The main activities for the Open Source Summit kicked off on Tuesday with several keynote sessions. The common theme was community and security, including the Open Source Security Foundation (OpenSSF).
The focus on security doesn’t surprise me. I was reminded of this xkcd comic when the Log4shell exploit hit.
At the time I was consulting for a bank and I called the SVP and said “hey, we really need to get ahead of this” and he was like “oh, yeah, I was invited to a security video call a short while ago” and I was like “take the call”.
I managed to squeeze into the ballroom just before the talks started, and I was happy to see the room was packed, and would end up with a number of people standing in the back and around the edges.
The conference was opened by Robin Bender Ginn, Executive Director of the OpenJS Foundation.
After going over the schedule and other housekeeping topics, she mentioned that in recognition of Pride Month the conference was matching donations to the Transgender Education Network of Texas (TENT) as well as Equality Texas, up to $10,000.
In that vein the first person to speak was Aeva Black, and they talked about how diversity can increase productivity in communities, specifically open source communities, by bringing in different viewpoints and experiences. It was very well received, with many people giving a standing ovation at its conclusion.
The next speaker was Eric Brewer from Google (a platinum sponsor) and his talk focused on how to improve the robustness and security of open source (and he joked about having to follow Black with such a change of topic). Free software is exactly that, free and “as is”. So when something like Log4shell happens that impacts a huge amount of infrastructure, there is really no one who has an implicit obligation to rectify the issue. That doesn’t prevent people from trying to force someone to fix things, as this infamous letter to Daniel Stenberg demonstrates.
Brewer suggests that we work on creating open source “curators” who can provide commercial support for open source projects. In some cases they could be the maintainer, but it is not necessary. When I was at OpenNMS our support offerings provided some of this indemnification along with service levels for fixing issues, but of course that came at a cost. I think it is going to take some time for people to realize that free software does not mean a free solution, but this idea of curators is a good start.
I got the feeling that the next presentation was one reason the hall was so packed as Linus Torvalds and Dirk Hohndel took the stage. Linus will be the first to admit that he doesn’t like public speaking, but I found that this format, where Dirk asked him questions and he responded, worked well. Linus, who is, well, not known for suffering fools gladly, admitted and apologized for his penchant for being rather sharp in his criticism, and when Dirk asked if he was going to be nicer in the future Linus said, no, he probably wouldn’t so he wanted to proactively apologize. That made me chuckle.
This was followed by a security-focused presentation by Todd Moore from IBM, another platinum sponsor. He also addressed trying to improve open source security but took an angle more aimed at government involvement. Digital infrastructure is infrastructure, much like bridges, roads, clean water, etc., and there should be some way for governments to fund and sponsor open source development.
The final keynote for today was a discussion with Amy Gilliland who is the President of General Dynamics Information Technology (GDIT). In a past life I worked quite a bit with GDIT (and you have to admit, that can be a pretty appropriate acronym at times) and it is nice to see a company that is so associated with more secretive aspects of government contracting focusing on open source solutions.
After the keynotes I visited the Sponsor Hall to see the AWS booth. It was pretty cool. As a diamond sponsor it is right in front as you enter.
There were people from a number of the open source teams at AWS available to do presentations, including FreeRTOS and OpenSearch.
I don’t have booth duty this conference so I decided to wander around. I thought it was laid out well and it was interesting to see the variety of companies with booths. I did take some time to chat with the folks at Mattermost.
While I’m a user of both Discord and Slack, I really, really like Mattermost. It is open source and provides a lot of the same functionality as Slack, and you can also host it yourself which is what the OpenNMS Project does. If you don’t want to go to the trouble of installing and maintaining your own instance, you can get the cloud version from Mattermost, and I learned that as of version 7 there is a free tier available so there is nothing preventing you from checking it out.
I did take a short break from the conference to grab lunch with my friend William Hurley (whurley). It had been at least three years since we’d seen each other face to face and, thinking back, I was surprised at the number of topics we managed to cover in our short time together. He is an amazing technologist currently working to disrupt, and in many ways found, commercial quantum computing through his company StrangeWorks. He also made me aware of Amazon Braket, which lets those of us who aren’t whurley to access quantum computing services. I’m eager to check it out as it is an area that really interests me.
After lunch I was eager to see a presentation on InfluxDB by Zoe Steinkamp.
Time series data collection and storage was a focus of mine when I was involved in monitoring, and Influx is working to make flexible solutions using open source. Steinkamp’s presentation was on combining data collection at the edge with backend storage and processing in the cloud. Influx had a working example of a device that would monitor the conditions of a plant (she’s an avid gardener) such as temperature and moisture, and this data was collected locally and then forwarded to the cloud. They have a new technology called Edge Data Replication designed to make the whole process much more robust.
I was excited to learn about their query language. Many time series solutions focus so much on obtaining and storing the data and not enough on making that data useful, which to me seems to be the whole point. I’m eager to play with it as soon as I can.
One thing that bothered me was that the hotel decided to have the windows washed in the middle of the presentation.
Steinkamp did a great job of soldiering through the noise and not letting it phase her.
The evening event was held at Stubbs restaurant, which is also a music venue.
I’ve been a fan of Stubbs barbecue sauce for years so it was cool to go to the restaurant that bears his name, even though the Austin location was opened in 1996, a year after Christopher B. Stubblefield died.
It was a nice end to a busy day, and I look forward to Day 2.