Posts Tagged ‘LinuxFoundation’

Soon back in the air and on the roads…

2014/04/17

There will be possibilities to meet with me in some exotic places (at least for me as I never travelled there before in May !

I’ll first be in Wien, Austria, early May but that’s to celebrate somewhere my 50th birthday (half a century as my kids like to call that ;-)) and during vacations so won’t talk something else than early music or rchitecture and pictures of the nice building over there !!

But after that, I’ll attend the UEFI plugfest in Seatlle again, and be in charge of managing the interface between Linux distributions and HP. So if you plan to attend, and want to test your Linux distribution on nice shiny UEFI hardware platforms, feel free to contact me so we can organize that meeting over there.

The week after that I’ll be in Japan to present again during a LinuxCon event ! I’m very lucky first to be retained as a presenter to talk another time about Mageia. And then to be sponsored by our VP & Deputy General Counsel, Cloud Computing and Open Source Eileen Evans who is leading HP’s Open Source Program Office and allowing me to attend.

So feel free to drop me a mail if you want to chat about any topic I can decently talk about such as Disaster Recovery and Imaging or Continuous Packaging and some other surely HP related !

See you there.

Gouvernance informatique: Il est temps d’y intégrer l’Open Source

2014/01/24

Dans le cadre de mes activités pour le Conseil des technologistes d’HP France, j’ai écrit un article pour le Webzine IT experts sur la l’intégration de Open Source et la gouvernance informatique disponible sur http://www.it-expertise.com/gouvernance-informatique-il-faut-integrer-lopen-source/. Un grand merci à Aurélie Magniez pour m’avoir aidé à faire cette publication.

Ci-dessous, une version légèrement modifiée qui tient compte de retours et rétablit certaines formules auxquelles je tiens, quoique moins journalistiquement correctes et certains liens (jugés trop nombreux par le Webzine, mais je tiens à citer mes sources, et Tim Berners-Lee ne les a pas inventés pour que l’on ne s’en serve pas non ? :-))

Bonne lecture !

Aujourd’hui en 2013, toutes les entités, publiques comme privées, en France, comme partout dans le monde, utilisent massivement des Logiciels Free, Libres et Open Source (abrégé en FLOSS (1)). Quelques exemples de cet état de fait sont fournis par la Linux Foundation, comme les 600 000 télévisions intelligentes vendues quotidiennement fonctionnant sous Linux ou les 1,3 millions de téléphones Andoïd activés chaque jour. Le dernier rapport de top500.org, présentant les super-calculateurs mondiaux, indique une utilisation de Linux à 96,4%. Des sociétés ayant aujourd’hui un impact quotidien sur notre environnement numérique telles que FaceBook ou Twitter ont non seulement bâti leur infrastructure sur une grande variété de FLOSS, mais ont aussi publié de grandes quantités de code et des projets complets sous licence libre. Ceci concerne aussi des acteurs plus classiques du monde de l’informatique comme HP ou IBM.

Ceci peut sembler normal, car on évolue là dans le monde du numérique, mais le phénomène touche tous les secteurs comme le montre une récente étude de l’INSEE, qui reporte que 43% des entreprises françaises d’au moins 10 personnes utilisent des suites bureautique FLOSS ou encore que 15% des sociétés de construction utilisent un système d’exploitation FLOSS par exemple. Cette large adoption se trouve corroborée par le développement de la filière FLOSS en France, comme rapporté par le CNLL, représentant en 2013 2,5 milliard d’Euros et 30 000 emplois.

Enfin, le secteur public n’est pas en reste avec la publication en septembre 2012 de la circulaire du premier ministre qui reconnait la longue pratique de l’administration des FLOSS, et incite celle-ci, à tous les niveaux, à un “bon usage du logiciel libre”, ce qui se vérifie dans certains ministères comme celui de l’intérieur ou de l’économie. Le ministère de l’éducation nationale a ainsi déployé 23 000 serveurs EOLE sous Linux et utilise de nombreux projets FLOSS pour la gestion multi-fonctions (réseau, sécurité, partage) des établissements scolaires.

Services impliqués dans la gouvernance FLOSS

Dans ce contexte d’utilisation généralisée, se posent certaines questions quant à la gouvernance particulière à mettre en place ou l’adaptation de celle existante pour accroître l’usage, la distribution, la contribution au FLOSS, tant pour les fournisseurs que pour les utilisateurs de ces technologies. En effet, les FLOSS ont des spécificités tant techniques qu’organisationnelles (rapport à la communauté, méthodologie de développement, licence utilisée) qui ont un impact sur la façon de les gérer dans une entité. La Gouvernance Open Source, aujourd’hui, doit donc être partie intégrante d’une Gouvernance Informatique.

Contrairement à ce qu’une rapide analyse pourrait laisser penser, ce n’est pas uniquement le service informatique qui est concerné par l’utilisation des FLOSS. Celle-ci touche la totalité de l’entité et le modèle de gouvernance doit donc être adapté en conséquence. En effet, le service des achats se voit souvent court-circuité par l’utilisation de composants logiciels téléchargés et non achetés en suivant les procédures qu’il met en place, le service du personnel ne dispose pas de contrats de travail statuant sur les contributions des employés à des projets FLOSS (ne parlons pas des stagiaires ou co-traitants), le service juridique doit apprendre à distinguer la licence Apache de la GPLv2, ou v3, le service de propriété intellectuelle considérer si telle modification faite à un projet FLOSS peut ou doit être reversée au projet, et dans quel contexte, voire le PDG évaluer, lors d’une scission de sa société en différentes entitées juridiques, l’impact représenté sur la redistribution de logiciels faite à cette occasion et le respect des licences utilisées. Ce ne sont que quelques exemples des questions auxquelles les entités doivent répondre dans le cadre d’une Gouvernance Informatique intégrant les FLOSS.

Ceci n’est pas un débat oiseux: il y a eu maintenant trop d’exemples allant jusqu’au procès et sur des problématiques de non-respect des licences FLOSS pour que les entreprises et services publics ignorent le problème. Les conséquences tant financières que sur leur image de marque peuvent être très importantes et causer des dommages beaucoup plus graves que ne le représente la mise en conformité (qui consiste le plus souvent en la seule publications des codes sources modifiés).

Il ne s’agit pas ici d’énoncer des éléments qui tendraient à restreindre l’utilisation des FLOSS dans une entité. Au contraire, les bénéfices de leur utilisation sont aujourd’hui trop évidents, la baisse des coûts induite par la mutualisation, les gains technologiques d’avoir des souches logicielles si versatiles et éprouvées doivent juste s’accompagner des mesures de gestion nécessaires pour en retirer tous les bénéfices annoncés. L’analyse des risques fait partie des choix quotidiens exercés au sein d’une entité et de même que pour une démarche qualité, l’impulsion doit venir du sommet de la hiérarchie de l’entité. Celle-ci doit soutenir la création des instances nécessaires à l’établissement d’une gouvernance FLOSS en leur donnant le pouvoir requis et l’interaction avec les différents services de l’entité.

Composants d’une gouvernance FLOSS

Tout d’abord, il s’agira de développer la compréhension de l’écosystème libre au sein de l’entité pour en appréhender les spécificités.

La première d’entre elles est la licence gouvernant les FLOSS. Comme pour toute utilisation d’un logiciel, ou d’un service, un utilisateur se voit décrit ses droits et ses devoirs au sein de ce document. Ceux-ci diffèrent selon que la licence est permissive (type Apache v2 par exemple), qui permet une utilisation (y compris pour des développement non-FLOSS) et une redistribution avec peu de contraintes (mentions légales et paternité par exemple). Elle permet ainsi à des sociétés de vendre des versions propriétaires d’Andoïd distribué sous Licence Apache v2 embarquées dans leurs téléphones portables. C’est ce qui permet de considérer cette licence comme “libre”. En regard on donnera également l’exemple des licences de gauche d’auteur (copyleft en anglais, type GPL v2 par exemple), qui permettent une utilisation tant que le logiciel distribué s’accompagne des sources (éventuellement modifiées) servant à le fabriquer. Elle permet à des projets comme le noyau Linux d’être développé par des milliers de développeurs tout en restant toujours accessible dans toutes ses variantes par la mise à disposition de son code source, dû à cette contrainte. C’est ce qui permet de considérer cette licence comme “libre”. Simplement les libertés sont vues ici sous l’angle du projet (qui le reste ad vitam aeternam) plutôt que sous celui de l’utilisateur comme dans l’autre cas. C’est la raison pour laquelle toutes ces licences sont considérées comme Open Source par l’OSI.

Une entité doit donc choisir les briques FLOSS qu’elle souhaite utiliser en fonction de l’usage prévu pour respecter les droits et devoirs d’usage codifiés dans les licences (ni plus ni moins qu’avec une offre non-FLOSS), sachant que, dans la plupart des cas, l’élément déclenchant l’application de la licence est la distribution du logiciel. Ainsi une société peut parfaitement utiliser un logiciel sous licence GPL v2, y faire des modifications et ne pas les publier, tant que l’usage reste interne à sa structure juridique (cas fréquent en mode utilisation de logiciel dans un département informatique). En revanche, si elle l’incorpore à un produit qu’elle commercialise, elle devra juste se mettre en conformité avec la licence et fournir en parallèle du produit un acccès aux dites sources.

Ceci n’est finalement pas si compliqué, eu égard aux gains énormes qu’elle peut en retirer en bénéficiant d’une brique logicielle éprouvée qu’elle n’a ni à développer, ni à maintenir. Dans tous les cas, il est important que son service juridique ait une compréhension des droits et devoirs des licences utilisées pour apporter le conseil requis, comme lors de la signature de contrats avec tout fournisseur.

On le voit, la formation du service juridique est à la base de la mise en place de toute gouvernance. D’autre part, il faut organiser au sein de l’entité la mise en relation entre ce service juridique et les équipes de développement. Non seulement pour qu’elles apprennent à se connaître, mais aussi pour qu’elles échangent sur leurs besoins réciproques et qu’elles comprennent comment chacune cherche à protéger l’entité pour laquelle elle oeuvre. Les uns le faisant eu égard au respect des règles de droit, ce qui comprend l’explication envers les développeurs des licences libres, les autres eu égard au mode d’utilisation des composants techniques spécifiques des équipes de développement.

Personnellement, en tant qu’ingénieur de formation, il m’a été très bénéfique de discuter avec divers avocats spécialistes des licences libres, pour mieux comprendre leur volonté de protéger l’entreprise pour laquelle ils travaillent et comment ils devaient le faire dans ce contexte. Et réciproquement, je sais que les informations techniques et exemples parfois complexes d’agrégats de composants logiciels les aident en retour à mieux tenir compte des cas particuliers qui peuvent se faire jour. La communication sur ce sujet doit dépasser dans l’entité les structures classiques et fonctionner comme une communauté.

Du reste, la seconde spécificité du logiciel libre est le fait qu’il est développé par une communauté de personnes partageant un intérêt pour ce logiciel. Il en existe de toute taille (d’un développeur assurant tout, jusqu’à plusieurs centaines de personnes comme les larges fondations comme Apache ou OpenStack). Etudier une communauté avant d’utiliser le composant libre qu’elle produit est une bonne pratique pour avoir des informations sur sa vitalité, son organisation, sa feuille de route, en plus des caractéristiques purement techniques du composant. Certains sites comme Ohloh peuvent aider à se forger une opinion dans ce domaine, pour les projets suivis. De même qu’il peut être alors pertinent de se poser la question des modes de contributions en retour. Cela peut consister en des correctifs, du code apportant de nouvelles fonctions, de la documentation, des traductions, une animation de communauté, de l’achat de prestation intellectuelle auprès de professionnels oeuvrant sur le composant ou un soutien financier à l’organisation d’un événement permettant le rassemblement physique de la communauté. Certaines entreprises, comme la Compagnie Nationale des Commissaires aux Comptes témoignent de leurs contributions en retour envers un projet tel que LibreOffice.

Comme précédemment, chacun de ces aspects pourra faire l’objet d’une étude dans le volet Open Source de la Gouvernance Informatique. On notera que la gestion de la proprété intellectuelle sera à considérer tout particulièrement pour les contributions sous forme de code, et en liaison avec la licence utilisée. Mais cet aspect peut aussi avoir un impact sur les contrats de travail des employés, des co-traitants, des stagiaires, afin de déterminer sous quelles conditions leurs contributions sont autorisées.

Encore une fois, il s’agit d’inciter les entités utilisatrices de logiciels libres à ne pas se contenter d’être de simples utilisatrices de FLOSS, mais à être actrices de l’écosystème et à contribuer à leur tour à l’améliorer en s’intégrant dans les communautés. Le dynamisme actuel autour des FLOSS est le fait du soutien très actif de nombreux utilisateurs. Pour ne citer qu’un exemple, on regardera la synergie créée autour du projet GENIVI par ses 120+ membres, dont de nombreuses sociétés hors secteur informatique.

Enfin la dernière spécifcité du logiciel libre est la méthodologie de développement utilisée par la communauté. Quoiqu’elles soient toutes attachées à l’accès au code, elles varient énormément d’un projet à l’autre, en fonction de sa taille, de son style de gouvernance, des outils utilisés et de son historique. Mais il est important pour une entité qui souhaite interagir avec une communauté d’en comprendre la culture. Si le noyau Linux a une méthodologie organisée autour d’un “dictateur bénévole” (Linus Torvalds) qui prend les ultimes décisions et de ses lieutenants, nommés, en qui il a toute confiance pour prendre les décisions concernant une branche de développement, d’autres projets comme OpenStack cherchent à adopter le mode le plus “méridémocratique” en procédant à l’élection des représentants techniques des branches du projet par les développeurs, et à celle des représentants au conseil d’administration par la totalité des membres de la fondation, quels que soient leurs rôles. Le processus d’intégration continue d’OpenStack implique des étapes précises pour y ajouter un patch par exemple. Cela nécessite d’abord une application sur l’arbre courant sans erreur, avant de devoir recevoir deux votes positifs puis de satisfaire le passage de l’ensemble des tests automatiques prévus. Et ceci s’applique aussi bien aux représentants techniques des branches du projet qui proposent des centaines de patches par an, ou au contributeur occasionnel faisant une modification mineure de documentation. En revanche, celui qui souhaite soumettre une modification sur le noyau Linux devra passer par des listes de diffusion où les échanges peuvent parfois se révéler vifs, et s’adapter aux desiderata potentiellement différents des mainteneurs de branches.

Bonnes pratiques de gouvernance FLOSS

Face à tous ces aspects de ce monde foisonnant, certaines bonnes pratiques simples peuvent permettre aux entreprises de faire les bons choix et de s’assurer une utilisation optimale des FLOSS en en tirant le meilleur profit sans mettre à risque leur bonne réputation par des actions mal vues des communautés.

Une première bonne pratique peut consister à créer un comité Open Source. Par exemple, pour un grand groupe, il peut être utile pour la direction générale de nommer des représentants des différents services (achats, ressources humaines, informatique, technique, juridique, propriété intellectuelle) pour définir la politique à mettre en place. Ce comité devra se réunir régulièrement, tant dans la phase de définition de la partie Open Source de la Gouvernance Informatique, qu’ultérieurement pour la réviser sur la base des retours des utilisateurs et l’évolution de projets. Il devra également avoir les moyens associés à ses missions. Un groupe de travail du Syntec Numérique a développé, pour les aider dans cette activité, des contrats types pour leurs fournisseurs, leur demandant de préciser avec leur livraison logicielle, l’inventaire exhaustif des licences utilisées. Une présentation sur les contrats faite au sein de ce groupe pourra être aussi consultée avec profit. La FSF France propose aussi des avenants de contrats de travail type pour les employés contribuant à des projets libres, et l’AFUL des modèles économiques et financement de projets FLOSS ou de communautés. Il sera ensuite facile de donner des missions et des pouvoirs plus étendus à ce groupe de personnes quand l’utilisation des FLOSS augmente. Dans le cadre d’une PME, un correspondant FLOSS sera sans doute suffisant (comme il peut y avoir un correspondant sécurité ou CNIL), tâche qui pourra même être sous-traitée à des sociétés specialisées dans le domaine.

Une fois le comité/correspondant nommé et la politique FLOSS établie, il faudra prévoir des cycles de formations. D’une part pour le service juridique pour le cas où il manquerait de compétences sur le domaine spécifique des licences libres. La société Alterway propose par exemple une formation par un juriste pour des juristes. D’autre part, en interne, auprès de l’ensemble du personnel pour expliquer cette nouvelle politique FLOSS.

En parallèle, il est important d’avoir une vision précise de l’utilisation actuelle des FLOSS dans son entité. Notamment pour vérifier que leur utilisation est conforme aux licences sous lesquelles ils sont utilisés. Les non-conformités sont plus souvent dûes à la méconnaissance qu’à une réelle volonté d’enfreindre les licences. Cette tâche peut paraître fastidieuse de prime abord, mais elle est à mon sens fondamentale pour se prémunir, en particulier si votre activité vous amène à redistribuer du logiciel à vos clients. Heureusement des outils existent pour automatiser ce travail d’inventaire et faciliter l’analyse des licences utilisées. Le premier à recommander est libre: FOSSology a été développé par HP pour son utilisation interne, puis rendu libre en 2007 sous licence GPLv2. Il collecte dans une base de données toutes les meta-données associées aux logiciels analyés (il peut traiter des distributions Linux entières sans problème) et permet l’analyse des licences réellement trouvées dans le code depuis une interface Web. De nombreuses entités outre HP comme Alcatel-Lucent, l’INRIA ou OW2 l’utilisent, y compris pour certains, en couplage avec leurs forges de développement. Mais son accès libre et sa facilité de mise en oeuvre ne le réserve pas qu’aux grands groupes et il devrait être systématiquement utilisé comme complément naturel d’un gestionnaire de source, ou d’outillage d’intégration continue. En complément, des outils non-FLOSS peuvent également aider à ce travail d’inventaire en donnant accès à des bases préétablies de composants connus et déjà inventoriés et fournissent de nombreuses autres fonctions. La société française Antelink, émanation de l’INRIA, a développé une grande expertise dans ce domaine et a couplé son outillage avec FOSSology. D’autres acteurs tels que Blackduck et Palamida ont également un outillage complémentaire à considérer.

On pourra de plus prévoir ultérieurement un mode de déclaration des usages de FLOSS, voire, si les requêtes sont nombreuses et régulières, créer un comité de revue spécifique en charge de les évaluer et de les approuver.

Enfin certains documents de référence tel que le Guide Open Source du Syntec Numérique, les fondamentaux de la Gouvernance des logiciels libres, la vision des grandes entreprises sur la gouvernance et maturité de l’Open Source et le site de référence FOSSBazaar pourront permettre un approfondissement des sujets évoqués et donner des bonnes pratiques additionnelles quant à la mise en oeuvre d’une gouvernance Open Source.

Et pour ceux qui souhaiteraient être accompagnés dans la démarche, des sociétés telles que Smile, Alterway, Linagora, Atos, Inno3 ou HP disposent de prestations d’aide à la mise en oeuvre d’une gouvernance Open Source. Mais que vous le fassiez seuls ou accompagnés, il est temps et j’espère que cet article vous aura donné quelques clefs pour intégrer l’Open Source dans votre politique de Gouvernance Informatique.

(1): Dans tout ce document, on utilise le terme de FLOSS comme terme générique recouvrant aussi bien la notion de « logiciel libre », « Free Software » qu’« Open Source », tout en sachant que des nuances existent.

First UEFI PlugFest for Linuxers

2013/10/31

After the 3 days dedicated to LinuxCon US 2013 in New Orleans, it was time to contribute to the UEFI Plugfest organized for the first time as a co-located event.

So what is a UEFI plugfest ? Well it’s a place where hardware manufacturers and software producers meet to check the compatibility of their implementations with regards to UEFI. So Every hardware manufacturer brings some systems, sometimes early units or prototypes, and try them with the latest operating systems available to find out potential issues, some other bring cards to see whether their UEFI driver works fine on computer manufacturer and operating system producers want to try their latest version on these often brand new systems.

UEFI PlugFest

I think it was a brilliant idea to mix the 2 populations for multiple reasons:

  • UEFI members were for sure impressed by the technical knowledge floating around, and employed in such an open fashion, which is not the standard way of working of this standard body.
  • Linux kernel members could exchange with manufacturer representatives of UEFI systems which definitely helped reducing all the FUD around this technology, in particular Secure Boot. They also had the opportunity to test some not yet available hardware platform to ensure their distributions/drivers/tools were working fine or fix them if that wasn’t the case

UEFI PlugFest - Samer El-Haj-Mahmoud, HP

So in the HP area, under the lead of Dong Wei who is UEFI Forum Vice President and HP Fellow, we tried with 2 colleagues various Linux distributions (and even Windows, but not me !) on the 4 systems that were around. And some findings were interesting !

UEFI PlugFest - Dong Wei, HP

  • Debian 7.1 had grub issue at boot and we were not able to install it
  • Mageia 3 has no UEFI support yet and we were not able to install it easily. However, support is planned for Mageia 4, and some info have been published recently to detail how to perform UEFI based installation.
  • Ubuntu 13.10 provides all what is needed to install in a UEFI compliant environment, thanks to their documentation. We were also able to test SecureBoot with success with their version of Matthew Garrett‘s shim bootloader, signed by Microsoft. They are also working on an interesting tool: FWTS aka Firmware Test Suite, which should be adopted by all distributions IMHO in order to have (for once !) a single tool able to perform firmware compliance tests for a Linux environment. Easy to use, pretty comprehensive, reports lots of useful info. Too bad that they are not providing their certification tools online anymore :-(
  • OpenSUSE 12.3+ again has what is needed for UEFI support. Same mechanism with a shim bootloader, but this time signed multiple times by Microsoft and SUSE. However, this requires a more recent implementation of the UEFI specification, which wasn’t the case on all our system during this event. SUSE provides in particular an excellent documentation on UEFI support, including the possibility to sign its own kernel with pesign in order to use it with SecureBoot.
  • Fedora 19 provides mostly all what is needed. Install worked in UEFI mode without problem. We used the updated version of the shim and shim-unsigned packages from Fedora 20 in order to avoid some issues. However, the multisign issue met with OpenSUSE was also encountered here. More over, Fedora doesn’t provide a good documentation yet for signing your own kernel, which was reported upstream and could benefit from this article. Also the usage of mokutil is broken and should be fixed for Fedora 20.
  • UEFI PlugFest - Samer El-Haj-Mahmoud, HP

    We also got visited by two Kernel Maintainers Greg Kroah-Hartman and James Bottomley who even tried some of his tools on our systems.
    UEFI PlugFest - James Bottomley, Parallels - Neill Kapron, HP

    Note that Some USB keys even correctly formated didn’t boot correctly on some platforms so if you encounter this issue, try using another USB key.

    Finally I made some tries with MondoRescue on the Last Fedora distribution installed. I thought the work done to support EFI on Itanium would be sufficient, but there are some detection problems for the boot loader in mindi need to be solved and are now tracked upstream as well.

    And on top of all what I was able to learn working with my 3 colleagues, I was pointed to a very instructive article from Ken Thomson on Trusting Trust, I hadn’t read before (and I encourage you to read it), following discussions on Secure Boot. And we had a very nice dinner downtown, a walk through Bourbon Street
    Bourbon Street

    followed by a real air of New Orleans Jazz.
    DSC_8789

    That was the end of a very rich US week. More to come on other more recent travels later.

LinuxCon North America 2013: an air of Jazz

2013/10/13

It was really great to be able to attend LinuxCon in New Orleans in September. I’d like to thank again HP’s OSPO team and in particular Eileen Evans, VP leading it, to sponsor my travel there. HP is also a Platinum sponsor of both the Linux Foundation, CloudOpen & LinuxCon events.
DSC_8665

As I arrived in the afternoon of Monday, I missed the keynotes and presentations that day, but could join the HP booth where HP was presenting HPcloud:
Stand HP

and also demonstrating the new Moonshot converged system there:
Stand HP - Moonshot

This event is always attracting lots of people from various background and the booths area was crowded
Pingouin
as well as elsewhere in the hotel
DSC_8643

Jeanne, who was coodinating the event for HP was even interviewed by the Linux Foundation team
Jeanne Colon-Bonet

Cocktails (nice hurricane !) and a light dinner were provided to the attendees during the booth crawl session which allowed me to talk with some of my US colleagues to learn the latest news
Stand HP - Jonas Arndt, Scott Lamons, Scott Jameson

I started to feel the effects of the jet lag, and went to my hotel room (couldn’t help make some mail !) and rest thinking I was singing Renaissance music just some hours ago !

Speaking of the hotel, this was a very nice venue, with futurists elevators with no button in them ;-)
Hotel

Second day was more active, and I attended all keynotes and sessions I could.
Among the most interestong for me I was able to see, there was the keynote of Kevin Kelly who talked about the notion of “Technium”, this idea that 7 billions people all connected all together all the time, with the latest technologies available will create a new entity he called the Technium and described. Not entirely convincing, and this is good, as it’s also a bit frightening. I consider and hope people will keep enough independance to watch this type of evolution with distance and won’t become a big brother type of system managing itself.
Kevin Kelly, Wired Mag. on the Technium

Then it was time for an OpenStack refresh with Thierry Carrez who did a great job explaining that a release manager is not just working 1 day every 6 months ;-) I can’t agree more with him ! (even if I have much smaller projects to deal with). Thierry also covered the various sub projetc and how to manage coherency in such a project. When you think about it: 3 years ago nobody was talking about OpenStack and now they have as many company and contributors as the Linux Kernel had in roughly 20 years ! Quite amazing.
Thierry Carrez, OpenStack
Then James Blair continued on a related talk explaining the continuous process pushed to the extreme set up in the project with the development of ad-hoc tools such as zuul. I must admit it really gives incitation to look more closely at it, gerrit, jenkins and take what could be relevant, even for a small project.
James Blair

After the lunch, it was time to go back to keynotes, which were a bit less interesting than usual for me, even if the concepts brought by Candy Chang to revigorate a neighborhood was original. I decided to continue with Cloud and look at what Red Hat had to propose around openshift. In complement to their RDO (sort of Red Hat OpenStack distribution), they have this offering which exists for some time, but seems now to grow in activity. Diane Mueller presented well the offer, the various aspects of the project, but I definitely lack a demo or a more detailed explanation of the technical aspects of this PaaS offering. Worth digging later on with my Red Hat EMEA friends :-)
Diane Mueller, Red Hat

I attended then the openVswitch presentation from Jesse Gross, but again was a bit disappointed as I was expecting a more concrete presentation of this important tool in todays cloud environments.
Finally, I attended a session on storage management I already attended last year, by Ric Wheeler, which is always interesting, and allowed me to see which progresses were made on their way to storage unification, and principally what remains to be done !! I particularly think to the global architecture they try to put in place, which would be really great to have but is not there yet.
Ric Wheeler, Red Hat

The business day was then over, and it was time to move to the VIP party.
DSC_8692
Of course, it was time for my first air of Jazz as well in New Orleans. And even if that’s not my preferred style of music, it was pretty good that night, as well as the buffet !
DSC_8694

Lots of VIPs were there of course, which allowed for entertaining discussions
DSC_8696

The inside was worth the outside !
DSC_8700

The atmosphere was nice, and I stayed there till 10:00PM but wasn’t alone
DSC_8704

Some mail, some sleep and I was ready for day 3 ! Which as usual started with a Keynote (the “usual” Dirk Hondel talk)
Dirk Hondel, Intel
and the session the most expected by the audience I think, the Kernel Roundtable.
Ric Wheeler, Redhat - Sarah Sharp, Intel - Tejun Heo, Red Hat - Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation -
This time, they had invited Sarah Sharp, Intel (I like her clarity) / Tejun Heo, Red Hat (I discovered his enthusiasm which was great)
Sarah Sharp, Intel - Tejun Heo, Red Hat
Linus Torvalds and Greg Kroah-Hartman, both Linux Foundation.
Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation
The panel was moderated by Ric Wheeler, Red Hat.
Ric Wheeler, Redhat - Sarah Sharp, Intel - Tejun Heo, Red Hat - Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation

The room was as usual full, and laughed frequently on Linus or Tejun jokes.
Assistance de la kernel round table
The most amusing part was probably when Linus was asked if he had been contacted to introduce backdoor code in the Linux kernel and when he replied “No” doing “Yes” with the head ;-)

After the keynote, Linus passed 20 minutes with fans who wanted to take pictures with him, always nice, even when the camera wasn’t working (and cound’t resist to hack it !). Maybe next time, I’ll also have the courage to ask one picture, even if I diserve none having nearly never worked at the kernel level myself. I will never thank him enough to have created an ecosystem which allows me to earn my life and still have fun at work and at home :-) This is a great man !
Linus Torvalds, Linux Foundation
As this was the day of my own presentation on Mageia, I didn’t attend as many sessions as the previous day.
The OpenDaylight one was interesting for me, as it was my first exposure to the ecosystem. Mostly it was an overview of the multiple components. The project is young, but deserves to be followed, as it could become as openStack on the SDN side, despite what some people say. Also the UEFI presentation was very interesting, in particular in preparation of the UEFI plugfest which was the 2 following days.
Vojtěch Pavlík, SUSE

And of course, it was my pleasure to have a 15 people choir to sing “Happy Birthday Mageia” during my session this afternoon ;-)

And the day ended with … Blues, not jazz this time ! At the house of blues of course.
House of Blues
With Voodoo art inside
House of Blues - art Voudou

This event is organized for all LinuxCon participants, so there are multiple threaded buffet to satisfy the appetite ;-)
House of Blues

The blues band was great, really (they even had a pinguin, look closely !)
House of Blues
I think it will be part of the memorable dinners organized during LinuxCon as it gave everybody energy for the rest of the week
House of Blues

I really enjoyed this event again, made new relationships, learned and hopefully transmit to some the fantastic beauty of Open Source. Hope to have the same pleasure end of this month in Edinburgh. But for me the week wasn’t finished as I attended the UEFI plugfest as said earlier, but that’s for another article.

You can see more pictures at http://www.flickr.com/photos/bcornec/sets/72157636383786144/with/10184624874/

Bdale Garbee has been HP’s best Open Source Ambassador

2012/09/01

As announced by Kirk Bresniker during its keynote at LinuxCon this week, Bdale Garbee has left HP yesterday.

When he warned me in July of his willingness to leave, in order to have more time for his family, his own FLOSS projects (FreedomBox, Debian, …), I really was shocked and had a very bad night. It’s difficult for me to imagine Open Source at HP without him to represent it.

Bdale was IMHO our best Ambassador in the FLOSS community. He has a large ring of relationships in a large set of projects, and knows personality lots of key FLOSS personalities, some of them being even friends. He was giving a lot of credibility to HP around our FLOSS activities, and was listen internaly from both our internal community members, as well as our management, allowing our community to pass supportive FLOSS messages to it.

I had my first interaction with Bdale at HP in 2001. At that time Bruce Perens was the HP FLOSS representative (even he also was a big FLOSS personality, I preferred when Bdale took over the role), and as he couldn’t make the NordU 2002 Keynote, he was proposing that either Bdale or me did it !! As Bdale wasn’t available, I was the one replacing both him and Bruce !! Believe me, speaking of Open Source, Linux and freedom in Finland during a keynote session after a couple of months at HP was a bit stressing ! I still remember it. But that was great. Side note, if any event is willing to host me as a keynote speaker, I think I could do a much better job today ;-)

In 2002, Bdale was elected Debian Project Leader. He was the first HP employee leading this project. I then had the pleasure to meet with him face to face (well with my size, I can not really look at Bdale easily !) and I really was looking forward each time for this type of non-virtual meeting, as it was for me an opportunity to learn more on Open Source at HP and at large. Which was the case during various Fosdem, LinuxCon or our own internal TES. As I’ve always been impressed by his profound knowledge of this ecosystem, and the deep thoughts he’s able to have on various areas making this IT sector.

That’s why I built his application form so he could become Lutèce d’Or (personality of the year) during the event Paris, Capitale du Libre. That was my contribution back to his incredible work for FLOSS. But not the only one, as he told me once that MondoRescue saved once a critical Debian server he was hosting. Hopefully, you’ll continue to use

Bdale is one of the people I admire in the IT industry with Linus Torvalds and Larry Wall (In the music, I also have my heroes such as Gustav Leonhardt, Jordi Savall and her wife Montserrat Figueras, Jean Belliard or Frans Brüggen). I’m sure our paths will cross again very soon, and I hope our frienship will be reinforced by regular chats, mails and face to face meetings during FLOSS events. And in the mean time, I wish to him all the best for his new activities, that will benefit to all of us, and for his new life 2.0 !

Hopefully HP will find other FLOSS representatives. Corporations always say that anybody is replaceable. I disagree. Everybody brings a unique touch. And here, for sure, it will never be the same. You’ll be missed.

All the best Bdale for your future, and hope rockets flied this week-end ;-)

FLOSS governance news

2012/08/31

While at LinuxCon in San Diego, the SPDX working group of the Linux Foundation announced its 1.1 version of its specification. Quite an achievement, and probably the start of its real adoption by Open Source projects … providing enough tool do support it, and help projects in their identification tasks. I hope lots of large FLOSS consumers (HP included) will start contributing SPDX descriptions to upstream projects, helping them adopting it as it brings value on both side.

And one way to help will probably the support of this 1.1 SPDX spec by FOSSology in the future. For now the news around the tool is that a public instance is available, hosted by the Universty of Nebraska. This is a good news for Open Source projects that will be able to assess easily their licenses with it, without having the hassle to install and maintain their own ! Hopfully, more forges (as what OW2 has done) will also provide that service to the projects they’re incubating.

Just be aware that the code you’ll upload to that instance will be available for everybody to see, so do not post non-FLOSS code there, if you want it to remain secret ! If you’re developing closed source software, then install you’re own FOSSology instance instead !

Time to finish my FOSSology presentation update for tomorrow’s talk !

Presenting FOSSology at LinuxCon, San Diego next week

2012/08/21

I always find strange to be accepted as a speaker to LinuxCon on a subject for which I’m much less an expert than the other ones I proposed for which I’m leading the projects ! It happened last year for the EMEA event, and same stuff again this year for the US one.

But I won’t be criticizing here, as it’s my first possibility to visit the US west coast, and also my first time as a speaker to LinuxCon US so Champagne !! So I’ll be talking about FOSSology, the HP sponsored GPL Licenses analyzer tool.

So if you happen to be around, and want to discuss abour FLOSS, MondoRescue, Project-Builder.org, HP and Open Source, or something else such as early music, then feel free to come and talk. Well I’m sure you won’t come to see me, won’t you, but once you’re there to see the stars, just come and say hello ;-)

Second Day at LinuxCon EMEA 2011

2011/12/11

After a busy first day, here is the report for my second day at LinuxCon EMEA 2011, which started directly with some sessions (I skept the plenary for once):

Distributed redundancy by Roopesh Keeppattu – Huawei

Redundancy is about availability, by duplicating components to avoid unavailability of the service.
Availability measured with ’9′.
4 nines is 1 hour per year, 5 nines means 5 minutes, 6 nines 32 seconds.
Major types of redundancy: standby (cold – the other server remains unpowered, warm – all servers powered, hot – all servers provide identical services).
ALso notion of N modular redundancy (N servers in parallel).
1:N redundancy = 1 standby for N active units.

Traditional redundancy: mainly based on backup HW systems, with similar capabilities so large CAPEX and OPEX.
So moving to distributes redundancy to reduce costs.
1:1 scenario taken in account
Instead of duplicating HW, there is a duplication of process instances on a set of servers
3 models available: live migration of OS/VM or of processes or of pre-distributed processes

  • live migration OS/VM: preserve states, less complex from application point of view but higher migration time due to size of what to transfer.
  • processes migration: you encounter more complex migration design, which has to be part of the application, and gain on the data to transfer. This method can also provide dynamic load distribution. But you need pre-failure detection for failover.
  • pre-distributed process: you increase again the ressource optimization, availability and switching time but also the complexity, the need of additional SW to deal with states and the linkage to the application.

The future is in redundancy in the cloud, and ressource abstraction.

I was hoping for a more in depth presentation, and was not satisfied by this one, as it didn’t go into details, just remaining at the surface. However, this is a critical topic for most customers today in their Linux adoption.

Experiences booting 100s of thousands to millions of Linux VMs by Andrew Sweeney – Sandia National Lab

Managing a large number of VMs presents some challenges and horror stories (such as filling fill the switch CAM table, creating VM feed back loops, finding some unique bugs or odd behaviour). Even 0.01 % of error is 100 VMs in their case.

They tried multiple technologies such as lguest, QEMU, KVM, NOVA. They are using a mixed of technologies due also to hardware limitations.

Guests configurations are computed at runtime. Everything is stored in RAM. They treat VMs as an application process. They use standard tools, the same TCP stacks, kernel…

They are using VMatic to generate the images and boot 1000 VMs in < 3 minutes.
Another tool used is Gproc (Cluster Management tool written in Go) allowing O(ln(n)) execution time.. It scales beyond 200K+ instances. Web based interface.

The first cluster type was:

  • Using PXE boot for booting physical host Hypervisors and then start the guests.
  • In July 2009, they reached 1 Million VM with lguest and 4600 Dell Super Computer (256 lguest per node) bootleneck being RAM.

They then created KANE (sort of their own cloud approach) made of 520 nodes with 12 GB RAM with Video cards (because that was more expensive to remove them !!)) 13 racks, 40 nodes/rack, 1 PDU/rack.

Then they developed a strongbox ARM cluster made of 490 nodes 512 MB RAM little power needed with lguest.

Then they started Megatux 2.0 to reach a higher number of VMs. Everything is virtual. They even created a network creation language. Use virtual quagga & linux virtual routers (+ physical) and virtual VDE switches. It supports multiple OS normally, but for Windows they got many blue screen (ipconfig before IP is sup, ping before IP is up, …). They’re using KSM a lot (and made patches) and various approaches to reduce VM footprint. gproc is used after the initial boot to push the VM images and start the VM + aggressive KSM.
Cold boot to experiment is performed in 7 minutes. 1 daemon per host to regulate KSM, VM state.

Interesting problem to collect info from 1 Million of nodes overloaded and where to store it ? Using network sniff, VM inspection. For that they used a MongoDB backend populated at runtime. Data collected in in best effort mode.
They’re looking at using KVM tool instead of QEMU/KVM to reduce memory footprint and AXFS (Advanced XIP FS) combined with cramfs.
Next steps with Android, more realistic network usage, improved monitoring, data visualisation and error handling.

A good talk on very unusual context with some interesting issues to consider, even if far from being current problems as of now.

I then met with my colleague Sue Paylor, who is one of our excellent FLOSS expert in EMEA, and that was again a good talk exchanging about our respective customer experiences, how to improve HA with Linux, and lots of various topics.

Providing High Perfomrance Round table (instead of SuSE Keynote)

Ludek Safar, Ministry of Interior, Czech Republic approched the linux topic from the desktop side, and they’re now moving to the Data Center (Oracle instances on physical hardware and the rest in Xen VMs including java based custom devs.). They help by giving publicity for some FLOSS projects. The choice of an enterprise distribution is specifically to be the linkage with the communitites. He likes the embedded approach with regards to the fully integrated hypervisor which provides the perfect cloud solution for them.

Dr. Udo Seidel, Amadeus explained that they started 9 years ago with Linux. They have done lots of internal developments including lots of mission critical workloads. Participating to events is key to keep good technical exchanges, influence the developments, give feedback. He really likes the flexibility and the open mindset. However he is still missing a central approach around role based manageemnt (a la AD).

Andreas Pöschl, BMW explained that they started back in 2003 for servers, and in 2006 decided that Windows and Linux were the strategic OS on x86. They run SAP on Linux e.g. and desktops on Windows. They do virtualization (1000 VMs) with Xen, including 16 cores 64 GB VMs for SAP. They don’t do direct contributions, but rather provide use/test cases for large configurations, and rely on their distribution providers to do the return. Sharing what they do with Linux is also important to improve the ecosystem. He insisted on the freedom of choice which avoids vendor lock-in and also marked his appreciation for the large set of possibilities offered by FLOSS. He is still concerned by boot time. BMW has requirements around storage and scale out, so they appreciate the work done on Btrfs. He mentioned usage of Linux in GENIVI that will bring infotainment to the end users.

Nils Brauckman underlined that the SuSE company, is organized to take this feedback and make it available upstream, doing that since 20 years, as well as providing mission critical solutions to customers, and detailed the new features brought into Linux 3.0 (btrfs rollback, snapshots, trace capabilities, …) bridging the gap between Unix and Linux. He underlined also for SuSE the new agility brought by being back as a separate Business Unit, operating like a single company.

I like more and more this type of round table, as it gives concrete production example of FLOSS usage, and show how serious customers are today, and also how far they want to push their usage, which creates interesting challenges for us !

It takes a community/village to raise a Distribution by Tim Burke, Red Hat

"Unix was a job, Linux is a crusade" Tim said it’s awesome to be a part of RHEL as well as OLPC.
He started by showing a large set of stars in the sky (glibc, LVM, X.org, Linux), independant stars that only come together when gathered in a distribution, which give them visibility. Then he showed the various actors, hardware vendors, translators, designers, lawyers, testers, and distribution vendors as well. The real competitors of Red Hat are VMWare, Microsoft, not the other collaborative groups such as other distribution makers. He explained the relationship around the kernel between upstream, Fedora and RHEL. He also underlined the benefit of working upstream such as they did around the Real Time extensions, instead of coming with a large patch developped separated.

The role of distribution makers is also to coordinate with hardware vendors (I’m well placed to know that !). Distribution can help create communities such as for AMQP, which was a real common need among FSI companies, as they know how to do it.

Mantra is "get it upstream first". Being divergent is being ignored, costs more, represents more work.

Time then gave some numbers:

  • 80% of Fortune 500 run Linux.
  • 92% of supercomputers for healthcare or analytics run Linux.

He mentioned the OVA to bring up in the stack integrated solution based on KVM.
No keynote without cloud, so Tim had to mention it and noticed Linux usage in it, and the integration characteristics it requires, very near from the one you have to make a distro.

A good talk, but not as pushy as the one made by Jim Whitehurst

How Linux runs the World of Finance by Christoph Lameter, Graphe Inc.

Christoph started by explaining the various players (Stickes, traders, banks, …) and explained their needs of speed. This creates the need for certain technologies (Real Time, kernel, binaries and network optimisation, RDMA APIs, fast C++ code, processor caches). One problem is the limitation of speed of light (even if that may change !). That sounded like a joke first, but is very serious !! 200 µs to go round the earth. It creates limitations to signaling of events.

We’re moving from manual to automated trading. Hours vs ms, human vs compute/algo, 30-60 trades/min vs 1000/s. Manual is used as a backu p mechanism only today.

The case for Linux is because you can modify what you want, and such win against competitors by speed improvements. The first there wins ! Windows couldn’t make it in term of latency in its network stack. Linux was already used for Internet, large companies such as Amazon, Facebook, … All major stock exchanges are on Linux today. Commercial solutions vendors focus on Linux. Solaris is diminishing after Oracle bought Sun.

Distributions used are mainly RHEL, some SLES (Germany mainly), a bit of Gentoo and Ubuntu/Debian.

There are still some challenges for Linux in Finance: involvement upstream is rare, as they want to protect their advantages. Regression in kernel components is creating higher latencies (so some still run RHEL 3 !). Christoph Gave an example of a customer having a 200% regression moving from RHEL4 to RHEL5.

The Forward path is with direct access to hardware (OS bypass) to gain on latency. RT linux does not scale and increases average latency. RT linux is used by exchanges not traders.
Linux dominates finance for the forseeable future. Common hardware looks like supercomputers today (Numa). HPC goes mainstream. Offload technology is seen with suspicion by the community. So again no willingness to contribute these improvements upstream.

One of the best presentation of the day, with lots of anecdotes, and a visible knowledge of the topic end to end.

Where is the Money in Open Source? Business Models and the Marketing of Open Source Technologies by Nithya Ruff, Wind River Systems

Nithya created a story to illustrate this talk. 3 communities: producers, distributors, consumers.

  • Producers are interested by solving problems. License used is key. It’s all about meritocracy. How do developers make money ?: being hired by a company, consulting contracts, venture funded, sponsorship/grants/donations.
  • Why consumers use linux: no vendor lock-in, comparable perf and high quality, time to market and savings, choice and flexibility, empowerment,, innovation and transparency
  • Distributors make it available for consumers with support, favour FLOSS adoption making it safe to use, employ developers, solve some issues and contribute back, market FLOSS, and serve as a liaison between consumer and developer. Successful business models are subscription, services fee, training, books but also proprietary extensions

Marketing FLOSS is different. You need to clearly articulate your added value in the ecosystem. So you have to add value. (TTM, ROI, Integration, risk mitigation)
Prediction, by 2021, 100000 infrastructure core endpoints and 1B mobile endpoints and 20B MtoM endpoints.
Even more need to collaboration between the various communities.

I was expecting a bit more from such a presentation. Good for beginers, but lacks new thoughts on our ecosystem.

ReaR by Dag Wieers

I was particularly interested by this presentation as ReaR is a MondoRescue competitor, and Dag is mister rpmforge, mrepo, … so was really curious to attend it.

Rear provides a Disaster Recovery Workflow in bash. Its framework is easy to use and extend. It supports HP SmartArray, SW Raid, DRBD (not MondoRescue !), LVM, multipath, ext2,3,4, xfs, jfs, vfat. It supports tape, ISO, USB, eSATA, NFS, CIFS, rsync, HTTP, FTP, SFTP. It also provides back-ends with TSM, HP DP, Bacula, …

ReaR works on RHEL4,5,6. It’s shipped with SLES (the one distribution on which it’s tested).

It saves storage info and network info. It has local GRUB integration, serial console support, network and SSH key integration, syslinux management.

Dag then explained the use case of the Belgian Federal Police (HP-UX to Linux migration using Ignite before):
Developers prefered USB usage for flexibility instead of OBDR (also lack of OBDR support by latest HP HW). It manages labels on tape and USB devices. For this project, they support a central DR server with PXE boot and control the HTTP PUT upload with ACLs.
They provide a tool to detect when changes are needed to relaunch ReaR by cron.

In the future they plan to work on: better rsync support (like rsnapshot or rbme), more backup backends, PXE integration, code base reorganization, release process, website+doc, dev tools.

Dag made backup and restore demos.

I really liked the presentation. Dag is an excellent presentor, and has accomplished a huge work to improve the tool.If only I could also have some brilliant contributors like hom for my project !!

So after the presentation, I introduced myself to Dag, and we ended up talking together most of the evening during the dinner organized in a central place of Prague. We talked not only about DR, on which we share a lot of common ideas, but also about a large set of other topics, some of them HP related such as webOS future, … I like making new relationships during evens like LinuxCon as you end up talking with luminaries and that helps a lot enrich your own vision.

Some pictures of this event are available on Picasa.

The wow effect

2011/12/10

Sometimes, you read a news, and just found out that this is so great the only word that comes to your mouth is wow !

I must confess that since the last ten years I have not been that impressed by HP CEO decisions in the past. And especially recently. At that time I was thinking about WebOS: “Of course, in order to compete with Android, it would need to be Open Source IMO” and of HP: “HP needs to respect its willingness to really invest in R&D more as promised.” And I even concluded: “Even if I think that founders are leading their company with a unique perspective, there is no reason that another board and leaders can align and do the same. Maybe after re-reading the HP Way.

To be honest, even if I’m trying to reach a “Strategist” level inside HP, I’d never have thought to be so spotty !!

And then came the wow effect: HP to Contribute webOS to Open Source.

And the bonus effect: “Meg: There will be milestones along the way, but one thing I know about technology is that if you believe in something, you have to have a longer term horizon than next week, next quarter, or next year.

A CEO of a fortune 500 company is just saying that we need to think not only on a quarterly base, but *also* in term of years in technology. That’s a tremendous change, especially with regards to the Hurd period. Which makes me feel much more confident in HP’s ability to come back much stronger in the play after this cahotic year. That’s a fantastic evolution IMHO, for both HP employees and customers ! As this way of thinking will also serve other approaches in other BUs.

“Meg: Well first I want to set expectations about time frame. This is going to take some time. If you look back at the history of Mozilla or Red Hat — these things did not become giant platforms over night. This in my view is a 4 or 5 year timeframe, and I want to make sure we really communicate that.

We now are taking point of comparison with Mozilla or Red Hat. Wow again !! This also seems to reinforce the recent talk she made at HP Discover in EMEA, insisting on our roots as a hardware manufacturer. And I was already thinking that of course, using Open Source much more with our power of great hardware manufacturer, and one of the best service company could just place us as being really successful in the coming years.

So I’m really forced to change my mind on the conspiration theory, and deliver on what I said then: “open sourcing a technology helps driving the business in favour of the open sourcer, and doesn’t reduce it. Especially when the most costly part (the investment in R&D) has already been done.

So I promise that I’ll do all my best to help HP make this new Open Sourced WebOS successful as much as I can. And as a start, as I was so successful in my guess, I’m launching a new idea in the basket: HP should now contact the Tizen community (which has still not published its architecture diagram), as a member of the Linux Foundation, and propose them to join forces around webOS which exists, in order to add to it what Tizen wanted to get in such platform instead of re-inventing the wheel.

Let’s all work together for once, to have the biggest community behind a brilliant platform, which is now open source, and be here with a Linux based approach, as well as on the server side, the best offering for customers for tablets, phones, TVs, IVIs, …

As an example, I’d love to see some KDE apps available on top of WebOS, my favourite being tellico.

And in order to feast that, I’ve just accepted an enhancement request for project-builder.org to add as quickly as possible now !! My little stone to improve the ecosystem.

Never sure what the future will be, but this past decision is already a new reference point in IT history. Thanks Meg, Marc and all the others who helped obtaining that ! I can now be proud again of working at HP :-)

First Day at LinuxCon EMEA 2011

2011/11/09

First LinuxCon ever in EMEA this year !! I’m more than happy to see it at least on our continent, and was glad to be selected to give there a talk (after the one I had made in Brasil last year).

As every conference, this one is starting with keynotes.

Keynote on a world without Linux – Jim Zemlin (Linux Foundation)

Jim was celebrating here the 20 years of Linux. He looked at how would be the world without Linux and the answer as you can guess it is nowhere ! He underlined the high number of Android devices, bind on Linux naming the Internet, and he also looked at so;e quotes and predictions from Bill Gates/Steve Ballmer to show the evolution – from the caner up to Miscrosoft contributing to the Linux kernel this year ! He also used lots of video presented on the Linux Foundation Web site. Jim is absolutely partial, and that’s good to hear ;-)

Kernel Hackers Round table (Linus Torvalds, Paul McKenney, Alan Cox, Thomas Gleixner moderated by Lennart Poettering)

Some notes of that open discussion. Linus put emphasis on not breaking user space. He gave the example of the introduction of a 2.6.40 version instead of 3.0 to help some programs to remain compatible ! He underlined that breaking things on purpose should be avoided, and counter-examples were given of security issues that forced the kernel community to break the kernel ABI. Linus used to run an old a.out binary from years ago (COFF format) to ensure the compatibility level, even if it has not done so for some time now. Linus said that the Open Source approach makes modifications much more easy and allow to deal with kernel complexity better (contrary to common belief that would imply that managing such a large community without stritc rules and methods would be impossible.

The average age of the kernel summit participants is increasing of one year every year said Linus ;-) Which is linked to the maturity of the community, and the fact that it takes time to take over subsystems. There are lots of new contributors, including young ones, making very few changes. There is not really an age problem in their opinion. Thomas also added that you need a balanced aproach that only older people can bring in a project of that size and complexity.

Linus said that ARM made some stupid decisions and had a lack of standards until very recently, especially with regards to x86 where Intel is playing the game fairly. Kernel support for ARM is 10 times the size of Intel’s because of the need to support multiple variant. Which Linus is sad about as he thinks this is the most important platform outside x86. But they are getting better, Linus is much happier today than 6 months ago even if there is still work to do.

Linus mentioned that he runs 3 (three) FireWall to protect his environment ! And I thought I was paranoid zith my 2 ;-). About SMP he first said who cares ? Now zith the high number of cores everywhere, even in phones, it’s seen just as normal. So who cares about cgroups, VMM, … Well, some need it and are ready to pay for the penalty. And who knows how it will evolve.

At the end Linus said that he is trusting people sending patches not companies.

It’s always interesting to hear what these guys have to say, and anyway Linus is my hero ;-)

Tizen – Dawn Foster (Intel)

I was interested to hear what was behind Tizen just announced recently. I was a bit disappointed as no architecture has been validated yet, so nothing concrete to announce here :-(

Tizen is HTML5 based for application development and offers WAC API (favour code reuse across platforms/devices) and it provides a FLOSS ecosystem.
The first release is expected to be in Q1CY12.
The transition from Meego is possible, but Tizen is not a derivative from Meego, it’s a new project and some Meego maintenance activity for 1.2 is still planned. Compliance will also be reviewed compared to Meego and they want to have it less rigid.

Dawn said that they would rather publish what exists and is in place, rather than what was done with Meego (announces made too early).
She insisted on the various communities, and means of communication (IRC, ML, Wiki, …)

She gave the mic to a representative of the Mer project which goal is to take Meego code into a new direction (Core optimized for HTML5/QML/JS) (Cf: http://merproject.org).

The question around Qt availability is not clear now. Anyway once open sourced, the community could make it happen ;-)

As said earlier, the architecture is still not out, and should be really soon now. The devices targeted are Handset, TV, smart phones, tablets…
They want to align more the Governance model and the reality of the governance with regards to Meego.

So promising, but not yet concrete. Also remains to see the position of this new OS compared to Android and …WebOS ;-)

File and Storage Systems – Ric Wheeler (Red Hat)

Ric started by mentioning that Linux has a world class storage, supporting a wide variety of device types, and scales well (GB/s of IO, IOP increase for PCI-e, 100′s of TB).
So what’s wrong ? Well, e.g. keeping up with competition’s management platforms (VMWare in particular) especially around storage management. He underlined that standards around array offload functions are not driven by Linux companies. And that ease of use on Linux is still hard. Linux has several level of layers (MD, DM, LVM, FS, mount options)

Linux has powerful and sophisticated CLI tools, but no good library today to manage storage (no abstraction layer, typically around snapshoting e.g.).
Making things easier implies identifying common operations per use case, a common API, reducing the options of mount and mkfs, and avoid jargon (LUN, ALUA, barrier, …).

He then mentioned some ongoing projects:

  • Btrfs: single interface to LVM, RAID, ease of use.
  • Fsadm: keep the stack but provide a simple interface. (controls FS and LVM)
  • Standardized options between FS and kill dead options. Default options are critical
  • Oracle storage connect (Joel Becker) in python recently open sourced. GPL/Proprietary license for plugins from EMC/HP/…
  • Libstoragemanagement (Tony Asleson – Red Hat) under the LGPL and look for interesting contributors. similar to the Oracle project: a vendor neutral API to allow for storage array management (cloning, mirroring, snapshots, …).

There are vendor APIs: VAAI (vSphere API for Array Integration) and also work on automatic offload operations.
Ric took the snapshot example: btrfs do it at FS level, LVM at block dev, storage arrays at HW). Users should be able to choose.He also cited the copy example: for SCSI (SCSI token based copy offload) and NFS (in NFS4.2 as server side copy)

Ric has the art of making these complex topics very easy to understand by his abilty to syntheticly present them, and give a good overview of where we are and where we go.

I skipped the Mission impossible session, which I found not that interesting, after attending a couple of minutes, in contrast to a very promising title.

Freedom out of the Box! – Bdale Garbee (HP)

Impossible however to miss that one ! Bdale is another one of my FLOSS heros ;-)

Bdale started by explaining what the FreedomBox was: A personal server running FLOSS designed to create and preserve personal privacy, running on cheap power-efficient plug computer server that individuals can install in their own homes.

Political aspects as well as privacy aspects (who shares what with whom) were clearly explained and this was obvious that this new device is thus contributing to building a privacy-respecting federated alternatives to contemporary social networks.

As its cousin the OLPC, It favours mesh networking.
The software is based on the Debian project (focussing on freedom as well, being international, multi-architecture, and benefiting from a strong infrastructure). Bdale indicated that the future Debian stable should have everything to create a FreedomBox out of the box.

Bdale then described the FreedomBox Foundation (FBF) relying on 4 pilars (technology, user experience, publicity and fund raising with industry relations). Ease of use is central, as some pieces of software are complex to configure.
The FBF has now various Working groups, so contributors have plenty of areas to contribute to !

DreamPlug was first selected for the implementation platform (made by GlobalScale Technologies) using a Marvell Kirkwood (ARM on chip) processor with 512 MB of RAM + 2 GB of Flash + a 2 GB microSD card for the kernel and root FS + 2 x Gb Ethernet ports + Wifi + USB + e-SATA + SD socket + audio. Quite amazing in such a form factor !
The Marvell uAP chosen has some technical challenges (FW and driver outside of kernel tree – which probably won’t change in the future – user space tools were binary only, now GPL). They gave their modifications back for GPL u-boot (better late than never ;-)

How to trust first a Freedom Box ? A study is ongoing with Smartphones to facilitate initial key exchange (Stefano Maffuli). Debcamp before Debconf 2011 was useful to create a great community to work on various topics.
First application to appear could be a secure XMPP chat one

This topic, is a very sensible one currently, after the population move in arabic countries. Privacy should remain a concern of every day, as our freedom, not only in software, is precious, and technology should be here to help us reinforce it rather than alienate us. Bdale is supporting a great initiative, first of this type, and that should allow us in the future to have a real P2P Social Network, not control by a central entity.

The it was time for me to jump on stage:
FOSSology a GPL compliance tool – Bruno Cornec (HP)

FOSSology is still a unique tool, developped by a great team lead by Bob Gobeille (HP), and deserve that we pass time to advertise it. I made a status of the current versions and their features, calling for more contributions to enhance the platform. I was happy to meet with the dutch translator of the tool, and to have some interesting questions about SPDX support, leading to some animated talks !

The lack of web/ftp availability for the project, due to the Linux Foundation infrastructure is still hurting the project, as well as SPDX. Hopefully this shold be solved soon now.

12 years of FLOSS license Compliance: A historical perspective – Bradley M. Kuhn (SFC)

Bradley started by explaining the GPL quickly. He compared it to the US constitution.
He also explained how it works in theory and in reality, especially when people don’t respect it.
If social presure doesn’t work, you need to go to court for copyright enforcement (same as the MPAA !) but for good reasons. (at least we hope !)

GNU Emacs was the first GPL’d program and its copyright was never infringed.
GCC was the second. More interesting for proprietary SW companies. Next (the company) was the first GNU GPL violator (so Steve Jobs !!) with the Objective C front-end. Violation was resolved quickly with code publication.

GNU tar was used by lots of backup companies, which were also violating the GNU GPL. Sysadmin found them, and all but one violator came into compliance. Last GNU tar enforcement was mid-2002. The company decided to remove tar and rewrite it.

Nothing concrete for SFC to get from a court (money or injunction – already done – but no code, which is the ultimate goal)

Bradley then reminded the Linksys (Cisco) history with busybox (Erik Andersen) and Linux (Harald Welte). Compliance takes soooo long. In that case, Broadcom was the upstream. Source was finally released, but the driver remained proprietary (due to FCC policy prohibiting it). OpenWRT FLOSS project spawned from that release. Harald was frustrated by the time it took in the FSF to launch that action and he created gpl-violations.org in order to go to court earlier than what FSF was doing. He organised 8 lawsuits in Germany (2005-2008) getting mostly injunctions.

How to fund enforcements ? The violators should be paying. (The SFC had a compliance program costing 10kUSD per Software which is too expensive so doesn’t work).

He acknowledged that dual licensing (a la MySQL) is a corruption of the GPL.
SF Conservancy is helping Erik Andersen since mid-2006 with copyright enforcement (request queue is > 300 right now). Lawsuits become necessary. Goal is to settle with full compliance (get the source code). Money and injunction is a consolation price only.

He then explained how bad some OEMs are by not providing code to their customers and letting them be accused of violations.

He then talked about the build environment underlining that normaly the GPLv2 forces people to also release script to compile and also to install. The GPLv3 phrases it even better.

He advertized a lot FOSSology vs BlackDuck, mentioning anyway that it doesn’t solve the redistribution issue (which is a human task to do, where tool are just helping). He mentioned that there is a free software to scan binaries (didn’t give the name however).

He also mentioned that HP was a fair participant to the ecosystem, Scott Peterson (now at Google) being very responsive to his queries around compliance questions.

Another view, more centered around trials and legal actions, that have become a necessity to have our licences respected. I just hope I’ll never have to be involved in this myself, as it sounds like a lot of headaches in perspective !!

Some pictures of this event are available on Picasa, and I was so happy with my new Nikon D7000 which makes so great pictures in such difficult conditions. I’ll have a problem going back to the D70 now ;-)


Follow

Get every new post delivered to your Inbox.

Join 100 other followers