If you hitch a ride with a scorpion…

I haven’t seen a blog post or notice about this, but according to the Twitters, Coverity has stopped supporting online scanning for open source projects. Is anybody shocked by this? Anybody?

Chris Aniszczyk (@cra) tweets: "sigh coverity stopped supporting their online scanning for open source projects... C/C++ code scan tool that integrates beautifully with github?"

This comes the same week that Slack announces that they’re ending support for IRC/XMPP gateways — that is, the same tools that persuaded a number of people that it’s OK to adopt a proprietary chat service, because they’d always be able to use open clients to connect.

Not sure what the story is with Coverity, but it probably has something to do with 1) they haven’t been able to monetize the service the way they hoped, or 2) they’ve been able to monetize the service and don’t fancy spending the money anymore or 3) they’ve pivoted entirely and just aren’t doing the scanning thing. Not sure which, don’t really care — the end result is the same. Open source projects that have come to depend on this now have to scramble to replace the service.

We’ve seen this before with a litany of variations. BitKeeper pulling the plug on its freebies for kernel developers. SourceForge.net taking turns for the worse and driving a number of projects away. Google Chat / Hangouts stopped federating with XMPP clients outside its network. Transifex closing its source code… I could go on, those are just the ones that jump to top of mind.

I’m not going to go all RMS, but the only way to prevent this is to have open tools and services. And pay for them.

Amazon’s open source aspirations and actions

I stayed up last night to watch Amazon’s Tuesday night keynote for AWS re:Invent. Lemme tell you, I am not at all sad to be missing the crowds at re:Invent, and kudos to Amazon for its high-quality production values for the keynotes.

One of the things that really interested me, but wasn’t deeply explored, was the mention of Amazon’s home-grown KVM hypervisor and its Nitro setup, where it offloads networking, management, and storage to separate hardware and gives instances all the resources on the machine. (This is going by Peter DeSantis’ description and my following along with the keynote past midnight, so…)

Later in the keynote session when they brought Netflix on, they made some noises about open source and talked about their TLS implementation s2n. Haven’t dove deeply into s2n, but it sounds like they’re doing the right thing with this project, and a strong encryption alternative that has deep-pocket backing is not a bad thing at all.

But what struck me is the dichotomy of talking about open source and its importance for s2n, but glossing over completely their modifications or plans for KVM as a project. There’s a huge KVM community and I’m sure that they’d love to have Amazon participating actively. As far as I know, though, this isn’t happening.

Amazon has made moves to start an open source office and is doing more work in open source, but there’s a huge deficit between what Amazon builds off of open source and what it contributes back. If the company is serious about open source, it has an opportunity to make an enormous impact. I just hope the plan isn’t to limit its contributions to fringe or non-crucial projects and keep vital projects like Nitro/KVM behind closed doors away from the rest of the industry.

Flock Day Two: Everything is a Container! (Kinda)

Day two at Flock was, once again, a pretty container-riffic experience, at least if that’s what you were interested in. The day kicked off with Dan Walsh giving an overview of new container technologies and a roadmap for things like the cri-o project. (Look here for a longer post on cri-o and such shortly.)

Dan’s talk was excellent all-around, but he had one piece of perspective I plan to use going forward: Everything running on Linux is in a “container,” even if it’s in a “host” container. What this means is that, really, all processes use the same technologies that help make up “containers” — e.g., cgroups, SELinux, namespaces, etc. What container runtimes do is to set up more restrictive containers that have a different view of the system than unconstrained processes. (For certain values of ‘unconstrained.”)

Continue reading

Flock Day One: All Containers, All the Time

This year, Fedora’s Flock conference is being held in Cape Cod, Massachusetts, following the tick/tock cadence of North America/Europe. Last year, I was helping to organize the conference (in Prague), and this year I get to turn up and enjoy the event while other folks (like Brian Exelbierd, Jen Madriaga, and many others) wrangle the event. Spoiler alert: it’s a lot more fun attending than running a conference.

Day one kicked off with Matthew Miller (Fedora Project Leader, for those folks not heavily involved in the Fedora Project) giving a “State of Fedora” overview. I’ll probably write more about this later, but the tl;dr – things are good, as far as uptake of Fedora. But they could be better. Fedora 25 and 26 have seen great uptake, people seem to be liking the latest releases, and they’re getting good reviews. Continue reading

Communication Anti-Patterns

Let’s get this out of the way: Yes, I’m old and grumpy. I have more than a few “get off my lawn!” moments. But sometimes… sometimes, they’re justified. Especially when confronted with some of the common communication anti-patterns I run into day after day when working with distributed communities/workers. Here’s a few things you shouldn’t do, or stop doing if you do them.

Continue reading

Project Fi and replacement phones: Android could learn from Fedora…

nexus2cee_project_fi_hero_thumbI’ve had really good luck with smartphones (/me knocks on wood) over the years. I’ve dropped phones a number of times, but other than a few scuffs and scratches, no permanent damage. (My first-generation iPhone did have an unfortunate encounter with a softball years ago, but since then – smooth sailing.) This weekend, though, I biffed the Nexus 6 just wrong on the tile floor and the screen got the worst of it.
Continue reading

Happy New Year! (Foiled by DDoS…)

So – one of the resolutions I was kicking around for 2016 was to blog more often, perhaps daily. I got up bright and early on January 1st… ok, that’s a lie. I got up around 8 a.m. after the cat batted my nose repeatedly. But I got up, and after the morning ritual of feeding the cats, thought I would log into the blog and write a little something.

Unfortunately, my hosting provider (Linode) was suffering a DDoS and connecting to my server between 1 January and yesterday proved difficult if not impossible. Here’s hoping the rest of 2016 goes a little smoother!

Running for Fedora Council

fedora-ambassador-mentor Fedora elections are upon us once again, starting tomorrow. There’s one Fedora Council seat open, and I’ve decided to throw my, er, hat into the ring. I’ve put up the platform questions on the Fedora Community Blog, but also wanted to chime in here.

I’m not stumping for votes, but I did want to take a minute to encourage folks to participate in this election and think about how you’ll participate in the next release cycle. Whether you vote for me or the other candidate for Council (that’d be Robert Mayr aka robyduck – who is awesome) I hope you’ll also be thinking about how you might contribute a few extra cycles to the Fedora 24 release and the project in general.

In particular, for the Fedora 24 cycle I hope to see more folks helping in the marketing group (as I’ve mentioned before), and we can use more hands in the Cloud SIG as well. We have a lot of opportunity ahead, but we need many more hands to reach our full potential.