A not so short summary of FOSDEM

I love FOSDEM. And I loved being back in-person again this year, at the ULB in Brussels, together with 8000+ other open source folks.

FOSDEM, if you’re not aware, is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels. You don't need to register, you just turn up and join in! With 771 talks on the schedule, one needs careful planning to both catch some of the content, and leave time for the hallway track, visit stands, and get your hoodie before they’re all sold out! People have asked me to share my strategy to building a schedule - and maybe I will, at a later point (suspense!!).

Nick Vidal, Community Manager at Enarx/Profian and Outreach Chair at the Confidential Computing Consortium from the Linux Foundation, and ex-OSI, in their opening keynote, celebrated 25 years of open source. Open Anniversary is available on GitHub for anyone to add milestones and events to the timeline.

Free as in price, and free as in freedom

In "A Service as a Software Substitute (SaaSS) is unjust like proprietary software” Ian Kelling, Senior Systems Administrator at the FSF, FSF Union Steward, and member of the FSF Board of Directors, talks about primary and secondary purposes of software. A secondary purpose for for instance a database, when the primary function is backup, could be calling the data in a certain order. Sorting is a feature, an example of “incidental computing”.

Shared infrastructure that is in mutual interest of multiple projects, is commonplace in the GNU ecosystem. While convenient, and possibly building a group of people interested in making sure it all continues to work, SaaSS can be tricky to navigate too.

Pamela Chestek, member of the Board of Directors of the Open Source Initiative and current chair of the License Committee, introduced proposed changes to the License Review Process at the OSI.

Evaluating whether there should be a process for decertifying licenses, is something that wasn’t discussed in the working group, but Pamela did mention that “just because something was approved in the past, doesn't mean it’d be approved again”, which I thought was interesting.

The OSI plans to:

• Provide machine-readable tags (and license text) through APIs, an effort that is to be crowd-sourced
• Have three categories of licenses: rejected, approved and preferred. "Preferred" will objectively created from data using adoption metrics
• Provide more explanation for the public on the decision making process and in particular the role of the license-review list participants

For all licenses (new and “legacy”), the submission process will:

• Require that the license submitter affirmatively state that the license complies with the Open Source Definition, including specifically affirming it meets OSD 3, 5, 6, and 9 (“the ones that trip people up”)
• Identify what projects are already using the license, if any.
• Ask for the identity of the license steward, if known
• Provide any additional information that the submitter believes would be helpful for license review, for example, approval of the license by other evaluators.
• Provide a unique name for the license
• Identify any proposed tags for the license

For new licenses, the license submitter will also:

• Describe what gap not filled by a currently existing license that the new license will fill
• Compare it to and contrast it with the most similar OSI-approved license(s)
• Describe any legal review the license has been through, including whether it was drafted by a lawyer
• Provide examples of others' potential use of the license to demonstrate that it is not a license that is uniquely usable only by the license submitter

New from an approval standpoint:

• The license must be reusable, meaning that it can be used by any licensor without changing the terms or having the terms achieve a different result for a different licensor
• The license does not have terms that structurally put the licensor in a more favored position than any license
• It must be possible to comply with the license on submission. As an example, given the scope of copyleft in the SSPL, it is not a license that anyone currently would be able to comply with

On that last point, someone in the audience mentioned that using a license before submitting that license to the OSI sounds like putting the cart in front of the horse.

In "Learning From the Big Failures To Improve FOSS Advocacy and Adoption - How Are Big Companies Benefiting So Much from FOSS, and Individuals So Little?" Bradley M. Kuhn, Policy Fellow and Hacker-in-Residence at Software Freedom Conservancy (SFC) and editor-in-chief of copyleft.org, talked about how (new) copyleft is now old (copyleft). Like the punk scene that encouraged pirating, until copyright became the thing that sustained them in their later years when they weren’t quite as fit anymore to tour all the time.

"Looking to the future, we need to reimagine the hobbyist culture, which requires leisure time and widespread personal financial stability.” It’s the freedom of the privileged to exploit FOSS for business uses. Tom Preston-Werner famously said at OSCON13: “MIT everything” Except of course GitHub. We’re not a community of equals. Copyleft remains the only way to equalize individuals with commercial actors. While not the end goal (it's a tool), non-copyleft is most definitely a hand-out to already wealthy corps.

But even with Copyleft universal adoption this imbalance wouldn't be eradicated. Bradley thinks about the free as in price (gratis) and free as in freedom (libre) trope, and considers he may have underestimated the first and romanticized the second. Today nearly all proprietary software that individuals (vs. companies) use daily is 100% free as in price, and it's funded by mandatory advertising backed with excessive data mining. The biggest software industry players are advertising companies, but could this have been avoided? Sadly, Bradley thinks not. We can still regain (some) control, but we must do so with a diverse collective, says Kuhn.

In "Winners and Losers in FOSS - Open Source Has "Won" - Have We?" Michael Nolan, Consultant with the UNICEF Innovation Fund, as well as a core contributor to OpenMined's JavaScript team, draws our attention to the proliferation of projects that are no longer end user software. No longer discrete applications, but platforms are eating the world. “Are platforms mediators or gatekeepers?”

“We still largely have no control over services like ecommerce, social media, even if they’re largely or almost entirely built on OSS.” We can’t throw more open source projects at the problem either, the number of people who can work on open source on the job way outnumber the group of volunteer contributors.

New FOSS politics should take into account that not all contributions are equal, and we will need to organize within our workplace, organize ourselves politically, and find or develop new workplaces to claim back a say over what happens to the commons.

More from Michael: https://www.sfscon.it/talks/understanding-the-evolution-of-foss-community/

Community and Culture

Senior Software Engineer at Aiven OSPO Claude Warren talked about cultural relativism - the idea that beliefs and practices can only be understood from the point of view of the culture that surrounds the person.

Collaboration between strangers is one of open source's most remarkable aspects, and in order to be even better at collab-ing, we can use tools developed to find friction points between cultures in our cross cultural teams:

• Management must lead by example: no “executive washrooms”
• Failure must be public
• Management work items (non personnel) must be public in the public in the project
• Treat everyone, every objection, every suggestion, every point of view with respect

In “Building Open Source Teams”, Bruce Momjian, Co-founder and core team member of the PostgreSQL Global Development Group, reminds the audience that “It doesn't cost you anything to appreciate people out loud”.

Matt Yonkovit, Head of Open Source Strategy for Scarf (and previously MySQL AB, Percona, MatterMost, StreamNative, …), with "Building External Evangelists - What should be the primary goal of every community team", talked about scaling your advocacy efforts - “Externals have more sway”.

A mistake to avoid is assuming your community is as large as others (or: as large as Google's) - “everyone uses a database, but do they care about it enough to join your community?” Since you can’t be embedded in all “tribes”, you want evangelists to find evangelists in the communities they fringe with and build your network that way.

In "Contributor Experience - Supporting social infrastructure for FOSS projects" Melissa Mendonça, Applied mathematician, Senior Developer Experience Engineer at Quansight, and maintainer for NumPy and SciPy, said that every contribution - but certainly the first - should be a positive one. In fact, Numpy’s north star (metric) is a second contribution.

Melissa mentioned policies on progression from a contributor to a team/project leader, and bringing visibility and recognition to non-code work as 2 factors greatly contributing to community health.

Newcomers can be supported with great documentation in all its forms (docs, contributor guidelines, tutorials on jupyter notebooks, YouTube videos, even comics), and with safe spaces to ask questions. Timely PR triage and code reviews are equally important.

Maintainers can be supported with saved replies (saved replies on an Organisation level for GitHub are coming!), and succession planning.

Want to learn more? Check out the Contributor Experience Project on GitHub.

Open Source and Europe

Whether or not “European open source” is a thing was discussed. Led by VP of Open Source Innovation at OpenNebula Systems Alberto P. Martí, and Chief Membership Officer at the Eclipse Foundation, Gaël Blondelle. Of course the two had attended the EU Open Source Policy Summit 2023 the Friday before FOSDEM, and if you’re interested what was discussed there (I can recommend) (re)watch the event here.

Debating the role of open source in building Europe’s digital sovereignty, someone from the audience commented that “European Open Source” is an oxymoron. To which Gaël responded that “of course Open source is global, and limiting is not the intent, but what we may want is an industry strategy to sustain (policies, frameworks) governance, roadmap, while still being globally interoperable.” And to “protect hyperscalers from taking over control of technology, but not as a protectionist approach, but rather a way to compete in for instance the research space where US Cloud companies are well established.”

It’s not David against Goliath either. Gaël: “We still have this romantic view of open source being a collective of volunteers, but likely many of the people in this room are paid by their employer to work on open source." Combined as one, wouldn’t we be a force to reckon with?

Luca Bonissi, volunteer at the FSFE (Free Software Foundation Europe), talked about device neutrality - the right to install any software on any device. In fact, by installing free software on your device you can overcome software obsolescence, and extend hardware lifetime, in addition to gaining sovereignty of your device.

Luca shared FSFE’s Open Letter about the right to install any software on any device, and talked about the ways companies will prevent you from claiming a refund for the software pre-installed on your machine. But Luca and friends won several refund cases in Italy, against Lenovo, HP, Acer, Microsoft and the likes, and Luca donated all proceeds to fsfe.org/donate.

Free as in funding

Marta Rybczynska talks about how Syslinbit as a small company, without "FOSS Funds", can totally donate money to open source. “There are 23.1 million small businesses in Europe. Say 5000 of them use OSS - we know this number is likely to be far greater: every company is a software company these days, and open source ate software - what if all of them gave 1000 Euro annually to OSS? That’s 5 million!” At Syslinbit 1% of the income is donated to open source projects. People decide themselves what project(s) to donate to.

“It’s not hard to do, comparable to other recurring expenses. The most complex thing about it is deciding what project to donate to, and to collect and document payment procedures.” Syslinbit sees this as them doing their bit to limit projects’ dependency on funding by the big companies.

Abigail Cabunoc Mayes is GitHub’s Open Source Maintainer Programs Lead, ex-Mozilla, SustainOSS organizer, and OpenJS Foundation Board of Directors member. In "Sustaining Free and Open Source Software - Exploring Community, Financial, and Engineering Practices", she urges maintainers to think about succession planning, and to prioritize people that are value-aligned, and available, when looking for and selecting mentees.

Her hope for FOSS incubated at a company is that in time it gets moved out to a foundation, or that the collaboration with other organizations under shared governance is considered. And more generally she’d like to see everyone in FOSS able to sustain themselves. If you’re a maintainer, perhaps you’re interested in joining the maintainers.github.com community.

Open (source) data

In 2021, Hilary Carter launched Linux Foundation Research. All Linux Foundation Research is released under Creative Commons, and data.world/linuxfoundation contains all the data sets.

With some solid reporting pre-dating its creation - the 2018 Linux Kernel History Report, and the 2020 FOSS Contributor Survey - Census II brought knowledge around the state of open source supply chain security, and the Diversity, Equity and Inclusion report in 2021 backed up what marginalized folks knew to be true all along.

I’m excited about the release of the Critical Maintainers 2022 study. Some preliminary findings and quotes from maintainers surveyed:

• “Open source maintainership can fill an infinite amount of time if you let it.”
• Maintainers are looking for efficiency hacks and tooling to automate workflows. 44% of developers want their employers to establish a sandbox for developing oss projects using the same tools they’re already familiar with.
• “To date, open source sustainability has focused on maintainer sustenance. But what about having a security team? What about having an operations team to maintain build and distribution infrastructure? Then open source starts to look like a company when you think about all the things that you need to have to effectively support a software project to operate properly.”
• “Really, we’re getting paid to add features. People only donate because they want to add something new” - Maintainers of the most widely used software package repositories

Bye bye blue bird

FOSDEM was very present on Mastodon. Most talks I went to the speaker would share their account details. Kris Nova shared some of the war stories of running hachyderm / a very popular Mastodon server: there are 45.000 “hachydermians” today, 20.000 of them active (Feb 4, 2023).

Kris: “Communities are isolated from decisions, users are detached from technology, and people are unable to impact change. Corporates however are not isolated from decisions, not detached from the tech, and very able to impact change. The very real culture consequence is that people feel unheard, fueling cyberbullying, assuming evil, and a place where we criticize instead of contribute.” Let’s regain control and do better.

That’s it from me on FOSDEM. On to summarizing my highlights from Configmanagement Camp and State of Open Con. I also gave a talk at FOSDEM, and posted the blog-version of that talk. Follow me on Mastodon ;)