--- tags: events,notes --- # Shared notes from Open Source Beyond 2020 workshop 15 November Notes from day 1: https://hackmd.io/Z552wq0wT46zD7jibJj_Tg?edit ## Welcoming Day 2 Pierre Chastanet asks the audience: What do you need? They will start assembling papers on key topics. Eg. what sort of skills do one need? ## Panel 5.1: Digital skills for Open Source ### Sivan Pätsch, Research Director, OpenForum Europe > FOSS4SSMEs: consortium to teach about FOSS > Lack of digital skills leads to a reduced competativeness > You can't even run a bakery without computer knowledge > We've created an online course for SMEs to learn about open source > Topics: intro, business models, solutions, and migration path: sign up to newsletter to get notified when the course is online. > example: FoSS policy in france, Frans Nagel study, +9-18% of IT startups, 7-14% more IT jobs Reccomendations towards the commission: > Support digital-led SMEs with business help > Understand how open innovation and intellectual property interact, find out how the dominant patent paradigm can be broken > Public procurement with a level playing field for SMEs > > Help SMEs to take part in trainings > Support diversity and inclusivity > Foster sovereign digital competences > > Fund research to understand strategic value and impact on economy > Coordinate policy internally > Follow through on commitments, invest in Talinn declaration > Safeguard FOSS, the license takes away the transaction cost and the definitions of OSI and FSF need to be endorsed Andre Richier: We're already investing in the education aspects, and more will be in the digital skills action plan ### Gianfranco Cecconi, EU “European Data Portal” and “Support Centre for Data Sharing” projects lead, Capgemini Invent > In the data world things only works if there are stewards, the points of contact who make sure the data is good. This is an essential role, what does it look like in your universe? ### Mary Cleary, Deputy Chief Executive, Irish Computer Society > Transferable skills are key, so that non-open source teaching translates as well > Ireland has in 2020 a gap of 18000 jobs in IT, the more we invest the larger the gap seems to get > We need to help parents boast about the job titles of their children > A key way to do this is by creating standards > We've started to use the [EU competence framework](http://www.ecompetences.eu/) to measure where people are and what their paths are. This framework is good and not just another framework. > The lawyers dont need the best and the brightest, we need them in IT ### Mika Helenius, Director, DIX Digital Innovation X ### Despina Mitropoulou, Director, GFOSS -Open Technologies Alliance > If we help people to understand open source so that the users can also become makers > Make sure that there is space for failing as well > Open source software and hardware is a matter of independence, both from vendors and for the EU economy > We've gotten the ministry to fund 120 schools to open 'open labs' to make software and hardware ### Christian Renz, Head of IoT and Digitalisation, Robert Bosch GmbH > Using open source is a given, the challenge is creating a scaling ecosystem of contributors > We need to give architects more control because they are often overuled > Getting public critisicm is new for people in corporate culture > Building a business model with non-competative assets is a skill that needs to be learned > We need in the legal department to learn to deal with the mix of patents and open source and open data > We need to make sure we can protect open assets in patent wars > It is great in collaborations (with universities) to just say it is open source and move forward from all of the legal questions and get going ## Panel 5.2: The role of Standards in Open Source * Is open source dev the next stage to be adopted by * To what extent do standards increase effieciency * * Should there be a role for policy setting at the EU level, what action could the EC maximize the impact on the European economy What does the commission need to do on the policy ### Mirko Boehm, Director, Linux System Definition, Open Invention Network Responsible for scope of cross-licensing, look at role of patents in open source example: chaning the shape of a plug is very costly, must be done infrequently -- software changes can be very inexpensive; linux kernel over years averages 8 changes per hour. * Standards are not documents, technolgies; specs are documents. Puropose of standards is to provide specs * Standardizaiton is an effect, specs are one way to get there. * Open source creates joint implementations which have standardizing effects * brings community together * ensures interoperability * Open source foundations cover functions like consensus building or knowledge transfer * similar to/alternative to SDO processes * cost of change determines the efficacy of implementation-first vs. specifification-first * standard setting and open source are complementary standardisation instruments available to policy makers ### Jochen Friedrich, Technical Relations Executive , IBM head of IBM's department of standardization in europe Makes a point on that standards and open source are different things: * Standards are a building plan, open source is running code Three steps of openness for standards * several things that used to be done in standards bodies are now being done in Open Source projects * Open source implements standards * standards are developed in open source * standards are maintained in open source in-house vs. co-operative ways for SDOs to address open source There are challenges around IPR, business models and governance ### Carol Cosgrove-Sacks, Senior Advisor on International Standardisation Policy, OASIS open for OASIS, inerop is *always* the goal historically used more traditional approach to standards creation; for two years trying to open new roads to welcome open source in a more dynaic way convergence of tools, e.g.: git, JIRA "Open Projects Programme" designed explicitly towards open source communities Governing board must make non-assert statements to participants "Open cybcersercurity Alliance": "integrate once -- reuse everywhere" Open Mobility Foundation is a global coallition for collaborating with open source in cities around infrastructure * Would like to see a stronger commitment across the EC. * Encourage ICT standardazation to embrace open source even more strongly. ### Sachiko Muto, CEO, Open Forum Europe OFE: promotes open standards, open source; pragmatic, try to see these things as a means to an end. The commission shouldn't change open standards or open source, but recognize the differences and work to support both. Standards first vs development of OSS first -- each constrain the other. A shift towards OSS dev coming first whereas it used to be the other way around. #### OFE recommendations * for procurement: recognize that both open source and standards can enable ineroperability * when procuring based on standards: multiple implementations * when procuring OSS: look for sustainable community, not ones dominated by one vendor ### Istvan Sebestyen, Ecma International Ecma was founded in 1961 Ecmascript was started in 1996 * In November 1996, Netscape announced a meeting of the Ecma International standards organization to advance the standardization of JavaScript. -- from: https://en.wikipedia.org/wiki/ECMAScript#History open source community coming every 4-6 weeks with a new version; but ecma can cope with the speed by stabilizing every 6 months. * OSS and FRAND patent policy regime of several SODs are incompatible. The SDO patent policy must be RF based policy. * SDO Software Copyright policy must be compatible to the Software Copyright of the FOSS licensses * EC should more clearly support that besides FRAND , also RF based policy regimes, more open source * financial support for OSS communities and persons t; financial support, with minimal "red tape" ### Discussion * instable market: 6 monthly space, sometimes 6 weeks * competing standards body, can't join because not a big player in the field * the web has been hijacked by What's working * hard for a non-profit org to implement an open spec; hard to get the funds to purchase the specification * Can the EU make that process easier? * example: android features developed thrown over the wall with open license, but we can not participate in development Björn Lundell: * Don't forget the complexity of single standard vs. all available * conformance of implementaion is an issue (even if some of the specifications are implemented, it may not be a black/white) * Are standard specifications even implementable? Michiel Leenaars: > The commission should dogfood on the key standard they are using. (referring to ODF and that one cannot be sure that file sent to them in that format will be read) Mirko: There are two litmus tests on if something is open: 1. Can it be forked? 2. Is it clear how you become a community leader? If the answer is no on any, it is not open ## Panel 6.1: Open Science and Open Source ### vicoria Tsoukala, DG R&I G4 leading the workshop ### Paolo Manghi, Researcher, Consiglio Nazionale delle Ricerche started with open access, moving towards more open science, open data, etc work at a national level in europe, also contacts worldwide, and work at thematic level global alignment in standards, what it means to publish reproducable, etc sharing, publishing, monitoring science trends * open source is the ground-floor, foundational aspect in open source -- all of this is based on open source * reproducibility finds easy calls in transparency and collaborition of copensource * SoftwareHeritage.org, OpenAIRE * Maybe open source sustainability models could inspier research systems' sustainability? * no obvious distinction between software and research software * citation metadata * attribution metadata * information on how to reproduce results * persistant identifiers * result of citations may create indicators of quality * open peer review could be attached to software * EC calls: * Open source mandates and management plans * reuse, contribute to, produce open source * deposit research software where it can be preserved, cited, and attributed * open source evaluators for EC reserach projects * EC strategies: * Remove abiguities rewarding software patents * investing into R&D for the realization of open sources * sustainability training, (governance, legal, biz aspects), companies, education ### Robert Jones, Project leader, CERN * general population rejection of experts, scientists are seen as experts * engage citizen scientists, making it easy for them to participate * stacks / environments / framework, with services and support sold around them * science happens in industry too -- policy needs to support that too? * can you replicate/reproduce published results? * small percentage: yes * e.g.: zenodo to help provide data, link to code, what else is needed * software can thus be a first-class citizen in the research world * a decade later, will hardware exist? * open hardware help alliviate * open source software has a better chance to be rebuilt on newer hardware * culture: * carreer advancement for citations * what about software writing and reuse? How can we add that? * some of the software that CERN has been using has become too expensive to provide to all researches * how to mitigate risk of monopoly * pull together the best open source tools * digital sovereignty aspects * public tender: favor open source software * result: companies produced open source software we could share * simplified the development process collaboration * one example: simplified some legal negotiation, because every understood from the start it's open source * European Open Science Cloud * policy changes could be tested in EOSC ### Ignacio M. Llorente, Executive Director and Chief Scientist, OpenNebula Open source improves scientific infrastructure * avoid lockin * lower barrier to entry * engine of innovation * collaboration WHy OpenNebula, open source? * simplicity * flex * openness * (many more) To the EC: * Computational data science must be done in an open and reproducible fashion where all components of reserach are publicly available and modifieable and the experiments can be reproduced and extended ### Alastair Dunning, Head, 4TU.ResearchData, TU Delft https://openworking.wordpress.com/ * Jose Urra Llanusa creating the Open Centrifuge amongst many other things * git, gitlab * champion of open hardware and open source and open science in general * Open Refine * essential open source software for dealing with messy data * has large community * Some essential software is supported by only a few contributors * how do we keep them going * community is vital for open source projects * how do we licensing, auditing, etc. Recommendation: * nurture skills and communities needed to grow open source * governance skills * licensing skills * tech skills If you want to have "sexy" research, you need to have solid infrastructure underneath ### Javier Serrano, Leader of the Hardware and Timing Section in the Beam Controls Group, CERN My angle is more hardware Mandate from the 1950's means everything CERN does should be publicly available * Open science inspires open hardware and software and data * Open source and open hardware makes for better science We are at the turning point with open hardware similar to where we were at the turning point of software in the 1990s. If software were not allowed to be shared, it was a loss to society. * member state connundrum: the member states financed it, why give it to other countries? * part of the percieved value is the openness, the market becomes bigger because open * source is not everything, collaborators still have a competative advantage due to intimate knowlege * RISC-V - flourishing ecosystem in europe, but came from the USA? * impact on the US economy is improved because of it's success in europe also * (aside: digitial soveregnty element) * discoverablilty ++, secrecy of projects --, creates duplicate effort * some redundant efforts is good, too much is clearly a bad idea * isolated efforts, self financed encourages patents and closed IP, etc * exciting the supply and demand each help * education is key * use open software and open hardware in schools * work on positive incentives for scientists to share more than results * work on news ways to do tech and knowlege transfers between reserachers and public at large * how to measure? ### discussion * Specify "open source" in the grant proposal for software developed in a grant-funded project * Educate Medical Informatics students about open source by using a FOSS EHR in the curriculum * Bootstrap development of advanced decision support functions in the FOSS EHR by getting development done first for education, then research, and then clinical use To EC: * Research grants require Open Source, Open Hardware, and Open Science * Open tools in education: rather than fund proprietary tools, invest in the open tools Impacts of mandates: * e.g.: FAIRness In policies broght forward, be pragmatic Open teaching materials: * software carpentry * code refinery White-rabbit: extends IEEE 1588, sub-nanosecond sinchronization? * open source and standardization is a winning combo Open hardware, open source in medical * look up Karen sandler, proprietary pace maker ## Panel 6.2: Support and operational threads of Open Source in public services Evangolos Tsavalopoulos: We want to make this a real workshop, which means we want to end up with some real proposals. Polling used for this session: https://my.beekast.com/kast/osb2020panel62/wall ### Matthieu Faure, Adullact Comptoire du libre to share OSS between French public organizations. ### Frank Karlitschek, Founder, Nextcloud ### Stéfane Fermigier, Co-chair, CNLL ### Srinath Perera, Vice President, Research, WSO2 One challenge is to build a community when building OSS for public services. ### Paulo Ribeiro, CEO, Linkare TI -Tecnologias de Informação, Lda. ### Discussion Voting on topics took place (results can be seen on the link above). (There was some confusion on how to vote, and where to add the things to vote on.) Frank Karlitschek: small business acts will naturally lead to open source Paulo Ribeiro: The public body taking the IP means we can't contribute any of that back to the community. In some countries it is the default that the IP in procured software is owned by the public body doing the procurement. Stéfane: Could we turn (what?) directory that is used in France into an international one? Karlitschek: it is hard to have the right partnership for every individual part of your system, it is hard to find one party to work with to talk to a lot of the elements. Mirko Böhm: There are no "open source companies". Companies are serving customers, sometimes with only open source products and/or services. It is also unreasonable for governments to only try to work with SMEs because they may not be able to scale as needed. Mika Helenius: Challenges the last point of Mirko's statement, has other experiences from Finland. Saranjit Arora: How do we scale support contracts for OSS made by SMEs (that may not be able to scale speedily enough)? Answer by Boris van Hoytema: IT is becoming more infrastructure and misson critical and therefore need to have more competence inhouse and not only rely on external contractors to do it. Gives example of Dutch train service NS who is running their GSMA network themselves because if it drops all trains stop. Paulo Ribeiro: Agrees, there need to be a minimum set of skills within a public body to be able to successfully work collaboratively with OSS vendors. Saranjit: Asks the same question again.. Amanda Brock: Points out terminology, vendor sells stuff so you cannot be an OSS vendor. You sell development or support. EU Policy person: We need a concrete project that we can start working on over borders and have as a showcase next year. Answer by Boris: There is already ongoing work on this, Amsterdam with a messaging and routing app, Barcelona with online participation platform, OS2 with multiple software and more. There is no lack of public bodies wanting to share and collaborate. Another voting round was made. Closing statements: Matthieu: Use publiccode.yml as the italians: https://developers.italia.it/en Frank: Likes the voting results. IPR is important. Reuse catalogs that already exists, don't create a new one. Stéfane: There is already a list, that also includes vendors. Saranjit sums up: expecting a need for the EC to provide support due to increase usage of OSS. How to make expertise available? Partnerships? Internalize it by having people that knows the OSS inhouse? ## Panel 7: Improving openness, trust and security thanks to open source Polling link: http://beekast.live/osb2020panel7 The purpose of the session is to highlight role of open source in achieving secruity and trust. ### Matthieu Faure, Adullact Perhaps we should run security audits on new open source software. ### Peter Ganten, CEO, Univention GmbH Was much easier to sell solutions if OSS because they know they can maintain it and develop it further; no lock-in Misconception: That open source somehow magically produces secure software. License makes it possible. License is prerequisite to produce secure and trustworthy software, but no gauranetee, e.g.: OpenSSL had bug AI: needs data, not just software. How to make the data available, transparent. Open data is very important. Need ways to share. Need more transparency. ### Mr Gaël Duval, /e/ Founder Been a challenge to put a business model around open source; now it is easier, but there are other challenges. * prove that we can be trusted * people who don't trust us can host by themselves ### Kurt Roeckx, PMC, OpenSSL * you can inspect the source and judge the security of the product and security of the code * it is not a "fake" comfort, there are other people who can inspect if you can't ### Srinath Perera, Vice President, Research, WSO2 * maybe we can mandate to create audit logs in standard format * AI: without data visibility with open source is limited * without making the data available, what can you do? Something GDPR-like with decisions made on me or with my data? ### Saranjit Arora `Voting on the issues enterd took place` 1. Security is a collaborative effort! 2. Open Source enables trust and security if you add some specific activities during the developmen and release process: security scans, audits ... Should be supported by Non profits like Foundations 3. Open Source doesn't mean it's automatically secure 4. What is the threat model: don't forget the hardware End to end validation: the whole system needs validation, with change on one component Q from Thomas Gageik: Should we start regulating software development? A from Amanda Brock: No. Not in general. Possibly, certain industry sectors could have regulation for software that are being used there, but developers should never be liable for software they release in the open. Stuart suggests the NHS clinical safety procedures DCB0129 DCB0160 [DCB 0129](https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb0129-clinical-risk-management-its-application-in-the-manufacture-of-health-it-systems) `Voting in beekast took place again` ## Closing Remarks Continue the discussion and provide more ideas at: digit-oss-strategy@ec.europa.eu https://joinup.ec.europa.eu/collection/open-source-observatory-osor A new study is upcoming, with good arguments for the politicians.