Member
jospoortvlietBBQ and forking
It was great to have conversations with the contributors who visited us as well as some downtime with the team. It's been a busy time since we announced our new endeavor. And it continues to be awesome to get so many supportive comments and feedback on what we're up to! People are excited about our open strategy and appreciate the fact that there is a solid company behind it. The flood of incoming requests for information and support from customers presents a good problem. So let me point out, again, that we're hiring!
Managing configuration drift with Salt and Snapper
Introduction
Many configuration management tools originate in the DevOps space and become immensely popular and while they do manage configuration, they are tailored towards deployment of new servers using this configuration and not towards auditing of existing servers.
For example, lets imagine a server with the following state:
/etc/motd:
file.managed:
- source: salt://common/motd
If we apply this state (in test mode) on a non-compliant server:
$ salt minion1 state.apply test=True
minion1:
----------
ID: /etc/motd
Function: file.managed
Result: None
Comment: The file /etc/motd is set to be changed
Started: 10:06:05.021643
Duration: 30.339 ms
Changes:
----------
diff:
---
+++
@@ -1 +1 @@
-Have a lot of fun...
+This is my managed motd
Summary for minion1
------------
Succeeded: 1 (unchanged=1, changed=1)
Failed: 0
------------
Total states run: 1
Salt is able to tell us that there is a file that deviates from the configuration. And we can easily fix it by just removing test=True.
Now, lets say an intruder adds a malicious entry to /etc/hosts:
192.168.1.34 www.google.com
If we re run our state in test mode:
$ salt minion1 state.apply test=True
minion1:
----------
ID: /etc/motd
Function: file.managed
Result: None
Comment: The file /etc/motd is set to be changed
Started: 10:12:11.518105
Duration: 29.479 ms
Changes:
----------
diff:
---
+++
@@ -1 +1 @@
-Have a lot of fun...
+This is my managed motd
Summary for minion1
------------
Succeeded: 1 (unchanged=1, changed=1)
Failed: 0
------------
Total states run: 1
As expected, it did not find anything, because this rule is not in the configuration.
Creating new systems vs auditing existing systems
This model works fine in the DevOps world where the culture is to take a random Linux image from the internet and use it as a base to deploy systems from scratch. As long as all tests pass, replacing the underlying image is not a problem. Only what is explicitly defined is evaluated against the configuration and defined as a drift.
When meeting enterprise customers who are starting to use configuration management to improve the control on their infrastructure, it turns out their expectations where different. “If I use Salt, will it tell me when somebody makes a change to the system?”. “Ugh.. no… well depends…”.
Baselines
That was the point that I started to think about - how could we use the state system to do more generic auditing and how do you do it without ruining the experience of working with states? Then it all clicked – implicit state can be done explicitly by using another state. When the customer said “any change”, they were in reality saying “any change against my defined configuration” plus “any change since my last working configuration”.
So, we needed a way to manage “last working configuration” and turns out SUSE is where Snapper originated and Snapper is nowadays available with most Linux distributions.
Snapper is a set of tools over snapshots (mostly btrfs, but also works on others like ext4 if you have the required kernel/tool patches). Think of it of what docker did to containers, snapper does to snapshots. It adds the required workflows, terminology and tools to make them usable.
It also turns out that my system already has some snapshots, because just like I can manually take one, tools like YaST and zypper take snapshots before and after doing operations. You can even select previous snapshots from the bootloader and boot into the previous working system.
What if I could describe a state in Salt that said: “Nothing deviates from this snapshots, except….”.
Let’s do it
So during this year Department workshop I paired with Pablo and our project had the following steps:
- Complete the Salt execution module to expose the basic snapper operations you can do from the command line. Example:
salt minion1 snapper.create_snapshot
- Create a generic way for sysadmins to do Salt operations which can be reverted. We implemented this as a meta-call (a call taking another call as a parameter)
snapper.run. So you can do something like:
$ salt minion2 snapper.run function=file.append args='["/etc/motd", "some text"]'
minion2:
Wrote 1 lines to "/etc/motd"
This will generate a snapshot before running the command, run the command and then take a snapshot afterwards, also adding metadata about the Salt job that did the change:
... pre | 21 | | Thu Jun 9 10:34:36 2016 | root | number | salt job 20160609103437556668 | salt_jid=20160609103437556668 post | 22 | 21 | Thu Jun 9 10:34:37 2016 | root | number | salt job 20160609103437556668 | salt_jid=20160609103437556668
Because in Salt, state is implemented as a method state.apply or state.highstate, calling snapper.run function=state.apply means you can rollback a failed state.apply.
And of course we not only exposed snapper.diff which takes the snapshot number but also a snapper.diff_jid which tells you what a Salt job changed:
$ salt minion2 snapper.diff_jid 20160609103437556668
minion2:
----------
/etc/motd:
--- /.snapshots/21/snapshot/etc/motd
+++ /.snapshots/22/snapshot/etc/motd
@@ -1 +1,2 @@
Have a lot of fun...
+some text
Additionally, you get snapper.undo_jid which you can guess what it does: it undoes the changes done by a specific salt job (which of course could be a state.apply run).
- And finally, allowing a system administrator to use snapshots as a baseline to apply state. Lets take the original example with the malicious user modifying `/etc/hosts’, we will add a snapper state rule:
my_baseline:
snapper.baseline_snapshot:
- number: 20
- ignore:
- /var/log
- /var/cache
/etc/motd:
file.managed:
- source: salt://common/motd
Now we apply the state in test mode again:
$ salt minion1 state.apply test=True
minion1:
----------
ID: my_baseline
Function: snapper.baseline_snapshot
Result: None
Comment: 1 files changes are set to be undone
Started: 12:20:24.899848
Duration: 1051.996 ms
Changes:
----------
files:
----------
/etc/hosts:
----------
actions:
- modified
comment:
text file
diff:
--- /etc/hosts
+++ /.snapshots/21/snapshot/etc/hosts
@@ -22,5 +22,3 @@
ff02::3 ipv6-allhosts
-192.168.1.34 www.google.com
-
----------
ID: /etc/motd
Function: file.managed
Result: None
Comment: The file /etc/motd is set to be changed
Started: 12:20:25.953348
Duration: 20.425 ms
Changes:
----------
diff:
---
+++
@@ -1 +1 @@
-Have a lot of fun...
+This is my managed motd
Summary for minion1
------------
Succeeded: 2 (unchanged=2, changed=2)
Failed: 0
------------
Total states run: 2
Exactly what we expect!.
Conclusions
So with this you can use your configuration management to manage your state against a defined state and on top of that we give you the tooling to inspect and rollback configuration changes.
We will continue adding the missing pieces to give the administrators full overview and control over their running systems.
You can find our current work in this github repository. We plan of course to send it upstream once the design and implementation settles down.
Switches of libgreattao
Switches are one of idea, which makes libgreattao amazing. It’s allows interface to morph. For example: we have question dialog with one button(abort) and we add to it ok and cancel. Libgreattao can automatically puts ok and cancel into select list and put exit as separate button. Another example is implementing view switching in file manager. File manager will deliver list of file name, properties and icons and libgreattao takes full advantage about select view and view it in iconview control or in properties list control.
Look at video:
Nextcloud hackweek and open BBQ!
If you're in the area, we'd love to see you show up Wednesday at Egilolfstraße 31, Plieningen/Hohenheim close to Stuttgart Airport. Nearest public transport would be either U3 Plieningen or S2/3 Flughafen/Messe. Join us starting 6PM for the good times!
View Larger Map
We'll have some alcoholic and non-alcoholic beverages, meat, fruits, veggie stuff and of course a BBQ. Give us a shout if you're coming on the forums!
Research at Ailao
Readers of this blog should be already a little bit familiar with the Ailao brand, which we use for spinning off and commercialization of our academic research. Originally, Ailao was all about text and question answering, but there was always the theme of dealing with unstructured data in general.
Nowadays, Ailao is not just me (Petr BaudiÅ¡) anymore – but a partnership with Tomáš Gogár and Tomáš Tunys, fellow PhD students! And we are widening our breadth to cover documents in general, developing a machine learning computational platform Ailao Brain (just a codename!) as well as working hard on some exciting end-user products. We are also working on a prettier website (including a new look for this blog) and many other things, but more on that soon.
What I wanted to point out is our talk at Machine Learning Meetups Prague. The talk itself (video) is in Czech, but you can enjoy at least our English slides on our bleeding edge technology research (webpage information extraction and text understanding). Stay tuned for more!
Overcommit? Overcommit!
Git itself provides support for running hook scripts at many events. It would be nice to run some checks automatically, for example when creating a commit.
The problem is not how to run the checks but how to integrate them, make them fast and safe, provide a nice output, etc…
Overcommit
By chance I came across Overcommit, a nice framework for running Git hooks.
It provides a wide variety of predefined checks which are easy to use. I found some of them really useful:
-
Forbid commits to blacklisted branches - e.g. you can forbid direct commits to
masterbecause you want to use Pull Requests. This can also avoid mistakes, e.g. once I did a typo ingit checkout -band overlooked that. The followingcommitandpushwent by mistake directly tomaster… -
Run Rubocop automatically to avoid fix up commits later. I see “make Rubocop happy” commits quite often in YaST.
-
Run the tests locally before pushing the changes, that makes sure the tests still pass. Sometimes you forget to run the tests or simply you are too lazy to run them.
-
And last but not least it can check spelling of the commit messages to avoid typos.
For more details see the Overcommit documentation.
Speed?
A very nice Overcommit feature is that it wants to be quick, your usual git workflow should not be slowed down because of the hooks.
For example it tries running all hooks in parallel and the Rubocop hook checks only the changed files, which speeds it up for large repositories a lot. Running Rubocop over all source files in the YaST registration module takes about 7 seconds on my machine, but when a single file is checked it takes just a fraction of a second.
Installation
I have prepared RPM packages with Overcommit, simply add the YaST:Head repository and run
zypper in "rubygem(overcommit)"
Initializing the Hooks
Now go to your Git repository and set up the hooks:
- Use
overcommit --installto install the hooks. - Add the
.overcommit.ymlconfiguration file. - Run
overcommit --signto sign the current configuration. You will need to run it again whenever the config files is changed. See the Security section in the documentation for more details.
You need to install Overcommit in each Git repository separately, but it is possible to automate the setup.
Using the Hooks
Then you use the git commands as usually, you do not need to change anything
to run the hooks. You will just see the results of the Overcommit hooks
in the output.
If a hook fails the whole git command fails. So if for example the Rubocop
hook fails when creating a commit then the commit is not created and you can fix
the problem early.
If for some reason you want to temporarily disable the Overcommit checks run
the git command with OVERCOMMIT_DISABLE=1 environment setting.
Example Configuration
Here is an example .overcommit.yml file proposed for YaST:
PreCommit:
# do not commit directly to these branches, use Pull Requests!
ForbiddenBranches:
enabled: true
branch_patterns:
- master
- openSUSE-*
- SLE-10-*
- Code-11*
- SLE-12-*
RuboCop:
enabled: true
# treat all warnings as failures
on_warn: fail
CommitMsg:
SpellCheck:
enabled: true
# force using the English dictionary
env:
LC_ALL: en_US.UTF-8
PrePush:
RSpec:
enabled: true
command: [ "rake", "test:unit" ]
# do not fail because of translations
env:
LC_ALL: en_US.UTF-8
Example Session
I recorded an example session to show the mentioned Overcommit features in action in the registration repository:
It looks nice, isn’t it? (If you like the git status in the bash prompt check this older post).
Conclusion
It looks very promising and it could catch some obvious mistakes early, I will give it a try. I will try using it for some time and then we will see if it could be used in YaST more widely.
Digital diaphragm for optical lenses
In photography most optical lenses use mechanical diaphragms for aperture control. They are traditionally manufactured from metal blades and works quite good. However metal blades exposes some disadvantages:
- mechanical parts will sooner or later fail
- the cheaper forms give strong diffraction spikes
- manufacturers need more metal blades for a round iris, which is expensive
- a metal blade with its sharp edges give artefacts, which are visible in out of focus regions.
- but, contrast is very high by using opaque metal
In order to obtain a better bokeh, some lenses are equipped with apodization filters. Those filters work mostly for fully open arperture and are very specialised and thus relatively expensive.
A digital arperture build as a transparent display with enough spatial resolution can not only improve the shape of the diaphragm. It could feature as a apodisation filter, if it supports enough gray levels. And it can change its form programatically.
Two possible digital diaphragm forms:
- leverage existing display technology
- better aperture shape for reduced artefacts
- apodisation filter on demand for best bokeh or faster light
- programmable or at least updateable aperture pattern (sharp/gausian/linear/…)
- no metal blades or other mechanical parts to fail
- over the years get cheaper than mechanical counterpart
- reduce number of glas to air surfaces in optical lens design
- integratable aperture into lens groups
- display transparency increases quickly and is for OLED at 45% by 2016, which means at the moment just one f-stop
- mobile demands high display resolutions anyway
The digital arperture can easily be manufactured as a monochrome display and be placed traditionally between two optical lens groups, where today the diaphragm is located. Or it is even possible to optically integrate the aperture into one lens group, without additional glas to air surfaces, as is needed with moving blades. Once the optical quality of the digital filter display is good enough a digital diaphragm can be even cheaper than a high quality mechanical counterpart.
You are Nextcloud, too - what we will do for contributors
 |
| Cool stuff we want to do more with! |
Based on feedback collected from many contributor members we've defined some plans and already made changes to how Nextcloud will be developed. Improved transparency and governance, focus on stability and architectural improvements and other improvements are covered in this blog. Much more is coming, you can join the conversation right now on our forums!
Community Input
January 2015, I ran a contributor survey to see what the ownCloud community thought about the processes, development focus and our work at the company. I shared the results by the end of April and pushed internally for the feedback to be taken serious. Some of the changes were implemented but many others were left for a future project to push forward. And Nextcloud will.feedback and changes
Nextcloud aims to build a sustainable business, not limited by short-term, next-quarter thinking. The relationship with our community of contributors and users is central to our plans.To quote Frank on this:
The company shouldn't be involving the community more in decision making; that's the wrong way of looking at it. There shouldn't be a fundamental separation to begin with!And that's what we want. Saying "we're more open" just means being a more friendly ruler - Nextcloud aims to be a participant, not a king, benevolent or not! That is not to say that there should not be any direction but it shouldn't be dictated by a company anymore. Of course, people can decide what they work on, and the company gets to decide what it pays its employees to do. Now there are changes in how we manage our employees too, with far less micromanagement and more freedom. But that's for another blog.
Let's go over the specific pieces of feedback mentioned in the email and received from contributors in other ways and note how Nextcloud intends to address them.
Development
ownCloud is fun and relatively easy to contribute to, with a mostly well running review process and release cycle. There were some practical requests and suggestions as well as concerns about the strain the growth of our project has put on the core developers.Dealing with Pull Requests
A major issue as detailed in many comments was that it often takes too long for pull requests to be merged. That is, contributions are not handled fast or at all. The result is that, with Core moving fast, contributions get out of sync, no longer apply and are effectively lost. As the graphs below show, the number of pull requests taking longer than 6 months to be merged is rising rapidly while the company is contributing less to development relative to volunteers. Don't get me wrong, it's great to have a growing community! But the support for development from the company needs to keep up with the pace.
Respecting contributions by being responsive and getting them merged will be our number one development priority at Nextcloud. As research by Mozilla has shown, reacting swiftly to contributions is crucial for growing community and we intend to grow and nurture our contributor base, recognizing outside input as a key driver of growth and success.
More stability
A general point made was that it'd be good to focus more on stability and performance. Some of that has been implemented with the 8.x series and automated testing improvements done over the last year. An especially sore point in terms of stability is the upgrade process, as was very visible with the 9.0 release that is still not available for users of the built in updater app. We will soon blog about the Nextcloud plans with regard to the updater.Architectural improvements
It was mentioned that some parts of ownCloud are in need of serious architectural love and refactoring. ownCloud has been traditionally rather restrained in this regard and people worried that this "impairs competent developers". While being conservative is important with regards to building a platform (stability and compatibility!) many improvements made their way into the 8 and 9 releases. To preserve a healthy balance, we want to introduce an Architecture team to make decisions that have a big impact on the code base. More details will follow.Another area of improvement would be to communicate more about architectural changes. Frank has already done a series of blogs about Federation in the past and more will follow.
Apps: support for Calendar, Contacts and Spreed
Many pointed out that apps are extremely important for ownCloud and we should work more on that. Frank has always emphasized the importance of building a platform and for Nextcloud this will be a central goal.Nextcloud will officially support the Calendar and Contacts apps and supercharge their development. The Spreed.ME app will bring fully supported audio and video chat to ownCloud. We'll also invest in growing and improving our API for these and other applications.
Process
Some smallish process improvements were requested. More logical labels and tags, for example, which have been pretty much cleaned up since then. Another thing was that big pull requests are often a pain in the ass to get merged and we should tell contributors to cut their work in smaller pieces. This was added to the documentation.Decision making
Most people were positive about the technical direction of ownCloud - test-driven, stability, architectural work, those were great improvements. Decision making processes in the technical area were not considered very transparent. Comments were even more harsh about the project-wide decision making process.People feel decisions are often done behind closeddoors. Nextcloud will address this, in part by a new architecture team and in another part by getting rid of most 'hidden' communication channels like internal IRC and mailing lists. We also plan on talking more about our goals and plans in blogs and such.
Longer term planning is a major sticking point: there is little of it public. We need to discuss, together, how to do longer term planning. This doesn't fit too well with github. Thoughts welcome!
Communication channels
Several people have noted that we've got too many, confusing and overlapping communication channels. We've already eliminated one: mailing lists. We still have a newsletter for those who want to follow us and the blog roll on nextcloud.com/news. For technical discussions we keep using github (which now links commits to pull requests so you can find the discussion behind code) and we'll discuss more general subjects on the forum. Speaking of which, it's now on discourse - a massive improvement I'd say. And email fans can use email to communicate with people on the forum!Governance
It was already mentioned here and there but there are two other big changes. First, we want the Nextcloud trademarks to be owned by the community, like the ownCloud one should have been. So we will set up a foundation soon which will control the trademark (not have it sub-licensed!) and more in the future.Second, we will get rid of the Contributor License Agreement. You don't need to sign anything to contribute to Nextcloud.
Users
There will be improvements for users, too. Already mentioned were our plans to support the Calendar and Contacts apps, Mail too, perhaps more. And of course with Spreed.ME we will integrate open source, WebRTC based video conferencing. There is more coming - for a future blog!That's all? Nope.
Now I know this is a long blog with lots of details. No surprise, it is based on things we've wanted to improve for many years but could not. Now we can and we will. This is not the end of it, other suggestions and thoughts are more than welcome. Get involved!
Nextcloud is the future of open source file sync and share
'why' is the question everybody has and I hope you understand I don't want to talk too much about that. Instead, let me talk about what we are going to do.
A healthy Nextcloud
Open source projects work best when they have a company behind them which aims to build a sustainable business around a symbiotic relationship with the community they are a part off. Make no mistake, I think it's great if people (investors, founders) can cash out big. They take a risk, put in blood, sweat and tears. But venture capital often leads to short term thinking and chasing of quarterly numbers resulting in bad decisions. Money, time and effort is wasted and growth isn't what it could be - and that's pretty much a best case scenario.The good news is that we're starting a new company, Nextcloud, which will do things right: build a sustainable, durable business. We've got support from Niels Mache, long time open source entrepreneur and owner of the spreed video conferencing business. Nextcloud will integrate with spreed's successor, the open source, webRTC based spreed.me video conferencing software, kickstarting as a healthy, growing business with loads of customers while the integration provides a real valuable new feature to users.
What we will offer
This reboot of ownCloud is meant to be good for users, customers and contributors alike. So we'll be providing a drop-in replacement for users next month, which will bring them the stability and security updates they need as well as full spreed.ME video conferencing integration.For customers, the drop-in replacement will be accompanied with a Enterprise Subscription which gives them all the support and features they are used to. Better, even: we will honor all contracts so nobody has to pay twice or get in trouble. On top of that we plan to support some of the most popular apps like Calendar and Contacts both for home users and enterprises. Our goal here is to ensure nobody is left without the support they need to be happy, successful own/Nextcloud users.
We're setting up infrastructure now for the wider contributor community to join us. We've got some improvements in store, including new forums (discourse based), no more Contributor License Agreement and a foundation that will hold trademarks (not have them sub-licensed; nor be under company control!). January last year we did a survey of what community contributors would like to see improved and, finally, we can implement many of those requests. I will blog more about that later today!
Future
I know that this is a surprise to everybody and it isn't that you should be joining RIGHT NOW or I'll hate you forever, on the contrary. ownCloud is a very important project and a rash decision makes no sense. We are in it for the long haul, our goal is a smooth transition and that means we will take some time to prepare things on our end. We've always been in close contact with our contributors and this new thing can only be open and public from now on so let's take our time to do this right. Over the coming days we'll blog about our plans and you can provide input and help us make the right decisions!This endeavor will take some time and effort, but successful examples like LibreOffice and MariaDB have shown that, in the end, the community will find a way to get it right. I'm confident that we will be able to deliver even better solutions for our users and customers thanks to a redefined, more open community and company relationship!
Check out our announcement blog, our website and ping me or ask your questions in our Live Nextcloud Q&A Hangout with Frank and myself, moderated by Bryan Lunduke, today at 19:00 PM Berlin/Amsterdam/Paris time, 10:00 AM Pacific time.
And yes, if you want to join us, send an email, we're hiring!
Free Software is funded by Free People
More and more security incidents in Free Software projects get publicized in a way that anyone & their grandma understand the impact. Some of these carefuly crafted "campaigns" even make it to the main stream media. This trend, among other things, has sparked a discussion about funding Free Software to sustain the infrastructure everyone is building upon. A discussion which, in our venture capital driven tech world, mostly evolves around financing as a means for getting resources. Who can/should pay whom, to develop Free Software and how. I would like to add another view at funding, one that in my opinion has way more to do with Free Software ecosystem than cold, hard cash: collaboration of free people.
Freedom and what you make of it
The ability to run, copy, distribute, study, change and improve software. This is the essence of it, without these fundamental rights, software is not Free Software. And these fundamentals imply a purpose: Freedom, the ability to do as one wills. To do to software as one wills.
As always, what people make of their freedom is up to them. Some go an preach about it, most ignore it, some use it for their personal gain. However, it's undeniable that the Free Software movement has entailed a community of systematic world wide collaboration. In software development, and I would argue in many other aspects of todays life. We all know the examples of hundreds of developers hacking together on Linux, thousands of authors on Wikipedia per month, millions of pictures in the creative commons and so on. Obviously, if you give people the freedom to do as they want, many of them are inspired to work together for the common benefit. And because Free Software entails collaboration and collaboration is about individuals, making projects sustainable has many dimensions. Money is one.
Challenges and what you do about them
Of course there are many things going wrong today with making Free Software projects sustainable. For instance a growing imbalance between developers and users (Noah Kantrowitz), that developers think they are not getting fairly compensated (Ryan Bigg) or that everybody is waiting for someone else to do something (Marijn Haverbeke). Contributor burn-out. There are many, many more.
The solutions to these shortcomings, discussed in the past months, most exclusively focus on monetizing work. Be it through business models, crowd funding, grants and other forms of injecting money into the equasion. In a recent piece, Nadia Eghbal even argues that somehow venture capital must flow back because all of the VC funded software companies somehow base their work on Free Software. Steve Klabnik thinks this is already happening. Here is the thing: Money will buy you people who contribute, sure thing. But is it money for contributions that made the present? For sure not. Collaborative contributions are the currency of Free Software.
openSUSE Community by Henne Vogelsang licensed CC BY 4.0
People and how you treat them
People have made Free Software as big as it is. Active contributor communities. Humans from all over the world, with different talents, levels of expertise and cultural backgrounds collaborating. All with their own motivations. Some want to learn from others, some scratch their itch, some want to train their skills, some want to boost their resume, some contribute on behalf of a company, some just try to avoid being bored on a Saturday afternoon. If your project does not actively channel all of these ambitions into contributions, if it does not organize the collaboration, if it is not offering shared responsibility and if it does not attract new contributors it's doing something wrong.
An individual/company slapping a license onto code, uploading it to github, merging pull-requests and answering issues is not making a sustainable Free Software project. Yet this is what many do today.
If you look at the most prominent examples of the software people worry about, openssl or NTP, they are failed communities. They disintegrated to a point where collaboration ceased to exist, the remainaing people were not able to do anything to change this (I'm sure they tried hard) and in the end something bad happened, and now they are clearly not sustained. Now we all can throw some bucks together to keep developers developing but that wont make those projects sustainable Free Software communities. In my opinion paying for contributions is to capitulate in the face of to the task of building a sustainable community. There are other things which are more important.
Fund Free Software without money
I guess the most obvious way to fund Free Software projects without money is to contribute in any way possible for you, duuhh. But apart from that I think there are more things we as the Free Software community at large can do better.
In my opinion it's time we help each other to organize collaboration. We need to share best pratices about creating sustainable contributor communities that attract new people.
We also should be more upfront with each other when we notice communities failing. I have contributed code to NTP a couple of years ago and didn't care that it was such a bleak place. Someone merged my patches, I was off again. In retrospecitve this feels like not telling someone their flap is open.
I also think that we need to do better with copyleft project resources. We have the choice between 27 different C++ compilers but if you're looking for marketing materials, web site themes or templates of contributor guidelines you will draw mostly blanks. Convincing prospective users and contributors that our Free Software does something significantly better than the competition is very important, yet we leave each other hanging with this.
Now go do something
Luckily somewhere Free Software people already have started with all of this. There is the community leadership forum where you can talk about all the aspects of your community. opensource.com curates a blog of best practices. Designers started to rally around opensourcedesign.net. People all over start to address the obvious diversity problem our community has. Next month (July 2016) there is a conference to talk with other Free Software people about Open Source & Feelings and I'm sure there is more going on out there.
What do you think about financing Free Software projects? Are you going to do something about making Free Software sustainable?
Yours truly, Henne 💚