Promote Drupal Initiative Announced at DrupalCon

Promote Drupal Initiative Announced at DrupalCon

Image

Katherine Druckman
Wed, 04/11/2018 – 11:03

Yesterday’s Keynote from Drupal project founder, Dries Buytaert, kicked off the annual North American gathering of Drupalists from around the world, and also kicked off a new Drupal community initiative aimed at promoting the Drupal platform through a coordinated marketing effort using funds raised within the community.

The Drupal Association hopes to raise $100,000 to enable a global group of staff and volunteers to complete the first two phases of a four-phase plan to create consistent and reusable marketing materials to allow agencies and other Drupal promoters to communicate Drupal’s benefits to organizations and potential customers quickly and effectively.

Convincing non-geeks and non-technical decision-makers of Drupal’s strengths has always been a pain point, and we’ll be watching with great interest as this initiative progresses.

Also among the announcements were demonstrations of how easy it could soon be to manipulate content within the Drupal back end using a drag-and-drop interface, which would provide great flexibility for site builders and content editors.

We also expect to see improvements to the Drupal site-builder experience in upcoming releases, as well as improvements to the built-in configuration management process, which eases the deployment process when developing in Drupal.

See the full keynote to get inspired by what’s to come in the Drupalverse.

And also see the DrupalCon Nashville Playlist!

Read More

OSI's Simon Phipps on Open Source's Past and Future

OSI’s Simon Phipps on Open Source’s Past and Future

Image

Christine Hall
Wed, 04/11/2018 – 09:20

With an eye on the future, the Open Source Initiative’s president
sits down and talks with Linux Journal about the organization’s
20-year
history.

It would be difficult for anyone who follows Linux and open source to
have missed the 20th birthday
of open source
in early February. This was a dual celebration,
actually, noting the passing of 20 years since the term “open source” was
first coined and since the formation of the Open Source Initiative (OSI), the
organization that decides whether software licenses qualify to wear that
label.

The party came six months or so after Facebook was successfully convinced
by the likes of the Apache Foundation; WordPress’s developer, Automatic;
the Free Software Foundation (FSF); and OSI to change
the licensing of its popular React project
away from the BSD +
Patents license, a license that had flown under the radar for a while.

The brouhaha began when Apache developers noticed a term in the license
forbidding the suing of Facebook over any patent issues, which was
troublesome because it gave special consideration to a single entity,
Facebook, which pretty much disqualified it from being an open-source
license.

Although the incident worked out well—after some grumblings Facebook
relented and changed the license to MIT—the Open Source Initiative
fell under some criticism for having approved the BSD + Patents license,
with some people suggesting that maybe it was time for OSI to be rolled
over into an organization such as the Linux Foundation.

The problem was that OSI had never approved the BSD + Patents.

Simon Phipps delivers the keynote at Kopano Conference 2017 in
Arnhem, the Netherlands.

“BSD was approved as a license, and Facebook decided that they would add
the software producer equivalent of a signing statement to it”, OSI’s
president, Simon Phipps, recently explained to Linux Journal. He
continued:

They
decided they would unilaterally add a patent grant with a defensive
clause in it. They found they were able to do that for a while simply
because the community accepted it. Over time it became apparent to people
that it was actually not an acceptable patent grant, that it unduly
favored Facebook and that if it was allowed to grow to scale, it would
definitely create an environment where Facebook was unfairly
advantaged.

He added that the Facebook incident was actually beneficial for OSI and
ended up being a validation of the open-source approval process:

I think the consequence of that encounter is that more people are now
convinced that the whole licensing arrangement that open-source software
is under needs to be approved at OSI.

I think prior to that,
people felt it was okay for there just to be a license and then for there
to be arbitrary additional terms applied. I think that the consensus of
the community has moved on from that. I think it would be brave for a
future software producer to decide that they can add arbitrary terms
unless those arbitrary terms are minimally changing the rights and
benefits of the community.

As for the notion that OSI should be folded into a larger organization
such as the Linux Foundation?

“When I first joined OSI, which was back in 2009 I think, I shared that
view”, Phipps said. He continued:

I felt that OSI had done its job and could be put
into an existing organization. I came to believe that wasn’t the case,
because the core role that OSI plays is actually a specialist role. It’s
one that needs to be defined and protected. Each of the organizations I
could think of where OSI could be hosted would almost certainly not be
able to give the role the time and attention it was due. There was a risk
there would be a capture of that role by an actor who could not be
trusted to conduct it responsibly.

That risk of the license approval role being captured is what persuaded
me that I needed to join the OSI board and that I needed to help it to
revamp and become a member organization, so that it could protect the
license approval role in perpetuity. That’s why over the last five to six
years, OSI has dramatically changed.

This is Phipps’ second go at being president at OSI. He originally served
in the position from 2012 until 2015, when he stepped down in preparation
for the end of his term on the organization’s board. He returned to the
position last year after his replacement, Allison Randal, suddenly
stepped down to focus on her pursuit of a PhD.

His return was pretty much universally seen in a positive light. During
his first three-year stint, the organization moved toward a
membership-based governance structure and started an affiliate membership
program for nonprofit charitable organizations, industry associations
and academic institutions. This eventually led to an individual
membership program and the inclusion of corporate sponsors.

Although OSI is one of the best known open-source organizations, its
grassroots approach has helped keep it on the lean side, especially when
compared to organizations like the behemoth Linux or Mozilla
Foundations. Phipps, for example, collects no salary for performing his
presidential duties. Compare that with the Linux Foundation’s executive
director, Jim Zemlin, whose salary in 2010 was reportedly north of
$300,000.

“We’re a very small organization actually”, Phipps said. He added:

We have a board
of directors of 11 people and we have one paid employee. That means the
amount of work we’re likely do behind the scenes has historically been
quite small, but as time is going forward, we’re gradually expanding our
reach. We’re doing that through working groups and we’re doing that
through bringing together affiliates for particular projects.

While the public perception might be that OSI’s role is merely the
approval of open-source licenses, Phipps sees a larger picture. According
to him, the point of all the work OSI does, including the approval
process, is to pave the way to make the road smoother for open-source
developers:

The role that OSI plays is to crystallize consensus. Rather
than being an adjudicator that makes decisions ex cathedra, we’re an
organization that provides a venue for people to discuss licensing. We
then identify consensus as it arises and then memorialize that consensus.
We’re more speaker-of-the-house than king.

That provides an extremely sound way for people to reduce the burden on
developers of having to evaluate licensing. As open source becomes more
and more the core of the way businesses develop software, it’s more and
more valuable to have that crystallization of consensus process taking
out the uncertainty for people who are needing to work between different
entities. Without that, you need to constantly be seeking legal advice,
you need to constantly be having discussions about whether a license
meets the criteria for being open source or not, and the higher
uncertainty results in fewer contributions and less collaboration.

One of OSI’s duties, and one it has in common with organizations such as
the Free Software Foundation (FSF), is that of enforcer of compliance
issues with open-source licenses. Like the FSF, OSI prefers to take a
carrot rather than stick approach. And because it’s the organization that
approves open-source licenses, it’s in a unique position to nip issues in
the bud. Those issues can run the gamut from unnecessary licenses to
freeware masquerading as open source. According to Phipps:

We don’t do that in private. We do that fairly publicly and
we don’t normally need to do that. Normally a member of the license
review mailing list, who are all simply members of the community, will go
back to people and say “we don’t think that’s distinctive”, “we don’t
think that’s unique enough”, “why didn’t you use license so and so”, or
they’ll say, “we really don’t think your intent behind this license is
actually open source.” Typically OSI doesn’t have to go and say those
things to people.

The places where we do get involved in speaking to people directly is
where they describe things as open source when they haven’t bothered to
go through that process and that’s the point at which we’ll communicate
with people privately.

The problem of freeware—proprietary software that’s offered without
cost—being marketed under the open-source banner is particularly
troublesome. In those cases, OSI definitely will reach out and contact
the offending companies, as Phipps says,
“We do that quite often, and we have a good track record of helping
people understand why it’s to their business disadvantage to behave in
that way.”

One of the reasons why OSI is able to get commercial software developers
to heed its advice might be because the organization has never taken an
anti-business stance. Founding member Michael Tiemann, now VP of open-source affairs at Red Hat, once said that one of the reasons the
initiative chose the term “open source” was to “dump the moralizing and
confrontational attitude that had been associated with ‘free
software’ in the past and sell the idea strictly on the same
pragmatic, business-case grounds that had motivated Netscape.”

These days, the organization has ties with many major software vendors and
receives most of its financial support from corporate sponsors. However,
it has taken steps to ensure that corporate sponsors don’t dictate OSI
policy. According to Phipps:

If you want to join a trade association, that’s what the Linux
Foundation is there for. You can go pay your membership
fees and buy a vote there, but OSI is a 501(c)(3). That’s means it’s a
charity that’s serving the public’s interest and the public benefit.

It would be wrong for us to allow OSI to be captured by corporate
interests. When we conceived the sponsorship scheme, we made sure that
there was no risk that would happen. Our corporate sponsors do not get
any governance role in the organization. They don’t get a vote over
what’s happening, and we’ve been very slow to accept new corporate
sponsors because we wanted to make sure that no one sponsor could have an
undue influence if they decided that they no longer liked us or decided
to stop paying the sponsorship fees.

This pragmatic approach, which also puts “permissive” licenses like
Apache and MIT on equal footing with “copyleft” licenses like the GPL,
has traditionally not been met with universal approval from FOSS
advocates. The FSF’s Richard Stallman has been critical of the
organization, although noting that his organization and OSI are
essentially on the same page. Years ago, OSI co-founder and creator of
The Open Source Definition, Bruce Perens, decried the “schism” between
the Free Software and Open Source communities—a schism that Phipps
seeks to narrow:

As I’ve been giving keynotes about the first 20 years and the next ten
years of open source, I’ve wanted to make very clear to people that open
source is a progression of the pre-existing idea of free software, that
there is no conflict between the idea of free software and the way it can
be adopted for commercial or for more structured use under the term open
source.

One of the things that I’m very happy about over the last five to six
years is the good relations we’ve been able to have with the Free
Software Foundation Europe. We’ve been able to collaborate with them over
amicus briefs in important lawsuits. We are collaborating with them over
significant issues, including privacy and including software patents, and
I hope in the future that we’ll be able to continue cooperating and
collaborating. I think that’s an important thing to point out, that I
want the pre-existing world of free software to have its due credit.

Software patents represent one of several areas into which OSI has been
expanding. Patents have long been a thorny issue for open source, because
they have the potential to affect not only people who develop software,
but also companies who merely run open-source software on their machines. They
also can be like a snake in the grass; any software application can be
infringing on an unknown patent. According to Phipps:

We have a new project that is just getting started, revisiting the role
of patents and standards. We have helped bring together a
post-graduate curriculum on open source for educating graduates on how to
develop open-source software and how to understand it.

We also host other organizations that need a fiduciary host so that they
don’t have to do their own bookkeeping and legal filings. For a couple
years, we hosted the Open Hatch Project, which has now wound up, and we
host other activities. For example, we host the mailing lists for the
California Association of Voting Officials, who are trying to promote
open-source software in voting machines in North America.

Like everyone else in tech these days, OSI is also grappling with
diversity issues. Phipps said the organization is seeking to deal with
that issue by starting at the membership level:

At the moment I feel that I would very much like to see a more diverse
membership. I’d like to see us more diverse
geographically. I’d like to see us more diverse in terms of the
ethnicity and gender of the people who are involved. I would like to
see us more diverse in terms of the businesses from which people are
employed.

I’d like to see all those improve and so, over the next few years
(assuming that I remain president because I have to be re-elected every
year by the board) that will also be one of the focuses that I have.

And to wrap things up, here’s how he plans to go about that:

This year is the anniversary year, and we’ve been able to arrange for OSI
to be present at a conference pretty much every month, in some cases two
or three per month, and the vast majority of those events are global. For
example, FOSSASIA is coming up,
and we’re backing that. We are sponsoring a hostel where we’ll be having
50 software developers who are able to attend FOSSASIA because of the
sponsorship. Our goal here is to raise our profile and to recruit
membership by going and engaging with local communities globally. I think
that’s going to be a very important way that we do it.

Read More

Red Hat Enterprise Linux 7.5 Released, Valve Improves Steam Privacy Settings, New Distribution Specification Project for Containers and More

News briefs for April 11, 2018.

Red Hat Enterprise Linux 7.5 was released yesterday. New
features include “enhanced security and compliance, usability at scale, continued
integration with Windows infrastructure on-premise and in Microsoft Azure, and new
functionality for storage cost controls. The release also includes continued
investment in platform manageability for Linux beginners, experts, and Microsoft
Windows administrators.” See the release
notes
for more information.

The Open Container Initiative (OCI) yesterday announced the launch of the
Distribution
Specification Project
: “having a solid, common distribution specification with
conformance testing will ensure long lasting security and interoperability throughout
the container ecosystem”. See also “Open
Container Initiative nails down container image distribution standard”
on ZDNet
for more details.

Valve is offering new
and improved privacy settings for Steam users
, providing more detailed descriptions of the
settings so you can better manage what your friends and the wider Steam community see.
The announcement notes, “Additionally, regardless of which setting you choose for your
profile’s game details, you now have the option to keep your total game playtime
private. You no longer need to nervously laugh it off as a bug when your friends
notice the 4,000+ hours you’ve put into Ricochet.”

Thousands of websites have been hacked to give “fake update notifications to
install banking malware and remote access trojans on visitors’ computers”, according
to computer researcher Malwarebytes.
Ars
Technica
reports that “The attackers also fly under the radar by using highly obfuscated
JavaScript. Among the malicious software installed in the campaign was the Chthonic
banking malware and a commercial remote access trojan known as NetSupport.”

Krita 4.0.1 was released
yesterday. This new version fixes more than 50 bugs since the 4.0 release and includes
many improvements to the UI.

Read More