Open Source Horror Stories and Lessons Learned

•

0 gostou•79 visualizações

Open Source Strategy Forum

Gil Yehuda, Open Source Program Office, Oath

Tecnologia

Open Source
Horror Stories
How to manage the open source process to get desired results
Gil Yehuda
November 2017

About me
● I run the open source program office at Oath: Inc.
● Oath is basically Yahoo! + Aol. and part of Verizon
● Long ago I worked at Fidelity Investments where I opposed
our move to create an open source program.
● I was mistaken and overruled by smarter people.
● I write about open source too.

Today’s Agenda
True stories
Simple lessons
A takeaway

Sample
vs.
Scale
● Imagine a bug that has a 1/billion chance
of causing a catastrophic failure.
● Imagine the bug is in your transaction
processing server.
● Failure occurs three times a day.

The
Takeaway
● Horror stories almost never happen. When you
manage a lot of open source, you are more likely
to face problems. Think about scale, not sample.
● Positive outcomes require coordinated efforts.
Believing doesn’t make open source work. You
need allies who see tangible benefit to help.
● Even luddite companies can overcome their
self-imposed obstacles. It takes work and
someone to lead that effort. Perhaps that's you.

Stories of pessimism and optimism
Engineers decide
Should you sign that CLA?
Trusting the Source
Me? Insecure?

When
engineers
don’t ask
● Mark took code from his last company and
put in our project. We found out during a
review when we going to publish the code in
an open source project.
● A company open sourced a project and we
noticed our code in it, and our former
employee's name too.
● Divya took code she wrote as an intern and
posted it on Github to show her work (for
future employers). Sadly she hardcoded
server names and passwords.

Engineers who don't trust the process
make their own rules.
Their rules are based on how they think code sharing should work.
They are often mistaken.

Create practices that
match your policies
Inconsistent practices erode trust and
drive engineers to disclose less.

Making engineers sign
terms they will them be
asked to violate?!

Trusting the
source to
do no evil
● Someone moved their code from github
and broke my build
● A dependency added to their project, it’s
now in my product
● We forked a project which got a DMCA
takedown

When things work well we
become less paranoid

github/them/foo github/us/foo
gitcorp/us/foo
A 3rd party issues a DMCA
takedown on /foo

Conduct a rational audit of
your build/mirror process
Consider DMCA of forks, code injection, and dependency bugs

CLAs that ask for
too much
Most CLAs are OK

Worth a healthy conversation about scope before you sign this one

Me
insecure?
● Without 2FA, you are one
p4ssw0rd away from a leak.
● Adding people to your org is easy.
When do you remove them?

Your open source program office
is also a Github ops group.
Automate!

The Real
Horror
Story
The tech-dependent company that
● does not have an open source program
● filled with engineers who don’t ask for help
● yet face the reality of bad actors, poorly
written legal documents,
● but make overly optimistic decisions.

How do Open Source Programs
add processes that enable speed?
By providing trusted guidance about publication rights,
effective code protection strategies, fast support for legal
questions, ensuring better long term technical outcomes.

Thank you
Gil Yehuda
Work: gyehuda@oath.com
Home: gil@gilyehuda.com

Mais conteúdo relacionado

Mais procurados

From DevOps to NoOps how not to get Equifaxed Apidays

Ori Pekelman

Baby steps in an agile world

Jesse Rodgers

Are you lost in a sea of business requirements? Are you struggling to articulate the business value of your technology project? Do your user stories lack context? Is there a lack of alignment between your delivery teams and business stakeholders? If you answered yes to one or more of these questions then this session is for you! Impact Mapping is a facilitation technique that brings technologists and senior stakeholders together meaningfully to explore options. It exposes assumptions and helps shape a path from “We want everything” to “We want to to make these impacts in this order” avoiding the trap of solutions looking for problems. This session provides an overview of how to create an Impact Map, share some real world examples of how impact mapping has helped support the delivery of software products and even provide an opportunity for you to start using the tool! Presented at Agile Australia 2014. You can access a video of the presentation at: http://bit.ly/ImpactMapping_InfoQ

Impact Mapping: Making an Impact over Shipping Software

Em Campbell-Pretty

The Path of DevOps Enlightenment for InfoSec

James Wickett

Closing keynote given at Render conference, March 2017. http://2017.render-conf.com As creators of the web, our teams aim to understand challenges, opportunities and requirements, and translate these into technical solutions to build. But what happens when we start looking beyond this, using the website itself as a starting point rather than as the end of our journey? Websites are often a great barometer for wider underlying issues, and by exploring common problems and root causes we can seek to spark fundamental change that can ultimately feed back into our longer-term success. Using a set of practical examples and case studies we’ll pull at some potential threads of failure, looking at how to create more sustainably for the future.

Websites are a symptom, not the cause

Sally Lait

Make it fixable, designing for change Our users trust us. They trust that we will protect them and lead them down the right path. Doing that right the first time is practically impossible. From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture for fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. It will also show examples of how difficult it is to design the user experience of security.

Make it Fixable (Security Divas 2017)

Patricia Aas

Plugged-In Management for Quixey

Terri Griffith

Thinkful DC - Building a Virtual Pet with JavaScript

TJ Stalcup

I gave this talk at the Open Source Leadership Summit 2017 (http://events.linuxfoundation.org/events/open-source-leadership-summit) Abstract: Open source projects can be extremely rewarding for both companies and participating employees, but there are associated costs that may not be immediately obvious. Engaging in public outreach, fielding community support requests at all hours, and responding to feedback and criticism are just a few examples of things that can consume maintainers and negatively affect their productivity and morale. For those on the front lines of open source maintenance, it is often more than just a day job and these associated extra hours can lead to burnout. In this talk we will examine the true cost of open source so that companies can take steps to mitigate those costs and balance their needs against the demands of open source while also encouraging a good work/life balance of its developers to ensure long-term open source program success.

The True Cost of Open Source

Patrick Steele-Idem

The Five Whys

Romains Bos, PMP, MBA

Ward.le roy

NASAPMC

Avoiding the Agile Alignment Trap with DevOps

Mike Long

I updated my Lean Startup presentation for Agile 2011 to share what is happening in the startup community with the agile community and to show how Lean Startup is pushing Agile to the next level. Session Description: How does development look different when you're creating things that no one has ever created before? Lean Startup is about creating from a BIG VISION, where we want to change the world & do something really significant. It combines Agile Development with _Customer_ Development so we can be disciplined about how we create our startups. Learning (rather than working software) becomes our most important measure of progress and agile practices are pushed to the next level. Come get a glimpse of the next level of agile and discover how development looks different when you're changing the world.

Lean Startup: How Development Looks Different When You're Changing the World ...

Abby Fichtner

The 80percent case

Konrad Synoradzki

Mais procurados (14)

From DevOps to NoOps how not to get Equifaxed Apidays

Baby steps in an agile world

Impact Mapping: Making an Impact over Shipping Software

The Path of DevOps Enlightenment for InfoSec

Websites are a symptom, not the cause

Make it Fixable (Security Divas 2017)

Plugged-In Management for Quixey

Thinkful DC - Building a Virtual Pet with JavaScript

The True Cost of Open Source

The Five Whys

Ward.le roy

Avoiding the Agile Alignment Trap with DevOps

Lean Startup: How Development Looks Different When You're Changing the World ...

The 80percent case

Semelhante a Open Source Horror Stories and Lessons Learned

Once a company has more than 1 department developing code, a problem inevitably arises: How do you share source code that's mutually used? There are many different thoughts on the matter, but one that's starting to gain a significant amount of attention is "InnerSource". PayPal defines InnerSource as: "InnerSource takes the lessons learned from developing open source software and applies them to the way companies develop software internally. As developers have become accustomed to working on world class open source software, there is a strong desire to bring those practices back inside the firewall and apply them to software that companies may be reluctant to release. For companies building mostly closed source software, InnerSource can be a great tool to help break down silos, encourage internal collaboration, accelerate new engineer on-boarding, and identify opportunities to contribute software back to the open source world." In this talk I cover how to get from where you are ("Hey, we've got some source code that multiple people find useful!"), where you're going ("Look, we're more popular than ReactJS"), and some hurdles along the way ("Oh shoot, it looks like there is already a library to convert FLAC to MP3s..."). I give real-world examples of doing it right, and leave with some takeaways that people can immediately implement at their own companies.

InnerSource - Using open source best practices to help your company

Eric Caron

Open Source Craft at Twitter

Chris Aniszczyk

Open source contribution policies are long, boring, overlooked documents, that generally suck. They're designed to protect the company at all costs. But in the process, end up hurting engineering productivity, and morale. Sometimes they even unknowingly put corporate IP at risk. But that's not inevitable. It's possible to write open source contribution policies that make engineers lives easier, boost morale and productivity, reduce attrition, and attract new talent. And it's possible to do so while reducing the company's IP risk, not increasing it. In this talk, we'll look at the general structure of contribution policies, examples in the wild, and tactics to make them suck less. We'll also look at how to turn these policies into self-service software, preventing the tedious email back and forth between engineering and legal in most cases and making open source contribution a breeze. Presentation by Tobbie Langel, UnLockOpen.

Open source contribution policies, OW2online, June 2020

OW2

Open source contribution policies, OW2online, June 2020

OW2

Open Source Contribution Policies That Don't Suck

Tobie Langel

'Open source contribution policies that don’t suck!'

Shane Coughlan

Outsourcing web development ultimate guide (1)

Katy Slemon

Every company needs to address how they manage open source. Verizon Media is the merger of Yahoo and AOL, and those two companies ran their open source programs quite differently. The result of bringing them together was surprisingly good, but the process to get there offers many insights into how you can structure your open source program office to address the biggest problems you may face. Ashley Wolf and Gil Yehuda explain how Verizon Media now addresses license compliance, community management, the publication process, and how to run a program office at scale. You’ll explore real-world examples of things that worked well and things that needed much repair—as well as details on how it was done—and get advice on how to apply these lessons to your businesses. Neglecting your open source program leads to problems. Ashley and Gil highlight some big ones, like when the wrong people have access to your code, license issues get you in hot water, and employees make well-meaning but incorrect decisions about code publications. Sometimes it takes a revolution to force you to step back and get a better hold on your open source program. But you don’t have to wait for a merger to force the changes. Better to set the processes right starting today; Ashley and Gil show you how. If you don’t have a formal open source program office, or if you have one that needs a boost with some new ideas about how to maximize your value to the company, join this talk.

A tale of two cities: Merging Yahoo and Aol’s open source programs

Ashley Wolf

http://idcee.org/p/michael-widenius-monty/ Monty is creator and original developer of MySQL, Founder of MySQL Ab. He is an open source advocate with firsthand experience in creating and enhancing an open source community. A software architect and designer with experience in creating big complex applications alone and with a virtual team. Currently, Monty is CTO of the MariaDB foundation. Previously to that, he was CEO & VP Community of Monty Program Ab, as well as Partner and owner of Open Ocean Capital (since 2009). In 2008-2009, he was a MySQL Fellow and Sun DE at Sun Microsystems. He was working in Sun CTO Lab under Sun's CTO Greg Papadopoulos. For 12 years (1983 – 1995) Monty was a Developer for Tranfor Data AB, Software Architect, TCX Datakonsult AB. From 1981 to 1995 he was CEO of Monty Program Ab; CEO, Coder, architect and user of UNIREG (The origin of MySQL). Pic's are here: http://www.flickr.com/photos/idcee/sets/ More @ http://idcee.org Follow us on: YouTube: http://www.youtube.com/user/OfficialIDCEEChannel Facebook: https://www.facebook.com/IDCEE Linkedin: http://www.linkedin.com/groups/IDCEE-3940138 Twitter: https://twitter.com/idcee_eu Google+: http://gplus.to/idcee Flickr: http://www.flickr.com/photos/idcee/collections/

IDCEE 2013: How to do a successful company around open source - Michael Widen...

IDCEE

To Open Source or Not to Open Source...Where is the ROI?

Ted Haeger

The content management implementation failure rate is higher than it should be, and projects seem to fail for the same cluster of reasons: unrealistic requirements, expectations, human factors, etc. In this session, Deane will discuss the major reasons for project failure learned through almost two decades of implementation experience, and discuss strategies and policies to put in place at each stage of the project to prevent them.

“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017

Blend Interactive

Micheal Monty Widenius - Free Open Source Software Entrepreneurship

South Tyrol Free Software Conference

All of us, as part of the technical sphere, have sometime or the other heard about the term 'open-source'. Even if we haven't, we have been using since the first time we learned an algorithm or downloaded a software for free from the internet. But for most of you, this term may still be shrouded in mystery. So DSC IIT Goa and InfoSec IIT Goa are here for the rescue. In this introductory event, we will celebrate the existence of this ever-expanding and most welcoming open-source community. A brief overview of the topics we'll cover is as below: 1. Introduction to open-source and why is it so valuable? 2. Basics of Git, GitHub and how to make a Pull Request. 3. Everything you need to know before making your first contribution. 4. Challenges faced and how to resolve them. 5. How open-source brings a security mindset. 6. Guide to safe usage and contribution to the community. 7. Famous annual open-source events and how to participate in them. This event will fully equip you make the most dashing entry into this amazing community.

Let's talk FOSS!

AditiSaxena72

Deane Barker, Chief Strategy Officer at Blend Interactive spoke at eZ Conference 2017 on Why Content Projects Fail. Deane discussed 5 reasons for why content projects fail, and what we can do to prevent it. From the case study syndrome to development myopia and more, Deane highlights the areas of failure for content projects. And then goes over practical ways to overcome these failure to achieve success.

Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017

eZ Systems

From the GitLab Data Team member, a first-face story about how the asynchronous way of working helps us manage the “chaos” (as folks usually think about remote work) in the 24/7 work environment. In this session, I like to demystify transparency and how it can leverage your success. The narrative is related to the Data team in GitLab and can be used for any matter. Will wrap the topics and guide you through: - Why transparency is an organic way to communicate and cooperate, - How to stay secure when you share everything or almost everything with the outer world, - How to leverage your data usage and still stay a good boy of the IT world, - What you should promise to your community

[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx

DataScienceConferenc1

How to Open Source an Internal Project Presented at: All Things Open RTP Meetup Presented by: VM Brasseur Abstract: Your company is going to release an internal project as open source. Are you ready for your new responsibilities? You could just throw the code up on a forge (like GitHub, GitLab), but it's unlikely to receive attention or provide much benefit to the company. Open sourcing an internal project requires a lot of thought & work. Releasing a project as open source requires changes to the development/build/release workflow. This is not about the code per se; it’s about the processes & infrastructure that surround the code & that make the project successful. This talk will introduce what you need to know & to expect before you release your internal project, including: - Identifying company goals for the project - Pre-release due diligence: licenses & code hygiene - Community expectations & maintenance - Processes which need to happen in the open - Communication: internal & external For more info on our Meetups: https://www.meetup.com/All-Things-Open-RTP-Meetup/

How to Open Source an Internal Project

All Things Open

Agile product development

Brenn Hill

As a team grows, code ownership is distributed. Code review becomes increasingly important to support the maintainability of complex codebases. An effective code base is on that can be worked on collaboratively by a team. In this talk we'll discuss how to introduce a successful code review culture to your development team that will foster the idea of shared ownership. This in turn will result in a happy and healthy code base. https://webexpo.net/prague2016/talk/how-to-successfully-grow-a-code-review-culture/

How to successfully grow a code review culture

Nina Zakharenko

Playing By The Rules Wiliam

wiliamau

This talk is going to talk about how I got 50 CVE's in a week. I used to play bug bounties and other security penetration testing challenges. After realization I started contributing to Open Source Community and found several critical bugs and got proper satisfaction for the work. Then I met like minded people and started bug hunter with Code Vigilant (http://codevigilant.com), Project for Securing Open Source Software.

My Bug Hunting With Open Source

Madhu Akula

Semelhante a Open Source Horror Stories and Lessons Learned (20)

InnerSource - Using open source best practices to help your company

Open Source Craft at Twitter

Open source contribution policies, OW2online, June 2020

Open Source Contribution Policies That Don't Suck

'Open source contribution policies that don’t suck!'

Outsourcing web development ultimate guide (1)

A tale of two cities: Merging Yahoo and Aol’s open source programs

IDCEE 2013: How to do a successful company around open source - Michael Widen...

To Open Source or Not to Open Source...Where is the ROI?

“Why Content Projects Fail” by Deane Barker - Now What? Conference 2017

Micheal Monty Widenius - Free Open Source Software Entrepreneurship

Let's talk FOSS!

Why Content Projects Fail - Deane Barker - Presentation at eZ Conference 2017

[DSC Adria 23] Radovan Bacovic Steal Our Knowledge Please.pptx

How to Open Source an Internal Project

Agile product development

How to successfully grow a code review culture

Playing By The Rules Wiliam

My Bug Hunting With Open Source

Mais de Open Source Strategy Forum

Comcast's Journey and Transformation to Open Source

Open Source Strategy Forum

Plexus Interop

Open Source Strategy Forum

The Open Source Forecast is Cloudy

Open Source Strategy Forum

The Decoupled CMS in Financial Services

Open Source Strategy Forum

The Case For Open Source, Revisited

Open Source Strategy Forum

Building the Open Developer Platform with OpenShift & WhiteSource

Open Source Strategy Forum

Open Source in the Enterprise

Open Source Strategy Forum

Open Web Widgets

Open Source Strategy Forum

Protecting Freedom: Patents & Open Source Strategy

Open Source Strategy Forum

Innersource 101

Open Source Strategy Forum

Implementing and Managing Open Source Compliance Programs - A Crash Course

Open Source Strategy Forum

They Can't Hear You on Mute

Open Source Strategy Forum

The Case for Open Source: Follow the Data

Open Source Strategy Forum

Open Source Sparks Innovation

Open Source Strategy Forum

How Blockchain is Becoming an Open Source Success Story for J.P. Morgan

Open Source Strategy Forum

Mais de Open Source Strategy Forum (15)

Comcast's Journey and Transformation to Open Source

Plexus Interop

The Open Source Forecast is Cloudy

The Decoupled CMS in Financial Services

The Case For Open Source, Revisited

Building the Open Developer Platform with OpenShift & WhiteSource

Open Source in the Enterprise

Open Web Widgets

Protecting Freedom: Patents & Open Source Strategy

Innersource 101

Implementing and Managing Open Source Compliance Programs - A Crash Course

They Can't Hear You on Mute

The Case for Open Source: Follow the Data

Open Source Sparks Innovation

How Blockchain is Becoming an Open Source Success Story for J.P. Morgan

Último

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Manulife - Insurer Transformation Award 2024

The Digital Insurer

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Navi Mumbai Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Navi Mumbai Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Navi Mumbai Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Open Source Horror Stories and Lessons Learned

1. Open Source Horror Stories How to manage the open source process to get desired results Gil Yehuda November 2017

2. About me ● I run the open source program office at Oath: Inc. ● Oath is basically Yahoo! + Aol. and part of Verizon ● Long ago I worked at Fidelity Investments where I opposed our move to create an open source program. ● I was mistaken and overruled by smarter people. ● I write about open source too.

3. Today’s Agenda True stories Simple lessons A takeaway

4. Sample vs. Scale ● Imagine a bug that has a 1/billion chance of causing a catastrophic failure. ● Imagine the bug is in your transaction processing server. ● Failure occurs three times a day.

5. The Takeaway ● Horror stories almost never happen. When you manage a lot of open source, you are more likely to face problems. Think about scale, not sample. ● Positive outcomes require coordinated efforts. Believing doesn’t make open source work. You need allies who see tangible benefit to help. ● Even luddite companies can overcome their self-imposed obstacles. It takes work and someone to lead that effort. Perhaps that's you.

6. Stories of pessimism and optimism Engineers decide Should you sign that CLA? Trusting the Source Me? Insecure?

7. When engineers don’t ask ● Mark took code from his last company and put in our project. We found out during a review when we going to publish the code in an open source project. ● A company open sourced a project and we noticed our code in it, and our former employee's name too. ● Divya took code she wrote as an intern and posted it on Github to show her work (for future employers). Sadly she hardcoded server names and passwords.

8. Engineers who don't trust the process make their own rules. Their rules are based on how they think code sharing should work. They are often mistaken.

9. Create practices that match your policies Inconsistent practices erode trust and drive engineers to disclose less.

10. Making engineers sign terms they will them be asked to violate?!

11. Trusting the source to do no evil ● Someone moved their code from github and broke my build ● A dependency added to their project, it’s now in my product ● We forked a project which got a DMCA takedown

12. When things work well we become less paranoid

13. github/them/foo github/us/foo gitcorp/us/foo A 3rd party issues a DMCA takedown on /foo

14. Conduct a rational audit of your build/mirror process Consider DMCA of forks, code injection, and dependency bugs

15. CLAs that ask for too much Most CLAs are OK

16. No one reads the fine print

17. Should you agree to this?

18. Worth a healthy conversation about scope before you sign this one

19. Create a fast path to CLA approval

20. Me insecure? ● Without 2FA, you are one p4ssw0rd away from a leak. ● Adding people to your org is easy. When do you remove them?

21. Your open source program office is also a Github ops group. Automate!

22. The Real Horror Story The tech-dependent company that ● does not have an open source program ● filled with engineers who don’t ask for help ● yet face the reality of bad actors, poorly written legal documents, ● but make overly optimistic decisions.

23. How do Open Source Programs add processes that enable speed? By providing trusted guidance about publication rights, effective code protection strategies, fast support for legal questions, ensuring better long term technical outcomes.

24. Processes get in the way

25. Help the runners go the distance

26.

27. Thank you Gil Yehuda Work: gyehuda@oath.com Home: gil@gilyehuda.com

Open Source Horror Stories and Lessons Learned

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (14)

Semelhante a Open Source Horror Stories and Lessons Learned

Semelhante a Open Source Horror Stories and Lessons Learned (20)

Mais de Open Source Strategy Forum

Mais de Open Source Strategy Forum (15)

Último

Último (20)

Open Source Horror Stories and Lessons Learned