Tuesday, July 31, 2012

Azul Systems Announces New Initiative to Support Open Source Community With Free Zing JVM

Azul Systems, Inc. (Azul), the award-winning leader in Java runtime scalability, today announced an ongoing commitment to the Open Source community by making its Zing JVM freely available to Open Source developers and projects for use in development, qualification, and testing. The new initiative enables Open Source applications supporting commodity x86 servers running Red Hat Enterprise Linux, SUSE Linux Enterprise Server, CentOS and Ubuntu Linux to take full advantage of Zing's unique features and capabilities.

"Our goal is to make Zing the de facto choice for Open Source developers to achieve the most consistent Java performance and scalability," said Scott Sellers, Azul Systems president and CEO. "Azul's development teams have made extensive use of Open Source technologies over the years, and our new Open Source development initiative is another example of our commitment to the Java community and embracing Open Source software. We have put the lowest-latency and most scalable JVM freely into the hands of Open Source developers, removing the bottlenecks commonly associated with the Java runtime and enabling application innovation in a plethora of new markets such as in-memory computing and Big Data analytics."

The Zing JVM provides Open Source Java applications with:

Improved application responsiveness
Reduced application latency
Elimination of response time outliers
Support for large, in-memory data processing
Elastic scalability with memory heaps that can grow or shrink based on real-time demand
Dramatically simplified application deployments
Reduced customer total cost of ownership
Accelerated time-to-market
Improved production time visibility and runtime diagnostics.
"As developers have become increasingly important in adoption and procurement patterns over the past decade, availability has become a key factor in overall technology usage," said Stephen O'Grady, Principal Analyst at RedMonk. "With this announcement, Azul is trying to make it easy for open source developers to leverage and incorporate the Zing JVM."

Michael McCandless, Apache Lucene committer and PMC member, said, "Azul's innovative Zing JVM and pauseless GC now enable Apache Lucene project developers to explore use cases requiring large heaps, such as holding an entire search index in memory for faster searching. Initial in-memory tests on the full Wikipedia English-language site index show Zing is truly pauseless while managing a heap in excess of 140 GB."

"I'm very happy that Azul is making their Zing JVM available for free to the open source community, and I believe the platform is a valuable part of the Scala tool chain," said Martin Odersky, creator of Scala, Co-Founder and Chief Architect of Typesafe. "Typesafe and Azul share a common goal of providing the best solutions for scalability in the multicore age."

"Programming and architectural approaches that leverage immutability to enhance concurrency and scale will be well-matched by a runtime that is able to support high continual allocation rates without disruptions or pauses. By making the Zing JVM available to Open Source developers, Azul is making a fantastic contribution to the community," said Rich Hickey, author of Clojure and designer of the Datomic database system.

Martin Thomson, creator of the Open Source Disruptor Framework and co-founder of the Lodestone Foundation, a new project focused on Open Source technology for the financial industry, said, "I've been working with Zing for the past few months focusing on ultra-low latency and scalable deployments. We are seeing excellent GC performance, consistency and predictability with the Zing JVM."

"By opening up access to the Zing JVM, Azul has made it easier for us to ensure JRuby applications will scale to large heaps and heavy loads," said Charles Nutter, co-lead of the JRuby project. "Zing helps fulfill the enormous potential of Ruby on the JVM."

Saturday, July 28, 2012

Open Source HPC Language Project Started under Sun, Oracle winding it down

Oracle researchers are "winding down" development of the Fortress programming language for high-performance computing, an effort started nearly 10 years ago by Sun Microsystems.

Fortress was meant to provide a superior alternative to the well-established Fortran language for HPC. It is also among a number of languages that received financial support from the US DARPA (Defense Advanced Research Projects Agency) High Productivity Computing Systems program.
"Ten years is a remarkably long run for an industrial research project (one to three years is much more typical), but we feel that our extended effort has been worthwhile," well-known computer scientist and Fortress project architect Guy Steele said in a blog post on Saturday. "Many aspects of the Fortress design were novel, and we learned a great deal from building an interpreter and an initial set of libraries."
However, the project faced "severe technical challenges" during the past few years, according to Steele. The issues revolved around "the mismatch between the (rather ambitious) Fortress type system and a virtual machine not designed to support it (that would be every currently available VM, not just [the Java VM]," he wrote.
Team members decided there wasn't enough research value in finishing an implementation of Fortress compatible with the JVM, he added.
"We also note that, over the last ten years, other languages (Chapel, X10, Clojure, and Scala, among others) have explored some of the same issues that Fortress has addressed, and we have very much enjoyed conversations, collaboration, and friendly competition with those who have explored these ideas in alternative contexts," Steele said.
Work on Fortress is going to be gradually stopped over the next few months as team members get "the code and language specification into the best shape that we can," Steele added. The codebase will still be open-source and Oracle's Programming Language Research Group will answer queries about it.
The writing may have been on the wall for Fortress as far back as November 2006, when DARPA stopped funding its development. But work on the language continued at Sun and Oracle, which completed the acquisition of Sun in early 2010.
News of Fortress' pending draw-down drew a mixture of disappointment and shrugging acceptance from programmers posting on social media sites.
"Oracle would keep it alive for...what, exactly," one poster said in a Reddit thread. "Sometimes neat languages never get traction, and throwing good money after bad won't help matters."
"It's a project that is going nowhere (a lot of people in this thread have never even heard of it)," another wrote. "Surely they can put someone like Guy Steele to work on something that is more likely to succeed."

Thursday, July 26, 2012

Open-Source Startup Meteor Gets $11.2M from Andreessen Horowitz

Meteor Development Group (MDG) raises $11.2 million in funding from Andreessen Horowitz and others to fund development around the open-source Meteor Web app development platform.

Meteor Development Group (MDG), the company behind the Meteor open-source project, which produces a platform for building software applications, has announced $11.2 million in funding led by Andreessen Horowitz.

Also participating in the Series A round of funding was Matrix Partners and others, while a veritable "dream team" of enterprise technology leaders, including Rod Johnson, the creator of the Spring Framework and founder of SpringSource—now  part of VMware—will advise the company.

Applications written with Meteor run on a user's own computer—inside their browser or on their mobile device—and fetch any needed data from cloud services, which represents a sharp break from the model of Web applications for the past 15 years, where applications run on distant Web servers. Running the application on the user's computer gives a smoother, more responsive experience that is increasingly expected by consumers. Companies like Google, Facebook and Twitter use this technique in their flagship products, but it is typically out of reach for most developers because it takes months of work even for a team of experts, MDG officials said.

The Meteor Project is a collaboration between a group of developers who are experts in building this new kind of application. Its goal is to put the new technology in the hands of everyone. Because the Meteor platform is open source, any person or company may use it for free, or modify it to suit their needs. And Meteor apps can be written entirely in JavaScript.

"We want to create the universal standard for writing this kind of application, and that will only happen through broad industry cooperation," said Meteor co-author Matt DeBergalis, in a statement. "It's clear to everyone that we need something new. Will it be Meteor? What we see today is that it is open-source developers who drive the technology that is ultimately adopted everywhere else in the industry. So it depends on whether the open-source community chooses to rally around Meteor."

The new funding comes in the form of a Series A investment in Meteor Development Group, a corporation controlled by Geoff Schmidt, Matt DeBergalis and Nick Martin, the original authors of Meteor. The company will use the money to support Meteor development and grow the Meteor community, and plans to sell a complementary set of enterprise-grade operations management tools to large organizations that are using Meteor.

"JavaScript is fast becoming the most popular programming language for Web development, and Meteor is front-and-center in the JavaScript community. By addressing simplicity and scalability, Meteor is a great platform for enterprise Web development," said Peter Levine, general partner, Andreessen Horowitz, in a statement. "We are delighted to be partnering with Geoff, Matt and Nick as they build out the next-generation Web development tools."

In a blog post on the Meteor funding, Levine notes that JavaScript has become the No. 1 programming language on the GitHub hosting service for software development projects.

“The problem with JavaScript, however, is that it was designed to be a client-side language, leaving all the back-end server implementation to other languages,” Levine said in his post. “The result is that cloud-based Web applications take way too long to develop due to the sheer complexity and brittleness of the environment. Without Meteor, everything from security, to multi-tenancy, to latency, to database access requires special APIs and custom development, and developers need to know at least two languages.”

Yet, Levine continued, “The Meteor framework solves all of these problems. Meteor makes real-time application development dramatically faster and more approachable. It gives developers a comprehensive platform for writing Web apps in JavaScript where both client and server code use the same language and API, enabling the same code to be run on both the client and server. The result is real-time, cloud-based Web apps that are scalable, secure and distributed by design.”

Thus, the healthy investment in the startup. “We see this technology as fundamentally important to the future of the Web,” Levine added. “Through this investment in Meteor, as well as our recent investment in GitHub, we at a16z are excited to help developers build the next generation of applications.”

Meanwhile, in a separate post, David Skok, a general partner at Matrix Partners, indicated that Meteor might be the next Ruby on Rails. He said, “Every once in a while a new application development framework comes along that dramatically accelerates the way people create applications. Those rare platforms that excite developers ultimately revitalize software development and spur new creativity. Though it's still early, Meteor appears to be the next big thing in Web application development as it is clearly delighting both expert and novice developers.”

In his own post on the Meteor Website, Schmidt, CEO of MDG, said the $11.2 million gives the company “certainty” because “no matter what else happens in the world, the core team will be able to focus entirely on Meteor for several years, without taking on consulting work or trying to create some other application on top of Meteor to sell. The high valuation of the round eliminates any possibility of a talent acquisition. And we control the company's board. So, everyone in the community can be certain that Meteor will be around for the long haul.”

And though Meteor will always be free and open source, eventually MDG plans to deliver a commercial product named Galaxy, Schmidt said. “Galaxy will be a product that the operations department at a large company might buy,” he said. “It'll be an enterprise-grade, multi-tenant hosting environment for Meteor apps. In other words, it'll let you run a private, centrally controlled ‘meteor deploy’-like service for your company, on your own hardware. You'll be able to manage how your apps are distributed across your data centers, perform capacity planning, and enforce controls and policies that are appropriate to your organization. Google and Facebook have these tools—why shouldn't your organization?”

However, the MDG agenda for the next few years is to:

Make Meteor the best platform for writing most any kind of app. This is an enormous job and will continue to consume almost all of our energy. Our goal is ubiquity on the scale of SQL, Apache or Java.
Create opportunities for Meteor developers—for example, encourage companies to adopt Meteor, creating jobs. We want to make you famous and get you paid.
Support the Meteor community. This includes everything, from publishing books and organizing conferences, to being responsive to bug reports and pull requests, to finally making some cool T-shirts.
Rod Johnson will join the company's board. Skok and Levine will serve as special advisors to the company. Previously, Skok built the enterprise sales strategy for JBoss, the open-source Java application server, while Levine is the former CEO of Xensource, which was acquired by Citrix Systems.

"Rod, David and Peter are our dream team," Schmidt said in a statement. "They know more than anyone else about building open-source technology for the enterprise."

"Today, we're in the midst of the biggest architectural change since the rise of the Web. Traditional Web application architectures don't cut it anymore, as users expect a better experience," said Johnson in a statement. "I believe that Meteor can lead this transformation in Web technology, and I'm excited to join their board. Meteor not only enables Web developers to develop rich applications spanning multiple client types, it makes Web development fun again."

Andreessen Horowitz led the Series A financing, which included significant participation by Matrix Partners. Other investors include Maynard Webb, who sits on the boards of Salesforce and Yahoo; Paul Buchheit, author of Gmail; James Lindenbaum, co-founder of Heroku; Dustin Moskovitz, co-founder of Facebook; Alexis Ohanian, co-founder of Reddit; Y Combinator; Ron Conway; Yuri Milner; and Aaron Iba, co-author of EtherPad.

Black Hat Hacking Hotel Doors With Open-Sou0ce Arduino

By using open-source Arduino tools, security researchers are exposing security gaps in door-lock systems used by millions of hotels.

For millions of travelers and road warriors, the ubiquitous hotel key card is the primary, and essentially the only, way to access their rooms at the end of day. However, security researcher Cody Brocious believes the current systems used to secure hotel doors throughout the United States and elsewhere are severely flawed.

Speaking at the Black Hat security conference here, Brocious demonstrated how locks from Onity—a company that sells security products to hotels and other businesses—can easily be bypassed. At the show, Brocious detailed the primary security flaws that allowed him to bypass Onity locks and gain access to rooms.

Brocious used an open-source tool known as Arduino, a portable programming platform. Arduino was used as a substitute for the commercial portable programmer that an Onity lock would typically require. Brocious explained that the Onity locks have a serial hardware connection that is easily accessible, as well.

In addition to the Arduino tool, Brocious used an oscilloscope that allowed him to see what was happening in the lock whenever a key card was put in and the door opened or closed. He was able to determine through his research that the underlying firmware on the lock does not require any form of authentication to arbitrarily access the memory of the lock.

This means it is possible to read out every bit of information that is on the lock, which makes it possible for anyone to gain access or make a key.

In theory, programming for the lock should go over a secure channel, rather than doing direct unencrypted memory access, said Brocious. The problem, according to his research, is that the existing Onity lock design does not easily allow for that, and there is no easy way to update the firmware.

Another potential option is to actually provide physical security on the door lock. For example, the company could make the serial port harder to access. However, with 5 million of these locks in use today, Brocious said this would be an expensive and challenging way to add additional security.

The actual door locks are only half the problem exposed by Brocious. The card keys are also at risk. Typical card keys in the Onity system use only 32-bit key encryption making them easy to decrypt, according to Brocious.

"The system is broken at every layer," said Brocious.

The severity of the issue and its high impact is what led Brocious to choose to release his research at Black Hat. In addition to his research, he is also releasing a software tool so that others can continue or expand on his efforts.

"Something needs to be done about this problem, and I didn't want to put it out there in a way that could be defeated by process," said Brocious. "No doubt, this vulnerability has been found before, and it has been in the locks for years."

Brocious added: “I'd be surprised if this hasn't been used by malicious actors in the past.”

What Brocious is hoping to achieve from this disclosure is not a mass string of hackers getting unauthorized access to hotel rooms, but rather some kind of fix and industry response.

"I'm saying that this is what you're vulnerable [to], so come up with a way to solve the problem," said Brocious.

Monday, July 23, 2012

The OW2 Open Source Community Announces High-Profile Participation at this Year’s FISL

The OW2 community ramps up its presence in Brazil through its high-profile participation in FISL with members and projects 4Linux, Mandriva, MAPS, CompatibleOne and SpagoBI.

OW2, the global open source community dedicated to open source infrastructure software and generic applications, announces its participation as a Silver Sponsor in the 13th edition of the International Free Software Forum (FISL) in Porto Alegre, Brazil, July 24-28.

For its second participation in FISL, the OW2 community is making a significant contribution to the event in both the exhibition hall and the conference program. OW2 is ramping up its efforts to reach out to all those IT professionals in Latin America looking to benefit from its open source software solutions.

On the exhibition floor, the “OW2 Village” will be one of the largest booths. Members and projects 4Linux, Mandriva, MAPS, CompatibleOne and SpagoBI will showcase OW2's state-of-the-art open source technologies in middleware, enterprise applications and platforms, and cloud computing.

As for the conferences, the OW2 community will be hosting eight sessions that will reveal the strengths of open source innovation at OW2. From breakthrough collaborative projects to enterprise-ready application platforms, the community's contribution to the FISL conference program includes the following talks:
Cedric Thomas, OW2, will give two talks, one presenting the CompatibleOne open source cloud broker and the other discussing his analysis of the changing nature of open source.

Nelson Lago, University of Sao Paulo, will provide an update on the CHOReOS project,
Sergio Rafael Lemke, Mandriva, will present Mandriva and its Pulse 2 solutions for managing IT infrastructure,
Andrea Gioia, Engineering, will discuss extensive information management in SpagoBI,
Leandro Marcio Hernandez Benitez, 4Linux, will present BonitaSoft,

Miguel Koren O'Brien, Konsultex Informatica, will give a presentation of a SpagoBI use case,
Julien Renaut, MAPS SA, will present the Jmine platform.

“We are proud of our high-level participation in FISL this year. It demonstrates the strong momentum of our members in Brazil and our strategic commitment to Latin America.” said Cedric Thomas, OW2 CEO. “This is a great opportunity for the OW2 community.” he adds.

Saturday, July 21, 2012

Trentino joins Italy's open source alliance

New law affects the software choices of some 15,000 public offices in the region

The Autonomous Province of Trentino - Alto Adige this week joined the ranks of Italian regional administrations that are turning their backs on proprietary software in favor of free and open source alternatives.

A majority of councilors from the northern province bordering Austria voted on Wednesday for a law instructing regional administrations to promote the use of free and open source software, with only the minority Northern League voting against the measure.

The law is intended to promote pluralism in information technology and "the elimination of every barrier created by the use of non-open source standards, in the service of the principles of economy, efficiency and effectiveness."

Article 8 of the law calls on the provincial administration to promote good ICT (Information and Communication Technology) practices "based on the adoption and use of open communication and data exchange protocols and on the development and adoption of software covered by FLOSS (Free/Libre Open Source Software) licenses."

The vote by the Trentino council came a week after a similar law was approved by the local government in the southern region of Puglia. The new law also calls for the development of broadband communications in the Trentino region, the use of open source software in the region's schools and the creation of a digital archive for the regional administration.

Michele Nardelli, the Democratic Party councilor who played a leading role in promoting the law, said he had been inspired by the ideals of the "Arab spring," the Internet-fueled popular revolt against dictatorial regimes that has spread along the southern rim of the Mediterranean over the last year.
"It's a law that coordinates all the themes of the information society within the context of free software," Nardelli said in a telephone interview Friday.

The center-left politician said Microsoft representatives had lobbied hard against the measure. "The region of Sardinia wanted to make a choice in favor of free software but they didn't succeed in accomplishing it because of Microsoft's heavy intervention, which influenced the choice of a majority of the regional councilors," Nardelli said.

Nardelli said he had been approached by Microsoft representatives himself and had arranged to be accompanied to the meeting by witnesses, to ensure that inappropriate inducements did not form part of the discussion.

The law had important economic implications, since it would influence the software choices of some 15,000 public offices in the region, Nardelli said. The region currently pays ¬1.5 million (US$1.8 million) for proprietary software licenses for 5,000 regional administrative offices, with other licenses required by the health and education systems and regional utilities, according to data published on Nardelli's website.
Despite the resistance from multinational software companies, the trend toward free software was unstoppable, Nardelli said. "There's a rearguard action being fought by commercial interests allied to the habit and mental laziness of people working in the civil service," he said. "But I think free software has become an avalanche that no one will be able to stop now."

Microsoft open-sources Entity Framework

Code release of .Net application development tool is being handled by Microsoft Open Technologies

Microsoft on Thursday released code for its Entity Framework database mapping tool via open source in an effort to increase transparency.

The move is being handled by Microsoft Open Technologies, a company subsidiary launched in April to advance Microsoft's open source and related efforts. Entity Framework is used for .Net application development, providing an object-relational mapping framework to work with relational data as domain-specific objects, eliminating the need for most data access "plumbing" code, according to Microsoft.
[ Also this week, Microsoft previewed its Napa toolset for Office application development. | Learn how to work smarter, not harder with InfoWorld's roundup of all the tips and trends programmers need to know in the Developers' Survival Guide. Download the PDF today! | Subscribe to InfoWorld's Developer World newsletter for more news on software development. ]

Source code is being released under an Apache 2.0 license, with the code repository now hosted on Microsoft's CodePlex site for open source software. "This will enable everyone in the community to be able to engage and provide feedback on code check-ins, bug fixes, new feature development, and build and test the product on a daily basis using the most up-to-date version of the source code and tests," said Scott Guthrie, corporate vice president in the Microsoft server and tools business, in a blog post. "Community contributions will also be welcomed so you can help shape and build Entity Framework into an even better product."

Microsoft will continue to ship official builds of Entity Framework as a supported product in both stand-alone form and as part of the Visual Studio IDE. New features will be released as well. An upcoming Entity Framework 5 release will add such capabilities as spatial data types and improved performance.

"Our goal with today's announcement is to increase the development feedback loop even more, allowing us to deliver an even better product," Guthrie said. The open-sourcing of Entity Framework follows up similar efforts for Microsoft technologies, including ASP.Net MVC and ASP.Net Web API.

Also on Thursday, Microsoft Open Technologies is launching an MSOpen Tech CodePlex landing page, intended to boost different Microsoft-driven open source projects. Microsoft Open Technologies also is launching MS Open Tech Hub, an engineering program for MS Open Technologies engineers, who can collaborate on open source projects.

This article, "Microsoft open-sources Entity Framework," was originally published at InfoWorld.com. Follow the latest developments in business technology news and get a digest of the key stories each day in the InfoWorld Daily newsletter. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Friday, July 20, 2012

Smart Grid Researcher Releases Open Source Meter-Hacking Tool

'Termineter' unleashed prior to presentations on smart meter security next week at BSides, Black Hat USA

A smart grid researcher today released a free open-source hacking tool to test the security of smart meters. But this is a different researcher than the one who pulled his talk and public release of a similar tool earlier this year amid concerns by a smart grid vendor.

Spencer McIntyre, a member of SecureState's Research & Innovation Team, says his company basically lucked out and wasn't pressured by vendors worried about the release today of his so-called Termineter tool, which he will demonstrate next week at the BSides conference in Las Vegas. "We got really lucky, I guess. We worked with power and utility vendors," he says. "The [utility] client we worked with has been working with us to release this tool."

InGuardians initially wasn't so lucky. Researcher Don Weber was supposed to release his firm's tool earlier this year at the ShmooCon conference, but had to put the talk and tool on hold after a vendor came forward with concerns. The company ended up providing the tool to smart grid vendors and utilities -- just not publicly, says Jimmy Alderson, chief operating officer of InGuardians.

"We did not feel it was right to make our tool publicly available," Alderson says. "It's modified open source, so you can add to it, but at the same time it's not widely open to an attacker."

Don Weber, a senior security analyst with InGuardians, is scheduled to demonstrate the tool at Black Hat USA in Las Vegas next week. The tool, like Termineter, tests for both vulnerabilities and functionality in smart grid meters via the devices' infrared ports. The so-called OptiGuard is a Python-based tool that demonstrates the way infrared ports on a smart meter can be penetrated, looking for vulnerabilities and executing attacks. InGuardians looks for vulnerabilities in these devices, including weak passwords that could lead to meter fraud and taking control of a meter.

How does OptiGuard differ from SecureState's Termineter? SecureState uses more of a Metasploit Framework user interface, notes Alderson, whereas InGuardians' has its own user interface. Plus Termineter is open source, and OptiGuard is not.

Open Source CRM Startup X2Engine adds Email Campaigns

X2Engine CRM, a new Open Source Customer Relationship Management startup, releases email campaigns for sales professionals

X2Engine today announced the general availability of X2EngineCRM, a next generation, open source CRM system. Founded in 2011 by CRM software entrepreneur and SugarCRM co-founder John Roberts, X2Engine CRM has been installed on over 2,500 public and private cloud servers across 110 countries within the last six months.  
“Today’s CRM systems have become so bloated with features they are almost impossible to use effectively,” said John Roberts. “With this latest release of X2EngineCRM, sales professionals can easily add unique tags to customer and account records, allowing them to quickly send out emails to targeted groups. It puts the power of a full marketing campaign management system into the hands of sales representatives, and frees marketing to work on more strategic campaigns.”

Customer Relationship Management(CRM) software has evolved over the years, and today there is an almost dizzying selection of capabilities, technologies, and pricing. CRM complexity and poor usability limit the value provided to companies, while restricting their return on investment. Too often, CRM systems become bogged down with features and capabilities, making them complex, costly to run, and difficult to use. We started X2Engine to reinvent CRM and provide an open, modern, more effective alternative.

X2Engine CRM Key Features:
Web and Facebook Lead Capture Forms
Lead Nurturing, Scoring and Intelligent Routing
Contact Activity Management
Sales Process Workflow Engine
Email Correspondence
Product and Sales Quotes
User Profile Pages and Activity Streams
Field Security, Roles and Sales Teams
Visual Form Editor for Admins
Reporting Dashboard
iPad and Mobile Device Apps
New Santa Cruz, Headquarters
X2Engine Inc. is headquartered in beautiful Santa Cruz, California, a short 40 minute drive from San Francisco International Airport. We really enjoy meeting users whenever possible and encourage you to visit our offices when you find yourself in the San Francisco bay area.
Supporting Resources:
Live Demonstration
Download Sites
Feature List
X2Engine on Twitter

Mashery Accelerates API Success With Open Source Developer Tools

I/O Wraps and I/O Alfred Increase Access to APIs for App Development

Mashery, the leading provider of API Management technology platforms and services, today announced new additions to its successful suite of open source API Power Tools. Designed as painkillers that enable developers to create and release apps faster, Mashery's API Power Tools now include I/O Wraps, a new API client library tool. As the API equivalent of an SDK (Software Development Kit), I/O Wraps gives developers externally built open source resources native to a variety of programming languages.

Public APIs are currently experiencing record growth because they enable developers across every industry to accelerate app development. Mashery created I/O Wraps based on feedback received from its 160,000-strong developer base. Developed under open source licenses to encourage collaboration and accelerate adoption of APIs, I/O Wraps launches today with Mashery customers USA TODAY ( http://developer.usatoday.com ) and Whit.li ( http://developer.whit.li ) both offering PHP and Java SDKs created with I/O Wraps.

"APIs that are frustrating to work with often fail to attract the necessary level of developer engagement," said Delyn Simons, Vice President of Developer Platform, Mashery. "The overwhelming response to Mashery's open source I/O Docs project over the last year revealed to us that the competition for developer mindshare and talent is heating up. APIs with strong open source developer tools are more accessible and are therefore more likely to succeed."

The benefits of language-specific client libraries for API providers speak for themselves, and deliver a community benefit aligned with the principles of the open source movement. And for developers, the benefits resolve many common API integration pain points -- a clean consistent interface, the ability to execute live API calls for accelerated learning, method exploration, and testing from a single location.

After just more than a year in the market, I/O Docs, Mashery's first open source API Power Tool, has seen adoption by over 30 major API providers. In the spirit of open source development, several leaders in the online platform and tools space, including SendGrid, HubSpot, DataSift and DocuSign, have contributed code back to the project or integrated it into their API for developer use.

"Implementing I/O Docs for SendGrid has been extremely valuable to both our customers and our support team," said SendGrid API Evangelist Brandon West. "I/O Docs lets developers see exactly what they are going to get from our API without having to write a line of code, and it helps support test and debug API calls without having to use command line tools. It's a win for everyone."

Mashery also announced the availability of I/O Alfred, a developer tool for integrating API calls in the Alfred Mac tool. Mashery has created a set of Alfred app extensions that use the Rovi, Klout, Twitter and Twilio APIs to give Mac users access to useful information, such as movie data and social influence scores. I/O Wraps and I/O Alfred join existing open source developer tools offered by Mashery, including interactive API documentation, HTML5 code samples, OAuth Helpers for JavaScript and .NET, and more.

Thursday, July 19, 2012

Economic impact of open source on small business

Results from an in-depth study of open source's role in small and medium businesses.

A few months back, Tim O’Reilly and Hari Ravichandran, founder and CEO of Endurance International Group (EIG), had a discussion about the web hosting business. They talked specifically about how much of Hari’s success had been enabled by open source software. But Hari wasn’t just telling his success story to Tim, but rather was more interested in finding ways to give back to the communities that made his success possible. The two agreed that both companies would work together to produce a report making clear just how much of a role open source software plays in the hosting industry, and by extension, in enabling the web presence of millions of small businesses.

We hope you will read this free report while thinking about all the open source projects, teams and communities that have contributed to the economic succes of small businesses or local governments, yet it’s hard to measure their true economic impact. We combed through mountains of data, built economic models, surveyed customers and had discussions with small and medium businesses (SMB) to pull together a fairly broad-reaching dataset on which to base our study. The results are what you will find in this report.

Here are a few of the findings we derived from Bluehost data (an EIG company) and follow-on research:

60% of web hosting usage is by SMBs, 71% if you include non-profits. Only 22% of hosted sites are for personal use.
WordPress is a far more important open source product than most people give it credit for. In the SMB hosting market, it is as widely used as MySQL and PHP, far ahead of Joomla and Drupal, the other leading content management systems.
Languages commonly used by high-tech startups, such as Ruby and Python, have little usage in the SMB hosting market, which is dominated by PHP for server-side scripting and JavaScript for client-side scripting.
Open source hosting alternatives have at least a 2:1 cost advantage relative to proprietary solutions.
Given that SMBs are widely thought to generate as much as 50% of GDP, the productivity gains to the economy as a whole that can be attributed to open source software are significant. The most important open source programs contributing to this expansion of opportunity for small businesses include Linux, Apache, MySQL, PHP, JavaScript, and WordPress. The developers of these open source projects and the communities that support them are truly unsung heroes of the economy!

Wednesday, July 18, 2012

Morphlabs Delivers Compact OpenStack Infrastructure, Works with Dell

The OpenStack open source cloud platform that, along with CloudStack and Eucalyptus, has lit a fire under those interested in flexible, new cloud solutions, has just celebrated its second anniversary. In July of 2010, Rackspace Hosting and NASA launched the OpenStack initiative, and since then it has been appearing in new distributions, including Rackspace's own one. Now Morphlabs is offering its OpenStack-based cloud infrastructure, dubbed mCloud Helix.

"This Morphlabs solution is valuable to customers interested in a simple deployment for a compact private cloud," said John Igoe, executive director of Cloud and Big Data Solutions at Dell, in conjunction with the announcement. "The combination of Dell PowerEdge C servers and Morphlabs' software enables customers with a streamlined, efficient approach to private cloud infrastructure."

The mCloud Helix solution is purportedly designed to be very scalable, letting users add mCloud Helix units as compute and storage needs increase. The announcement also points to some interesting partnerships, including one with CoreSite, a national provider of powerful, network-rich data centers, which has optimized its infrastructure for customers to deploy their own mCloud Helix units.

As we've said before, the key with all these new cloud platforms will be top-quality support. Through partners such as Dell, it sounds like Morphlabs will be distributing support efforts across hardware and software implementations and vendors.

"The mCloud Helix empowers customers to take home and immediately deploy private clouds using best-of-breed open source software and hardware without requiring a massive CapEx investment," said Morphlabs CEO Winston Damarillo, in the announcement. "Working closely with Dell, we have packed the high performance benefits of mCloud into a remarkably small footprint, making it possible for small and medium businesses to grow industry standard private clouds to match workloads without investing in massive, complex build-outs."

Asahi Technologies Announces Premium Joomla Services to Enable Content Rich Websites

3 out of 4 people abandon an online retail site without making a purchase, causing huge losses to online businesses. The major reason being lack of relevant content. Sites rich in content are successful in attracting visitors by presenting relevant information for their products and services. To build a content rich site requires a stable and flexible framework, experts believe that Joomla is currently the best framework for building content rich sites. Asahi Technologies, a New York based web development firm specializing in Joomla framework, has announced premium Joomla services for small and mid-level businesses.

A recent statistics report on top 100 successful e-Commerce sites, all the sites present rich content related to the products/services. Online shoppers expect relevant content data for their products on issues like feedback, expert reviews, warranty information, shipping rates, expected delivery timetables, additional product/service suggestions. Many e-Commerce experts say that lack of relevant content leads to shopping cart abandonment. The report also proved that websites that have focused on content have been successful such as Wal-mart, e-bay and Netflix.

To build a content rich website requires a powerful web content management system that needs to be flexible and stable. Many experts suggest Joomla framework for content rich sites as it is the most flexible, secure and stable framework currently. Apart from being free and open source CMS Joomla is flexible to create content-rich blogs, interactive portals, multi-language websites and online communities faster and efficiently. The Joomla content management system not only assists in managing websites, but also gives users the freedom to make changes in appearance and functionality in accordance to requirements. It can even be handled with little or no knowledge of programming.

“A content rich website built with Joomla offers many advantages; the major advantage with Joomla CMS is that its maintenance requires little or no intricate coding knowledge,” says Vinod Subbaiah, CEO of Asahi Technologies. “Most popular tools are not intuitive for building a content rich site, and this is where Joomla, with its rich features, helps render a powerful e-commerce site.” Businesses looking to go online increasingly prefer Joomla because of its extensive features for content. To help small and businesses get affordable solutions for content rich sites, Asahi Technologies has announced premium services for Joomla framework.

Monday, July 16, 2012

Programmable Systems Integration demonstrated by Xilinx at ESC India 2012

Booth demos and conference presentations highlight convergence of hardware and software in All Programmable systems enhancing flexibility, performance and design productivity as well as BOM cost and total power

Xilinx, Inc. will demonstrate its Zynq™-7000 Extensible Processing Platform (EPP) and new Vivado Design Suite, as well as presenting two conference papers on FPGA design for software developers and System-on-Chip (SoC) integration at ESC India 2012 from July 18-20, 2012. Xilinx will show visitors how its All Programmable technologies enable flexible, scalable embedded designs for achieving increased system performance and accelerated design productivity.

Xilinx's All Programmable technologies comprise of FPGAs, 3D ICs and SoCs featuring programmable hardware, software and I/O, tightly integrated with best-in-class operating systems, IP and development tools.

What: Embedded Systems Conference India (ESC India) 2012
Where: NIMHANS Convention Centre, Bangalore, stand C7-C8
When: July 18 - 20, 2012
Exhibits: July 18 – 20, 2012
Papers: July 20, 2012
Zynq-7000 SoC

Four  demonstrations will highlight the video, graphics and real-time processing capabilities of Xilinx's Zynq-7000 EPP; a new class of device which combines the industry-standard ARM® dual-core Cortex™-A9 MPCore™ processing system with tightly coupled programmable logic, demonstrating that this architecture offers values far beyond just component cost reduction.

The image-processing demonstration, using Linux running in SMP mode on a Zynq-7000 SoC development board, will compare a software-based approach to processing medical CAT-scan images using the dual Cortex-A9 cores, against a hardware-accelerated solution with critical functions performed in programmable logic showing an overall performance gain of over 10x on this image processing algorithm.

With Windows Embedded Compact 7 gaining traction in a wide range of small footprint enterprise and consumer devices, a demonstration based on the work by Adeneo on Zynq-7000 SoC will showcase advanced Qt graphical user framework and multimedia capabilities.

Another demonstration, featuring accelerated HD video processing, will show how the Zynq-7000 device enables a single-chip solution capable of processing a video pipeline in a way that is unachievable using a two-chip solution. Featuring a sobel filter implemented in programmable logic, this IP core is interconnected with the dual Cortex-A9 processing system. This demonstration will show how computationally intensive tasks can be offloaded seamlessly in programmable logic to maximize system performance and functionality while reducing power consumption.

The final application-focused Zynq-7000 EPP demonstration will feature the device as an asymmetric multi-processing engine using the two Cortex-A9 cores. Utilizing technology by Xilinx Alliance Program member, Petalogix, and running Linux side-by-side with FreeRTOS for tasks requiring low-latency response, this demonstration will show how comprehensive support for both open-source and commercial operating systems enables Zynq-7000 devices to fulfill a wide range of industrial applications.

Vivado Design Suite

In addition, Xilinx will showcase its Vivado Design Suite, a completely new design environment built from the ground up to accelerate design productivity, scale to support high-capacity programmable devices at 28nm and beyond, and provide features for programmable systems integration.
Xilinx will show how the Vivado Design Suite integrated design environment with its shared scalable data model facilitates a new IP centric design approach with progressive area and power estimates and cross-probing at all levels. Xilinx will also demonstrate its unique High-Level synthesis tool built on AutoESL™ tool technology, Vivado HLS, which accelerates design implementation and verification by enabling C,C++, and SystemC specifications to be directly synthesized into VHDL or Verilog RTL, after exploring a multitude of micro-architectures based on design requirements. Designers and system architects will see on the Xilinx booth a faster and more robust way of delivering quality designs.

Saturday, July 14, 2012

Open source community collaboration strategies for the enterprise

Key open source considerations for businesses, communities and developers.

OSCON’s theme last year was “from disruption to default.” Over the last decade, we’ve seen open source shift from the shadows to the limelight. Today, more businesses than ever are considering the role of open source in their strategies. I’ve had the chance to watch and participate in the transitions of numerous businesses and business units to using open source for the first time, as well as observing how open source strategies evolve for software businesses, both old and new.

In the view of many, open source is the pragmatic expression of the ethical idea of “software freedom,” articulated in various ways for several decades by communities around both Richard Stallman’s GNU Project and the BSD project. The elements of open source and free software are simple to grasp; software freedom delivers the rights to use, study, modify and distribute software for any purpose, and the Open Source Definition clarifies one area of that ethical construct with pragmatic rules that help identify copyright licenses that promote software freedom. But just as simple LEGO bricks unlock an infinite world of creativity, so these open source building blocks offer a wide range of usage models, which are still evolving.

This paper offers some thinking tools for those involved in the consideration and implementation of open source strategies, both in software consuming organizations and by software creators. It aims to equip you with transferrable explanations for some of the concepts your business leaders will need to consider. It includes:

A model for understanding the different layers of community that can form around an open source code “commons” and how you should (and should not) approach them.
An exploration of the symbiotic relationship of transparency and privacy in open source communities.
An explanation of where customer value comes from in enterprise open source, which illuminates the problems with “open core” strategies for communities and customers.
A reflection on the principle that can be seen at work across all these examples: “trade control for influence”
Community types

At every stage of the journey for businesses from the software adoption models that preceded the Internet to those that embrace it, I often find I need to distinguish between the different kinds of community that are layered around various free software commons. Community members are frequently characterised as either “developers” (the “open source” worldview often emphasizes this) or “users” (the “free software” worldview often emphasizes this). All the same, using the term “community” to apply to every style of gathering leads to confusion, especially regarding motivations for participating.

A free software commons is a body of software contained in some sort of repository — usually a version control system but sometimes as simple as just a download directory — and licensed under an OSI-approved open source license, with rules to determine who can modify the contents of the repository. There are also often other rules regarding use of trademarks, discussion forums and other resources, and there are also often rules concerning who may change some or all of the rules and how people gain the right to do so. All these rules are collectively termed the “community governance.” The subject of good governance is extremely important, but this section does not attempt to cover it.

As I’ve watched various community engagements of many companies and individuals, and discussed this with various experienced open source practitioners, it seems to me that there are at least four different clearly differentiated software commons-centric community types, in two bands. These aren’t absolute classifications with hard-and-fast boundaries, and most communities span two of the types, but the distinction is helpful for enterprises when discussing communities.

Layered model

This model is not suited to every kind of discussion, as there are other ways to think about community layers. Most notably, the model I’m proposing here looks at the community layers from the outside, and it is also appropriate to use a model that looks from inside if the context is a community discussion. But the realisation that there is not just one open source community, nor even one kind of community, is a critical evolutionary step for enterprises wanting to engage in open source collaboration.

In the model I’ve found useful for enterprise discussions, community types are layered around the free software commons like the layers of an onion.

From the centre outwards, the categories of community are in two groups:

Co-developer communities — These are the people who directly engage with the core source code for the project. This is the place the project itself is made by a range of people who choose to synchronise an overlapping subset of their interests. Some of the people here may be paid to work on the project code, but all will be here because this is the code they want to work on.

Deployer communities — These are the people whose main engagement with the code involves a running instance that is configured and deployed by the community members in conjunction with other software that forms a deployment environment or stack. While they will contribute bug reports, test cases and occasional fixes, they don’t write the project code themselves; they are experts at configuring, deploying and using it. They also may train other people to do so.

They can be further distinguished into two sub-categories each:

Co-developer communities:

Core co-developers — These are the people whose contributions implement, evolve and maintain the code in the commons. They will have broad permission to change sensitive parts of the code arising from their track record for excellence. They may also include people who specialise in designing the user experience for the software. Many of them will describe themselves as working on the project rather than working for their employer, and some of them may have worked on the same code for several different employers. They are likely to have a strong culture that you’ll want to approach with respect. Importantly, no-one has an automatic right to admission by or respect from this community, even though your company may be a major source of funding. Your star developer or program manager gets the same rights as anyone else, when she has earned them. Attempts at management control of any aspect of this community layer will be most unwelcome and will likely be considered as damage. Moreover, they won’t welcome marketing messages, “developer programmes” and the like.
Extending co-developers (extenders) — These are people who co-develop software and other resources that builds on, enhances or aggregates the work in the commons. They localise the code, port it to different platforms, package it for different operating system distributions and more. They create extensions, plug-ins, prototypes of new features, sample configurations. They work on documentation and training materials. While they will be interested in the tools for doing all these things, they too are unlikely to be welcoming targets for marketing activities.
Deployer communities:

Deployer-developers — These are the people who take the contents of the commons and configure and customise them for deployment. They’re likely to be enthusiastic advocates of the project and very familiar with how to install it in particular applications. They will know all the configuration details, the tricks for tuning and perfecting an installation, the ways to secure and protect it. They may well be in-house developers integrating the project with specific enterprise applications. They are likely to be interested in both competing and complementary products, and to be receptive to developer programs. These are the people you are most likely to meet at user groups.
Users — These are the people who commission, specify and use — and whose employers may pay for — the work of deployer-developers and put it to productive use. They may well be enthusiastic advocates on behalf of the project. They are likely to be interested in offers of services, training, consulting, complementary and competitive services. They are unlikely to have development skills.
Implications of the model

This model for community types has gradually developed over time for me. Naming no names, I have especially observed the following points arising from the model:

1. There are four distinct community types here, but people may play different roles in other communities too. For example, package maintainers working on an operating system distribution may be extenders with regard to the code they are packaging from another project and core co-developers with regard to the distribution itself. People offering bug reports as deployers may well be co-developers in other communities.

2. People may play multiple roles within a given community too. A deployer-developer may be contributing code as an co-developer as they address problems during deployment, for example. Testers are likely to span multiple layers, as are documentation authors. Many people in all four of the layers are also users.

3. There are many different ways to contribute to the commons while participating. Users are often a crucial source of documentation, case studies, bug reports and feature requests and the user role is by no means to be considered unimportant. Mature communities will recognise a variety of ways of contributing to the project.

4. The freedoms people need protected vary between the roles. For example, a user is likely to view being protected from lock-in as a primary freedom and to want a choice of deployer-developers working on their behalf as well as the use of open standards in the design. While the original Four Freedoms provide a baseline, I’m increasingly convinced they need interpreting carefully for each “layer” so that the freedoms essential to smooth operation are understood and respected.

5. The way a commercial organisation engages with communities must respect both the role the organisation plays in relation to the community and also the roles of the people they wish to influence. Treating everyone as if they were, for example, deployer-developers, will lead to negative reactions from all the co-developers. There’s no faster way to alienate the most influential members of a community than to broadcast marketing messages to everyone.

6. There are a number of different ways to model open source communities, but I used this model extensively within Sun Microsystems to advise the engineering, marketing and management teams on their community engagements. Having a set of shared terminology to distinguish roles was important for avoiding the assumption that everyone means the same thing when they say “community.”

7. It’s common for software companies to have people who think that “community” is a synonym for “market.” It’s also common for enterprise software consumers to think that “community” is a synonym for “free support.” Both have their place, but a good understanding of community layering will help avoid career-limiting decisions and company-damaging actions resulting from these false associations.

Transparency and privacy

Whichever “layer” is involved, one of the keys to a successful open source community is the equality of every participant. Equality is a much-used word that’s become overloaded, but in an open source community it is the practical consequence of a combination of transparency around every action within the community and respect for the privacy of every participant outside the scope of the community’s actions. Equality does not automatically imply democracy, but it does mean mutual respect based on contribution alone.

Any community that is truly open will thus have strong values around transparency as well as respecting its participants’ privacy and independence. Such a community will also consequently be unlikely to have a copyright assignment benefiting a commercial party. Here’s why.

Synchronization of interest

It’s important to consider why people are in a community in the first place. While generosity and philanthropy are usually abundant in a healthy open source community, they are not the primary reason for participation. An open source community arises from the synchronization of the individual interests of many parties. Each person:

comes to the community at their own (or their employer’s) expense,
seeks to derive from the commons software that satisfies the need that brought them, and
freely brings with them their own abilities and contributions.
No community member is owed a living by any other user or community member. Communities themselves do not have business models; only (some of) the participants gathering in them do. Participants with a business interest in the code express that interest elsewhere, if it’s a truly open community.

To create an environment where people are willing to synchronize their individual interests and collaborate over code, there has to be transparency. Each action that takes place has to stand on its own merits. Each code commit needs to be understandable, each rule needs to be rational and justified, each expenditure needs to be explained and appropriate.

But that transparency doesn’t have to extend beyond the community into the lives and business interests of the participants themselves. Your motivations for being involved in the community are of no direct relevance to my contribution because our relationship in the community depends on code, not on a relationship between us outside the scope of the code.

It’s very important to realise that, if we do have a relationship outside the scope of the community, it is probably harmful both to our reputations and to the wellbeing of the community for us to allow it to secretly influence our actions in our roles as community members. Some of the worst problems I have seen in open source communities have arisen from community members negotiating in private and then carrying the conclusions into the community either as a fait accompli or with some untruthful rationalisation, usually based on legalism with regard to community rules.

The code, the community and how they interact are transparent, but motivations for participating in it are opaque. My reasons are up to me and yours up to you. They’re outside the immediate scope of the project because the code speaks for itself. Most importantly, you have no right to force acceptance of your business model on me in the name of the project. That’s true even if you started the project, even if you’re still the main funding source. Once you’ve created an open source community, this becomes true no matter how wonderful your historical contribution may have been. Any attempt at control is very likely to backfire.

Private motivations, transparent community

Thus in a healthy open source community, I’m free to maintain my privacy around my motivations and how I’m funding my involvement if I wish. On the other hand, I’m able to work in an environment of transparency where all the code is known, all its origins are known, all its defects are potentially known, all its design decisions are held in the mailing lists. That combination of transparency with privacy is, in my opinion, a primary characteristic of an effective open source community. Communities without the rule “if it didn’t happen as a matter of open record, it didn’t happen” are closed, regardless of the software license.

Open source is about transparency at the community level but also about the privacy of the individuals involved. The interface between the two is where a formal community/contribution agreement is relevant. To maintain trust, enable development transparency and permit individual privacy, it’s reasonable to ask every participant to assent to an agreement promising to stick to community norms, especially with respect to the originality of contributions and the possibility that they are associated with parallel-filed patents.

But it has to be every participant — including the “project sponsor”, if any. Any participant agreement has to impose a community norm. Unlike Orwell’s “Animal Farm,” there’s no scope for one participant or class of participants to be “more equal than the others.”

No exclusivity

To be specific here, it’s not reasonable to give any one participant the exclusive advantage of aggregated copyright for them to use privately. Doing so breaches the transparency-privacy boundary, damages trust by enabling opaque behaviour with the community commons and introduces private business-model reasoning into the community where it doesn’t belong.

I’ve heard arguments such as “we have to be able to make a profit” or “we contributed the original code” to justify copyright assignments, but these are personal not community arguments. Your need for profit is yours, not the community’s, and if you didn’t have it nailed before you started the community and irreversibly licensed the code under an OSI-approved license, that’s your problem. Your business need is no reason for me to surrender my copyright to you, so please don’t demand it. There is no amount of contribution on your part that permits you to demand anything from me — your rights are not proportional to your contribution in an open source community.

This isn’t just a matter of philosophy — it’s practical too. In “The Role of Participation Architecture in Growing Sponsored Open Source Communities,” Joel West and Siobhán O’Mahony make clear that if you’re a company trying to start an open source community, trying to maintain exclusivity will harm the outcome. Your attempt at control will either result in the failure of the community to grow as you hope, or ultimately in the community you created forking and working around you. It has happened before, repeatedly, and it will happen again.

Gaming the system

All this separation of interests has its limits, of course. The Apache Software Foundation has operated on this basis for well over a decade. It has been very effective when diverse peer communities have come together under such rules, and Apache’s model is about the best general-purpose open source community model there is.

But as a consequence it has also been a magnet for would-be abusers. While Apache has successfully dealt with many of these cases, there have still been a few where we’ve seen this combination of high transparency and high privacy being “gamed.” At various points in its history, Apache has seen corporate participants engage around projects in ways that aren’t good for the larger community. It’s not just Apache’s problem, either; other open source communities face the gaming of their models with maturity.

Here’s what happens: An experienced, well-staffed corporation with skilled, experienced professionals and with political power in the software market can make agreements privately. These can be among its own staff and with members of its partner ecosystem, and can be informally framed. They lead to effective control of an open source project run on these terms but with the appearance of openness. Further, the enforced transparency of the community means the abusers quickly become aware of any attempt by competitors — or by individual contributors they can’t control — to disrupt their game.

Ironically, the culture of privacy also discourages intervention. By highlighting the individual status of each participant and treating their external motivations as private, it’s hard to talk about problems arising from corporate motivations, or to ask participants to report or discuss out-of-band agreements. The high value of contribution is gamed too. A culture of “do-ocracy” — where those who can contribute are favoured, and those who can’t or won’t instead step back and disengage — leads to people who identify these subtle problems either staying quiet or even being pushed aside in the community.

Apache has taken steps to deal with this, by instituting its Incubator Project. The Incubator is a “container” into which new projects are placed under the supervision of experienced mentors. In addition to helping incoming projects adapt to the Apache Way, they can also be scrutinised for issues before they become an autonomous party of the larger community. It’s a device any large or general-purpose open source community should consider emulating. Even so, the ability to “game” the privacy/transparency dynamic remains. It’s inevitable — any system contains within it the game that will eventually exploit it. The only defence is a diverse, engaged and empowered community that’s willing to call foul — something Apache also thankfully has!

Open source business models: Open core is bad for you

We’ve considered types of community, and the disposition of participants in open source communities. The next topic to consider is the structure of the business models used by open source community participants. There are a wide range of open source business models, but to generalise wildly, they can all be distilled into one general structure: satisfy your customers’ scarcity from your abundance. The key to a good open source business model is to ensure that the scarcity is genuine and not manufactured, and that the abundance is truly yours!

The topic of business models around open source software is huge and attracts controversy, as the Wikipedia article discussing it demonstrates. Researcher Carlo Daffera has an excellent series on the subject which I recommend. I couldn’t possibly consider every business model that might involve open source, but there’s one that provides a useful case study. The open core business model has been feted as the new default “open source business model,” especially by venture capitalists; so much so that the presence of an open core model is a great indicator of VC funding behind a new company.

But I assert it does not deliver and sustain the principle that provides cost savings and flexibility to the customer — software freedom. As a consequence, businesses that live or die by open core risk the fate of Compiere ERP — which, being undermined by a community fork of its own code, effectively went bust — unless they can manage the incredibly delicate balance their customers will discover they demand.

The idea of open core is simple enough. Here’s a modified quote from a business leader in a company that depends on an open core business-model. He said:

“We deliver a fully functional production with our community edition. You can download it under a GPL v3 license. But, additionally, we provide enterprise features only if you pay for them. It’s open core.”

While that sounds reasonable, there are important unstated issues in that approach. Before you decide to commit yourself to such an approach — either as a software supplier or a software consumer — it’s important to understand those issues and ensure the decision you’re taking is made in the light of that understanding.

A game on software freedom

All systems have loopholes. As we found in the previous section, any system contains within itself by implication the game that will exploit it. Exploiting the loopholes is almost always an unintended consequence of the system. That’s as true of open source as it is of anything else. The open core model exploits open source and is a game on software freedom. The fact the game is played does not invalidate software freedom, but it suggests we may need to revisit definitions and make this particular game harder to play.

Open core is a game on rather than a valid expression of software freedom, because it does not cultivate software freedom for the software user. In an open core business, there is a core package that is open source and which delivers basic functions. That package can be used freely under the terms of an open source licence, and there’s no issue involved at this point — as Andrew Lampitt, who coined the term “open core,” asserts:

“… the customers enjoy, in a way, guarantee of liberty from the vendor; if things go sideways for the vendor, there is a sort of a ‘guaranteed escrow’ of the source code.”

But to use the package effectively in production, a business probably won’t find the functions of the core package sufficient, even in the (usual) case of the core package being highly capable. They will find the core package largely ineffective without certain “extras,” and these are only available in the “enterprise version” of the package, which is not open source.

To use those features, you are forced to be a customer only of the sponsoring company. There’s no alternative, no way to do it yourself if the value delivered doesn’t justify the expense involved or if you are time-rich and cash-poor. Worse, using the package locks you in to the supplier. If they prove a bad choice as a supplier, or if your business needs change, you have no real choice beyond “take it or leave it.” In many cases, ending your subscription with the supplier will mean losing your rights to use the enterprise version all together.

Hiding the problem in plain sight

It is typical of open core apologists to skip this point entirely, preferring to put opposition such as mine down to religious fundamentalism and trying to hide the problems in plain sight. They confuse “dual licensing” (which can respect customer liberties if the vendor chooses to make it so) with open core (which can’t) without observing dual licenses are not applied to the closed add-ons most “open core” vendors sell.

They speak of “vibrant communities” but in most cases those are user communities, not communities of co-developers offering an alternative to the closed add-ons. They speak of “lively ecosystems” without noting that most open core vendors use their power over the code to try to ensure those ecosystems are built of partners, not alternatives. Open core is also not a guaranteed win, even for a great system like Compiere ERP. According to Compiere founder Jorg Janke:

“Compiere certainly did not fail due to its technology. It failed due to lack of sales and marketing expertise, execution and the wrong bet to ‘upgrade’ open source minded partners and customers to a traditional, commercial model. I think that the Commercial Open Source model is still valid, but Compiere overstepped the balance between proprietary and open product components.”

This is not to say it’s never OK to wrap additional services around an open source project. In different ways, both the GPL-ish and BSD-ish wings of the open source movement depend on that ability.

I asked a former president of the Apache Software Foundation how he viewed open core. He replied:

“Open core — as it is practiced within Apache — is that the functionality which makes the product compelling to its users is freely available and released through the auspices of the foundation. It is critical that the open offering be able to stand on its own and address the needs of the community or it will not be attractive enough to merit a diverse community which adheres to Apache’s standards. Since the open offering is released under a permissive license and developed in a transparent manner, the various collaborators within the Apache community — many of which have significant revenue streams or venture capital backing — are able to offer their own products which incorporate and complement the open option.”

Yes, the whole premise of Apache was that its founders could share the various Apache projects as a “core” for other work, but in every case the Apache project is complete and sufficient for deployment at an enterprise level including “the functionality which makes the product compelling to its users.”

As a well-known expert has said, some people have money and need time, and others have time and want money. Open source allows both to participate freely; open core does not.

Open core harms software users

To generalize the analysis, the problem with open core is that instead of delivering and cultivating software freedom, the open core business model induces dependency on closed software and lock-in to a vendor. Open core businesses hope that you will be willing to trade your freedom for tangible short-term benefits or even just for “shiny.”

They stand to benefit massively from having you locked-in; they want to trade your freedom for their profit. So while open core businesses truthfully say they are sustaining open source core software, their actual business is nothing to do with open source. It’s a bait-and-switch, wrapping the same old lock-in in the flag of open source and hoping you won’t notice.

This is not just a philosophical game. “Software freedom” may sound abstract, but it is the system of thinking behind the very practical and tangible benefits that have drawn vast numbers of businesses to use open source. As I have written previously, the four freedoms (to use, study, modify and distribute the software without restriction) have created a vast market by enabling cost savings and flexibility. So a business model that cultivates a casual disregard for and discarding of those liberties while pretending otherwise deserves to be challenged.

If you are a software vendor, please respect your customers’ freedoms. Help them see that they are worth paying for. If you choose not to, remember that just because the business model you have chosen demands that you withhold software freedom from your customers, that doesn’t mean the only way to do business around open source involves doing the same. Don’t hide a desire for control that you can artificially exploit behind apparently good words about deserving to make a profit.

If you’re an enterprise software consumer, it’s crucial you cultivate your degrees of freedom. They are the source of your ability to respond to changed market conditions; to negotiate with suppliers strongly because you always have choices that allow you to walk away from any deal; to hire staff from a free market beyond any vendors’ control; to expect constant new innovation because the market in which you purchase remains competitive. Ultimately, to save money by surrendering your freedoms will mean you never save money again.

Copyright accumulation?

This leads inevitably to the controversial subject of copyright accumulation in open source communities. My position is that it is a rarely-needed and exceptional tool that should be avoided unless essential, because of the negative effects it has on the dynamics of open source communities. In the rare cases they are needed, they should accumulate copyright into the hands of a legal entity that embodies the interests of the whole community-of-communities gathered around the software commons in question. It should not be for the benefit of just one company. That creates an inequity that will poison the community.

All the same, I’ve heard prominent commentators assert that a software company that wants to promote open source has to use copyright accumulation if it wants to make money. While that sounds superficially reasonable, I contend that statement is a circular argument. If you’ve chosen to build your business around a model that requires the accumulation of copyright, then you will need a contributor agreement that makes it happen. But it’s a matter of choice whether you use a business model like that, or whether you pick another business model that does not demand copyright accumulation. As an entrepreneur, one has a choice in this matter.


Ultimately any business runs by meeting a scarcity faced by their customer with an abundance they have themselves, and creating profit from the resulting win-win. In the software business, scarcity is harder to identify. While the world was still operating on the hub-and-spoke topology inherited from the Industrial Revolution, the artificial creation of scarcity by licensing copyright restrictively worked well as a payment gateway. But in today’s meshed society, where the ability to connect direct means mediation is now artificial interference, trying to charge for the right-to-use software appears to the Internet as damage and is routed around. It also creates an insurmountable barrier for communities.

I can understand why a long-established corporation trying to come to terms with open source in the early stages of the road to freedom might think they need a contributor agreement. But it’s churlish and contrarian to start a new business today that relies for its revenue on the artificial scarcity of yesterday. There are plenty of scarcities to monetise — cloud infrastructure, operations skill, stack integration, jurisdictional differences and many more — without the need to try to apply a gateway to open source software. The requirement for a copyright accumulation in order to create an artificial scarcity is the genetic marker for a desire for control, and in the meshed society that the Internet is creating, that’s a sign of damage that needs working around.

Participation agreements

Just to be completely clear, this warning against copyright assignment is not a prohibition of having participant agreements that confirm the community norms and ensure every participant has recorded their agreement in a consistent way. Participant agreements can have a variety of uses. For example, they may set default licensing terms when none are stated, and may indicate a commitment to originality in all contributions. These sorts of agreements are common enough.

Even they impose a barrier to participation for some potential community members; any developer who has to get permission to proceed from his employer’s general counsel will need to be highly motivated in order to do so. You need to make sure you’ve done the cost-benefit analysis in a way that includes an allowance for the extra community-building effort that will be needed to overcome each barrier to participation you’ve deemed essential.

One of the needs that drives some communities to copyright accumulation is the desire to protect against a future need for license change. If the copyrights for contributions are left in the hands of their original contributors, getting their permission to change the license at a later date could be a nightmare. But copyright accumulation isn’t the only tool available. You could use a license like the Apache License version 2, which grants rights so broad that the addition of another license with different but complementary terms is very easy.

Alternatively, you could select a “plus license” for the project, which includes language permitting relicensing under a later revision of the same license. This “license upgrade” capability covers most valid cases where a community might want to relicense. For projects wanting file-level copyleft (“weak copyleft”) the Mozilla Public License version 2 is the best choice at present. Projects wanting a strong copyleft license may want to use the GNU General Public License version 3, or may prefer to license under version 2 using the .”.. or any later version” language.

Whose freedom?

In designing a new business, the ultimate diagnostic is who is left with the benefits of software freedom; you or you and your customers? The “bubble” of new companies starting and gaining funding based on business models that subvert open source by “dual licensing” and “open core” are effectively over. The branding of hot startups can no longer rely on smoke-and-mirrors tricks of terminology relating to open source because too many people are familiar with the every-day reality of software freedom. And communities are wising up to the hazards of copyright accumulation.

Conclusion: Trade control for influence

In each of these examples of how enterprises collaborate across communities, there’s a common thread running through all the best practices. In communities, when we seek greater control, unless it’s control that’s for the overall good of the community and granted with the full consent of the community, there is a great risk it will backfire. The controversies around the Hudson/Jenkins projects and the OpenOffice.org/LibreOffice projects show the damage that can result.

Instead, a wiser strategy is in each case to seek greater influence over the direction each community chooses for itself. Just as a design principle of the Internet was to route around damage, so open source communities do the same. The open source licenses under which they operate always allow anyone to take the code elsewhere and work on it without you — a “fork.” If they’re justified in doing so, one or more layers of the community will go with them.

Maybe you’re from a rich, powerful corporation that can use its relationships with partners to simulate an open source community in spite of the fork. But why do that? Instead, live and work as a supporter of transparency and privacy. Avoid private agreements that make other community members behave in ways that subvert that transparency. Develop code in the open. Trade with your customers on the value you can deliver to them rather than on the control you are able to gain over them.

As you do this, your influence in the community will grow strong. Influence allows you to steer community decisions because other participants trust and respect you. It makes other community members support and defend you against challengers. It is the basis for successful business in the open source age. Ultimately, your best community collaboration strategy is to trade control for influence.

Filmmaker Pledges to Live Open Source for a Year

It's one thing to like open source, but it's another thing to live open source. Sam Muirhead, a 28-year old filmmaker who lives in Berlin, is making headlines for an unusual pledge he has made: He has sworn that beginning August 1st, he will spend one year living totally open source. And he doesn't just mean he will use open source technology. He means that his beer, the paper he uses--everything he uses--will be open source.

Muirhead will make his own open source shoes, jeans, toothbrush and furniture (and release the designs for others). He’ll be using open source educational methods to learn Turkish, avoiding food grown from copyrighted seed strains, and abandoning Apple software.

Friday, July 13, 2012

Open Source Opens the Door to Women

Get everyone who works on open-source software together and put them in a little room in your brain. Now take a look around at what you just created. They’re smart. They come from all different countries and educational backgrounds, but it’s a stag party in there. They’re almost all men.

“It’s like going to a party where you know no one. That’s not a party you want to be at,” says Maírín Duffy, a blogger and senior interaction designer at Red Hat in Boston. Duffy is one of the few women who have shrugged off intimidation and walked right into the open-source community. Not many others have followed.

Fortunately, open-source project leaders are beginning to realize that if they want women to participate, they will have to fling the doors wide open. And there are now more ways than ever for women to get involved and to find community support.

A 2002 survey found that women comprised a paltry 1.2 percent of all open-source programmers. Considering that involvement with proprietary software is much higher—around 28 percent are women—it’s clear that many who possess the skills needed to work on open-source projects simply aren’t doing so.

And it may be hurting their careers.

Working on open-source projects is a clear indication to software developers that you write code because you love it, and nearly half of employers say that it benefits a job candidate to have some experience, according to a 2005 survey.

For a while, people assumed that if women weren’t joining in, it’s because they just didn’t want to.

GNOME, a project that develops Linux-compatible desktop applications, was one of the first groups to test this theory. In 2006, they participated in the Google Summer of Code, which connects student developers with open-source projects and then funds the work.

GNOME called for applications and got back 181, none of which were from a woman. They quickly threw together a second outreach effort, baiting the hook specifically for women.

“This was a trailblazing thing,” says Marina Zhurakhinskaya, another Red Hat engineer, who now directs outreach for GNOME. “They said if we just reach out to women, we will get interest in working on the GNOME desktop.”

In the end, 100 women applied and six were accepted.

“Because women did not see others around them doing it, they just thought, well this is just too intimidating. This is a guy’s thing,” Zhurakhinskaya says. “But when they see that women are welcomed on a project, they are excited about it and think it’s a great community to be a part of.”

In the years that followed, GNOME pulled back on the effort and the numbers of participating women plummeted again. The trend has convinced Zhurakhinskaya that efforts to attract females will have to continue.

Under her guidance, GNOME has put together a mentoring program in which a newcomer—the service is now available to men, too—can get assigned to an established woman in the community who will look at her or his code before presenting it to the group. Mentors also offer general support.

Some of those who went through the program are now mentors themselves. The hope is that, as women enter the community, word-of-mouth will take the place of active recruiting, and more women will be drawn up the ranks through a kind of capillary action.

After all, the whole point of going open source is to break down the barriers that impede innovation and, at least in theory, more diversity means a wider range of ideas swirling around.

“The more chaos you throw into the mix, the more chance you’re going to hit on an awesome idea and run with it,” says blogger and Red Hat designer Duffy.

Perhaps this is why other projects have taken the GNOME model and run with it. The Debian Project now has its own mentoring program, and Ubuntu has put together a mailing list, a forum and a blog specifically for female initiates.

If you’re a woman looking to get into open-source programming and you’ve been hanging just outside the door, know this: it’s still mostly men at the party, but now you don’t have to go it alone.