Simon Phipps
See the following -
Diverse Open Source Uses Highlight Need For Precision In Cyber Resilience Act
 As the European Cyber Resilience Act (CRA) is entering into the final legislative phase, it still has some needs arising from framing by the Commission or Parliament that result in breakage no matter how issues within its scope are “fixed”. Here’s a short list to help the co-legislators understand the engagement from the Open Source community...OSI and the experts with whom they engage are not trying to get all of Open Source out of scope as maximalist lobbyists do for other aspects of technology. An exclusion from the regulation for Open Source software per se would open a significant loophole for openwashing. But the development of Open Source software in the open needs to be excluded from scope just as the development of software in private is. Our goal in engaging is just to prevent unintentional breakage while largely embracing the new regulation.
As the European Cyber Resilience Act (CRA) is entering into the final legislative phase, it still has some needs arising from framing by the Commission or Parliament that result in breakage no matter how issues within its scope are “fixed”. Here’s a short list to help the co-legislators understand the engagement from the Open Source community...OSI and the experts with whom they engage are not trying to get all of Open Source out of scope as maximalist lobbyists do for other aspects of technology. An exclusion from the regulation for Open Source software per se would open a significant loophole for openwashing. But the development of Open Source software in the open needs to be excluded from scope just as the development of software in private is. Our goal in engaging is just to prevent unintentional breakage while largely embracing the new regulation.
- Login to post comments
6 Growing Pains of Open Source Organizations That You Can Avoid
 Everything has a season, and as organizations age—communities, charities, companies, churches and more—they face similar diseases of time. These are emergent patterns of failure that arise not from mistakes but from the consequences of earlier success. In open source, we are seeing the same patterns emerge; this should not be a surprise. Some of them are unavoidable. Understanding them helps leaders reduce the risk that will arise and helps identify them when they do. This is by no means a comprehensive list, but we have encountered all of these modes of systemic failure, some of them often...
Everything has a season, and as organizations age—communities, charities, companies, churches and more—they face similar diseases of time. These are emergent patterns of failure that arise not from mistakes but from the consequences of earlier success. In open source, we are seeing the same patterns emerge; this should not be a surprise. Some of them are unavoidable. Understanding them helps leaders reduce the risk that will arise and helps identify them when they do. This is by no means a comprehensive list, but we have encountered all of these modes of systemic failure, some of them often...
- Login to post comments
7 Ways to Discuss Legal Matters with an Open Community
 Having watched a fair number of people attempt to engage both the Open Source Initiative's licensing evaluation community and the Apache Software Foundation's legal affairs committee, I'd like to offer some hints and tips for succeeding when it's your turn to conduct a legal discussion with an open community. First and foremost, make sure the person conducting the conversation is both qualified and empowered. Don't send proxies; they simply frustrate the community, who quickly work out that your representative is always playing the second-hand car salesman and going to the back room to ask for a deal...
Having watched a fair number of people attempt to engage both the Open Source Initiative's licensing evaluation community and the Apache Software Foundation's legal affairs committee, I'd like to offer some hints and tips for succeeding when it's your turn to conduct a legal discussion with an open community. First and foremost, make sure the person conducting the conversation is both qualified and empowered. Don't send proxies; they simply frustrate the community, who quickly work out that your representative is always playing the second-hand car salesman and going to the back room to ask for a deal...
- Login to post comments
APIcon UK: Open Source Fuels The API Economy
Industry leaders say open source is the backbone of the software infrastructure required to fuel the API economy. At APIcon UK, Simon Phipps, president of the Open Source Initiative, explained why open source licensing will enable the API and Internet of Things economies to grow...
- Login to post comments
GitHub Improves Open-Source Licensing Polices
GitHub, the popular open-source development community site, is finally getting its licensing act together. It's high time since Black Duck has found that 77-percent of GitHub projects have no declared open-source license. Read More »
- Login to post comments
How To Make App Stores Friendly To Open Source
 Microsoft recently seemed to propose that Open Source software didn’t belong in the Windows app store. Excuse me? After the news broke, Giorgio Sardo, Microsoft’s General Manager of the Microsoft Store, argued on Twitter that it wasn’t Microsoft’s intent. “We absolutely want to support developers distributing successful OSS apps. In fact, there are already fantastic OSS apps in the Store! The goal of this policy is to protect customers from misleading listings.” Predictably, confusion results. And the kerfuffle over FairEmail and the Google Play Store earlier this year is a good example of how this sort of confusion is not entirely new, leading to questions about intent. I’ve talked with developers and business managers about their experience in preparing software packages for commercial app stores. Universally, everyone reports having issues with app stores’ packaging. These include...
Microsoft recently seemed to propose that Open Source software didn’t belong in the Windows app store. Excuse me? After the news broke, Giorgio Sardo, Microsoft’s General Manager of the Microsoft Store, argued on Twitter that it wasn’t Microsoft’s intent. “We absolutely want to support developers distributing successful OSS apps. In fact, there are already fantastic OSS apps in the Store! The goal of this policy is to protect customers from misleading listings.” Predictably, confusion results. And the kerfuffle over FairEmail and the Google Play Store earlier this year is a good example of how this sort of confusion is not entirely new, leading to questions about intent. I’ve talked with developers and business managers about their experience in preparing software packages for commercial app stores. Universally, everyone reports having issues with app stores’ packaging. These include...
- Login to post comments
Interview with Simon Phipps-Patent Trolls and Open Document Format
Gordon Haff interview with OSI's Simon Phipps conducted on July 31st. Phipps talks recent US software patent case decisions and why they're so significant as well as the recent UK government decision about open document formats. Who are the winners and the losers? Read More »
- Login to post comments
Open Source And Linux In 2014
In today's open source roundup: Looking back at open source and Linux in 2014. Plus: Switching from Apple laptops to Chromebooks, and the best gaming mouse for Linux?...
- Login to post comments
Open Source Maintainers Take Center Stage, Joined by Leaders from GitHub, Red Hat, Google, and JFrog at Tidelift Upstream Event
 Tidelift, the premier provider of solutions for managing the open source software behind modern applications, today announced the schedule for Upstream, a free, one-day virtual event that brings together developers, open source maintainers, and the extended network of people who care most about their work. United by a vision to make open source work better for everyone, attendees will have the opportunity to meet the maintainers behind the open source tools they use every day and learn from industry experts developing with open source at scale. "We don't often stop to think about all the open source libraries, frameworks, and components we depend on until something goes wrong. Upstream aims to change that," said Joshua Simmons, ecosystem strategy lead, Tidelift. "We're honored to have the opportunity to bring together some of the greatest minds in open source and celebrate all of the things that make open source and the people who work on it amazing."
Tidelift, the premier provider of solutions for managing the open source software behind modern applications, today announced the schedule for Upstream, a free, one-day virtual event that brings together developers, open source maintainers, and the extended network of people who care most about their work. United by a vision to make open source work better for everyone, attendees will have the opportunity to meet the maintainers behind the open source tools they use every day and learn from industry experts developing with open source at scale. "We don't often stop to think about all the open source libraries, frameworks, and components we depend on until something goes wrong. Upstream aims to change that," said Joshua Simmons, ecosystem strategy lead, Tidelift. "We're honored to have the opportunity to bring together some of the greatest minds in open source and celebrate all of the things that make open source and the people who work on it amazing."
- Login to post comments
Skunkworks Opens Up IT For Debate
Healthcare communities need to take responsibility for establishing the interoperability of IT systems, said one of the speakers during the Skunkworks debate at EHI Live 2012. Read More »
- Login to post comments
The Cyber Resilience Act Introduces Uncertainty And Risk Leaving Open Source Projects
 What might happen if the uncertainty persists around who is held responsible under the Cyber Resilience Act (CRA)? The global Open Source community is averse to legal risks and generally lacks access to counsel, so it’s very possible offers of source code will simply be withdrawn rather than seeking to resolve the uncertainty. The CRA rightly addresses the need for commercial suppliers to protect their customers from exploits and cyber attacks. But legislators have exposed the open development of software itself to the regulations rather than just the for-profit use of Open Source artifacts in the marketplace. They are incorrectly assuming that Dirk Riehle’s terminology calling single-company projects “commercial Open Source” means it’s possible to use the “commerciality” of an application to distinguish single-company activity from community projects, and by using the concepts of proprietary software to then define boundaries.
What might happen if the uncertainty persists around who is held responsible under the Cyber Resilience Act (CRA)? The global Open Source community is averse to legal risks and generally lacks access to counsel, so it’s very possible offers of source code will simply be withdrawn rather than seeking to resolve the uncertainty. The CRA rightly addresses the need for commercial suppliers to protect their customers from exploits and cyber attacks. But legislators have exposed the open development of software itself to the regulations rather than just the for-profit use of Open Source artifacts in the marketplace. They are incorrectly assuming that Dirk Riehle’s terminology calling single-company projects “commercial Open Source” means it’s possible to use the “commerciality” of an application to distinguish single-company activity from community projects, and by using the concepts of proprietary software to then define boundaries.
- Login to post comments
UK Government Finalizes Open Standards Principles: The Bigger Picture
Last week, the UK Cabinet Office released its Open Standards Principles: For software interoperability, data and document formats in government IT specifications. Read More »
- Login to post comments
Uproar: MariaDB Corp. Veers Away from Open Source
 MariaDB Corp. has announced that release 2.0 of its MaxScale database proxy software is henceforth no longer open source. The organization has made it source-available under a proprietary license that promises each release will eventually become open source once it's out of date. MaxScale is at the pinnacle of MariaDB Corp.'s monetization strategy -- it's the key to deploying MariaDB databases at scale. The thinking seems to be that making it mandatory to pay for a license will extract top dollar from deep-pocketed corporations that might otherwise try to use it free of charge.
MariaDB Corp. has announced that release 2.0 of its MaxScale database proxy software is henceforth no longer open source. The organization has made it source-available under a proprietary license that promises each release will eventually become open source once it's out of date. MaxScale is at the pinnacle of MariaDB Corp.'s monetization strategy -- it's the key to deploying MariaDB databases at scale. The thinking seems to be that making it mandatory to pay for a license will extract top dollar from deep-pocketed corporations that might otherwise try to use it free of charge.
- Login to post comments
Upstream Conference to Feature Open Source Maintainers
 Imagine the chaos that would occur if all open source software vanished with the snap of a finger. Picture the devices that would turn to bricks in our hands, the infrastructure that would fail, and the machinery that would fall silent. The truth is we probably don't stop to think about all the open source libraries, frameworks, and components we depend on-until something goes wrong. The extraordinary impact of open source is difficult to measure or quantify...Open source is a testament to human ingenuity, and it's not often that we take the time to celebrate what we-the creators and users of open source-have made together. We think it's time we did. That's why we're announcing a new type of open source event called Upstream. It's a one-day celebration of open source for the developers who use it and the maintainers that create it. We'd like you to join us on June 7 for this entirely virtual and free event where we'll focus on the creators behind essential open source packages and the developers who build amazing things with them.
Imagine the chaos that would occur if all open source software vanished with the snap of a finger. Picture the devices that would turn to bricks in our hands, the infrastructure that would fail, and the machinery that would fall silent. The truth is we probably don't stop to think about all the open source libraries, frameworks, and components we depend on-until something goes wrong. The extraordinary impact of open source is difficult to measure or quantify...Open source is a testament to human ingenuity, and it's not often that we take the time to celebrate what we-the creators and users of open source-have made together. We think it's time we did. That's why we're announcing a new type of open source event called Upstream. It's a one-day celebration of open source for the developers who use it and the maintainers that create it. We'd like you to join us on June 7 for this entirely virtual and free event where we'll focus on the creators behind essential open source packages and the developers who build amazing things with them.
- Login to post comments
What Blockchain and Open Source Communities Have in Common
 One of the characteristics of blockchains that gets a lot of attention is how they enable distributed trust. The topic of trust is a surprisingly complicated one. In fact, there's now an entire book devoted to the topic by Kevin Werbach. But here's what it means in a nutshell. Organizations that wish to work together, but do not fully trust one another, can establish a permissioned blockchain and invite business partners to record their transactions on a shared distributed ledger. Permissioned blockchains can trace assets when transactions are added to the blockchain. A permissioned blockchain implies a degree of trust (again, trust is complicated) among members of a consortium, but no single entity controls the storage and validation of transactions.
One of the characteristics of blockchains that gets a lot of attention is how they enable distributed trust. The topic of trust is a surprisingly complicated one. In fact, there's now an entire book devoted to the topic by Kevin Werbach. But here's what it means in a nutshell. Organizations that wish to work together, but do not fully trust one another, can establish a permissioned blockchain and invite business partners to record their transactions on a shared distributed ledger. Permissioned blockchains can trace assets when transactions are added to the blockchain. A permissioned blockchain implies a degree of trust (again, trust is complicated) among members of a consortium, but no single entity controls the storage and validation of transactions.
- Login to post comments
