--- tags: events,notes --- # Shared notes from Open Source Beyond 2020 workshop 14 November Notes for day 2: https://hackmd.io/OJwtL1gnScqLv8s4Zl45lA?edit ## Welcoming remarks and scene setting ### Pearse O'Donohue, Director E DG Connect: > We believe in open source becuase it > * drives innovation and competition > * lowers barriers to entry of the market ### Thomas Gageik > Help us embrace the open source lifestyle ## Keynote speech ### Michiel Leenaars > We have the most brilliant people in the room, decision makers not excluded. ## Panel 1: Role of Open Source as Innovation enabler ### Sachiko Muto OFE is a thinktank with the mission to promote an open and competetive market, _including a level playing field for open source_ > We're pragmatic, we always try to look at these openness acronyms as a means to an end > open source benefits the entire European economy > Open source is proven to be innovative and to work but is not easy and that is why uptake is slow > Individual procurement officers are under a huge amout of pressure > You don't get fired for buying 'X' > You don't get the full benefits of open source if it is just one company ### Cédric Thomas > There is open source from Developers, Entrepeneurs, Ecosystem and Industry Where is public sector in this space? It us? > Open source creates value through positive social externalities > Policy tactics: 1. Redirect subsidies * Make OSS the de facto legal regime for research projects. Proprietary should be substantiated. Today it is the other way around and the forms does not really allow for OSS. 2. Reduce uncertainty, simplify compliance 3. Focus on supply push - demand pull interaction 4. Change status of open source to normal 5. Develop EU open source incubation work programme ### Gerald Pfeifer > Agency, Resilience, and Growth/Flow (We describe this as control, risk and effectivity) Address procurement by not asking for the solution, which often rule out OSS, ask for a problem to be solved. Get people educated in OSS, because people will use/procure what they know. ### Deborah Bryant > OSS is not a business model A threat is that the market place is being muddled by alternative licenses and practices that are not truly open source (like Open core). > Open licenses are not a buearucratic exercise ### Discussion How to connect open developers who can't figure out how to get funding with donation/procurment which can't figure out how to spend on open things? Dirk-Willem van Gulik: > aging, unsupported software needs an "attaic", need to be better about it. Sashiko Muto: > Proprietary has marketing but more importantly has education resources available > Q: Is big companies doing OSS, with lots of paid developers, having an impact on the community and if so, how? Michiel: It's not the big companies that are the big threat, it is SaaS. Apache foundation: Q: Why is it possible to recieve public funding for something that becomes proprietary? Pearse: Michiel: Misses a wikipedia for OSS. ## Panel 2.1: The advent of Open Source Hardware and the Internet of Things ### Tobias Redlich: Democratization of production with OH > development of hardware needs hardware to produce it; open manufacturing spaces are needed (fablabs, hackerspaces, makerspaces) (developing more open hardware in used in these open spaces) > "open source laser cutter" ~5K euro, not 50K similar machine Also developed 5 axis CNC-mill, and 3d printers, of course ### Jesus Labarta: OSH in HPC one of the first super computer using linux FOSS everywhere in from IoT to cloud What about hardware? especially CPUs/GPUs/ASICs > the barriers of the lower levels being closed has become an inhibitor to innovation > inhibits holistic co-design in HPC RISC-V in European Processor Initiative > initiave European Loaboratory for Open Computer Architecture (intersection of academia and industry) > push for OCA by implementing a holistic architecture > European Open Hardware, Architecture Initiave? ### Ulirch Thombansen: > bring manufacturing and data together > combine more functionality into one part AMable - how SMEs can take up additve manufacturing > Must document all the change of data > transactions documented in AMable Blockchain An Economy Metal Systems is here > Must be able to guarantee the results coming out microsoft developed open source 3MF 3d format, industrial supported > Would be great to have a "unit test" for the final system. would be fantastic, don't know if that's achievable ### Luca Benini: open source chips > Migrate computation to the edge > AI capabilities in the power envelope of 100mili-volts and below > RISC-V, open, free ISA enables an extensible, specializable processor PULP: Ultra efficient multi processor design HDL may be open, but EDA companies, Phy IP providers, Foundaries are not open Greenwaves GAP8 in mass production https://www.pulp-platform.org OpenTitan, open source Root of Trust solution > fully auditable > Europe needs it's own processors ### Jason Kridner, TI, cofounder BeagleBoard.org, Board member OHA > the most important thing we can do for Open Source Hardware is to educate people > it's a lot more expensive to move atoms than it is to move bits Open Source Hardware Certification Program: certificate.oshwa.org > make open hardware and open software eductation an institutional part of our society ### Congduc Pham: deploying open source hardware in developing countries > bring affordable IoT to african countries > the purpose is not to come to africa and try to sell a product > the whole idea is to really empower local economy, local entrepeneurs > try to provide a oh platform that can be customized and really adapt the solution to their own needs > what you can find in europe in not really adapted to african highly integrated devices, hard to fix broken parts, increases cost to replace rather than repair level of integration is low -- building blocks that local people can take over make generic very simple PCBs so people can start building their own IoT devices and enhance it a lot of hardware is not available in africa, need to stick with very basic hardware the goal is not to produce a toy, wifi is high energy, can't really deploy taking all the constraints and the needs of these countries propose open hardware can run on two AA bateries for 5 years GPS livestock collar is 10 euro per collar needs to work without internet access ### Discussion: What is the dream initiative from EC? most silicon fab is under control of non-EU contries, kill switch from outside EU need EDA tools examined Fragmentation in silicon inside RISC-V and others, need paticipatory governance involving industry Getting a full stack for building a processor is something that we need encourage standards in the stacks More opportunities in Europe in the edge; not as much in the cloud Patents: RISC-V traced all insturctions back to all of their ORIGINIAL patents, all expired, most of which which were over 40 years old. ## Panel 2.2: Nurturing Open Source Communities ### Maha Shaikh Maha has made research in OSS communities. Nurture (and help) are a bit dangerous, it suggests repricocity (ie. you have to give back in some way) Public sector organizatiosn can invest in the communities by doing a lot of the 'boring work' like documentation and trainings Being a user (without contributing code or even comments) is still valuable, because you are the user base. You are why there is a need for updates. Sebastian: Gamification can be annoying. Github stars drowns out other important notifications on issues. > Github stars don't put food on the table. Frank Karlitschek: > Nextcloud can only compete with microsoft as a 50 person company because of open source communities > If my company goes away the software will survive Bastien: > There is a split between the innovators and the maintainers, you see this in the public open source world as well, the innovators often miss the maintainers spirit > It is important to make developers go out in other communities so that they get the open source culture ### Solutions Maha: * Like incubators Carlo: > Find a way to solve the problems of paying people to work on open source Innovation is good copying. Dirk-Willem: Don't neccesarily give money to open source, it might create distrust. > Public sector should pay their own staff to contribute to open source projects as we've seen before in the US Think about the welcoming places public sector can create. Private companies might have a hard time to meet otherwise. Bastien: > Problems: recruitment and procurement > Possible solutions: > * Document usecases so that it is clear how successes like chat software can be replicated > * Make it clear that people can work on open source in their work > * Sustainability audits of projects and codebases (similar to security audits) > * Better at bottom up surfacing such as the open CAPTCHA system by a small town > * code.europa.eu for all open source in Europe. Started similar in France. Discussion: Idea: EC should start talking about the problems and that could be an opportunity for open source solutions rather than wanting specific solutions. Maha: > Dying communities probably need to die, but let's start reverse forking communities to build new stronger oners. Bastien: > Legally public bodies can require free software in their procurement, but it is not widely known > The debate about digital soverignity should not be framed by the private sector, it should be framed by the public sector. Sebastian: > Code written as part of thesis' at public universities should automatically be open source > We need to get them while they're young. Contribute with digit-oss-strategy@ec.europa.eu Remark: During this session there was a polling system used at http://beekast.live/osb2020panel22 There was a bit short of time to vote and unclear announcements on when to vote or add ideas, so the results should be taken with a pinch of salt. ## Panel 3.1: Open source and the manufacturing industry ### Arnaud Samama, Computing Engineering R&T Manager, Thales Henry Ford: patent free exchange of information FOSS: money opportunity: custom feature for your project Share costs, owned by community > Open Source, you have innovation by design, you need to have innovation to have something to sell RISC-V - challenge monoply position, gain independance Require support through whole life-cycle, > we need to encourage open source in call submissions > How can we help individuals to contribute to open source? Top open source projects have a foundation behind them. ### Oliver Fendt, Senior Manager Open Source, Siemens AG No company can create products without using open source components Open source is a critical success factor for product and services Open source software creates access to the competencies and creativity of the entire world Where is Europe in collaboration in FOSS or Linux Foundation? We need Open Source toolchains to manage the surrounding processes in product development. ### Jonas Öberg, Open Source Officer, Scania CV AB > Let's be honest: 80-95% percent of components are open source Licesnses are not the stumbling block confidence in software (safety); Don't want BSOD when you press the break pedal as more and more of the environment is controlled by software, the more important it is to have confidence in software We would like the EC to be mindful that OS is critical even today we need to find new ways to be able to have confidence in safety Safety is important enough that it should be tackled on the European level. ### Alessandro Ranellucci, Head of Open Source and Community, Arduino In Italy, we have a law which enforces "Pubic money, public code" here to provide practical feedback about combining commercial products with FOSS values * more democratic * empowering * sustainable challenges: * lack of understanding about the values of FOSS and how it benefits society * there is a need for public bodies to support and tender open source * Large consortiums not welcoming to SMEs because of large yearly fees * no incentive for SMEs to manufcature their products from EU ### Christian Renz, Head of IoT and Digitalisation, Robert Bosch GmbH one common challenge: moving from traditional linear business (supply chain with OEMs suppliers), but this is changing, non-linear buisiness ecosystem M2M: machine to machine applications, connected devices, systems of systems open source provides you with a co-creating model cooperation model Communities like eclipse foundation allow companies to collaborate without invoking non-compete or SEC fears EC: Time to incentivise open standards and open APIs It's good to have Open Source, but need access to data too, without NDA Common pathway for public funded projects to publish their code as open source. Supply chain tracability some tooling: software360 and https://www.openchainproject.org/ Open source software certified? for safety? legal framework for creators -- allow safe contributions without liability fears ## Panel 3.2: Knowledge transfer Dirk-Willem van Gulik: > The apache foundation has a cookbook how to organize communities: http://incubator.apache.org/cookbook/ Saranjit Arora: > There are islands of communities in Europe. For a start, we need a list of things. Anecdote: Bodies in the UN are probably duplicating 80% of the work. Q: How do we not create 15 different digital signature systems (and so on)? Boris: Foundation for Public Code is creating the Standard for Public Code: https://standard.publiccode.net A: Comptoire du Libre mentioned as an existing OSS directory in use in France. https://comptoir-du-libre.org/ ## Panel 4.1: Open source and the ICT industry Luis C. Busquets Pérez: > Open source is here to stay, for the benefit of our people our economy. ### Timo Perälä Nokia has ~170 GitHub repositories and uses thousands of OSS components. > Open source is a big part of what we do > Some projects are strategic and some are tactical > We share internally so colleagues get used to the idea that sharing is a good thing > Open source brings innovation, but Nokia believes also differentiation > If governance is not equal and fair then open source collapses > We see the need for open source and standardisation to support each other, our open source and standardisation teams are in daily contact ### Mirko Boehm Distiguish between Open Source products and developing in an open collaborative process. 'True' open source embraces both perspectives. > The vast majority of the corporate sector in open source are not there to make money, they are there to save money. > Differentiate or collaborate The open source definition makes collaboration possible because everyone knows the terms of collaboration upfront. ### Peter Ganten ### James Lovegrove > wouldn't it be great to se a helpful guide to companies and citizens that want to get into open source ### Clara Pezuela > Our developers are more motivated if they get community recognition from open source contributions ### Discussion Leslie Hawthorn: > Speaker-inn is database of European women in open source ## Panel 4.2: Lowering the barriers for SMEs to provide their open source services to the public sector ### Paulo Ribeiro, CEO, Linkare TI -Tecnologias de revolving doors between industry, government, need open standards how public tenders are decided, how to calculate TCoO direct and indirect -- including exit/handover costs, and for how long of a time Not able to calculate exit cost of cloud IP: because most of public tenders say IP should belong to customer, or impose restriction -- why not a new directive to address IP procurement lack of skills in public administration: not only technical, but legal advice Moving from CapEx to OpEx public procurment is too complex and takes too long, not good for SMEs, stratups, or innovation ### Daniel Melin, Procurement Officer ICT of swedish government, Kammarkollegiet between 2010-2014 had framework for public sector for only FOSS, almost all SMEs, but in a large framework agreement. abandoned in 2014 because Open source is just another way of doing software. Software is very big, have to split it in a different way. we have to have a push. Gaia-X is the most amazing EU project in years. open source as an underpinning for doing cloud. * https://www.bmwi.de/Redaktion/EN/Publikationen/Digitale-Welt/project-gaia-x.html ### Stéfane Fermigier, Co-chair, CNLL We know that most OS companies are SMEs and they face the same issues when trying to sell services to large orgs * large orgs likes to large with other large orgs * small companies often excluded * late payments impact SMEs badly Can we have a european small business act? maybe something can be done in the scope of Open Source withing current frameworks? it's well known that most of the value of open source is created for the benefit of the customer; but we must make sure that the value that is created benefits whole ecosystem. but some of the practices in precurment benefits the few most small open source software companies are both software authors as well as service providers -- large businesses are sometimes one and contract with the other -- can we ensure SMEs get a chance at contracts large support contracts for OS Software, popular for procuring support for a large portfolio of tens or dozens of softwares used accross the org. current practices are not good enough. ### Stuart J Mackintosh, OpenUK Why are companies hiring people from the public sector to be used in sales roles? Customer is locked-in to the ways of doing things. > we like having only 8 suppliers; we don't like being exploited by them, but that's easier problem to manage than managing a lot of suppliers We need to be thinking bigger pictures -- open source perception of risk, easy of purchase procurement & SME is unfriendly to open source and unfriendly to SME responding to a tender is a big cost "An open approach for the NHS" we know we've got it right when the customer (public sector) is seen as anti-social when their not investing in open source, SMEs, and local ### Bastien Guerry, free software officer for the French administration, DINSIC first step to sane relationships with SMEs is to acknowlege the weaknesses * lack of manpower * lack of consistency * lack of flexibility * lack of accountability We should try to know ourselves better: where do we use OS already? Where are the suppliers? Who works on what? Working in public sector is great, we need some empathy ### Lothar Becker, Member of the board, Managing Director, OSB Alliance, .riess applications three stages: * before contracting * knowing each other: administrations knowing about SMEs and open source * SMEs knowing which administrations have what needs * contracting * tender platforms are hard to handle, very formal way to ask questions; SMEs have neither time or money to sort things out and give proper proposal * Can support or coaching be provided * the contract is like a book, which explains how to precure software as open source * after contracting * late payments for SMEs extra bad All of the members are doing things on the local/nations side, we need to bring these solutions together for the EU level ## The Relationship Between Open Source Software and Standard Setting ### Knut Blind ### Mirko Böhm Keep and strengthen the Open Source Definition: https://opensource.org/osd We even questioned what a standard is. The report lays out 7 potential new reports as future work. ### Pamela Chestek Clears up distinction between free and open. ### Christian Loyau ETSI are taking OSS very seriously. Hot internal debates. ### Patrick Hofkens Good that the report is not only looking at the legal framework. You cannot really fork a community, there has to be one standard. SDOs are very diverse. Can be hard to fit all recommendations to them all. ### Discussion Q: Elephant in the room? OSS developers are violently opposed to software patents. A: Not included because scope would have been much larger. IBM: Q: Are the recommendation hampering innovation by making everyone too similar? Ie. are we afraid on competition? Q: Is there an executive summary? A: Yes, on page 70. Q: Something in the lines of: Are the OSI making interpretations of licenses that are further than what they really mean? No answer from Pamela on this. Q: Does the report take a global perspective or just a European one? A: The foreword on page 11 refers a number of other reports.