UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
Intro to open source - 101 presentation
1. IBM Z
How to get started with
OPEN-SOURCE SOFTWARE
2. CDMX - Boston
JAVIER PEREZ
Open Source Program Strategist, IBM Z
@jperezp_bos
javierperez.mozello.com
www.linkedin.com/in/javierperez
» 10+ years in open-source
» Solution Architect and Product
Management background
» Led open-source projects at
Appcelerator and Red Hat
» App Dev, Mobile, App Security, Cloud
Native, SaaS offerings
» Voting Member of IBM Open-Source
Technical Steering Committee
» Voting Member of Open Mainframe
Project Technical Advisory Committee
3. Open-Source since 1955
3
• SHARE: World’s first computer user group
• Founded in 1955 by users of the IBM 701
• Shared technical details, programs, and
documentation
• SHARE Program Library started collection and
distribution of software
4. Brief History of Open-Source
• First all software was free software (1950s ~ 1960s)
• SHARE started sharing (1955)
• Unix OS and Programming Languages were free (1970s)
• CBT Tape organization created in (1975) cbttape.org
• Commercial Software and User Communities start (1980s)
• GNU General Public License (GPL) for free software (1989)
5. Brief History of Open-Source
• Linus Torvalds publishes Linux Kernel under GPL (1991)
• New Mozilla Foundation and Netscape browser is open-sourced
(1998)
• Open-source model described in the "The Cathedral and the Bazaar”
by Eric Raymond (1997-1999)
• Linus Torvalds creates Git in 2005, GitHub founded in 2008
• Microsoft buys GitHub for $7.8B (2018), IBM buys Red-Hat for $34B
(2019)
• 2021 Open-source companies' valuation: MongoDB $25B, Elastic
$14B, Databricks $28B (private), Cloudera $5.3B
6. What is Open-Source Software?
• Source code is publicly available
• Open to collaboration
• Source code available with a license that
permits users to freely run, study, modify and
redistribute
Photo by Markus Spiske from Pexels
8. Roles in Open-Source Software
Maintainer
Administrator, publish code, website, social media
Committer
Becoming a Committer in projects like Cordova, Node.js,
Linux, and others is a highly regarded and respected role
Contributor
Opportunity to learn, join a community and meet people
Photo by Procreator UX Design Studio on Unsplash
10. Open-Source Libraries and
Dependencies
• Popular Open-Source Libraries have many
contributors and are also reused by other OSS
• Depending on the Programming Language
Open-Source Libraries can have from a few to
1000’s of dependencies
• There are Direct Dependencies and Transitive
Dependencies
11. • Contribute Upstream
• Company Sponsored or Individually
• Enhancements & innovations
• Testing, bug reports, suggest a feature
• Bug fixes
• Vulnerability fixes
• Port to new platform
• Graphic design & documentation
• Advocacy, give a talk, write a blog, marketing
• Modified code not contributed back becomes close code
Photo by Andres Haro on Unsplash
What to Contribute?
12. V1.1
Open-source
Project
V1.2 V1.3
V1.0
Enterprise
Edition
V1.1
Download
Code changes
and fixes
Test
Contribute
upstream
Download
Upstream project
Downstream
Fewer changes
and fixes
Test
Contribute
upstream
Download
Fewer changes
and fixes
Downstream
Upstream project
Benefits of Upstreaming:
• Less code to maintain in house
• External reviews and feedback
• Your code stays in the latest versions of both open-source project and commercial product
• Demonstrates commitment to the project and can influence direction
Open-Source Best Practice: Upstream Code
13. • To start free or at a low cost. Experiment & fail fast
• Access to latest innovation without ”lock-in”
• Faster pace of bugs and vulnerabilities fixes
• Many support sources via documentation, community
forums/portals, videos, blogs, etc.
• Easier to recruit full stack developers, more proficient
developers
Photo by Damir Kopezhanov on Unsplash
Why companies invest in Open-
Source?
14. Survey: 3,400 Developer
Consider open-source
software better than
proprietary software
Developer Managers
say open-source
knowledge is a factor
for hiring decisions
Agree that contributions
impress potential employers
94 %
65 %
87 %
Photo by Michèle Eckert on Unsplash
Source: 2021 O'Reilly Media survey, commissioned by IBM
15. 15
Companies Contributing to Open-Source
Source: GitHub research Apr29 2021 https://solutionshub.epam.com/OSCI/
Companies with the Most Active Contributors
4428 4204
2865
1693
4558
9239
8509
4260 4218
8478
0
2500
5000
7500
10000
Microsoft Google Red Hat IBM IBM + Red
Hat
Active Total Contributors
16. Technical Support
1. Commercial Product Technical Support
• Support contract or subscription that includes Tech Support
• Includes all commercialized open-source software (e.i. RHEL, Ansible, etc.) and open-
source used by the commercial product
2. Open-Source Software Community Support
• Community driven, discussion forums, documentation and sample code
• No commitments, support contracts or Service Level Agreements (SLAs)
• Members of the community can assist addressing bugs
• All contributions are upstreamed back to the open-source project
Commercial Open-Source Support
• IBM TSS Tech Support for selected open-source packages
• Other vendors offer tech support for open-source packages (OpenLogic, Quansight, etc.)
17. The Though Questions
17
• Why would I give away my effort, time, expertise?
• Cultural change, community, innovation,
collaboration, build something larger, ego,
and more
• “I would never use open-source software in my
production environment”
• Unless there’s no need for Linux or an open-
source programming language or library
• Most production environments use open-
source software
Image by Reimund Bertrams from Pixabay
18. The Though Questions
18
• What if the open-source project is abandoned?
• Most software is deprecated at some point,
do your research, adopt growing projects
and contribute
• “My support will be dependent on the goodwill of
open-source contributors”
• Open-source are the building blocks, not
complete enterprise applications. The open-
source movement is not a trend has decades
of growth
Photo by Ricardo Esquivel from Pexels
21. 1.6M +
889 packages per day
406K +
327 packages per day
308K +
101 packages per day
270K +
177 packages per day
257K +
171 packages per day
166K +
15 packages per day
Source: May 18, 2021 www.modulecounts.com
Millions of Open-Source Projects
22. Open-Source Ecosystem for IBM Z & LinuxONE
Linux Distributions &
Virtualization
Networking & Monitoring
Cloud & Container Services Languages & Runtimes DevOps/Automation Big Data, Observability, Analytics
Databases & Storage
Middleware & others
ClefOS
www.ibm.com/community/z/open-source-software/
hub.docker.com
Memcached
More: https://bit.ly/3qJwwXK
SUSE
docker
Terraform
Chef
GitLab
Splunk
MongoDB
Couchbase
CoackroachDB
MySQL
RabbitMQ
AI tools & frameworks
Zabbix
Transform
Serving
23. • Build or compile the package in the corresponding
programming language and Linux distribution
• If using little-endian memory allocation, it has to
support big-endian memory allocation
• Same considerations apply to dependencies, all
libraries
• Optimization to boost performance and security using
s390x features is not required but recommended
S390x Porting Considerations
28. Growing Open-Source Ecosystem on z/OS
zECS
Artifactory-vault
binutils
Bison
Bzip2
cURL
Diffutils
Galasa
GCC
Glibc
Gzip
Libssh2
M4
Make
Mktemp
OpenSSL
Sed
Sudo
Unzip
Vim
zECS
Zip
Zlib
zML
zos-native
zTron
ZEBRA
29. What not to Open-Source
• Keys and credentials
• Customer data
• Employee data
• Patented intellectual property
• Code owned by other companies or entities
(unless it is open-source with appropriate
license)
Photo by Jon Tyson on Unsplash
30. Takeaways
• Open-source is here to stay, join us
• We want to grow our community of users and
contributors
• More open-source tooling, integrations and
plugins create stickiness in the products
• Open-source promotes improvement on
architecture and coding practices
Photo by Stephen Picilaidis on Unsplash
31. Recommended Reads
31
Andreessen Horowits: Open Source: From Community to Commercialization
Mozilla: A Frameworrk for Purposeful Open Source
The Linux Foundation: Starting and Open Source Program in your Company
Opensource.com: 6 motivations for consuming or publishing open source software
GitHub Yearly Report: The State of the Octoverse
IBM Course, Intro to Open-Source: cognitiveclass.ai/courses/introduction-to-open-source
33. Javier Perez | Open Source Strategist | IBM Z
@jperezp_bos
javierperez.mozello.com
www.linkedin.com/in/javierperez
Thank you!
Notes de l'éditeur
Background: Open Source, App Dev, Cloud, Mobile and App Security
Passion: Technology, Open Source, Sports
Experience: Product Management, Solutions Architect. Partners and Customer facing roles
Develop, maintain and execute open source growth strategy
Presence, advocacy and evangelism of OSS for IBM Z and LinuxONE
Internal and external promotion of OSS program
Launch new open source projects
Sponsor, publish, speak at open source conferences
Alignment with the open source communities direction and goals
Clearly communicating the open source strategy within and outside IBM
Owning and overseeing the execution of the strategy
Promote IBM Z & LinuxONE open source program. Advocacy and evangelism
Engage and lobby open source communities. Overseeing that IBM contributes
Manage community and open source foundations relations
Identify new technologies & open source trends to add to the porting and validation roadmap
Foster an open source culture, champion upstream developers, remove obstacles
“It’s not an acronym, it’s what we do”
The name SHARE was chosen as its purpose was to promote the sharing of information and programs among the users of the IBM 704 computer and to influence IBM’s future developments in hardware and programming support
he IBM 701 Defense Calculator (1952) was IBM's first production computer. It was designed primarily for scientific calculation and included "microsecond circuits installed at critical locations ... to send electrical impulses from one unit to another at a speed faster than one-millionth of a second" devised at Columbia University's Watson Lab [37]. It rented for about $16,000 per month.
Late 90’s with Open Source Initiative, GNU License and others was the start of Open Source as we know it.
First time concept of open source license
With GPL you are under the reciprocity obligation, which means you are obligated to release the source code and all of the rights to modify and distribute the entire code.
Git (/ɡɪt/)[7] is a distributed version-control system for tracking changes in any set of files, originally designed for coordinating work among programmerscooperating on source code during software development.
Git GitHub, GitLab, Bitbucket and others
Databricks and Confluent still private
1995 A community of developers starts working on the Apache web server
Not a lot of people know about the requirement for a license file
License
Every Open Source Software (OSS) needs a license file
No license file means that it is not open source
How much license reciprocity is required?
What legal jurisdiction cover the license?
GNU Project and Open Source Initiative with 100s of license types
Most commonly used for open and free distribution: Apache or MIT
README
Good development practice
More than how to use the project:
What does the project do?
Why is this project useful?
How do I get started?
Where can I get more help?
Contribution Guidelines
Add CONTRIBUTING file
Tell the audience how to participate in your project
How to file a bug report (GitHub issues and pull requests)
How to suggest a new feature
How to setup your environment and run tests
Types of contributions you are looking for
Vision and roadmap
Mailing lists, even public JIRA
Code of Conduct
CODE_OF_CONDUCT file
Where the code of conduct takes effect
Whom the code of conduct applies to
What happens if someone violates the code of conduct
How to report violations
Examples of unacceptable behavior by participants include:
The use of sexualized language or imagery
Personal attacks
Trolling or insulting/derogatory comments
Public or private harassment
Publishing other's private information, such as physical or electronic addresses, without explicit permission
Other unethical or unprofessional conduct
And then we have users
For some projects, “maintainers” are the only people in a project with commit access. In other projects, they’re simply the people who are listed in the README as maintainers.
The term “committer” might be used to distinguish commit access, which is a specific type of responsibility, from other forms of contribution.
Got to OSI website and conferences
Under U.S. copyright law, users must have permission (i.e. a license) from the copyright holder(s) before they can obtain a copy of software to run on their system(s)
choosealicense.com
Elastic and MongoDB with SSPL
Popular Open Source Libraries have many contributors and they are dependencies for millions of repositories
Open Source projects have an average of 180 package dependencies. This number can range from just a few packages to more than 1,000.
Vulnerabilities may lie in direct dependencies or much deeper – in dependencies of dependencies
Source for supply chain attacks
Do your homework – read documentation
- Find out who the maintainers
- Read the mailing list / IRC / Slack channels
- Read the issues on GitLab, GitHub ,Bugzilla
- Look at previous code that got rejected so you can avoid it happening to you
- Learn from other peoples’ comments
Get a feel for the culture of the community
Learn the project’s Pull Request procedures for submitting patches / changes
Follow its coding style
Some starting with InnerSource
If you are new to open source or haven’t really started in your organization here a few pointers.
All ML is open
Stackoverflow
O'Reilly Media survey, commissioned by IBM, surveyed 3,400+ developers and technology managers to understand their views related to open source and the cloud.
- 94% Open source software was rated equal to or better than proprietary software
Top 3 contributors: Microsoft, Google and IBM (including RH) went from #4 to #2
https://www.linkedin.com/pulse/creating-open-experience-unleash-innovation-ross-mauri/
https://www.computerweekly.com/news/252479252/IBM-seeks-developers-to-tackle-climate-change-with-open-source-technology-innovations
Active Contributors: > 10 commits
Total Community : > 1 commit
Based on domain in email address
No one calls for support anymore ☺ without going to the store try to talk to someone from Apple, or AWS, or Google Cloud.
http://www.modulecounts.com/
The grow continue and it is great if you are also contributing to open source either making your software open or contributing to existing OSS
These are impressive number of OSS by programming language:
NPM for JavaScript and Node.js
Maven Central for Java
Packagist for PHP
PyPI Python package index
Nuget for .NET apps
General Points:
- We have a large and growing ecosystem of open source software for IBM Z & LinuxONE
- This slide represents only a partial list of all the open source software available in IBM Z & LinuxONE
No different to other processor architectures like ARM or x86, software for IBM Z & LinuxONE also known as s390x requires Linux distribution compiled in the corresponding processor architecture.
Outside IBM the open source community has ported and validated hundreds of open source software for s390x.
This open source software for s390x, is available in GitHub, individual software distribution sites or in Docker Hub
IBM Investment:
We have a team of IBM upstream engineers that are constantly porting and validating new versions of open source software or adding new open source software.
More than 30 engineers porting and validating open source software
Teams all over the world including research centre in Boeblingen, Germany (30+) with contributors to Linux, including Maintainers to Linux Kernel subsytstem and a variety of other open source projects related to compilers, emulators and other tooling (GCC, LLVM, GDB, QEMU, OpenSSL, Perf, others)
With an Open Source Program Manager we are collaborating with the IBM Open Technology team to bring more open source software to IBM Z and LinuxONE. Recent examples include Kubeflow and ONNX projects now starting to build software for IBM Z.
6-figure dollar budget allocated to software bounties for the open source communities to bring key open source functionality to IBM Z
Promotion at industry events, including open source foundations where we advocate for more open source software for IBM Z
The big-endian scheme stores the most significant byte (MSB) first, yielding 0x4A 0x3B 0x2C 0x1D.
The little-endian scheme stores the least significant byte (LSB) first, yielding 0x1D 0x2C 0x3B 0x4A.
There are tools that help locate those parts of the code that depend on endianness.
AIF360 = AI Fairness (Is it fair)
AIX260 = AI Explainability (Is it easy to understand)
ART = Adversarial Robustness (Did anyone tamper with it)
NumFOCUS projects: NumPy, Pandas, Jupyter, Scikit Learn, SciPy, and others