especially on a niche market but some others already showed it was possible.

This week at Solutions Linux Paris

2011/05/09

For those attending Solutions Linux this week in Paris (12-12th May CNIT), I’ll be around driving sessions (System Administration and Communities, with my friend Ennael) as well as presenting FOSSology during the Governance track.

So you may meet with me during the traclks or probably near the the HP pod on the Linagora booth to speak of that, or MondoRescue, Project-Builder.org, , LinuxCOE, or whatever Open Source and/or HP related topic you would like to discuss !

Hope to see you there soon. The next opportunity will be during the Red Hat EMEA Summit in Dublin or HP Discover in Las Vegas.

The GENIVI project

2011/04/05

I attended a Meeting the 9th March 2011 organised by the Syntec Numérique on the GENIVI project in Paris, and I’d like to share with you a summary of this presentation. Thanks to Fabien and Philippe for proof-reading this summary, all the remaining mistakes being mine.

The GENIVI project

Presenters: Fabien Hernandez (Software Architect) PSA and Philippe Colliot (Technical Lead) PSA.

Context

GENIVI (http://genivi.org) is a non-profit industry alliance committed to driving the broad adoption of an In-Vehicle Infotainment (IVI) reference platform. GENIVI will accomplish this by aligning requirements, delivering reference implementations, offering certification programs and fostering a vibrant open source IVI community.

It is based on features, code and certification program. It is driven by car manufacturers. It has been setup due to increased customer demand.
GENIVI aims to provide a common middleware developed by all project members. (costs and bugs reduction).

Car manufacturer need to differentiate as well. Basic features are shared (such as video player), and they concentrate for differentiation on GUI and additional apps. Each manufacturer alone doesn’t have critical mass, but sharing these common bricks will allow each of them to reduce costs. Especially on the non-visible parts.

GENIVI should support multiple HW platforms (based on Intel, ARM, MIPS processors) and 15% of GENIVI members are chip manufacturers.
The solution is developped in layers (module oriented). The middleware is packaged to satisfy all profiles (entry, 2D navigation, high end 3D …)
Car life cycle: 3/4 years. Consumers world: 6/12 monthes.

History of GENIVI

Car Infotainment was historically achieved using black boxes.Now the move to Open Source is due to evolution of features, costs, develpment life cycles, competitive landscape and customer requests and thus motivated the GENIVI project creation. For example: For car navigation, systems used to cost more than 2kEUR. Tom-tom put it down a lot. Also PSA was managing multiple different closed source platforms up to now, from various providers (QNX, Windows, VxWorks, …) blocking them in their evolution (as solutions are sized at minimum).

Intel and BMW started to work on Linux with WindRiver. First PoCs occured in 2007. Following that the AUTOSAR consortium was created in 2007 (standardization body). A Split happened and BMW worked then with Magneti Marelli for another PoC. In April 2009, first announce was made in Geneva (the GEN of GENIVI :-)) of the GENIVI alliance, including BMW, Intel, Wind River, Magneti, GM, Delphi, PSA and Visteorrn. Goal is to have 6 monthes releases. End of 2010, the alliance released the Apollo release based on Meego. In May 2011, new version will be delivered (Borg in Dublin), with more compliance. Could be based on Meego or Ubuntu or something else. Adoption of Qt-Core as a brick, but it was not in compliance standard at start.

Since that more members including manufacturers (Renault, Nissan, Hyundai, Jaguar/Land Rover but some less active), First Tiers (Alpine, Bosch, Clarion, Mitsubishi, Pioneer) and Silicon manufacturer (Ti, freescale, Nvidia, ST, Samsung, ….) + lots of other !! (132 incl. Altran, Cisco, Accenture, Garmin, LG,
Nokia, Tata, Valeo, … but not HP yet !!!)

These members are mainly located in EMEA (80% activity) + AMS. Lots of M2M modules.
Some discussions have started with Google for the Android Consortium, and with the CE4A for the Terminal Mode (communication with external devices such as phones). Not ready yet to use standard devices for car control. Also there is a willingness to keep control on what runs in the the car, by the car manufacturers, even if they are open to allow additional application execution on the GENIVI platform.

Software development

GENIVI is organized with Expert groups. A PMO coordinates it. Solution Archhitects perform the Architecture Coordination.
From the design made, it goes to Execution Teams for coding (could be: feature addition to existing FLOSS bricks, or code creation if nothing is ready), and Maintenance teams for maintenance tasks.

The platform consists of 80% of existing FLOSS components (without modification), 15% of modules to be adapted (conman e.g.), 5% of specific code to be developed. But 100% of FLOSS code at the end.
It’s up to the point to allow car drivers to add/modify apps in the car (re-using the Meego concept).

The Baseline Integ. Team provides a GENIVI environement (a la distribution) to allow other teams to work.
The alliance has categorized 3 levels of licenses (Apache and GPLv2 are green). For code creation either L/GPL or Apache or BSD is used, depending on interfaces. Contributions not yet completely controled under the Governance model (case of conman of Meego recently). Intellectual Property is transmitted to the Alliance.

Governance

There is also another IVI module with Meego, which is hosted by the Linux Foundation. So not yet possible for GENIVI to be hosted here as well. The alliance has not considered joinnig an existing foundation (Eclipse, Apache) to benefit from Governance and tooling.

Governance in place on what enters in GENIVI as for now. as well as code scanning.
FOSSology and BlackDuck are among the tools used for validation and are still under evaluation.
I asked whether there are possibilities to share best practices and governance docs in the future. It has not yet been decided, but seems possible.
The Alliance is also looking at conformity around CGL and LSB.

Finance

It costs 5 kUSD to enter in the consortium (minimum fee for an Associate member). Many levels of contributions (and access to deliveries) exist with appropriate power of decision.
The Business model remains to be clarified completely.
The budget is around 800 kEUR yearly. With some permanent members to manage infra mainly.

Life cycle

GENIVI will be a market reality in 2013.

The Life Cycle is 3/4 years for development, but up to 15 years for the car.
I underlined the possibility for the GENIVI alliance to work with OPEES to share long life cycles best practices with the aerautics sector. (Side note: Ericsson joined OPEES recently)

Importance for PSA
Separated developments are not cost effective anymore. So PSA wants to put emphasis on what differentiates them and share what is not.
More requirements are put on providers in fact with the GENIVI offering. As a consequence it activities will evolve around integration capabilities, buying
capabilities, partners management, … At the end the car manufacturer is impacted by errors, where ever they come from. Its image is the one people remember.

Technical Constraints

  • Using networks such as CAN, MOST, Flexray, 1394 Auto, Ethernet AVB
  • Wake up time constraints (< 200ms)
  • Energy management linked to usage conditions (driving, parked, …)
  • HW constraints (# of accesses to flash memory )
  • Temperature constraints
  • Boot time constraints
  • Ergonomy constraints, especially when driving, and accessibility
  • Safety constraint (connection to critical car components, even audio e.g. could be dangerous)
  • Real time treatment required. back drive radar, or camera.
  • Security constraints (virus, openness, …) – ISO 2626-2 standard to be considered.
  • Studies also around Virtualization, micro OS, …

Question: What about car update from Internet during the night ? Answer: these types of studies are ongoing.


Follow

Get every new post delivered to your Inbox.

Join 106 other followers