Posts Tagged ‘LinuxFoundation’

Speaking at LinuxCon EMEA 2014

2014/08/30

I received confirmation and support for my travel at LinuxCon EMEA 2014 which will be in Düsseldorf, Germany from the 13th to the 15th of October. I’m pretty proud to have up to now presented in all the european LinuxCon events since 2011.

I’ll again animate a round table on FLOSS Governance. I’m now contacting potential panelists for this one and should announce them soon.

But I’ll also have a technical session in parallel on a subject I’m working on at the moment, and should get interest as it is docker related: Multi-OS Continuous Packaging with Docker and Project-Builder.org.

Ok, so now I need to go back to my source code to make it work and publish it before the conf don’t you think so ? :-)

Last day at LinuxCon NA 2014

2014/08/27

Today the keynotes were dedicated to Openness and Hardware. The first was from a company, Makerbot, which spoke a lot about Openness, but that I saw more as trying to sell their 3D printers, rather then anything else :-( I even learned later from an attendee that they even tend to block innovation with their patents ! So maybe the LinuxFoundation should take care of not “giving” opportunity to such actors to speak to an Open Source audience if their state of mind is nearer from the closed source business. Having a community sharing 3D design doesn’t sound sufficient to me.

Jonathan Kuniholm

The second keynote was on the topic that even is 3D printing is such a hype at the moment, disallowed people still have a hard time finding useful prothesis, modern ones, les expensive ones, or building their own. I really encourage you to listen to Jonathan Kuniholm (the keynote doesn’t seem to be online, but TED provides one very similar). This was puzzling for me to see how few technology is helping people like him :-( So I think that if you have time, you should look at helping his initiative at openprosthetics.org/ rather than inventing yet another piece of software just because the existing one doesn’t happen to please you.

IBM Keynote

Finally we had the “usual” IBM keynote, showing how Linux on Power was great, and presenting the foundation built around it. But if you look at uses cases, you see that most of them are academics, where probably the hardware was given so it weakened the talk IMO. Of course, I’m working for a competitor, so I’m not completely neutral here. Anyway having a portable Linux is extremely important, but I think it will reveal its capabilities on x86 (well it has of course!) or ARM. It had on Itanium or Sparc or Power (Linux can enable them) but the problem is that market doesn’t want such high-end platforms anymore, as they were representing a closed approach even if that has changed since. Openness is what allows mass distribution today (in processors as those mentionned, or software as Android and hopefully Linux on the desktop ;-))

UEFI Summit

After the break, I passed my day in the UEFI mini-Summit. The goal was different from last year PlugFest during LinuxCon. Instead of targetting developers, the goal was to expain the technology to potential and existing Linux sysadmin or devops. And I think it went pretty well with regards to demystifying how UEFI works woith Linux, including SecureBoot and brought back the discussion at a technical level rather than an emotional one.

An introduction talk by Dong Wei, HP served as positioning the UEFI Forum, the various groups in it (with the inclusion of ACPI), the history of UEFI, current status, and helped put everybody at the same level.

Q&A session

After that we had a (always too short IMO) round table were the audience was given the possibility to ask questions to the panelists. And there were very tough questions asked around the usefulness of UEFI, the lockdown brough by SecureBoot, … and everytime clear and honets answers were given showing why UEFI is useful, why SecureBoot help increasing Linux security without restricting users possibilties and control over their platform. All in all a lot of myths were just addressed during that Q&A session which was really interactive.

After that, we had more formal presentations:

  • UEFI Secure Boot – Strengthening the Chain of Trust – Jeff Bobzin, Insyde Software & Kevin Lane, HP
    This session was mainly about how Secureboot is working from a technology perspective, and the various solutions existing with Linux and its boot loaders to use it, benefit from it as it really increase security by providing a chain of trust from firmware up to the kernel+intrd booted, with either standard UEFI keys or its own ones.
  • Jeff Bobzin & Kevin Lane

  • UEFI Test Tools for Linux Developers – Brian Richardson, Intel & Alex Hung, Canonical
    This session was on FWTS from Canonical which provides a UEFI firmware and ACPI test suite, used alot by manufacturers to check the conformity of their platform with the UEFI and ACPI specifications. Chipsec and LuvOS were also covered which provides other areas of test with regards to respectively security and an integrated Linux distribution calling all these tools and more, both developed by Intel.
  • Brian Richardson

  • Building ARM Servers with UEFI and ACPI – Dong Wei, HP & Roy Franz, Linaro
    This session was to give a status on UEFI support for ARM architecture, and was pretty interesting for me as I had no clue on where we are on this domain. And it seems they are catching up with Intel Architecture now and should be at parity very soon. ACPI is still less advanced, but will be there for ARM servers as requested by customers, whereas device tree will probably remain what will be used on nn server platforms.
  • Dong Wei

  • Self-signing the Linux Kernel (the hobbyist approach) – Zach Bobroff, AMI

    This last session was IMHO the best of the serie, because it was demo oriented (and I like demos !) and more over, it just worked !! The goal was to show how to register its own key used to sign its own kernel with SecureBoot, and rebooting a machine with and without key loaded to demonstrate the increased security brought by that mechanism. Was very clear and illustrative of what was described during the first session of the mini-Summit by Jeff and Kevin. Zach did an excellent job explaining each step and provided great details on how all that works, and finally showed to the audience that we shouldn’t be afraid of the feature, because we have the possibility with the shim bootloade to use our own keys without issue.
  • Zach's pres

You can listen to all these presentations at the UEFI web site. And I think it’s worth doing so for those who still have questions on the SecureBoot topic, as it will enlighten you and remove and barrier you may still see there.

UEFI Summit end

The event was then over, so it was time to benefit from my speaker gift, which was the possibility to use a boat and have a cruise around Chicago, which I did with Dong and it was a very good idea from the organizers to offer that gift. Hope the pictures will give ou a good idea of how we enjoyed it.

Second day at LinuxCon NA 2014

2014/08/23

Well I missed the first keynote this morning, not on purpose, even it was a Cisco one ;-) As Chicago climate was “foggy” I think I didn’t missed anything.

S. Hykes keynote

The second I didn’t want to miss was made by Solomon Hykes on Docker (which, as he rightly said, is the word you can’t miss on the Internet nowadays)
His topic was Docker explained through the ground reasons of its creation perspective. It was interesting to see his ability to step back and have a clear look on all the ways people are using his software, identify them through clear use cases, and looking forward on what his community still has to do in order to cover all the use cases he mentionned. I was pretty impressed by his vision, his humble but decided attitude, his optimism. I think our FLOSS ecosystem as clearly a new star here.

Solomon Hykes

And that’s probably among the reasons why the project is so successful. As I wanted to share my my HP colleagues how much I was impressed, I asked to him after the keynote whether he would accept to be one of our TuXTalk speaker for our FLOSS Profession, and to my surprise he accepted right away. Staying as accessible as that is for me another proof we have a new great flagship thinker. I really look forward listening more lenghtly to his thoughts and of course working with docker as such a clever person has for sure created a clever project ! My revelation of the week.

The last Keynote was from Dirk Hohndel from Intel. He stand up instead of the original Intel speaker who had an issue, and didn’t reused his material but used the 20 minutes of the talk to freely talk about two subjects: IoT and the Cloud (that being warned the day before).

Dirk Hohndel

He made a pretty funny talk, gathering easily the devs and devops in the room saying that “The Internet was made of things way before marketers get hold of it” or putting emphasis on us as a community rather than on corporations, or ditching the wireless network of the vent (which BTW was flacky indeed). He used that trick to made it easier for him to have adhesion of the audience, which he got. But at the end he passed few messages: one around the need of an Enterprise Group for OpenStack which was created, and another one around Intel promoting a new open standard and open source implementation for discovering and managing devices part of the IoT. More at openinterconnect.org. But don’t expect too much, as there is only 5 companies involved for now. I’m a bit afraid it could become like wimax in the past. But ok, it was an entertaining talk, and rather good due to the lack of preparation.

I then attended a talk from Linda Wang, Red Hat on Docker usage in Enterprise. I was rather disappointed as it remained a high level presentation without too much concrete. I’d have expect more here. The only interesting aspect was the analogy of docker with appartments in a building vs houses for VMs (cgroups being control of electricity, water, …) and the mention of Kubernetes, a container orchestration & management tool from Google.

Anita Kuno

As I had appreciated Anita Kuno’s talk at LCA this year I then chose to hear her again talking this time about OpenStack Technical Governance.

And while I knew already quite a lot, I leanred some interesting details about the roles and mechanisms around +1, +2, PTL, Technical Comitee, ATC, the election procedure and its Condorcet method. In particular she explained very well the difference between an OpenStack project (git repo) and an OpenStack program (entity recognized by TC, with a PTL, a mission statement)

With some examples around the theoritical definitions, this will become a very good talk people interested in FLOSS governance should listen to. And to stay around OpenStack, after the lunch, I then passed the rest of the afternoon in the HP Helion Workshop, delivered by Mark Dunnett from HP and coordinated by Sisi Chen from HP.

HP Helion Workshop

While I knew already quite a lot about the topic, I learned some additional details that I wasn’t aware of, which was the goal for me to attend, as well as to network with my Helion peers !

Mark passed in my opinion a bit too much time on the reminders around OpenStack, especially for the audience around.

He then detailed precisely the differences between HP Helion OpenStack Community and HP Helion OpenStack (why are our marketing guys making it so difficult to just understand stuff by not adding Enterprise to the last one is out of my understanding, and out of the one of many customers I’m interacting with). He thus underlined in the Community edition vs the Enterprise edition the support of KVM vs KVM + ESX (vCenter needed), the 6 weeks release cycle vs Quarterly release e.g. He also talked about the VXLAN support, Icinga addition and ESX proxying in the enterprise version (again my terminology, not HP’s). And our work on the TripleO and Ironic Programs (thanks Anita !), and their usage in all HP Helion OpenStack versions.

Mark Dunnett

He introduced a new component called sirius for the deployment of our storage systems, I ignored (and thus isn’t in the slideset referenced earlier yet). And explained more precisely than my slides how the HA environment is done with ha-proxy and keepalived added in overcloud controler, longside XtraDB for MySQL and RabbitMQ cluster.
And he contrates with the role of the Overcloud management controler which provides in addition some nova, ceilometer and sherpa services (in non-HA mode).

Finally he gave details on the embedded applications provided such as

  • the Distributed Virtual Router (DVR) for ovs available to ease east-west traffic between VMs, solving a performance issue and dependency on the network controller, being a SPOF. The DVR will also ease north-south traffic for floating IPs.
  • The L2 Gateway which adds mapping between VXLAN and VLAN (which are not able to communicate otherwise) using HP Network switch 59xx

The workshop should have contained a demo which would have made more concrete and real all the concepts seen and show the added value thatHP brings here by making the installation and preconfiguration of all these components just an easy task that every devops or sysadmin can perform to have a quick OpenStack distribution running. However, the demo had an issue and we weren’t able to go very far. Too bad as this is IMO key in such a workshop. Hopefully next version won’t have that issue.

Anyway A very good entry point for understanding our OpenStack based cloud offering, and I look forward working with them to replicate it in EMEA for our customers.

Free HP Helion Workshop during LInuxCon 2014 in Chicago this week

2014/08/16

While I was reviewing my calendar for next week LinuxCon AMA 2014 in Chicago, I found out that a new workshop was proposed during the week. This is on HP Helion OpenStack

And I received also an internal mail talking about it. So first I registered :-) and then I thought it would be a good idea to advertize it through this blog.

It will be held the 21st of August in the afternoon, so feel free to come and learn or share your OpenStack knowledge with our experts. All the details haven been published in that article.

Now time to finish my vacation in Croatia, drive back to France and and catch the plane on monday to be in Chicago and enjoy all the sessions !

Open Source Governance Roundtable at LinuxCon North America 2014 in Chicago

2014/07/18

I wasn’t expected to be there this year, but finally one of my proposal which was on waiting list was accepted, so I’m able to be back again this year !

I’ll animate a round table on Open Source Governance during the upcoming LinuxCon in Chicago ! I really need to thank the HP Open Source Program Office and the HP EG Presales management which are funding my travel there ! Without their support, it would not have occured.

The goal of this round table is to share the latest news in the area of Open Source Governance.
Topics covered will include:

  • Status on SPDX, LSB, FHS
  • licenses (e.g: analysis, new comers, usage example),
  • tools (e.g: license analysis, software evaluation, reference web sites),
  • best governance practices (e.g: return of experience, distribution adoption of tags, portability)

I think I’ve one of the best panel that could be gathered in the US around this topic:

  • Eileen Evans, VP & Deputy General Counsel of Cloud Computing and Open Source, HP
  • Bradley M. Kuhn, President & Distinguished Technologist of Software Freedom Conservancy
  • Gary O’Neall, Responsible for product development and technology for Source Auditor Inc
  • Tom Callaway, University Outreach & Fedora Special Projects, Red Hat

So don’t hesitate to come and attend this session, which will be, I’m sure, enlightening and informative on the latest hot topics in the area of Open Source compliance, governance and licenses.
And if you want to talk with me on anything MondoRescue, Project-Builder.org, UEFI, HP and Linux or early music, I’ll be around during the full event. See you there.

Soon back in the air and on the roads…

2014/04/17

There will be possibilities to meet with me in some exotic places (at least for me as I never travelled there before in May !

I’ll first be in Wien, Austria, early May but that’s to celebrate somewhere my 50th birthday (half a century as my kids like to call that ;-)) and during vacations so won’t talk something else than early music or rchitecture and pictures of the nice building over there !!

But after that, I’ll attend the UEFI plugfest in Seatlle again, and be in charge of managing the interface between Linux distributions and HP. So if you plan to attend, and want to test your Linux distribution on nice shiny UEFI hardware platforms, feel free to contact me so we can organize that meeting over there.

The week after that I’ll be in Japan to present again during a LinuxCon event ! I’m very lucky first to be retained as a presenter to talk another time about Mageia. And then to be sponsored by our VP & Deputy General Counsel, Cloud Computing and Open Source Eileen Evans who is leading HP’s Open Source Program Office and allowing me to attend.

So feel free to drop me a mail if you want to chat about any topic I can decently talk about such as Disaster Recovery and Imaging or Continuous Packaging and some other surely HP related !

See you there.

Gouvernance informatique: Il est temps d’y intégrer l’Open Source

2014/01/24

Dans le cadre de mes activités pour le Conseil des technologistes d’HP France, j’ai écrit un article pour le Webzine IT experts sur la l’intégration de Open Source et la gouvernance informatique disponible sur http://www.it-expertise.com/gouvernance-informatique-il-faut-integrer-lopen-source/. Un grand merci à Aurélie Magniez pour m’avoir aidé à faire cette publication.

Ci-dessous, une version légèrement modifiée qui tient compte de retours et rétablit certaines formules auxquelles je tiens, quoique moins journalistiquement correctes et certains liens (jugés trop nombreux par le Webzine, mais je tiens à citer mes sources, et Tim Berners-Lee ne les a pas inventés pour que l’on ne s’en serve pas non ? :-))

Bonne lecture !

Aujourd’hui en 2013, toutes les entités, publiques comme privées, en France, comme partout dans le monde, utilisent massivement des Logiciels Free, Libres et Open Source (abrégé en FLOSS (1)). Quelques exemples de cet état de fait sont fournis par la Linux Foundation, comme les 600 000 télévisions intelligentes vendues quotidiennement fonctionnant sous Linux ou les 1,3 millions de téléphones Andoïd activés chaque jour. Le dernier rapport de top500.org, présentant les super-calculateurs mondiaux, indique une utilisation de Linux à 96,4%. Des sociétés ayant aujourd’hui un impact quotidien sur notre environnement numérique telles que FaceBook ou Twitter ont non seulement bâti leur infrastructure sur une grande variété de FLOSS, mais ont aussi publié de grandes quantités de code et des projets complets sous licence libre. Ceci concerne aussi des acteurs plus classiques du monde de l’informatique comme HP ou IBM.

Ceci peut sembler normal, car on évolue là dans le monde du numérique, mais le phénomène touche tous les secteurs comme le montre une récente étude de l’INSEE, qui reporte que 43% des entreprises françaises d’au moins 10 personnes utilisent des suites bureautique FLOSS ou encore que 15% des sociétés de construction utilisent un système d’exploitation FLOSS par exemple. Cette large adoption se trouve corroborée par le développement de la filière FLOSS en France, comme rapporté par le CNLL, représentant en 2013 2,5 milliard d’Euros et 30 000 emplois.

Enfin, le secteur public n’est pas en reste avec la publication en septembre 2012 de la circulaire du premier ministre qui reconnait la longue pratique de l’administration des FLOSS, et incite celle-ci, à tous les niveaux, à un “bon usage du logiciel libre”, ce qui se vérifie dans certains ministères comme celui de l’intérieur ou de l’économie. Le ministère de l’éducation nationale a ainsi déployé 23 000 serveurs EOLE sous Linux et utilise de nombreux projets FLOSS pour la gestion multi-fonctions (réseau, sécurité, partage) des établissements scolaires.

Services impliqués dans la gouvernance FLOSS

Dans ce contexte d’utilisation généralisée, se posent certaines questions quant à la gouvernance particulière à mettre en place ou l’adaptation de celle existante pour accroître l’usage, la distribution, la contribution au FLOSS, tant pour les fournisseurs que pour les utilisateurs de ces technologies. En effet, les FLOSS ont des spécificités tant techniques qu’organisationnelles (rapport à la communauté, méthodologie de développement, licence utilisée) qui ont un impact sur la façon de les gérer dans une entité. La Gouvernance Open Source, aujourd’hui, doit donc être partie intégrante d’une Gouvernance Informatique.

Contrairement à ce qu’une rapide analyse pourrait laisser penser, ce n’est pas uniquement le service informatique qui est concerné par l’utilisation des FLOSS. Celle-ci touche la totalité de l’entité et le modèle de gouvernance doit donc être adapté en conséquence. En effet, le service des achats se voit souvent court-circuité par l’utilisation de composants logiciels téléchargés et non achetés en suivant les procédures qu’il met en place, le service du personnel ne dispose pas de contrats de travail statuant sur les contributions des employés à des projets FLOSS (ne parlons pas des stagiaires ou co-traitants), le service juridique doit apprendre à distinguer la licence Apache de la GPLv2, ou v3, le service de propriété intellectuelle considérer si telle modification faite à un projet FLOSS peut ou doit être reversée au projet, et dans quel contexte, voire le PDG évaluer, lors d’une scission de sa société en différentes entitées juridiques, l’impact représenté sur la redistribution de logiciels faite à cette occasion et le respect des licences utilisées. Ce ne sont que quelques exemples des questions auxquelles les entités doivent répondre dans le cadre d’une Gouvernance Informatique intégrant les FLOSS.

Ceci n’est pas un débat oiseux: il y a eu maintenant trop d’exemples allant jusqu’au procès et sur des problématiques de non-respect des licences FLOSS pour que les entreprises et services publics ignorent le problème. Les conséquences tant financières que sur leur image de marque peuvent être très importantes et causer des dommages beaucoup plus graves que ne le représente la mise en conformité (qui consiste le plus souvent en la seule publications des codes sources modifiés).

Il ne s’agit pas ici d’énoncer des éléments qui tendraient à restreindre l’utilisation des FLOSS dans une entité. Au contraire, les bénéfices de leur utilisation sont aujourd’hui trop évidents, la baisse des coûts induite par la mutualisation, les gains technologiques d’avoir des souches logicielles si versatiles et éprouvées doivent juste s’accompagner des mesures de gestion nécessaires pour en retirer tous les bénéfices annoncés. L’analyse des risques fait partie des choix quotidiens exercés au sein d’une entité et de même que pour une démarche qualité, l’impulsion doit venir du sommet de la hiérarchie de l’entité. Celle-ci doit soutenir la création des instances nécessaires à l’établissement d’une gouvernance FLOSS en leur donnant le pouvoir requis et l’interaction avec les différents services de l’entité.

Composants d’une gouvernance FLOSS

Tout d’abord, il s’agira de développer la compréhension de l’écosystème libre au sein de l’entité pour en appréhender les spécificités.

La première d’entre elles est la licence gouvernant les FLOSS. Comme pour toute utilisation d’un logiciel, ou d’un service, un utilisateur se voit décrit ses droits et ses devoirs au sein de ce document. Ceux-ci diffèrent selon que la licence est permissive (type Apache v2 par exemple), qui permet une utilisation (y compris pour des développement non-FLOSS) et une redistribution avec peu de contraintes (mentions légales et paternité par exemple). Elle permet ainsi à des sociétés de vendre des versions propriétaires d’Andoïd distribué sous Licence Apache v2 embarquées dans leurs téléphones portables. C’est ce qui permet de considérer cette licence comme “libre”. En regard on donnera également l’exemple des licences de gauche d’auteur (copyleft en anglais, type GPL v2 par exemple), qui permettent une utilisation tant que le logiciel distribué s’accompagne des sources (éventuellement modifiées) servant à le fabriquer. Elle permet à des projets comme le noyau Linux d’être développé par des milliers de développeurs tout en restant toujours accessible dans toutes ses variantes par la mise à disposition de son code source, dû à cette contrainte. C’est ce qui permet de considérer cette licence comme “libre”. Simplement les libertés sont vues ici sous l’angle du projet (qui le reste ad vitam aeternam) plutôt que sous celui de l’utilisateur comme dans l’autre cas. C’est la raison pour laquelle toutes ces licences sont considérées comme Open Source par l’OSI.

Une entité doit donc choisir les briques FLOSS qu’elle souhaite utiliser en fonction de l’usage prévu pour respecter les droits et devoirs d’usage codifiés dans les licences (ni plus ni moins qu’avec une offre non-FLOSS), sachant que, dans la plupart des cas, l’élément déclenchant l’application de la licence est la distribution du logiciel. Ainsi une société peut parfaitement utiliser un logiciel sous licence GPL v2, y faire des modifications et ne pas les publier, tant que l’usage reste interne à sa structure juridique (cas fréquent en mode utilisation de logiciel dans un département informatique). En revanche, si elle l’incorpore à un produit qu’elle commercialise, elle devra juste se mettre en conformité avec la licence et fournir en parallèle du produit un acccès aux dites sources.

Ceci n’est finalement pas si compliqué, eu égard aux gains énormes qu’elle peut en retirer en bénéficiant d’une brique logicielle éprouvée qu’elle n’a ni à développer, ni à maintenir. Dans tous les cas, il est important que son service juridique ait une compréhension des droits et devoirs des licences utilisées pour apporter le conseil requis, comme lors de la signature de contrats avec tout fournisseur.

On le voit, la formation du service juridique est à la base de la mise en place de toute gouvernance. D’autre part, il faut organiser au sein de l’entité la mise en relation entre ce service juridique et les équipes de développement. Non seulement pour qu’elles apprennent à se connaître, mais aussi pour qu’elles échangent sur leurs besoins réciproques et qu’elles comprennent comment chacune cherche à protéger l’entité pour laquelle elle oeuvre. Les uns le faisant eu égard au respect des règles de droit, ce qui comprend l’explication envers les développeurs des licences libres, les autres eu égard au mode d’utilisation des composants techniques spécifiques des équipes de développement.

Personnellement, en tant qu’ingénieur de formation, il m’a été très bénéfique de discuter avec divers avocats spécialistes des licences libres, pour mieux comprendre leur volonté de protéger l’entreprise pour laquelle ils travaillent et comment ils devaient le faire dans ce contexte. Et réciproquement, je sais que les informations techniques et exemples parfois complexes d’agrégats de composants logiciels les aident en retour à mieux tenir compte des cas particuliers qui peuvent se faire jour. La communication sur ce sujet doit dépasser dans l’entité les structures classiques et fonctionner comme une communauté.

Du reste, la seconde spécificité du logiciel libre est le fait qu’il est développé par une communauté de personnes partageant un intérêt pour ce logiciel. Il en existe de toute taille (d’un développeur assurant tout, jusqu’à plusieurs centaines de personnes comme les larges fondations comme Apache ou OpenStack). Etudier une communauté avant d’utiliser le composant libre qu’elle produit est une bonne pratique pour avoir des informations sur sa vitalité, son organisation, sa feuille de route, en plus des caractéristiques purement techniques du composant. Certains sites comme Ohloh peuvent aider à se forger une opinion dans ce domaine, pour les projets suivis. De même qu’il peut être alors pertinent de se poser la question des modes de contributions en retour. Cela peut consister en des correctifs, du code apportant de nouvelles fonctions, de la documentation, des traductions, une animation de communauté, de l’achat de prestation intellectuelle auprès de professionnels oeuvrant sur le composant ou un soutien financier à l’organisation d’un événement permettant le rassemblement physique de la communauté. Certaines entreprises, comme la Compagnie Nationale des Commissaires aux Comptes témoignent de leurs contributions en retour envers un projet tel que LibreOffice.

Comme précédemment, chacun de ces aspects pourra faire l’objet d’une étude dans le volet Open Source de la Gouvernance Informatique. On notera que la gestion de la proprété intellectuelle sera à considérer tout particulièrement pour les contributions sous forme de code, et en liaison avec la licence utilisée. Mais cet aspect peut aussi avoir un impact sur les contrats de travail des employés, des co-traitants, des stagiaires, afin de déterminer sous quelles conditions leurs contributions sont autorisées.

Encore une fois, il s’agit d’inciter les entités utilisatrices de logiciels libres à ne pas se contenter d’être de simples utilisatrices de FLOSS, mais à être actrices de l’écosystème et à contribuer à leur tour à l’améliorer en s’intégrant dans les communautés. Le dynamisme actuel autour des FLOSS est le fait du soutien très actif de nombreux utilisateurs. Pour ne citer qu’un exemple, on regardera la synergie créée autour du projet GENIVI par ses 120+ membres, dont de nombreuses sociétés hors secteur informatique.

Enfin la dernière spécifcité du logiciel libre est la méthodologie de développement utilisée par la communauté. Quoiqu’elles soient toutes attachées à l’accès au code, elles varient énormément d’un projet à l’autre, en fonction de sa taille, de son style de gouvernance, des outils utilisés et de son historique. Mais il est important pour une entité qui souhaite interagir avec une communauté d’en comprendre la culture. Si le noyau Linux a une méthodologie organisée autour d’un “dictateur bénévole” (Linus Torvalds) qui prend les ultimes décisions et de ses lieutenants, nommés, en qui il a toute confiance pour prendre les décisions concernant une branche de développement, d’autres projets comme OpenStack cherchent à adopter le mode le plus “méridémocratique” en procédant à l’élection des représentants techniques des branches du projet par les développeurs, et à celle des représentants au conseil d’administration par la totalité des membres de la fondation, quels que soient leurs rôles. Le processus d’intégration continue d’OpenStack implique des étapes précises pour y ajouter un patch par exemple. Cela nécessite d’abord une application sur l’arbre courant sans erreur, avant de devoir recevoir deux votes positifs puis de satisfaire le passage de l’ensemble des tests automatiques prévus. Et ceci s’applique aussi bien aux représentants techniques des branches du projet qui proposent des centaines de patches par an, ou au contributeur occasionnel faisant une modification mineure de documentation. En revanche, celui qui souhaite soumettre une modification sur le noyau Linux devra passer par des listes de diffusion où les échanges peuvent parfois se révéler vifs, et s’adapter aux desiderata potentiellement différents des mainteneurs de branches.

Bonnes pratiques de gouvernance FLOSS

Face à tous ces aspects de ce monde foisonnant, certaines bonnes pratiques simples peuvent permettre aux entreprises de faire les bons choix et de s’assurer une utilisation optimale des FLOSS en en tirant le meilleur profit sans mettre à risque leur bonne réputation par des actions mal vues des communautés.

Une première bonne pratique peut consister à créer un comité Open Source. Par exemple, pour un grand groupe, il peut être utile pour la direction générale de nommer des représentants des différents services (achats, ressources humaines, informatique, technique, juridique, propriété intellectuelle) pour définir la politique à mettre en place. Ce comité devra se réunir régulièrement, tant dans la phase de définition de la partie Open Source de la Gouvernance Informatique, qu’ultérieurement pour la réviser sur la base des retours des utilisateurs et l’évolution de projets. Il devra également avoir les moyens associés à ses missions. Un groupe de travail du Syntec Numérique a développé, pour les aider dans cette activité, des contrats types pour leurs fournisseurs, leur demandant de préciser avec leur livraison logicielle, l’inventaire exhaustif des licences utilisées. Une présentation sur les contrats faite au sein de ce groupe pourra être aussi consultée avec profit. La FSF France propose aussi des avenants de contrats de travail type pour les employés contribuant à des projets libres, et l’AFUL des modèles économiques et financement de projets FLOSS ou de communautés. Il sera ensuite facile de donner des missions et des pouvoirs plus étendus à ce groupe de personnes quand l’utilisation des FLOSS augmente. Dans le cadre d’une PME, un correspondant FLOSS sera sans doute suffisant (comme il peut y avoir un correspondant sécurité ou CNIL), tâche qui pourra même être sous-traitée à des sociétés specialisées dans le domaine.

Une fois le comité/correspondant nommé et la politique FLOSS établie, il faudra prévoir des cycles de formations. D’une part pour le service juridique pour le cas où il manquerait de compétences sur le domaine spécifique des licences libres. La société Alterway propose par exemple une formation par un juriste pour des juristes. D’autre part, en interne, auprès de l’ensemble du personnel pour expliquer cette nouvelle politique FLOSS.

En parallèle, il est important d’avoir une vision précise de l’utilisation actuelle des FLOSS dans son entité. Notamment pour vérifier que leur utilisation est conforme aux licences sous lesquelles ils sont utilisés. Les non-conformités sont plus souvent dûes à la méconnaissance qu’à une réelle volonté d’enfreindre les licences. Cette tâche peut paraître fastidieuse de prime abord, mais elle est à mon sens fondamentale pour se prémunir, en particulier si votre activité vous amène à redistribuer du logiciel à vos clients. Heureusement des outils existent pour automatiser ce travail d’inventaire et faciliter l’analyse des licences utilisées. Le premier à recommander est libre: FOSSology a été développé par HP pour son utilisation interne, puis rendu libre en 2007 sous licence GPLv2. Il collecte dans une base de données toutes les meta-données associées aux logiciels analyés (il peut traiter des distributions Linux entières sans problème) et permet l’analyse des licences réellement trouvées dans le code depuis une interface Web. De nombreuses entités outre HP comme Alcatel-Lucent, l’INRIA ou OW2 l’utilisent, y compris pour certains, en couplage avec leurs forges de développement. Mais son accès libre et sa facilité de mise en oeuvre ne le réserve pas qu’aux grands groupes et il devrait être systématiquement utilisé comme complément naturel d’un gestionnaire de source, ou d’outillage d’intégration continue. En complément, des outils non-FLOSS peuvent également aider à ce travail d’inventaire en donnant accès à des bases préétablies de composants connus et déjà inventoriés et fournissent de nombreuses autres fonctions. La société française Antelink, émanation de l’INRIA, a développé une grande expertise dans ce domaine et a couplé son outillage avec FOSSology. D’autres acteurs tels que Blackduck et Palamida ont également un outillage complémentaire à considérer.

On pourra de plus prévoir ultérieurement un mode de déclaration des usages de FLOSS, voire, si les requêtes sont nombreuses et régulières, créer un comité de revue spécifique en charge de les évaluer et de les approuver.

Enfin certains documents de référence tel que le Guide Open Source du Syntec Numérique, les fondamentaux de la Gouvernance des logiciels libres, la vision des grandes entreprises sur la gouvernance et maturité de l’Open Source et le site de référence FOSSBazaar pourront permettre un approfondissement des sujets évoqués et donner des bonnes pratiques additionnelles quant à la mise en oeuvre d’une gouvernance Open Source.

Et pour ceux qui souhaiteraient être accompagnés dans la démarche, des sociétés telles que Smile, Alterway, Linagora, Atos, Inno3 ou HP disposent de prestations d’aide à la mise en oeuvre d’une gouvernance Open Source. Mais que vous le fassiez seuls ou accompagnés, il est temps et j’espère que cet article vous aura donné quelques clefs pour intégrer l’Open Source dans votre politique de Gouvernance Informatique.

(1): Dans tout ce document, on utilise le terme de FLOSS comme terme générique recouvrant aussi bien la notion de « logiciel libre », « Free Software » qu’« Open Source », tout en sachant que des nuances existent.

First UEFI PlugFest for Linuxers

2013/10/31

After the 3 days dedicated to LinuxCon US 2013 in New Orleans, it was time to contribute to the UEFI Plugfest organized for the first time as a co-located event.

So what is a UEFI plugfest ? Well it’s a place where hardware manufacturers and software producers meet to check the compatibility of their implementations with regards to UEFI. So Every hardware manufacturer brings some systems, sometimes early units or prototypes, and try them with the latest operating systems available to find out potential issues, some other bring cards to see whether their UEFI driver works fine on computer manufacturer and operating system producers want to try their latest version on these often brand new systems.

UEFI PlugFest

I think it was a brilliant idea to mix the 2 populations for multiple reasons:

  • UEFI members were for sure impressed by the technical knowledge floating around, and employed in such an open fashion, which is not the standard way of working of this standard body.
  • Linux kernel members could exchange with manufacturer representatives of UEFI systems which definitely helped reducing all the FUD around this technology, in particular Secure Boot. They also had the opportunity to test some not yet available hardware platform to ensure their distributions/drivers/tools were working fine or fix them if that wasn’t the case

UEFI PlugFest - Samer El-Haj-Mahmoud, HP

So in the HP area, under the lead of Dong Wei who is UEFI Forum Vice President and HP Fellow, we tried with 2 colleagues various Linux distributions (and even Windows, but not me !) on the 4 systems that were around. And some findings were interesting !

UEFI PlugFest - Dong Wei, HP

  • Debian 7.1 had grub issue at boot and we were not able to install it
  • Mageia 3 has no UEFI support yet and we were not able to install it easily. However, support is planned for Mageia 4, and some info have been published recently to detail how to perform UEFI based installation.
  • Ubuntu 13.10 provides all what is needed to install in a UEFI compliant environment, thanks to their documentation. We were also able to test SecureBoot with success with their version of Matthew Garrett‘s shim bootloader, signed by Microsoft. They are also working on an interesting tool: FWTS aka Firmware Test Suite, which should be adopted by all distributions IMHO in order to have (for once !) a single tool able to perform firmware compliance tests for a Linux environment. Easy to use, pretty comprehensive, reports lots of useful info. Too bad that they are not providing their certification tools online anymore :-(
  • OpenSUSE 12.3+ again has what is needed for UEFI support. Same mechanism with a shim bootloader, but this time signed multiple times by Microsoft and SUSE. However, this requires a more recent implementation of the UEFI specification, which wasn’t the case on all our system during this event. SUSE provides in particular an excellent documentation on UEFI support, including the possibility to sign its own kernel with pesign in order to use it with SecureBoot.
  • Fedora 19 provides mostly all what is needed. Install worked in UEFI mode without problem. We used the updated version of the shim and shim-unsigned packages from Fedora 20 in order to avoid some issues. However, the multisign issue met with OpenSUSE was also encountered here. More over, Fedora doesn’t provide a good documentation yet for signing your own kernel, which was reported upstream and could benefit from this article. Also the usage of mokutil is broken and should be fixed for Fedora 20.
  • UEFI PlugFest - Samer El-Haj-Mahmoud, HP

    We also got visited by two Kernel Maintainers Greg Kroah-Hartman and James Bottomley who even tried some of his tools on our systems.
    UEFI PlugFest - James Bottomley, Parallels - Neill Kapron, HP

    Note that Some USB keys even correctly formated didn’t boot correctly on some platforms so if you encounter this issue, try using another USB key.

    Finally I made some tries with MondoRescue on the Last Fedora distribution installed. I thought the work done to support EFI on Itanium would be sufficient, but there are some detection problems for the boot loader in mindi need to be solved and are now tracked upstream as well.

    And on top of all what I was able to learn working with my 3 colleagues, I was pointed to a very instructive article from Ken Thomson on Trusting Trust, I hadn’t read before (and I encourage you to read it), following discussions on Secure Boot. And we had a very nice dinner downtown, a walk through Bourbon Street
    Bourbon Street

    followed by a real air of New Orleans Jazz.
    DSC_8789

    That was the end of a very rich US week. More to come on other more recent travels later.

LinuxCon North America 2013: an air of Jazz

2013/10/13

It was really great to be able to attend LinuxCon in New Orleans in September. I’d like to thank again HP’s OSPO team and in particular Eileen Evans, VP leading it, to sponsor my travel there. HP is also a Platinum sponsor of both the Linux Foundation, CloudOpen & LinuxCon events.
DSC_8665

As I arrived in the afternoon of Monday, I missed the keynotes and presentations that day, but could join the HP booth where HP was presenting HPcloud:
Stand HP

and also demonstrating the new Moonshot converged system there:
Stand HP - Moonshot

This event is always attracting lots of people from various background and the booths area was crowded
Pingouin
as well as elsewhere in the hotel
DSC_8643

Jeanne, who was coodinating the event for HP was even interviewed by the Linux Foundation team
Jeanne Colon-Bonet

Cocktails (nice hurricane !) and a light dinner were provided to the attendees during the booth crawl session which allowed me to talk with some of my US colleagues to learn the latest news
Stand HP - Jonas Arndt, Scott Lamons, Scott Jameson

I started to feel the effects of the jet lag, and went to my hotel room (couldn’t help make some mail !) and rest thinking I was singing Renaissance music just some hours ago !

Speaking of the hotel, this was a very nice venue, with futurists elevators with no button in them ;-)
Hotel

Second day was more active, and I attended all keynotes and sessions I could.
Among the most interestong for me I was able to see, there was the keynote of Kevin Kelly who talked about the notion of “Technium”, this idea that 7 billions people all connected all together all the time, with the latest technologies available will create a new entity he called the Technium and described. Not entirely convincing, and this is good, as it’s also a bit frightening. I consider and hope people will keep enough independance to watch this type of evolution with distance and won’t become a big brother type of system managing itself.
Kevin Kelly, Wired Mag. on the Technium

Then it was time for an OpenStack refresh with Thierry Carrez who did a great job explaining that a release manager is not just working 1 day every 6 months ;-) I can’t agree more with him ! (even if I have much smaller projects to deal with). Thierry also covered the various sub projetc and how to manage coherency in such a project. When you think about it: 3 years ago nobody was talking about OpenStack and now they have as many company and contributors as the Linux Kernel had in roughly 20 years ! Quite amazing.
Thierry Carrez, OpenStack
Then James Blair continued on a related talk explaining the continuous process pushed to the extreme set up in the project with the development of ad-hoc tools such as zuul. I must admit it really gives incitation to look more closely at it, gerrit, jenkins and take what could be relevant, even for a small project.
James Blair

After the lunch, it was time to go back to keynotes, which were a bit less interesting than usual for me, even if the concepts brought by Candy Chang to revigorate a neighborhood was original. I decided to continue with Cloud and look at what Red Hat had to propose around openshift. In complement to their RDO (sort of Red Hat OpenStack distribution), they have this offering which exists for some time, but seems now to grow in activity. Diane Mueller presented well the offer, the various aspects of the project, but I definitely lack a demo or a more detailed explanation of the technical aspects of this PaaS offering. Worth digging later on with my Red Hat EMEA friends :-)
Diane Mueller, Red Hat

I attended then the openVswitch presentation from Jesse Gross, but again was a bit disappointed as I was expecting a more concrete presentation of this important tool in todays cloud environments.
Finally, I attended a session on storage management I already attended last year, by Ric Wheeler, which is always interesting, and allowed me to see which progresses were made on their way to storage unification, and principally what remains to be done !! I particularly think to the global architecture they try to put in place, which would be really great to have but is not there yet.
Ric Wheeler, Red Hat

The business day was then over, and it was time to move to the VIP party.
DSC_8692
Of course, it was time for my first air of Jazz as well in New Orleans. And even if that’s not my preferred style of music, it was pretty good that night, as well as the buffet !
DSC_8694

Lots of VIPs were there of course, which allowed for entertaining discussions
DSC_8696

The inside was worth the outside !
DSC_8700

The atmosphere was nice, and I stayed there till 10:00PM but wasn’t alone
DSC_8704

Some mail, some sleep and I was ready for day 3 ! Which as usual started with a Keynote (the “usual” Dirk Hondel talk)
Dirk Hondel, Intel
and the session the most expected by the audience I think, the Kernel Roundtable.
Ric Wheeler, Redhat - Sarah Sharp, Intel - Tejun Heo, Red Hat - Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation -
This time, they had invited Sarah Sharp, Intel (I like her clarity) / Tejun Heo, Red Hat (I discovered his enthusiasm which was great)
Sarah Sharp, Intel - Tejun Heo, Red Hat
Linus Torvalds and Greg Kroah-Hartman, both Linux Foundation.
Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation
The panel was moderated by Ric Wheeler, Red Hat.
Ric Wheeler, Redhat - Sarah Sharp, Intel - Tejun Heo, Red Hat - Linus Torvalds, Linux Foundation - Greg Kroah-Hartman, Linux Foundation

The room was as usual full, and laughed frequently on Linus or Tejun jokes.
Assistance de la kernel round table
The most amusing part was probably when Linus was asked if he had been contacted to introduce backdoor code in the Linux kernel and when he replied “No” doing “Yes” with the head ;-)

After the keynote, Linus passed 20 minutes with fans who wanted to take pictures with him, always nice, even when the camera wasn’t working (and cound’t resist to hack it !). Maybe next time, I’ll also have the courage to ask one picture, even if I diserve none having nearly never worked at the kernel level myself. I will never thank him enough to have created an ecosystem which allows me to earn my life and still have fun at work and at home :-) This is a great man !
Linus Torvalds, Linux Foundation
As this was the day of my own presentation on Mageia, I didn’t attend as many sessions as the previous day.
The OpenDaylight one was interesting for me, as it was my first exposure to the ecosystem. Mostly it was an overview of the multiple components. The project is young, but deserves to be followed, as it could become as openStack on the SDN side, despite what some people say. Also the UEFI presentation was very interesting, in particular in preparation of the UEFI plugfest which was the 2 following days.
Vojtěch Pavlík, SUSE

And of course, it was my pleasure to have a 15 people choir to sing “Happy Birthday Mageia” during my session this afternoon ;-)

And the day ended with … Blues, not jazz this time ! At the house of blues of course.
House of Blues
With Voodoo art inside
House of Blues - art Voudou

This event is organized for all LinuxCon participants, so there are multiple threaded buffet to satisfy the appetite ;-)
House of Blues

The blues band was great, really (they even had a pinguin, look closely !)
House of Blues
I think it will be part of the memorable dinners organized during LinuxCon as it gave everybody energy for the rest of the week
House of Blues

I really enjoyed this event again, made new relationships, learned and hopefully transmit to some the fantastic beauty of Open Source. Hope to have the same pleasure end of this month in Edinburgh. But for me the week wasn’t finished as I attended the UEFI plugfest as said earlier, but that’s for another article.

You can see more pictures at http://www.flickr.com/photos/bcornec/sets/72157636383786144/with/10184624874/

Bdale Garbee has been HP’s best Open Source Ambassador

2012/09/01

As announced by Kirk Bresniker during its keynote at LinuxCon this week, Bdale Garbee has left HP yesterday.

When he warned me in July of his willingness to leave, in order to have more time for his family, his own FLOSS projects (FreedomBox, Debian, …), I really was shocked and had a very bad night. It’s difficult for me to imagine Open Source at HP without him to represent it.

Bdale was IMHO our best Ambassador in the FLOSS community. He has a large ring of relationships in a large set of projects, and knows personality lots of key FLOSS personalities, some of them being even friends. He was giving a lot of credibility to HP around our FLOSS activities, and was listen internaly from both our internal community members, as well as our management, allowing our community to pass supportive FLOSS messages to it.

I had my first interaction with Bdale at HP in 2001. At that time Bruce Perens was the HP FLOSS representative (even he also was a big FLOSS personality, I preferred when Bdale took over the role), and as he couldn’t make the NordU 2002 Keynote, he was proposing that either Bdale or me did it !! As Bdale wasn’t available, I was the one replacing both him and Bruce !! Believe me, speaking of Open Source, Linux and freedom in Finland during a keynote session after a couple of months at HP was a bit stressing ! I still remember it. But that was great. Side note, if any event is willing to host me as a keynote speaker, I think I could do a much better job today ;-)

In 2002, Bdale was elected Debian Project Leader. He was the first HP employee leading this project. I then had the pleasure to meet with him face to face (well with my size, I can not really look at Bdale easily !) and I really was looking forward each time for this type of non-virtual meeting, as it was for me an opportunity to learn more on Open Source at HP and at large. Which was the case during various Fosdem, LinuxCon or our own internal TES. As I’ve always been impressed by his profound knowledge of this ecosystem, and the deep thoughts he’s able to have on various areas making this IT sector.

That’s why I built his application form so he could become Lutèce d’Or (personality of the year) during the event Paris, Capitale du Libre. That was my contribution back to his incredible work for FLOSS. But not the only one, as he told me once that MondoRescue saved once a critical Debian server he was hosting. Hopefully, you’ll continue to use

Bdale is one of the people I admire in the IT industry with Linus Torvalds and Larry Wall (In the music, I also have my heroes such as Gustav Leonhardt, Jordi Savall and her wife Montserrat Figueras, Jean Belliard or Frans Brüggen). I’m sure our paths will cross again very soon, and I hope our frienship will be reinforced by regular chats, mails and face to face meetings during FLOSS events. And in the mean time, I wish to him all the best for his new activities, that will benefit to all of us, and for his new life 2.0 !

Hopefully HP will find other FLOSS representatives. Corporations always say that anybody is replaceable. I disagree. Everybody brings a unique touch. And here, for sure, it will never be the same. You’ll be missed.

All the best Bdale for your future, and hope rockets flied this week-end ;-)


Follow

Get every new post delivered to your Inbox.

Join 105 other followers